Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-iam-authenticator: Upgrade to v0.6.8 #2956

Merged
merged 1 commit into from
Mar 30, 2023
Merged

aws-iam-authenticator: Upgrade to v0.6.8 #2956

merged 1 commit into from
Mar 30, 2023

Conversation

jpmcb
Copy link
Contributor

@jpmcb jpmcb commented Mar 29, 2023
edited
Loading

Issue number:

N/a

Description of changes:

Fixes building on the tip of `develop` when using GOPROXY="direct".
v0.6.2 of aws-iam-authenticator has a Go code dependency on kubernetes
1.22. There are privated GitHub repositories that can not be pulled down
through the "direct" method.

Signed-off-by: John McBride <[email protected]>

Example of the broken build using GOPROXY="direct":

❯ GOPROXY=direct cargo make -e PACKAGE=aws-iam-authenticator -e BUILDSYS_VARIANT=aws-k8s-1.22 build-package
...

   Compiling aws-iam-authenticator v0.1.0 (/home/ubuntu/workspace/bottlerocket-os/bottlerocket/packages/aws-iam-authenticator)
error: failed to run custom build command for `aws-iam-authenticator v0.1.0 (/home/ubuntu/workspace/bottlerocket-os/bottlerocket/packages/aws-iam-authenticator)`
 
Caused by:
  process didn't exit successfully: `/home/ubuntu/workspace/bottlerocket-os/bottlerocket/variants/target/x86_64/debug/build/aws-iam-authenticator-d52bf5b23e1e1e35/build-script-build` (exit status: 1)
  --- stdout
  cargo:rerun-if-changed=Cargo.toml
  cargo:rerun-if-changed=bundled-aws-iam-authenticator-0.6.2.tar.gz
  program: /home/ubuntu/workspace/bottlerocket-os/bottlerocket/tools/docker-go
  direct
 
 
  sum.golang.org
  /usr/src/module/aws-iam-authenticator-0.6.2 /usr/src/module
  go: k8s.io/[email protected] requires
        github.com/storageos/[email protected]+incompatible: reading github.com/storageos/go-api/go.mod at revision v2.2.0: git ls-remote -q origin in /tmp/go/pkg/mod/cache/vcs/f4474392d641b836e8296e236f2861d83ba42188d7ff117e30acb6b06774a32d: exit status 128:
        fatal: could not read Username for 'https://github.com': terminal prompts disabled
  Confirm the import path was entered correctly.
  If this is a private repository, see https://golang.org/doc/faq#git_https for additional information.
  go: downloading k8s.io/apimachinery v0.23.0-alpha.0
  go: downloading k8s.io/client-go v0.22.0
  go: downloading k8s.io/kubernetes v1.22.0
  go: downloading github.com/aws/aws-sdk-go v1.44.107
  go: downloading k8s.io/api v0.22.0
  go: downloading github.com/onsi/ginkgo v1.14.0
  go: downloading github.com/onsi/gomega v1.10.1
  go: downloading github.com/fsnotify/fsnotify v1.4.9
  go: downloading github.com/sirupsen/logrus v1.8.1
  go: downloading k8s.io/component-base v0.22.0
  go: downloading github.com/gofrs/flock v0.7.0
  go: downloading github.com/prometheus/client_golang v1.11.0
  go: downloading golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
  go: downloading sigs.k8s.io/yaml v1.2.0
  go: downloading github.com/spf13/cobra v1.1.3
  go: downloading github.com/spf13/viper v1.7.0
  go: downloading k8s.io/sample-controller v0.22.0
  go: downloading github.com/manifoldco/promptui v0.9.0
  go: k8s.io/[email protected] requires
        github.com/storageos/[email protected]+incompatible: reading github.com/storageos/go-api/go.mod at revision v2.2.0: git ls-remote -q origin in /tmp/go/pkg/mod/cache/vcs/f4474392d641b836e8296e236f2861d83ba42188d7ff117e30acb6b06774a32d: exit status 128:
        fatal: could not read Username for 'https://github.com': terminal prompts disabled
  Confirm the import path was entered correctly.
  If this is a private repository, see https://golang.org/doc/faq#git_https for additional information.
  /usr/src/module
  tar: aws-iam-authenticator-0.6.2//vendor: Cannot stat: No such file or directory
  tar: Exiting with failure status due to previous errors
 
