Skip to content

Commit 53fdfc0

Browse files
barbacbdbarbacbd
committed
CORS-4053: Migrate AWS SDK to v2 in cluster/aws
** The IAM, EC2, and Route53 clients were moved to SDK v2. This included migration from session to config (and use of endpoints).
1 parent 88ba667 commit 53fdfc0

File tree

1 file changed

+75
-32
lines changed

1 file changed

+75
-32
lines changed

pkg/asset/cluster/aws/aws.go

Lines changed: 75 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -4,17 +4,23 @@ package aws
44
import (
55
"context"
66
"fmt"
7-
8-
"github.com/aws/aws-sdk-go/aws"
9-
"github.com/aws/aws-sdk-go/service/ec2"
10-
"github.com/aws/aws-sdk-go/service/iam"
11-
"github.com/aws/aws-sdk-go/service/route53"
7+
"strings"
8+
9+
"github.com/aws/aws-sdk-go-v2/aws"
10+
configv2 "github.com/aws/aws-sdk-go-v2/config"
11+
"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
12+
"github.com/aws/aws-sdk-go-v2/service/ec2"
13+
ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types"
14+
"github.com/aws/aws-sdk-go-v2/service/iam"
15+
iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types"
16+
"github.com/aws/aws-sdk-go-v2/service/route53"
17+
r53types "github.com/aws/aws-sdk-go-v2/service/route53/types"
18+
"github.com/aws/aws-sdk-go-v2/service/sts"
1219
"github.com/pkg/errors"
1320
"github.com/sirupsen/logrus"
1421
"k8s.io/apimachinery/pkg/util/sets"
1522

1623
"github.com/openshift/installer/pkg/asset/installconfig"
17-
awsic "github.com/openshift/installer/pkg/asset/installconfig/aws"
1824
"github.com/openshift/installer/pkg/types"
1925
awstypes "github.com/openshift/installer/pkg/types/aws"
2026
)
@@ -68,39 +74,60 @@ func tagSharedVPCResources(ctx context.Context, clusterID string, installConfig
6874
return err
6975
}
7076

71-
ids := make([]*string, 0, len(privateSubnets)+len(publicSubnets)+len(edgeSubnets))
77+
ids := make([]string, 0, len(privateSubnets)+len(publicSubnets)+len(edgeSubnets))
7278
for id := range privateSubnets {
73-
ids = append(ids, aws.String(id))
79+
ids = append(ids, id)
7480
}
7581
for id := range publicSubnets {
76-
ids = append(ids, aws.String(id))
82+
ids = append(ids, id)
7783
}
7884
for id := range edgeSubnets {
79-
ids = append(ids, aws.String(id))
85+
ids = append(ids, id)
8086
}
8187

82-
session, err := installConfig.AWS.Session(ctx)
88+
tagKey, tagValue := sharedTag(clusterID)
89+
90+
cfg, err := configv2.LoadDefaultConfig(ctx, configv2.WithRegion(installConfig.Config.Platform.AWS.Region))
8391
if err != nil {
84-
return errors.Wrap(err, "could not create AWS session")
92+
return fmt.Errorf("failed to load AWS config: %w", err)
8593
}
8694

87-
tagKey, tagValue := sharedTag(clusterID)
95+
ec2Client := ec2.NewFromConfig(cfg, func(options *ec2.Options) {
96+
options.Region = installConfig.Config.Platform.AWS.Region
97+
for _, endpoint := range installConfig.Config.AWS.ServiceEndpoints {
98+
if strings.EqualFold(endpoint.Name, "ec2") {
99+
options.BaseEndpoint = aws.String(endpoint.URL)
100+
}
101+
}
102+
})
88103

89-
ec2Client := ec2.New(session, aws.NewConfig().WithRegion(installConfig.Config.Platform.AWS.Region))
90-
if _, err = ec2Client.CreateTagsWithContext(ctx, &ec2.CreateTagsInput{
104+
if _, err = ec2Client.CreateTags(ctx, &ec2.CreateTagsInput{
91105
Resources: ids,
92-
Tags: []*ec2.Tag{{Key: &tagKey, Value: &tagValue}},
106+
Tags: []ec2types.Tag{{Key: &tagKey, Value: &tagValue}},
93107
}); err != nil {
94108
return errors.Wrap(err, "could not add tags to subnets")
95109
}
96110

