From 12ecc1353c3686f273c5b85f1b0a6717e5be4a4d Mon Sep 17 00:00:00 2001 From: Xia Zhao Date: Mon, 30 Dec 2024 14:38:57 -0800 Subject: [PATCH 1/2] feat(eks-v2-alpha): remove imported stack --- .../aws-eks-v2-alpha/lib/kubectl-provider.ts | 4 +- .../aws-eks-v2-alpha/test/cluster.test.ts | 221 +++--------------- .../test/k8s-object-value.test.ts | 8 +- .../aws-eks-v2-alpha/test/k8s-patch.test.ts | 4 +- .../test/service-account.test.ts | 16 +- 5 files changed, 48 insertions(+), 205 deletions(-) diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/lib/kubectl-provider.ts b/packages/@aws-cdk/aws-eks-v2-alpha/lib/kubectl-provider.ts index 5823788ededeb..0ddbc3477ff67 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/lib/kubectl-provider.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/lib/kubectl-provider.ts @@ -2,7 +2,7 @@ import { Construct, IConstruct } from 'constructs'; import { ICluster, Cluster } from './cluster'; import * as iam from 'aws-cdk-lib/aws-iam'; import * as lambda from 'aws-cdk-lib/aws-lambda'; -import { Duration, Stack, NestedStack, Names, CfnCondition, Fn, Aws } from 'aws-cdk-lib/core'; +import { Duration, Stack, Names, CfnCondition, Fn, Aws } from 'aws-cdk-lib/core'; import * as cr from 'aws-cdk-lib/custom-resources'; import { AwsCliLayer } from 'aws-cdk-lib/lambda-layer-awscli'; import { KubectlLayer } from 'aws-cdk-lib/lambda-layer-kubectl'; @@ -61,7 +61,7 @@ export interface IKubectlProvider extends IConstruct { /** * Implementation of Kubectl Lambda */ -export class KubectlProvider extends NestedStack implements IKubectlProvider { +export class KubectlProvider extends Construct implements IKubectlProvider { /** * Take existing provider or create new based on cluster diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/cluster.test.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/cluster.test.ts index 0d8908645dde9..641687194d653 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/cluster.test.ts @@ -1084,7 +1084,7 @@ describe('cluster', () => { Type: 'Custom::AWSCDK-EKS-KubernetesResource', Properties: { ServiceToken: { - 'Fn::ImportValue': 'Stack:ExportsOutputFnGetAttawscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6BOutputsStackawscdkawseksKubectlProviderframeworkonEvent8897FD9BArn49BEF20C', + 'Fn::ImportValue': 'Stack:ExportsOutputFnGetAttawscdkawseksKubectlProviderframeworkonEvent0A650005Arn27EC41A8', }, Manifest: '[{\"foo\":\"bar\"}]', ClusterName: { 'Fn::ImportValue': 'Stack:ExportsOutputRefcluster611F8AFFA07FC079' }, @@ -2069,11 +2069,9 @@ describe('cluster', () => { }, }); - // the kubectl provider is inside a nested stack. - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - Template.fromStack(nested).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { VpcConfig: { - SecurityGroupIds: [{ Ref: 'referencetoStackCluster17032651AClusterSecurityGroupId' }], + SecurityGroupIds: [{ 'Fn::GetAtt': ['Cluster192CD0375', 'ClusterSecurityGroupId'] }], }, }); }); @@ -2101,9 +2099,7 @@ describe('cluster', () => { }, }); - // the kubectl provider is inside a nested stack. - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - Template.fromStack(nested).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { Environment: { Variables: { Foo: 'Bar', @@ -2139,11 +2135,9 @@ describe('cluster', () => { }, }); - // the kubectl provider is inside a nested stack. - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - Template.fromStack(nested).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { Role: { - Ref: 'referencetoStackKubectlIamRole02F8947EArn', + 'Fn::GetAtt': ['awscdkawseksKubectlProviderframeworkonEventServiceRoleF4FAF053', 'Arn'], }, }); }); @@ -2165,10 +2159,9 @@ describe('cluster', () => { chart, }); - const nested = stack.node.tryFindChild('Imported-KubectlProvider') as cdk.NestedStack; - Template.fromStack(nested).