eks: cluster version update

[bonifaido]

Q	A
Bug fix?	no
New feature?	yes
API breaks?	no
Deprecations?	no
Related tickets	partially #3094
License	Apache 2.0

What's in this PR?

Basic implementation of EKS cluster version update.

Why?

Additional context

Testable until the CLI implementation becomes available with:

curl -k -X 'PUT' -H 'Accept: application/json' \
-H "Authorization: Bearer ${PIPELINE_API_TOKEN}" \
-H 'Content-Type: application/json' \
https://127.0.0.1:9090/pipeline/api/v1/orgs/1/clusters/1/update \
-d '{"version":"1.17"}'

Checklist

• Implementation tested (with at least one cloud provider)
• Code meets the Developer Guide
• OpenAPI and Postman files updated (if needed)

[pregnor]

There is only 1 required change among my comments, the cluster status error message handling, otherwise it looks generally good with a couple of questions/remarks from me to discuss.

[pregnor]

My requested changes were implemented.

The topic of the proper separation of the cluster version and node pool upgrade flows are still up for discussion, but even if we decide to change the location of separation/branching we can implement it in another PR if we wish.
(It can still be discussed and implemented here, I'm just not sure this PR is the right way to do it, maybe it calls for a separate discussion or an ADR proposal.)

[sagikazarmark]

Can it be clusters instead?

[sagikazarmark]

I guess it would collide with the existing cluster update operation, but I don't care about that much. We don't have a BC promise for the generated code.

[bonifaido]

fixed, thanks.

[sagikazarmark]

Can we make it look like the node pool upgrade request?

[bonifaido]

The nodepool update request looks a bit bad to me, it has cloud or distribution for example. Or do you mean the EKS part?

[sagikazarmark]

I mean this:

        UpdateNodePoolRequest:
            oneOf:
                - $ref: '#/components/schemas/EksUpdateNodePoolRequest'

We should have a similar structure for clusters IMHO.

[pregnor]

Note: this is out of scope for this PR, but we should update the the 409 Conflict error and message here, because it refers to the secret by default.
https://github.com/banzaicloud/pipeline/pull/3123/files#diff-2b6bfc5b5d040867ca5e5f7b1df191f1R11868-R11869

Also we should update the 403 Access Denied message at the default values, because it seems to be misphrased You are unauthorized to perform this action access resource..
https://github.com/banzaicloud/pipeline/pull/3123/files#diff-2b6bfc5b5d040867ca5e5f7b1df191f1R11908-R11909

[sagikazarmark]

I guess it would collide with the existing cluster update operation, but I don't care about that much. We don't have a BC promise for the generated code.

[sagikazarmark]

Is this a cadence library thing? We should keep in mind that we want to generate these, so we should follow the patterns that we set out in the closed repo.

[bonifaido]

This is just a wrapper to not to rely directly on the AWS lib, for mocking. @pregnor am I right?

[pregnor]

That's correct, we use it for test mocking purposes to be able to provide a mocked API in place of an eksiface.EKSAPI, we did it similarly with the CloudFormation factories and client/service interfaces.

Context for people out of loop: It helps the Cadence activities to have a constructor argument/field for factories returning client/service interfaces to the corresponding AWS APIs so we don't use eks.New(awsSession) because it makes test mocking much more difficult as it creates a real API object, this way we can use a EKSFactoryMock{} object in place of the real factory wrapping the New() call which allows us to write extensive mock tests as we can control the returned API mock object and thus intercept/mock all API calls.

[sagikazarmark]

I guess this is fine for now, but I'd much rather use the proxy pattern we used for other AWS API calls.

[sagikazarmark]

LGTM