97111
if zone := installConfig.Config.AWS.HostedZone; zone != "" {
98-
r53cfg := awsic.GetR53ClientCfg(session, installConfig.Config.AWS.HostedZoneRole)
99-
route53Client := route53.New(session, r53cfg)
100-
if _, err := route53Client.ChangeTagsForResourceWithContext(ctx, &route53.ChangeTagsForResourceInput{
101-
ResourceType: aws.String("hostedzone"),
112+
stsSvc := sts.NewFromConfig(cfg)
113+
creds := stscreds.NewAssumeRoleProvider(stsSvc, installConfig.Config.AWS.HostedZoneRole)
114+
// The credentials for this config are set after the other uses. In the event that more
115+
// clients use the config, a new config should be created.
116+
cfg.Credentials = aws.NewCredentialsCache(creds)
117+
118+
route53Client := route53.NewFromConfig(cfg, func(options *route53.Options) {
119+
options.Region = installConfig.Config.Platform.AWS.Region
120+
for _, endpoint := range installConfig.Config.AWS.ServiceEndpoints {
121+
if strings.EqualFold(endpoint.Name, "route53") {
122+
options.BaseEndpoint = aws.String(endpoint.URL)
123+
}
124+
}
125+
})
126+
127+
if _, err := route53Client.ChangeTagsForResource(ctx, &route53.ChangeTagsForResourceInput{
128+
ResourceType: r53types.TagResourceTypeHostedzone,
102129
ResourceId: aws.String(zone),
103-
AddTags: []*route53.Tag{{Key: &tagKey, Value: &tagValue}},
130+
AddTags: []r53types.Tag{{Key: &tagKey, Value: &tagValue}},
104131
}); err != nil {
105132
return errors.Wrap(err, "could not add tags to hosted zone")
106133
}
@@ -145,18 +172,26 @@ func tagSharedIAMRoles(ctx context.Context, clusterID string, installConfig *ins
145172

146173
logrus.Debugf("Tagging shared instance roles: %v", sets.List(iamRoles))
147174

148-
session, err := installConfig.AWS.Session(ctx)
175+
tagKey, tagValue := sharedTag(clusterID)
176+
177+
cfg, err := configv2.LoadDefaultConfig(ctx, configv2.WithRegion(installConfig.Config.Platform.AWS.Region))
149178
if err != nil {
150-
return fmt.Errorf("could not create AWS session: %w", err)
179+
return fmt.Errorf("failed to load AWS config: %w", err)
151180
}
152181

153-
tagKey, tagValue := sharedTag(clusterID)
182+
iamClient := iam.NewFromConfig(cfg, func(options *iam.Options) {
183+
options.Region = installConfig.Config.Platform.AWS.Region
184+
for _, endpoint := range installConfig.Config.AWS.ServiceEndpoints {
185+
if strings.EqualFold(endpoint.Name, "iam") {
186+
options.BaseEndpoint = aws.String(endpoint.URL)
187+
}
188+
}
189+
})
154190

155-
iamClient := iam.New(session, aws.NewConfig().WithRegion(installConfig.Config.Platform.AWS.Region))
156191
for role := range iamRoles {
157-
if _, err := iamClient.TagRoleWithContext(ctx, &iam.TagRoleInput{
192+
if _, err := iamClient.TagRole(ctx, &iam.TagRoleInput{
158193
RoleName: aws.String(role),
159-
Tags: []*iam.Tag{
194+
Tags: []iamtypes.Tag{
160195
{Key: aws.String(tagKey), Value: aws.String(tagValue)},
161196
},
162197
}); err != nil {
@@ -207,17 +242,25 @@ func tagSharedIAMProfiles(ctx context.Context, clusterID string, installConfig *
207242

208243
logrus.Debugf("Tagging shared instance profiles: %v", sets.List(iamProfileNames))
209244

210-
session, err := installConfig.AWS.Session(ctx)
245+
cfg, err := configv2.LoadDefaultConfig(ctx, configv2.WithRegion(installConfig.Config.Platform.AWS.Region))
211246
if err != nil {
212-
return errors.Wrap(err, "could not create AWS session")
247+
return fmt.Errorf("failed loading default config: %w", err)
213248
}
214-
iamClient := iam.New(session, aws.NewConfig().WithRegion(installConfig.Config.AWS.Region))
249+
250+
iamClient := iam.NewFromConfig(cfg, func(options *iam.Options) {
251+
options.Region = installConfig.Config.Platform.AWS.Region
252+
for _, endpoint := range installConfig.Config.AWS.ServiceEndpoints {
253+
if strings.EqualFold(endpoint.Name, "iam") {
254+
options.BaseEndpoint = aws.String(endpoint.URL)
255+
}
256+
}
257+
})
215258

216259
tagKey, tagValue := sharedTag(clusterID)
217260
for name := range iamProfileNames {
218-
if _, err := iamClient.TagInstanceProfileWithContext(ctx, &iam.TagInstanceProfileInput{
261+
if _, err := iamClient.TagInstanceProfile(ctx, &iam.TagInstanceProfileInput{
219262
InstanceProfileName: aws.String(name),
220-
Tags: []*iam.Tag{
263+
Tags: []iamtypes.Tag{
221264
{Key: aws.String(tagKey), Value: aws.String(tagValue)},
222265
},
223266
}); err != nil {

0 commit comments

Comments
 (0)