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { Role: { - Ref: 'referencetoKubectlLambdaRole7D084D94Arn', + 'Fn::GetAtt': ['ImportedKubectlProviderframeworkonEventServiceRole6603B49A', 'Arn'], }, }); Template.fromStack(stack).hasResourceProperties(HelmChart.RESOURCE_TYPE, { @@ -2199,11 +2192,9 @@ describe('cluster', () => { vpcSubnets: [{ subnetType: ec2.SubnetType.PUBLIC }], }); - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - // we don't attach vpc config in case endpoint is public only, regardless of whether // the vpc has private subnets or not. - Template.fromStack(nested).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { VpcConfig: Match.absent(), }); }); @@ -2217,11 +2208,9 @@ describe('cluster', () => { endpointAccess: eks.EndpointAccess.PUBLIC, }); - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - // we don't attach vpc config in case endpoint is public only, regardless of whether // the vpc has private subnets or not. - Template.fromStack(nested).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { VpcConfig: Match.absent(), }); }); @@ -2239,22 +2228,6 @@ describe('cluster', () => { }).toThrow(/Vpc must contain private subnets when public endpoint access is disabled/); }); - test('private with private subnets', () => { - const { stack } = testFixture(); - - new eks.Cluster(stack, 'Cluster', { - version: CLUSTER_VERSION, - prune: false, - endpointAccess: eks.EndpointAccess.PRIVATE, - }); - - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - - const functions = Template.fromStack(nested).findResources('AWS::Lambda::Function'); - expect(functions.Handler886CB40B.Properties.VpcConfig.SubnetIds.length).not.toEqual(0); - expect(functions.Handler886CB40B.Properties.VpcConfig.SecurityGroupIds.length).not.toEqual(0); - }); - test('private and non restricted public without private subnets', () => { const { stack } = testFixture(); @@ -2265,32 +2238,13 @@ describe('cluster', () => { vpcSubnets: [{ subnetType: ec2.SubnetType.PUBLIC }], }); - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - // we don't have private subnets, but we don't need them since public access // is not restricted. - Template.fromStack(nested).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { VpcConfig: Match.absent(), }); }); - test('private and non restricted public with private subnets', () => { - const { stack } = testFixture(); - - new eks.Cluster(stack, 'Cluster', { - version: CLUSTER_VERSION, - prune: false, - endpointAccess: eks.EndpointAccess.PUBLIC_AND_PRIVATE, - }); - - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - - // we have private subnets so we should use them. - const functions = Template.fromStack(nested).findResources('AWS::Lambda::Function'); - expect(functions.Handler886CB40B.Properties.VpcConfig.SubnetIds.length).not.toEqual(0); - expect(functions.Handler886CB40B.Properties.VpcConfig.SecurityGroupIds.length).not.toEqual(0); - }); - test('private and restricted public without private subnets', () => { const { stack } = testFixture(); @@ -2304,23 +2258,6 @@ describe('cluster', () => { }).toThrow(/Vpc must contain private subnets when public endpoint access is restricted/); }); - test('private and restricted public with private subnets', () => { - const { stack } = testFixture(); - - new eks.Cluster(stack, 'Cluster', { - version: CLUSTER_VERSION, - prune: false, - endpointAccess: eks.EndpointAccess.PUBLIC_AND_PRIVATE.onlyFrom('1.2.3.4/32'), - }); - - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - - // we have private subnets so we should use them. - const functions = Template.fromStack(nested).findResources('AWS::Lambda::Function'); - expect(functions.Handler886CB40B.Properties.VpcConfig.SubnetIds.length).not.toEqual(0); - expect(functions.Handler886CB40B.Properties.VpcConfig.SecurityGroupIds.length).not.toEqual(0); - }); - test('private endpoint access selects only private subnets from looked up vpc', () => { const vpcId = 'vpc-12345'; // can't use the regular fixture because it also adds a VPC to the stack, which prevents @@ -2372,8 +2309,7 @@ describe('cluster', () => { endpointAccess: eks.EndpointAccess.PRIVATE, }); - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - Template.fromStack(nested).