fix iam kubeconfig generation in workload clusters (#9048)

pkg/clustermanager/cluster_manager.go

@@ -395,8 +395,8 @@ func (c *ClusterManager) waitForDeployments(ctx context.Context, deploymentsByNa
 	return nil
 }
 
-// GenerateIamAuthKubeconfig generates a kubeconfig for interacting with the cluster with aws-iam-authenticator client.
-func (c *ClusterManager) GenerateIamAuthKubeconfig(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error {
+// GenerateWorkloadAWSIAMKubeconfig generates a kubeconfig for interacting with the cluster with aws-iam-authenticator client.
+func (c *ClusterManager) GenerateWorkloadAWSIAMKubeconfig(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error {
 	return c.awsIamAuth.GenerateKubeconfig(ctx, management, workload, spec)
 }
 
@@ -835,8 +835,8 @@ func (c *ClusterManager) pauseReconcileForCluster(ctx context.Context, clusterCr
 	return nil
 }
 
-// GenerateAWSIAMKubeconfig generates a kubeconfig for interacting with the cluster with aws-iam-authenticator client.
-func (c *ClusterManager) GenerateAWSIAMKubeconfig(ctx context.Context, cluster *types.Cluster) error {
+// GenerateManagementAWSIAMKubeconfig generates a kubeconfig for interacting with the cluster with aws-iam-authenticator client.
+func (c *ClusterManager) GenerateManagementAWSIAMKubeconfig(ctx context.Context, cluster *types.Cluster) error {
 	return c.awsIamAuth.GenerateManagementAWSIAMKubeconfig(ctx, cluster)
 }
 

pkg/workflows/interfaces/interfaces.go

@@ -41,7 +41,8 @@ type ClusterManager interface {
 	GetCurrentClusterSpec(ctx context.Context, cluster *types.Cluster, clusterName string) (*cluster.Spec, error)
 	Upgrade(ctx context.Context, cluster *types.Cluster, currentManagementComponents, newManagementComponents *cluster.ManagementComponents, newSpec *cluster.Spec) (*types.ChangeDiff, error)
 	CreateRegistryCredSecret(ctx context.Context, mgmt *types.Cluster) error
-	GenerateAWSIAMKubeconfig(ctx context.Context, cluster *types.Cluster) error
+	GenerateWorkloadAWSIAMKubeconfig(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error
+	GenerateManagementAWSIAMKubeconfig(ctx context.Context, cluster *types.Cluster) error
 	ResumeEKSAControllerReconcile(ctx context.Context, cluster *types.Cluster, clusterSpec *cluster.Spec, provider providers.Provider) error
 	AllowDeleteWhilePaused(ctx context.Context, cluster *types.Cluster, clusterSpec *cluster.Spec) error
 }
@@ -107,3 +108,9 @@ type ClusterDeleter interface {
 type ClusterMover interface {
 	Move(ctx context.Context, spec *cluster.Spec, srcClient, dstClient kubernetes.Client) error
 }
+
+// AwsIamAuth is responsible for managing iam kubeconfigs.
+type AwsIamAuth interface {
+	GenerateKubeconfig(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error
+	GenerateManagementAWSIAMKubeconfig(ctx context.Context, cluster *types.Cluster) error
+}

pkg/workflows/management/create_test.go

@@ -908,7 +908,7 @@ func TestCreateWriteConfigAWSIAMFailure(t *testing.T) {
 	test.expectDatacenterConfig()
 	test.expectMachineConfigs()
 
-	test.clusterManager.EXPECT().GenerateAWSIAMKubeconfig(test.ctx, test.workloadCluster).Return(errors.New("test"))
+	test.clusterManager.EXPECT().GenerateManagementAWSIAMKubeconfig(test.ctx, test.workloadCluster).Return(errors.New("test"))
 
 	test.clusterManager.EXPECT().SaveLogsManagementCluster(
 		test.ctx, test.clusterSpec, test.bootstrapCluster,

pkg/workflows/management/write_cluster_config.go

@@ -52,7 +52,7 @@ func (s *writeCreateClusterConfig) Run(ctx context.Context, commandContext *task
 
 	if commandContext.ClusterSpec.AWSIamConfig != nil {
 		logger.Info("Generating the aws iam kubeconfig file")
-		err = commandContext.ClusterManager.GenerateAWSIAMKubeconfig(ctx, commandContext.WorkloadCluster)
+		err = commandContext.ClusterManager.GenerateManagementAWSIAMKubeconfig(ctx, commandContext.WorkloadCluster)
 		if err != nil {
 			commandContext.SetError(err)
 			return &workflows.CollectDiagnosticsTask{}

pkg/workflows/workload/create_test.go

@@ -176,8 +176,8 @@ func (c *createTestSetup) expectInstallGitOpsManager(err error) {
 }
 
 func (c *createTestSetup) expectAWSIAMAuthKubeconfig(err error) {
-	c.clusterManager.EXPECT().GenerateAWSIAMKubeconfig(
-		c.ctx, c.clusterSpec.ManagementCluster).Return(err)
+	c.clusterManager.EXPECT().GenerateWorkloadAWSIAMKubeconfig(
+		c.ctx, c.clusterSpec.ManagementCluster, c.workloadCluster, c.clusterSpec).Return(err)
 }
 
 func (c *createTestSetup) expectWrite() {

pkg/workflows/workload/upgrade_test.go

@@ -136,8 +136,8 @@ func (c *upgradeTestSetup) expectWriteWorkloadClusterConfig(err error) {
 }
 
 func (c *upgradeTestSetup) expectWithoutAWSIAMAuthKubeconfig(err error) {
-	c.clusterManager.EXPECT().GenerateAWSIAMKubeconfig(
-		c.ctx, c.clusterSpec.ManagementCluster).Return(err).Times(0)
+	c.clusterManager.EXPECT().GenerateWorkloadAWSIAMKubeconfig(
+		c.ctx, c.clusterSpec.ManagementCluster, c.workloadCluster, c.clusterSpec).Return(err).Times(0)
 }
 
 func (c *upgradeTestSetup) expectDatacenterConfig() {

pkg/workflows/workload/writeclusterconfig.go

@@ -23,7 +23,7 @@ func (s *writeClusterConfig) Run(ctx context.Context, commandContext *task.Comma
 	// Generate AWS IAM kubeconfig only for cluster creation step
 	if commandContext.CurrentClusterSpec == nil && commandContext.ClusterSpec.AWSIamConfig != nil {
 		logger.Info("Generating the aws iam kubeconfig file")
-		err = commandContext.ClusterManager.GenerateAWSIAMKubeconfig(ctx, commandContext.ManagementCluster)
+		err = commandContext.ClusterManager.GenerateWorkloadAWSIAMKubeconfig(ctx, commandContext.ManagementCluster, commandContext.WorkloadCluster, commandContext.ClusterSpec)
 		if err != nil {
 			commandContext.SetError(err)
 			logger.Error(err, "Generating the aws iam kubeconfig file")