Skip to content

Commit 95cd97c

Browse files
authored
Merge pull request #1042 from mmerkes/release-1.31
Cherry-picked not topology labels for 1.31
2 parents 94cb7ee + 6b0dd72 commit 95cd97c

File tree

19 files changed

+735
-172
lines changed

19 files changed

+735
-172
lines changed

.github/workflows/update-deps.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
pull-requests: write
1919
steps:
2020
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
21-
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
21+
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed
2222
with:
2323
go-version-file: go.mod
2424
- name: Update Dependencies

cmd/ecr-credential-provider/main.go

Lines changed: 30 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -27,10 +27,10 @@ import (
2727
"strings"
2828
"time"
2929

30-
"github.com/aws/aws-sdk-go/aws"
31-
"github.com/aws/aws-sdk-go/aws/session"
32-
"github.com/aws/aws-sdk-go/service/ecr"
33-
"github.com/aws/aws-sdk-go/service/ecrpublic"
30+
"github.com/aws/aws-sdk-go-v2/aws"
31+
"github.com/aws/aws-sdk-go-v2/config"
32+
"github.com/aws/aws-sdk-go-v2/service/ecr"
33+
"github.com/aws/aws-sdk-go-v2/service/ecrpublic"
3434
"github.com/spf13/cobra"
3535

3636
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -46,67 +46,68 @@ var ecrPrivateHostPattern = regexp.MustCompile(`^(\d{12})\.dkr\.ecr(\-fips)?\.([
4646

4747
// ECR abstracts the calls we make to aws-sdk for testing purposes
4848
type ECR interface {
49-
GetAuthorizationToken(input *ecr.GetAuthorizationTokenInput) (*ecr.GetAuthorizationTokenOutput, error)
49+
GetAuthorizationToken(ctx context.Context, params *ecr.GetAuthorizationTokenInput, optFns ...func(*ecr.Options)) (*ecr.GetAuthorizationTokenOutput, error)
5050
}
5151

5252
// ECRPublic abstracts the calls we make to aws-sdk for testing purposes
5353
type ECRPublic interface {
54-
GetAuthorizationToken(input *ecrpublic.GetAuthorizationTokenInput) (*ecrpublic.GetAuthorizationTokenOutput, error)
54+
GetAuthorizationToken(ctx context.Context, params *ecrpublic.GetAuthorizationTokenInput, optFns ...func(*ecrpublic.Options)) (*ecrpublic.GetAuthorizationTokenOutput, error)
5555
}
5656

5757
type ecrPlugin struct {
5858
ecr ECR
5959
ecrPublic ECRPublic
6060
}
6161

62-
func defaultECRProvider(region string) (*ecr.ECR, error) {
63-
cfg := aws.Config{}
62+
func defaultECRProvider(ctx context.Context, region string) (ECR, error) {
63+
var cfg aws.Config
64+
var err error
6465
if region != "" {
6566
klog.Warningf("No region found in the image reference, the default region will be used. Please refer to AWS SDK documentation for configuration purpose.")
66-
cfg.Region = aws.String(region)
67+
cfg, err = config.LoadDefaultConfig(ctx,
68+
config.WithRegion(region),
69+
)
70+
} else {
71+
cfg, err = config.LoadDefaultConfig(ctx)
6772
}
68-
sess, err := session.NewSessionWithOptions(session.Options{
69-
Config: cfg,
70-
SharedConfigState: session.SharedConfigEnable,
71-
})
73+
7274
if err != nil {
7375
return nil, err
7476
}
7577

76-
return ecr.New(sess), nil
78+
return ecr.NewFromConfig(cfg), nil
7779
}
7880

79-
func publicECRProvider() (*ecrpublic.ECRPublic, error) {
81+
func publicECRProvider(ctx context.Context) (ECRPublic, error) {
8082
// ECR public registries are only in one region and only accessible from regions
8183
// in the "aws" partition.
82-
sess, err := session.NewSessionWithOptions(session.Options{
83-
Config: aws.Config{Region: aws.String(ecrPublicRegion)},
84-
SharedConfigState: session.SharedConfigEnable,
85-
})
84+
cfg, err := config.LoadDefaultConfig(ctx,
85+
config.WithRegion(ecrPublicRegion),
86+
)
8687
if err != nil {
8788
return nil, err
8889
}
8990

90-
return ecrpublic.New(sess), nil
91+
return ecrpublic.NewFromConfig(cfg), nil
9192
}
9293

9394
type credsData struct {
9495
authToken *string
9596
expiresAt *time.Time
9697
}
9798

