refactor aws iam auth in cli workflow

Makefile

@@ -560,14 +560,14 @@ mocks: ## Generate mocks
 	${MOCKGEN} -destination=pkg/providers/vsphere/setupuser/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/providers/vsphere/setupuser" GovcClient
 	${MOCKGEN} -destination=pkg/govmomi/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/govmomi" VSphereClient,VMOMIAuthorizationManager,VMOMIFinder,VMOMISessionBuilder,VMOMIFinderBuilder,VMOMIAuthorizationManagerBuilder
 	${MOCKGEN} -destination=pkg/filewriter/mocks/filewriter.go -package=mocks "github.com/aws/eks-anywhere/pkg/filewriter" FileWriter
-	${MOCKGEN} -destination=pkg/clustermanager/mocks/client_and_networking.go -package=mocks "github.com/aws/eks-anywhere/pkg/clustermanager" ClusterClient,AwsIamAuth,EKSAComponents,KubernetesClient,ClientFactory,ClusterApplier,CAPIClient
+	${MOCKGEN} -destination=pkg/clustermanager/mocks/client_and_networking.go -package=mocks "github.com/aws/eks-anywhere/pkg/clustermanager" ClusterClient,EKSAComponents,KubernetesClient,ClientFactory,ClusterApplier,CAPIClient
 	${MOCKGEN} -destination=pkg/gitops/flux/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/gitops/flux" FluxClient,KubeClient,GitOpsFluxClient,GitClient,Templater
 	${MOCKGEN} -destination=pkg/task/mocks/task.go -package=mocks "github.com/aws/eks-anywhere/pkg/task" Task
 	${MOCKGEN} -destination=pkg/bootstrapper/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/bootstrapper" KindClient,KubernetesClient
 	${MOCKGEN} -destination=pkg/bootstrapper/mocks/bootstrapper.go -package=mocks "github.com/aws/eks-anywhere/pkg/bootstrapper" ClusterClient
 	${MOCKGEN} -destination=pkg/git/providers/github/mocks/github.go -package=mocks "github.com/aws/eks-anywhere/pkg/git/providers/github" GithubClient
 	${MOCKGEN} -destination=pkg/git/mocks/git.go -package=mocks "github.com/aws/eks-anywhere/pkg/git" Client,ProviderClient
-	${MOCKGEN} -destination=pkg/workflows/interfaces/mocks/clients.go -package=mocks "github.com/aws/eks-anywhere/pkg/workflows/interfaces" Bootstrapper,ClusterManager,GitOpsManager,Validator,CAPIManager,EksdInstaller,EksdUpgrader,PackageManager,ClusterUpgrader,ClusterCreator,ClientFactory,EksaInstaller,ClusterDeleter,ClusterMover
+	${MOCKGEN} -destination=pkg/workflows/interfaces/mocks/clients.go -package=mocks "github.com/aws/eks-anywhere/pkg/workflows/interfaces" Bootstrapper,ClusterManager,GitOpsManager,Validator,CAPIManager,EksdInstaller,EksdUpgrader,PackageManager,ClusterUpgrader,ClusterCreator,ClientFactory,EksaInstaller,ClusterDeleter,ClusterMover,AwsIamAuth
 	${MOCKGEN} -destination=pkg/git/gogithub/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/git/gogithub" Client
 	${MOCKGEN} -destination=pkg/git/gitclient/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/git/gitclient" GoGit
 	${MOCKGEN} -destination=pkg/validations/mocks/docker.go -package=mocks "github.com/aws/eks-anywhere/pkg/validations" DockerExecutable

cmd/eksctl-anywhere/cmd/createcluster.go

@@ -191,7 +191,8 @@
 		WithClusterApplier().
 		WithKubeconfigWriter(clusterSpec.Cluster).
 		WithClusterCreator(clusterSpec.Cluster).
-		WithClusterMover()
+		WithClusterMover().
+		WithAwsIamAuth(clusterSpec.Cluster)
 
 	if cc.timeoutOptions.noTimeouts {
 		factory.WithNoTimeouts()
@@ -258,12 +259,12 @@
 			deps.PackageManager,
 			deps.ClusterCreator,
 			deps.UnAuthKubectlClient,
+			deps.AwsIamAuth,
 		)
 		err = createWorkloadCluster.Run(ctx, clusterSpec, createValidations)
 