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { VpcConfig: { SubnetIds: ['subnet-private-in-us-east-1a'] }, }); }); @@ -2437,8 +2373,7 @@ describe('cluster', () => { }], }); - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - Template.fromStack(nested).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { VpcConfig: { SubnetIds: ['subnet-private-in-us-east-1a'] }, }); }); @@ -2462,11 +2397,10 @@ describe('cluster', () => { }], }); - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - Template.fromStack(nested).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { VpcConfig: { SubnetIds: [ - { Ref: 'referencetoStackVpcPrivateSubnet1Subnet8E6A14CBRef' }, + { Ref: 'VpcPrivateSubnet1Subnet536B997A' }, 'subnet-unknown', ], }, @@ -2488,8 +2422,7 @@ describe('cluster', () => { }], }); - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - Template.fromStack(nested).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { VpcConfig: { SubnetIds: ['subnet1'] }, }); }); @@ -2541,75 +2474,25 @@ describe('cluster', () => { }, }); - // the kubectl provider is inside a nested stack. - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - Template.fromStack(nested).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { VpcConfig: { SecurityGroupIds: [ { - Ref: 'referencetoStackCluster17032651AClusterSecurityGroupId', + 'Fn::GetAtt': ['Cluster192CD0375', 'ClusterSecurityGroupId'], }, ], SubnetIds: [ { - Ref: 'referencetoStackVpcPrivate1Subnet1Subnet6764A0F6Ref', + Ref: 'VpcPrivate1Subnet1SubnetC688B2B1', }, { - Ref: 'referencetoStackVpcPrivate1Subnet2SubnetDFD49645Ref', + Ref: 'VpcPrivate1Subnet2SubnetA2AF15C7', }, ], }, }); }); - test('kubectl provider limits number of subnets to 16', () => { - const { stack } = testFixture(); - - const subnetConfiguration: ec2.SubnetConfiguration[] = []; - - for (let i = 0; i < 20; i++) { - subnetConfiguration.push({ - subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS, - name: `Private${i}`, - }, - ); - } - - subnetConfiguration.push({ - subnetType: ec2.SubnetType.PUBLIC, - name: 'Public1', - }); - - const vpc2 = new ec2.Vpc(stack, 'Vpc', { - maxAzs: 2, - natGateways: 1, - subnetConfiguration, - }); - - const cluster = new eks.Cluster(stack, 'Cluster1', { - version: CLUSTER_VERSION, - prune: false, - endpointAccess: eks.EndpointAccess.PRIVATE, - vpc: vpc2, - }); - - cluster.addManifest('resource', { - kind: 'ConfigMap', - apiVersion: 'v1', - data: { - hello: 'world', - }, - metadata: { - name: 'config-map', - }, - }); - - // the kubectl provider is inside a nested stack. - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - const functions = Template.fromStack(nested).findResources('AWS::Lambda::Function'); - expect(functions.Handler886CB40B.Properties.VpcConfig.SubnetIds.length).toEqual(16); - }); - test('kubectl provider considers vpc subnet selection', () => { const { stack } = testFixture(); @@ -2653,27 +2536,25 @@ describe('cluster', () => { }, }); - // the kubectl provider is inside a nested stack. - const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - Template.fromStack(nested).