98-
func (e *ecrPlugin) getPublicCredsData() (*credsData, error) {
99+
func (e *ecrPlugin) getPublicCredsData(ctx context.Context) (*credsData, error) {
99100
klog.Infof("Getting creds for public registry")
100101
var err error
101102

102103
if e.ecrPublic == nil {
103-
e.ecrPublic, err = publicECRProvider()
104+
e.ecrPublic, err = publicECRProvider(ctx)
104105
}
105106
if err != nil {
106107
return nil, err
107108
}
108109

109-
output, err := e.ecrPublic.GetAuthorizationToken(&ecrpublic.GetAuthorizationTokenInput{})
110+
output, err := e.ecrPublic.GetAuthorizationToken(ctx, &ecrpublic.GetAuthorizationTokenInput{})
110111
if err != nil {
111112
return nil, err
112113
}
@@ -125,18 +126,18 @@ func (e *ecrPlugin) getPublicCredsData() (*credsData, error) {
125126
}, nil
126127
}
127128

128-
func (e *ecrPlugin) getPrivateCredsData(imageHost string, image string) (*credsData, error) {
129+
func (e *ecrPlugin) getPrivateCredsData(ctx context.Context, imageHost string, image string) (*credsData, error) {
129130
klog.Infof("Getting creds for private image %s", image)
130131
var err error
131132

132133
if e.ecr == nil {
133134
region := parseRegionFromECRPrivateHost(imageHost)
134-
e.ecr, err = defaultECRProvider(region)
135+
e.ecr, err = defaultECRProvider(ctx, region)
135136
if err != nil {
136137
return nil, err
137138
}
138139
}
139-
output, err := e.ecr.GetAuthorizationToken(&ecr.GetAuthorizationTokenInput{})
140+
output, err := e.ecr.GetAuthorizationToken(ctx, &ecr.GetAuthorizationTokenInput{})
140141
if err != nil {
141142
return nil, err
142143
}
@@ -162,9 +163,9 @@ func (e *ecrPlugin) GetCredentials(ctx context.Context, image string, args []str
162163
}
163164

164165
if imageHost == ecrPublicHost {
165-
creds, err = e.getPublicCredsData()
166+
creds, err = e.getPublicCredsData(ctx)
166167
} else {
167-
creds, err = e.getPrivateCredsData(imageHost, image)
168+
creds, err = e.getPrivateCredsData(ctx, imageHost, image)
168169
}
169170

170171
if err != nil {
@@ -175,7 +176,7 @@ func (e *ecrPlugin) GetCredentials(ctx context.Context, image string, args []str
175176
return nil, errors.New("authorization token in response was nil")
176177
}
177178

178-
decodedToken, err := base64.StdEncoding.DecodeString(aws.StringValue(creds.authToken))
179+
decodedToken, err := base64.StdEncoding.DecodeString(aws.ToString(creds.authToken))
179180
if err != nil {
180181
return nil, err
181182
}

cmd/ecr-credential-provider/main_test.go

Lines changed: 46 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -24,24 +24,50 @@ import (
2424
"testing"
2525
"time"
2626

27-
"github.com/aws/aws-sdk-go/aws"
28-
"github.com/aws/aws-sdk-go/service/ecr"
29-
"github.com/aws/aws-sdk-go/service/ecrpublic"
30-
"github.com/golang/mock/gomock"
27+
"github.com/aws/aws-sdk-go-v2/aws"
28+
"github.com/aws/aws-sdk-go-v2/service/ecr"
29+
"github.com/aws/aws-sdk-go-v2/service/ecr/types"
30+
"github.com/aws/aws-sdk-go-v2/service/ecrpublic"
31+
publictypes "github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
32+
"github.com/stretchr/testify/mock"
3133
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
32-
"k8s.io/cloud-provider-aws/pkg/mocks"
3334
v1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1"
3435
)
3536