 	} else if clusterSpec.Cluster.IsSelfManaged() {
 		logger.V(1).Info("Using the eksa controller to create the management cluster")
-
 		createMgmtCluster := management.NewCreate(
 			deps.Bootstrapper,
 			deps.UnAuthKubeClient,
@@ -276,6 +277,7 @@
 			deps.ClusterCreator,
 			deps.EksaInstaller,
 			deps.ClusterMover,
+			deps.AwsIamAuth,
 		)
 
 		err = createMgmtCluster.Run(ctx, clusterSpec, createValidations)

cmd/eksctl-anywhere/cmd/upgradecluster.go

@@ -160,7 +160,8 @@
 		WithKubectl().
 		WithValidatorClients().
 		WithPackageManagerWithoutWait(clusterSpec, "", uc.managementKubeconfig).
-		WithUpgradeClusterDefaulter(upgradeCLIConfig)
+		WithUpgradeClusterDefaulter(upgradeCLIConfig).
+		WithAwsIamAuth(clusterSpec.Cluster)
 
 	if uc.timeoutOptions.noTimeouts {
 		factory.WithNoTimeouts()
@@ -214,6 +215,7 @@
 			deps.EksdInstaller,
 			deps.ClusterApplier,
 			deps.PackageManager,
+			deps.AwsIamAuth,
 		)
 
 		err = upgrade.Run(ctx, clusterSpec, managementCluster, upgradeValidations)
@@ -228,6 +230,7 @@
 			deps.ClusterApplier,
 			deps.EksdInstaller,
 			deps.PackageManager,
+			deps.AwsIamAuth,
 		)
 		err = upgradeWorkloadCluster.Run(ctx, workloadCluster, clusterSpec, upgradeValidations)
 	}

pkg/awsiamauth/installer.go

@@ -81,7 +81,7 @@ func (i *Installer) InstallAWSIAMAuth(
 		return fmt.Errorf("applying aws-iam-authenticator manifest: %v", err)
 	}
 
-	if err = i.GenerateKubeconfig(ctx, management, workload, spec); err != nil {
+	if err = i.GenerateWorkloadKubeconfig(ctx, management, workload, spec); err != nil {
 		return err
 	}
 	return nil
@@ -118,8 +118,8 @@ func (i *Installer) generateInstallerKubeconfig(clusterSpec *cluster.Spec, serve
 	return i.templateBuilder.GenerateKubeconfig(clusterSpec, i.clusterID, serverURL, tlsCert)
 }
 
-// GenerateKubeconfig generates the AWS IAM auth kubeconfig.
-func (i *Installer) GenerateKubeconfig(
+// GenerateWorkloadKubeconfig generates the AWS IAM auth kubeconfig.
+func (i *Installer) GenerateWorkloadKubeconfig(
 	ctx context.Context,
 	management, workload *types.Cluster,
 	spec *cluster.Spec,
@@ -160,8 +160,8 @@ func (i *Installer) GenerateKubeconfig(
 	return nil
 }
 
-// GenerateManagementAWSIAMKubeconfig generates the AWS IAM auth kubeconfig.
-func (i *Installer) GenerateManagementAWSIAMKubeconfig(
+// GenerateManagementKubeconfig generates the AWS IAM auth kubeconfig.
+func (i *Installer) GenerateManagementKubeconfig(
 	ctx context.Context,
 	cluster *types.Cluster,
 ) error {

pkg/awsiamauth/installer_test.go

@@ -355,7 +355,7 @@ func TestGenerateManagementAWSIAMKubeconfig(t *testing.T) {
 	installer := awsiamauth.NewInstaller(certs, clusterID, k8s, writer, kwriter)
 	kwriter.EXPECT().WriteKubeconfigContent(ctx, cluster.Name, secretValue, fileWriter)
 
-	err := installer.GenerateManagementAWSIAMKubeconfig(context.Background(), cluster)
+	err := installer.GenerateManagementKubeconfig(context.Background(), cluster)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -381,7 +381,7 @@ func TestGenerateManagementAWSIAMKubeconfigError(t *testing.T) {
 	kwriter := kubeconfigmocks.NewMockWriter(ctrl)
 	installer := awsiamauth.NewInstaller(certs, clusterID, k8s, writer, kwriter)
 
-	err := installer.GenerateManagementAWSIAMKubeconfig(context.Background(), cluster)
+	err := installer.GenerateManagementKubeconfig(context.Background(), cluster)
 	if err == nil {
 		t.Fatal(err)
 	}
@@ -410,7 +410,7 @@ func TestGenerateAWSIAMKubeconfigError(t *testing.T) {
 	installer := awsiamauth.NewInstaller(certs, clusterID, k8s, writer, kwriter)
 	kwriter.EXPECT().WriteKubeconfigContent(ctx, cluster.Name, secretValue, fileWriter).Return(errors.New("test"))
 