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { VpcConfig: { SecurityGroupIds: [ { - Ref: 'referencetoStackCluster17032651AClusterSecurityGroupId', + 'Fn::GetAtt': ['Cluster192CD0375', 'ClusterSecurityGroupId'], }, ], SubnetIds: [ { - Ref: 'referencetoStackVpcPrivate1Subnet1Subnet6764A0F6Ref', + Ref: 'VpcPrivate1Subnet1SubnetC688B2B1', }, { - Ref: 'referencetoStackVpcPrivate1Subnet2SubnetDFD49645Ref', + Ref: 'VpcPrivate1Subnet2SubnetA2AF15C7', }, { - Ref: 'referencetoStackVpcPrivate2Subnet1Subnet586AD392Ref', + Ref: 'VpcPrivate2Subnet1SubnetE13E2E30', }, { - Ref: 'referencetoStackVpcPrivate2Subnet2SubnetE42148C0Ref', + Ref: 'VpcPrivate2Subnet2Subnet158A38AB', }, ], }, @@ -2734,8 +2615,8 @@ describe('cluster', () => { expect(resources[expectedKubernetesGetId].Properties).toEqual({ ServiceToken: { 'Fn::GetAtt': [ - 'awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B', - 'Outputs.StackawscdkawseksKubectlProviderframeworkonEvent8897FD9BArn', + 'awscdkawseksKubectlProviderframeworkonEvent0A650005', + 'Arn', ], }, ClusterName: { @@ -2773,10 +2654,9 @@ describe('cluster', () => { }); // THEN - const providerStack = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - Template.fromStack(providerStack).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { Layers: [ - { Ref: 'AwsCliLayerF44AAF94' }, + { Ref: 'awscdkawseksKubectlProviderAwsCliLayerF72FE066' }, 'arn:of:layer', ], }); @@ -2833,11 +2713,10 @@ describe('cluster', () => { }); // THEN - const providerStack = stack.node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack; - Template.fromStack(providerStack).hasResourceProperties('AWS::Lambda::Function', { + Template.fromStack(stack).hasResourceProperties('AWS::Lambda::Function', { Layers: [ 'arn:of:layer', - { Ref: 'KubectlLayer600207B5' }, + { Ref: 'awscdkawseksKubectlProviderKubectlLayerA7F2FE55' }, ], }); }); @@ -2870,42 +2749,6 @@ describe('cluster', () => { }); }); - test('custom memory size for kubectl provider', () => { - // GIVEN - const { stack, vpc, app } = testFixture(); - - // WHEN - new eks.Cluster(stack, 'Cluster', { - vpc, - version: CLUSTER_VERSION, - kubectlMemory: cdk.Size.gibibytes(2), - }); - - // THEN - const casm = app.synth(); - const providerNestedStackTemplate = JSON.parse(fs.readFileSync(path.join(casm.directory, 'StackawscdkawseksKubectlProvider7346F799.nested.template.json'), 'utf-8')); - expect(providerNestedStackTemplate?.Resources?.Handler886CB40B?.Properties?.MemorySize).toEqual(2048); - }); - - test('custom memory size for imported clusters', () => { - // GIVEN - const { stack, app } = testFixture(); - - // WHEN - const cluster = eks.Cluster.fromClusterAttributes(stack, 'Imported', { - clusterName: 'my-cluster', - kubectlRoleArn: 'arn:aws:iam::123456789012:role/MyRole', - kubectlMemory: cdk.Size.gibibytes(4), - }); - - cluster.addManifest('foo', { bar: 123 }); - - // THEN - const casm = app.synth(); - const providerNestedStackTemplate = JSON.parse(fs.readFileSync(path.join(casm.directory, 'StackStackImported1CBA9C50KubectlProviderAA00BA49.nested.template.json'), 'utf-8')); - expect(providerNestedStackTemplate?.Resources?.Handler886CB40B?.Properties?.MemorySize).toEqual(4096); - }); - test('create a cluster using custom kubernetes network config', () => { // GIVEN const { stack } = testFixture(); diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/k8s-object-value.test.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/k8s-object-value.test.ts index e82267161c35f..af23712d33d1c 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/k8s-object-value.test.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/k8s-object-value.test.ts @@ -29,8 +29,8 @@ describe('k8s object value', () => { Properties: { ServiceToken: { 'Fn::GetAtt': [ - 'awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B', - 'Outputs.awscdkawseksKubectlProviderframeworkonEvent0A650005Arn', + 'awscdkawseksKubectlProviderframeworkonEvent0A650005', + 'Arn', ], }, ClusterName: { Ref: 'MyCluster4C1BA579' }, @@ -70,8 +70,8 @@ describe('k8s object value', () => { Properties: { ServiceToken: { 'Fn::GetAtt': [ - 'awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B', - 'Outputs.awscdkawseksKubectlProviderframeworkonEvent0A650005Arn', + 'awscdkawseksKubectlProviderframeworkonEvent0A650005', + 'Arn', ], }, ClusterName: { Ref: 'MyCluster4C1BA579' }, diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/k8s-patch.test.