37+
type MockedECR struct {
38+
mock.Mock
39+
}
40+
41+
func (m *MockedECR) GetAuthorizationToken(ctx context.Context, params *ecr.GetAuthorizationTokenInput, optFns ...func(*ecr.Options)) (*ecr.GetAuthorizationTokenOutput, error) {
42+
args := m.Called(ctx, params)
43+
if args.Get(1) != nil {
44+
return args.Get(0).(*ecr.GetAuthorizationTokenOutput), args.Get(1).(error)
45+
}
46+
return args.Get(0).(*ecr.GetAuthorizationTokenOutput), nil
47+
}
48+
49+
// ECRPublic abstracts the calls we make to aws-sdk for testing purposes
50+
type MockedECRPublic struct {
51+
mock.Mock
52+
}
53+
54+
func (m *MockedECRPublic) GetAuthorizationToken(ctx context.Context, params *ecrpublic.GetAuthorizationTokenInput, optFns ...func(*ecrpublic.Options)) (*ecrpublic.GetAuthorizationTokenOutput, error) {
55+
args := m.Called(ctx, params)
56+
if args.Get(1) != nil {
57+
return args.Get(0).(*ecrpublic.GetAuthorizationTokenOutput), args.Get(1).(error)
58+
}
59+
return args.Get(0).(*ecrpublic.GetAuthorizationTokenOutput), nil
60+
}
61+
3662
func generatePrivateGetAuthorizationTokenOutput(user string, password string, proxy string, expiration *time.Time) *ecr.GetAuthorizationTokenOutput {
3763
creds := []byte(fmt.Sprintf("%s:%s", user, password))
38-
data := &ecr.AuthorizationData{
64+
data := types.AuthorizationData{
3965
AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString(creds)),
4066
ExpiresAt: expiration,
4167
ProxyEndpoint: aws.String(proxy),
4268
}
4369
output := &ecr.GetAuthorizationTokenOutput{
44-
AuthorizationData: []*ecr.AuthorizationData{data},
70+
AuthorizationData: []types.AuthorizationData{data},
4571
}
4672
return output
4773
}
@@ -60,11 +86,6 @@ func generateResponse(registry string, username string, password string) *v1.Cre
6086
}
6187

6288
func Test_GetCredentials_Private(t *testing.T) {
63-
ctrl := gomock.NewController(t)
64-
defer ctrl.Finish()
65-
66-
mockECR := mocks.NewMockECR(ctrl)
67-
6889
testcases := []struct {
6990
name string
7091
image string
@@ -109,7 +130,7 @@ func Test_GetCredentials_Private(t *testing.T) {
109130
{
110131
name: "empty authorization token",
111132
image: "123456789123.dkr.ecr.us-west-2.amazonaws.com",
112-
getAuthorizationTokenOutput: &ecr.GetAuthorizationTokenOutput{AuthorizationData: []*ecr.AuthorizationData{{}}},
133+
getAuthorizationTokenOutput: &ecr.GetAuthorizationTokenOutput{AuthorizationData: []types.AuthorizationData{{}}},
113134
getAuthorizationTokenError: nil,
114135
expectedError: errors.New("authorization token in response was nil"),
115136
},
@@ -124,19 +145,19 @@ func Test_GetCredentials_Private(t *testing.T) {
124145
name: "invalid authorization token",
125146
image: "123456789123.dkr.ecr.us-west-2.amazonaws.com",
126147
getAuthorizationTokenOutput: &ecr.GetAuthorizationTokenOutput{
127-
AuthorizationData: []*ecr.AuthorizationData{
128-
{AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(fmt.Sprint("foo"))))},
148+
AuthorizationData: []types.AuthorizationData{
149+
{AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte("foo")))},
129150
},
130151
},
131152
getAuthorizationTokenError: nil,
132153
expectedError: errors.New("error parsing username and password from authorization token"),
133154
},
134155
}
135-
136156
for _, testcase := range testcases {
137157
t.Run(testcase.name, func(t *testing.T) {
138-
p := &ecrPlugin{ecr: mockECR}
139-
mockECR.EXPECT().GetAuthorizationToken(gomock.Any()).Return(testcase.getAuthorizationTokenOutput, testcase.getAuthorizationTokenError)
158+
mockECR := MockedECR{}
159+
p := &ecrPlugin{ecr: &mockECR}
160+
mockECR.On("GetAuthorizationToken", mock.Anything, mock.Anything).Return(testcase.getAuthorizationTokenOutput, testcase.getAuthorizationTokenError)
140161

141162
creds, err := p.GetCredentials(context.TODO(), testcase.image, testcase.args)
142163

@@ -163,7 +184,7 @@ func Test_GetCredentials_Private(t *testing.T) {
163184

164185
func generatePublicGetAuthorizationTokenOutput(user string, password string, proxy string, expiration *time.Time) *ecrpublic.GetAuthorizationTokenOutput {
165186
creds := []byte(fmt.Sprintf("%s:%s", user, password))
166-
data := &ecrpublic.AuthorizationData{
187+
data := &publictypes.AuthorizationData{
167188
AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString(creds)),
168189
ExpiresAt: expiration,
169190
}
@@ -174,11 +195,6 @@ func generatePublicGetAuthorizationTokenOutput(user string, password string, pro
174195
}
175196