-	err := installer.GenerateManagementAWSIAMKubeconfig(context.Background(), cluster)
+	err := installer.GenerateManagementKubeconfig(context.Background(), cluster)
 	if err == nil {
 		t.Fatal(err)
 	}

pkg/clustermanager/cluster_manager.go

@@ -71,7 +71,6 @@ type ClusterManager struct {
 	retrier            *retrier.Retrier
 	writer             filewriter.FileWriter
 	diagnosticsFactory diagnostics.DiagnosticBundleFactory
-	awsIamAuth         AwsIamAuth
 
 	machineMaxWait                   time.Duration
 	machineBackoff                   time.Duration
@@ -100,14 +99,6 @@ type CAPIClient interface {
 	GetWorkloadKubeconfig(ctx context.Context, clusterName string, cluster *types.Cluster) ([]byte, error)
 }
 
-type AwsIamAuth interface {
-	CreateAndInstallAWSIAMAuthCASecret(ctx context.Context, managementCluster *types.Cluster, workloadClusterName string) error
-	InstallAWSIAMAuth(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error
-	UpgradeAWSIAMAuth(ctx context.Context, cluster *types.Cluster, spec *cluster.Spec) error
-	GenerateKubeconfig(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error
-	GenerateManagementAWSIAMKubeconfig(ctx context.Context, cluster *types.Cluster) error
-}
-
 // EKSAComponents allows to manage the eks-a components installation in a cluster.
 type EKSAComponents interface {
 	Install(ctx context.Context, log logr.Logger, cluster *types.Cluster, managementComponents *cluster.ManagementComponents, spec *cluster.Spec) error
@@ -122,7 +113,7 @@ func DefaultRetrier() *retrier.Retrier {
 }
 
 // New constructs a new ClusterManager.
-func New(client ClientFactory, clusterClient ClusterClient, writer filewriter.FileWriter, diagnosticBundleFactory diagnostics.DiagnosticBundleFactory, awsIamAuth AwsIamAuth, eksaComponents EKSAComponents, opts ...ClusterManagerOpt) *ClusterManager {
+func New(client ClientFactory, clusterClient ClusterClient, writer filewriter.FileWriter, diagnosticBundleFactory diagnostics.DiagnosticBundleFactory, eksaComponents EKSAComponents, opts ...ClusterManagerOpt) *ClusterManager {
 	c := &ClusterManager{
 		eksaComponents:                   eksaComponents,
 		ClientFactory:                    client,
@@ -133,7 +124,6 @@ func New(client ClientFactory, clusterClient ClusterClient, writer filewriter.Fi
 		machineMaxWait:                   DefaultMaxWaitPerMachine,
 		machineBackoff:                   machineBackoff,
 		machinesMinWait:                  defaultMachinesMinWait,
-		awsIamAuth:                       awsIamAuth,
 		controlPlaneWaitTimeout:          DefaultControlPlaneWait,
 		controlPlaneWaitAfterMoveTimeout: DefaultControlPlaneWaitAfterMove,
 		externalEtcdWaitTimeout:          DefaultEtcdWait,
@@ -395,11 +385,6 @@ func (c *ClusterManager) waitForDeployments(ctx context.Context, deploymentsByNa
 	return nil
 }
 
-// GenerateWorkloadAWSIAMKubeconfig generates a kubeconfig for interacting with the cluster with aws-iam-authenticator client.
-func (c *ClusterManager) GenerateWorkloadAWSIAMKubeconfig(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error {
-	return c.awsIamAuth.GenerateKubeconfig(ctx, management, workload, spec)
-}
-
 func (c *ClusterManager) SaveLogsManagementCluster(ctx context.Context, spec *cluster.Spec, cluster *types.Cluster) error {
 	if cluster == nil {
 		return nil
@@ -835,11 +820,6 @@ func (c *ClusterManager) pauseReconcileForCluster(ctx context.Context, clusterCr
 	return nil
 }
 