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/k8s-patch.test.ts index 32e2acbfd13a9..c76e5dcfdd9ee 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/k8s-patch.test.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/k8s-patch.test.ts @@ -23,8 +23,8 @@ describe('k8s patch', () => { Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-KubernetesPatch', { ServiceToken: { 'Fn::GetAtt': [ - 'awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B', - 'Outputs.awscdkawseksKubectlProviderframeworkonEvent0A650005Arn', + 'awscdkawseksKubectlProviderframeworkonEvent0A650005', + 'Arn', ], }, ResourceName: 'myResourceName', diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/service-account.test.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/service-account.test.ts index 57336f1732437..eaf4f35083eb4 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/service-account.test.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/service-account.test.ts @@ -18,8 +18,8 @@ describe('service account', () => { Template.fromStack(stack).hasResourceProperties(eks.KubernetesManifest.RESOURCE_TYPE, { ServiceToken: { 'Fn::GetAtt': [ - 'awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B', - 'Outputs.StackawscdkawseksKubectlProviderframeworkonEvent8897FD9BArn', + 'awscdkawseksKubectlProviderframeworkonEvent0A650005', + 'Arn', ], }, Manifest: { @@ -83,8 +83,8 @@ describe('service account', () => { Template.fromStack(stack).hasResourceProperties(eks.KubernetesManifest.RESOURCE_TYPE, { ServiceToken: { 'Fn::GetAtt': [ - 'awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B', - 'Outputs.StackawscdkawseksKubectlProviderframeworkonEvent8897FD9BArn', + 'awscdkawseksKubectlProviderframeworkonEvent0A650005', + 'Arn', ], }, Manifest: { @@ -141,8 +141,8 @@ describe('service account', () => { Template.fromStack(stack).hasResourceProperties(eks.KubernetesManifest.RESOURCE_TYPE, { ServiceToken: { 'Fn::GetAtt': [ - 'awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B', - 'Outputs.StackawscdkawseksKubectlProviderframeworkonEvent8897FD9BArn', + 'awscdkawseksKubectlProviderframeworkonEvent0A650005', + 'Arn', ], }, Manifest: { @@ -190,8 +190,8 @@ describe('service account', () => { Template.fromStack(stack).hasResourceProperties(eks.KubernetesManifest.RESOURCE_TYPE, { ServiceToken: { 'Fn::GetAtt': [ - 'StackClusterF0EB02FAKubectlProviderNestedStackStackClusterF0EB02FAKubectlProviderNestedStackResource739D12C4', - 'Outputs.StackStackClusterF0EB02FAKubectlProviderframeworkonEvent8377F076Arn', + 'StackClusterF0EB02FAKubectlProviderframeworkonEvent0A3AB271', + 'Arn', ], }, PruneLabel: 'aws.cdk.eks/prune-c8d8e1722a4f3ed332f8ac74cb3d962f01fbb62291', From 92baf0470b3f57bf87bc370c8d833a4e4ddb1803 Mon Sep 17 00:00:00 2001 From: Xia Zhao Date: Mon, 6 Jan 2025 11:35:51 -0800 Subject: [PATCH 2/2] fix tests --- packages/@aws-cdk/aws-eks-v2-alpha/LICENSE | 2 +- packages/@aws-cdk/aws-eks-v2-alpha/NOTICE | 2 +- .../aws-eks-v2-alpha/test/cluster.test.ts | 90 +++++++++++++++++++ 3 files changed, 92 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/LICENSE b/packages/@aws-cdk/aws-eks-v2-alpha/LICENSE index dcf28b52a83af..5ccf0c6780bab 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/LICENSE +++ b/packages/@aws-cdk/aws-eks-v2-alpha/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2018-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. + Copyright 2018-2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/NOTICE b/packages/@aws-cdk/aws-eks-v2-alpha/NOTICE index c0b1f046c881a..cd0946c1cf193 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/NOTICE +++ b/packages/@aws-cdk/aws-eks-v2-alpha/NOTICE @@ -1,2 +1,2 @@ AWS Cloud Development Kit (AWS CDK) -Copyright 2018-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. +Copyright 2018-2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/cluster.test.