From 6fdb52a360dbb9b2fe9a50b03613968263582de7 Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Fri, 11 Jun 2021 15:07:18 -0700 Subject: [PATCH] Grant EKSCTL_ADMIN_ROLE admin access to eksctl clusters --- Makefile | 1 + hack/e2e/eksctl.sh | 9 +++++++++ hack/e2e/run.sh | 4 +++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 21a3c630bc..91781e98c7 100644 --- a/Makefile +++ b/Makefile @@ -113,6 +113,7 @@ test-e2e-external-eks: CLUSTER_TYPE=eksctl \ K8S_VERSION="1.20" \ HELM_VALUES_FILE="./hack/values_eksctl.yaml" \ + EKSCTL_ADMIN_ROLE="Infra-prod-KopsDeleteAllLambdaServiceRoleF1578477-1ELDFIB4KCMXV" \ AWS_REGION=us-west-2 \ AWS_AVAILABILITY_ZONES=us-west-2a,us-west-2b \ TEST_PATH=./tests/e2e-kubernetes/... \ diff --git a/hack/e2e/eksctl.sh b/hack/e2e/eksctl.sh index e069ec9cd8..a4c7f2011b 100644 --- a/hack/e2e/eksctl.sh +++ b/hack/e2e/eksctl.sh @@ -21,6 +21,7 @@ function eksctl_create_cluster() { CLUSTER_FILE=${7} KUBECONFIG=${8} EKSCTL_PATCH_FILE=${9} + EKSCTL_ADMIN_ROLE=${10} generate_ssh_key "${SSH_KEY_PATH}" @@ -55,6 +56,14 @@ function eksctl_create_cluster() { loudecho "Getting cluster ${CLUSTER_NAME}" ${BIN} get cluster "${CLUSTER_NAME}" + + if [ -n "$EKSCTL_ADMIN_ROLE" ]; then + AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) + ADMIN_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/${EKSCTL_ADMIN_ROLE}" + loudecho "Granting ${ADMIN_ARN} admin access to the cluster" + ${BIN} create iamidentitymapping --cluster "${CLUSTER_NAME}" --arn "${ADMIN_ARN}" --group system:masters --username admin + fi + return $? } diff --git a/hack/e2e/run.sh b/hack/e2e/run.sh index fd1c7fef2f..d6a5ec34e3 100755 --- a/hack/e2e/run.sh +++ b/hack/e2e/run.sh @@ -56,6 +56,7 @@ KOPS_STATE_FILE=${KOPS_STATE_FILE:-s3://k8s-kops-csi-e2e} KOPS_PATCH_FILE=${KOPS_PATCH_FILE:-./hack/kops-patch.yaml} EKSCTL_PATCH_FILE=${EKSCTL_PATCH_FILE:-./hack/eksctl-patch.yaml} +EKSCTL_ADMIN_ROLE=${EKSCTL_ADMIN_ROLE:-} HELM_VALUES_FILE=${HELM_VALUES_FILE:-./hack/values.yaml} @@ -130,7 +131,8 @@ elif [[ "${CLUSTER_TYPE}" == "eksctl" ]]; then "$K8S_VERSION" \ "$CLUSTER_FILE" \ "$KUBECONFIG" \ - "$EKSCTL_PATCH_FILE" + "$EKSCTL_PATCH_FILE" \ + "$EKSCTL_ADMIN_ROLE" if [[ $? -ne 0 ]]; then exit 1 fi