176197
func Test_GetCredentials_Public(t *testing.T) {
177-
ctrl := gomock.NewController(t)
178-
defer ctrl.Finish()
179-
180-
mockECRPublic := mocks.NewMockECRPublic(ctrl)
181-
182198
testcases := []struct {
183199
name string
184200
image string
@@ -211,7 +227,7 @@ func Test_GetCredentials_Public(t *testing.T) {
211227
{
212228
name: "empty authorization token",
213229
image: "public.ecr.aws",
214-
getAuthorizationTokenOutput: &ecrpublic.GetAuthorizationTokenOutput{AuthorizationData: &ecrpublic.AuthorizationData{}},
230+
getAuthorizationTokenOutput: &ecrpublic.GetAuthorizationTokenOutput{AuthorizationData: &publictypes.AuthorizationData{}},
215231
getAuthorizationTokenError: nil,
216232
expectedError: errors.New("authorization token in response was nil"),
217233
},
@@ -226,8 +242,8 @@ func Test_GetCredentials_Public(t *testing.T) {
226242
name: "invalid authorization token",
227243
image: "public.ecr.aws",
228244
getAuthorizationTokenOutput: &ecrpublic.GetAuthorizationTokenOutput{
229-
AuthorizationData: &ecrpublic.AuthorizationData{
230-
AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte(fmt.Sprint("foo")))),
245+
AuthorizationData: &publictypes.AuthorizationData{
246+
AuthorizationToken: aws.String(base64.StdEncoding.EncodeToString([]byte("foo"))),
231247
},
232248
},
233249
getAuthorizationTokenError: nil,
@@ -237,8 +253,9 @@ func Test_GetCredentials_Public(t *testing.T) {
237253

238254
for _, testcase := range testcases {
239255
t.Run(testcase.name, func(t *testing.T) {
240-
p := &ecrPlugin{ecrPublic: mockECRPublic}
241-
mockECRPublic.EXPECT().GetAuthorizationToken(gomock.Any()).Return(testcase.getAuthorizationTokenOutput, testcase.getAuthorizationTokenError)
256+
mockECRPublic := MockedECRPublic{}
257+
p := &ecrPlugin{ecrPublic: &mockECRPublic}
258+
mockECRPublic.On("GetAuthorizationToken", mock.Anything, mock.Anything).Return(testcase.getAuthorizationTokenOutput, testcase.getAuthorizationTokenError)
242259

243260
creds, err := p.GetCredentials(context.TODO(), testcase.image, testcase.args)
244261

docs/prerequisites.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ For the `aws-cloud-controller-manager` to be able to communicate to AWS APIs, yo
4444
"ec2:DetachVolume",
4545
"ec2:RevokeSecurityGroupIngress",
4646
"ec2:DescribeVpcs",
47+
"ec2:DescribeInstanceTopology",
4748
"elasticloadbalancing:AddTags",
4849
"elasticloadbalancing:AttachLoadBalancerToSubnets",
4950
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",

go.mod

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,10 @@ go 1.22.7
44

55
require (
66
github.com/aws/aws-sdk-go v1.55.5
7-
github.com/golang/mock v1.6.0
7+
github.com/aws/aws-sdk-go-v2 v1.32.2
8+
github.com/aws/aws-sdk-go-v2/config v1.28.0
9+
github.com/aws/aws-sdk-go-v2/service/ecr v1.36.2
10+
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.27.2
811
github.com/spf13/cobra v1.8.1
912
github.com/spf13/pflag v1.0.5
1013
github.com/stretchr/testify v1.9.0
@@ -27,6 +30,18 @@ require (
2730
github.com/NYTimes/gziphandler v1.1.1 // indirect
2831
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
2932
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
33+
github.com/aws/aws-sdk-go-v2/credentials v1.17.41 // indirect
34+
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 // indirect
35+
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 // indirect
36+
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 // indirect
37+
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
38+
github.com/aws/aws-sdk-go-v2/service/ec2 v1.186.0
39+
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
40+
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 // indirect
41+
github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 // indirect
42+
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 // indirect
43+
github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 // indirect
44+
github.com/aws/smithy-go v1.22.0 // indirect
3045
github.com/beorn7/perks v1.0.1 // indirect
3146
github.com/blang/semver/v4 v4.0.0 // indirect
3247
github.com/cenkalti/backoff/v4 v4.3.0 // indirect

0 commit comments

Comments
 (0)