-// GenerateManagementAWSIAMKubeconfig generates a kubeconfig for interacting with the cluster with aws-iam-authenticator client.
-func (c *ClusterManager) GenerateManagementAWSIAMKubeconfig(ctx context.Context, cluster *types.Cluster) error {
-	return c.awsIamAuth.GenerateManagementAWSIAMKubeconfig(ctx, cluster)
-}
-
 func (c *ClusterManager) GetCurrentClusterSpec(ctx context.Context, clus *types.Cluster, clusterName string) (*cluster.Spec, error) {
 	eksaCluster, err := c.clusterClient.GetEksaCluster(ctx, clus, clusterName)
 	if err != nil {

pkg/clustermanager/cluster_manager_test.go

@@ -1024,7 +1024,6 @@ func newTest(t *testing.T, opts ...clustermanager.ClusterManagerOpt) *testSetup
 
 type clusterManagerMocks struct {
 	writer             *mockswriter.MockFileWriter
-	awsIamAuth         *mocksmanager.MockAwsIamAuth
 	client             *mocksmanager.MockClusterClient
 	provider           *mocksprovider.MockProvider
 	diagnosticsBundle  *mocksdiagnostics.MockDiagnosticBundle
@@ -1036,7 +1035,6 @@ func newClusterManager(t *testing.T, opts ...clustermanager.ClusterManagerOpt) (
 	mockCtrl := gomock.NewController(t)
 	m := &clusterManagerMocks{
 		writer:             mockswriter.NewMockFileWriter(mockCtrl),
-		awsIamAuth:         mocksmanager.NewMockAwsIamAuth(mockCtrl),
 		client:             mocksmanager.NewMockClusterClient(mockCtrl),
 		provider:           mocksprovider.NewMockProvider(mockCtrl),
 		diagnosticsFactory: mocksdiagnostics.NewMockDiagnosticBundleFactory(mockCtrl),
@@ -1068,7 +1066,7 @@ func newClusterManager(t *testing.T, opts ...clustermanager.ClusterManagerOpt) (
 	fakeClient := test.NewFakeKubeClient(dc, oc, b, r, ac, gc, er)
 	cf := mocksmanager.NewMockClientFactory(mockCtrl)
 	cf.EXPECT().BuildClientFromKubeconfig("").Return(fakeClient, nil).AnyTimes()
-	c := clustermanager.New(cf, m.client, m.writer, m.diagnosticsFactory, m.awsIamAuth, m.eksaComponents, opts...)
+	c := clustermanager.New(cf, m.client, m.writer, m.diagnosticsFactory, m.eksaComponents, opts...)
 
 	return c, m
 }

pkg/clustermanager/cluster_manager_wb_test.go

@@ -62,7 +62,7 @@ func TestClusterManager_totalTimeoutForMachinesReadyWait(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			c := New(nil, nil, nil, nil, nil, nil, tt.opts...)
+			c := New(nil, nil, nil, nil, nil, tt.opts...)
 			g := NewWithT(t)
 			g.Expect(c.totalTimeoutForMachinesReadyWait(tt.replicas)).To(Equal(tt.want))
 		})

pkg/dependencies/factory.go

@@ -992,7 +992,7 @@ func (f *Factory) clusterManagerOpts(timeoutOpts *ClusterManagerTimeoutOptions)
 
 // WithClusterManager builds a cluster manager based on the cluster config and timeout options.
 func (f *Factory) WithClusterManager(clusterConfig *v1alpha1.Cluster, timeoutOpts *ClusterManagerTimeoutOptions) *Factory {
-	f.WithClusterctl().WithWriter().WithDiagnosticBundleFactory().WithAwsIamAuth(clusterConfig).WithFileReader().WithUnAuthKubeClient().WithKubernetesRetrierClient().WithEKSAInstaller()
+	f.WithClusterctl().WithWriter().WithDiagnosticBundleFactory().WithFileReader().WithUnAuthKubeClient().WithKubernetesRetrierClient().WithEKSAInstaller()
 
 	f.buildSteps = append(f.buildSteps, func(ctx context.Context) error {
 		if f.dependencies.ClusterManager != nil {
@@ -1009,7 +1009,6 @@ func (f *Factory) WithClusterManager(clusterConfig *v1alpha1.Cluster, timeoutOpt
 			client,
 			f.dependencies.Writer,
 			f.dependencies.DignosticCollectorFactory,
-			f.dependencies.AwsIamAuth,
 			f.dependencies.EksaInstaller,
 			f.clusterManagerOpts(timeoutOpts)...,
 		)

pkg/task/task.go

@@ -53,6 +53,7 @@ type CommandContext struct {
 	BackupClusterStateDir string
 	ForceCleanup          bool
 	ClusterMover          interfaces.ClusterMover
+	IamAuth               interfaces.AwsIamAuth
 }
 
 func (c *CommandContext) SetError(err error) {