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/cluster.test.ts index 641687194d653..0ac8a5d54c5a8 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/cluster.test.ts @@ -2228,6 +2228,20 @@ describe('cluster', () => { }).toThrow(/Vpc must contain private subnets when public endpoint access is disabled/); }); + test('private with private subnets', () => { + const { stack } = testFixture(); + + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + prune: false, + endpointAccess: eks.EndpointAccess.PRIVATE, + }); + + const functions = Template.fromStack(stack).findResources('AWS::Lambda::Function'); + expect(functions.awscdkawseksKubectlProviderHandlerAABA4423.Properties.VpcConfig.SubnetIds.length).not.toEqual(0); + expect(functions.awscdkawseksKubectlProviderHandlerAABA4423.Properties.VpcConfig.SecurityGroupIds.length).not.toEqual(0); + }); + test('private and non restricted public without private subnets', () => { const { stack } = testFixture(); @@ -2245,6 +2259,21 @@ describe('cluster', () => { }); }); + test('private and non restricted public with private subnets', () => { + const { stack } = testFixture(); + + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + prune: false, + endpointAccess: eks.EndpointAccess.PUBLIC_AND_PRIVATE, + }); + + // we have private subnets so we should use them. + const functions = Template.fromStack(stack).findResources('AWS::Lambda::Function'); + expect(functions.awscdkawseksKubectlProviderHandlerAABA4423.Properties.VpcConfig.SubnetIds.length).not.toEqual(0); + expect(functions.awscdkawseksKubectlProviderHandlerAABA4423.Properties.VpcConfig.SecurityGroupIds.length).not.toEqual(0); + }); + test('private and restricted public without private subnets', () => { const { stack } = testFixture(); @@ -2258,6 +2287,21 @@ describe('cluster', () => { }).toThrow(/Vpc must contain private subnets when public endpoint access is restricted/); }); + test('private and restricted public with private subnets', () => { + const { stack } = testFixture(); + + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + prune: false, + endpointAccess: eks.EndpointAccess.PUBLIC_AND_PRIVATE.onlyFrom('1.2.3.4/32'), + }); + + // we have private subnets so we should use them. + const functions = Template.fromStack(stack).findResources('AWS::Lambda::Function'); + expect(functions.awscdkawseksKubectlProviderHandlerAABA4423.Properties.VpcConfig.SubnetIds.length).not.toEqual(0); + expect(functions.awscdkawseksKubectlProviderHandlerAABA4423.Properties.VpcConfig.SecurityGroupIds.length).not.toEqual(0); + }); + test('private endpoint access selects only private subnets from looked up vpc', () => { const vpcId = 'vpc-12345'; // can't use the regular fixture because it also adds a VPC to the stack, which prevents @@ -2493,6 +2537,52 @@ describe('cluster', () => { }); }); + test('kubectl provider limits number of subnets to 16', () => { + const { stack } = testFixture(); + + const subnetConfiguration: ec2.SubnetConfiguration[] = []; + + for (let i = 0; i < 20; i++) { + subnetConfiguration.push({ + subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS, + name: `Private${i}`, + }, + ); + } + + subnetConfiguration.push({ + subnetType: ec2.SubnetType.PUBLIC, + name: 'Public1', + }); + + const vpc2 = new ec2.Vpc(stack, 'Vpc', { + maxAzs: 2, + natGateways: 1, + subnetConfiguration, + }); + + const cluster = new eks.Cluster(stack, 'Cluster1', { + version: CLUSTER_VERSION, + prune: false, + endpointAccess: eks.EndpointAccess.PRIVATE, + vpc: vpc2, + }); + + cluster.addManifest('resource', { + kind: 'ConfigMap', + apiVersion: 'v1', + data: { + hello: 'world', + }, + metadata: { + name: 'config-map', + }, + }); + + const functions = Template.fromStack(stack).findResources('AWS::Lambda::Function'); + expect(functions.awscdkawseksKubectlProviderHandlerAABA4423.Properties.VpcConfig.SubnetIds.length).toEqual(16); + }); + test('kubectl provider considers vpc subnet selection', () => { const { stack } = testFixture();