 
  --- stderr
  GoMod: Failed to execute docker-go script. 'args: --module-path /home/ubuntu/workspace/bottlerocket-os/bottlerocket/packages/aws-iam-authenticator --sdk-image public.ecr.aws/bottlerocket/bottlerocket-sdk-x86_64:v0.30.2 --go-mod-cache /home/ubuntu/workspace/bottlerocket-os/bottlerocket/.gomodcache --command ./docker-go-script.sh'
[cargo-make] ERROR - Error while executing command, exit code: 101
[cargo-make] WARN - Build Failed.

And a quick and dirty way to reproduce with the broken GitHub repo:

❯ mkdir test-mod
❯ cd test-mod
❯ go mod init example.com
go: creating new go.mod: module example.com
❯ GOPROXY=direct go get github.com/storageos/go-api
go: module github.com/storageos/go-api: git ls-remote -q origin in /home/ubuntu/go/pkg/mod/cache/vcs/f4474392d641b836e8296e236f2861d83ba42188d7ff117e30acb6b06774a32d: exit status 128:
        remote: Repository `storageos/go-api' is disabled.
        remote: Please ask the owner to check their account.
        fatal: unable to access 'https://github.com/storageos/go-api/': The requested URL returned error: 403

Testing done:

Coming soon. Able to build locally now.

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@jpmcb
aws-iam-authenticator: Upgrade to v0.6.8
64c93d2 
Fixes building on the tip of `develop` when using GOPROXY="direct".
v0.6.2 of aws-iam-authenticator has a Go code dependency on kubernetes
1.22. There are privated GitHub repositories that can not be pulled down
through the "direct" method.

Signed-off-by: John McBride <[email protected]>
@jpmcb
Copy link
Contributor Author

jpmcb commented Mar 29, 2023

Also related: kubernetes-sigs/aws-iam-authenticator#586

@jpmcb jpmcb mentioned this pull request Mar 30, 2023
Merged
@jpmcb
Copy link
Contributor Author

jpmcb commented Mar 30, 2023
edited
Loading

Testing

Built a kubernetes variant off this branch. Registered the AMI and used that AMI in an ASG (which currently has nodes scaled down to 0) related to one of my clusters. Using that AMI and scaling the ASG to 1, the node joins the cluster and I'm able to access the cluster via my local IAM role:

❯ k get nodes -A
NAME                                          STATUS   ROLES    AGE   VERSION
ip-xxx.us-west-2.compute.internal   Ready    <none>   81s   v1.24.10-eks-08ad9cc

I'm not sure what deeper validation we need here and I'm not seeing alot of notes on testing this package specifically. Any thoughts?

etungsten
etungsten approved these changes Mar 30, 2023
View reviewed changes
Copy link
Contributor

@etungsten etungsten left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the testing is sufficient. If I remember correctly, the package is mostly called as part of the AWS cloud provider code. If you want to be extra sure, you can try deploying the AWS EBS CSI driver and the one of the examples.

@jpmcb
Copy link
Contributor Author

jpmcb commented Mar 30, 2023

Also deployed the sample EBS CSI driver application, and looks good - merging!

❯ k get pv
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM               STORAGECLASS   REASON   AGE
pvc-a3bd5d72-310b-496a-93f2-2a34a87611cd   4Gi        RWO            Delete           Bound    default/ebs-claim   ebs-sc                  43s

@jpmcb jpmcb merged commit d20d151 into bottlerocket-os:develop Mar 30, 2023
@jpmcb jpmcb mentioned this pull request Mar 30, 2023
Merged
@jpmcb jpmcb deleted the aws-iam-auth-0.6.8 branch March 30, 2023 15:50
@etungsten etungsten mentioned this pull request Apr 6, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@etungsten etungsten etungsten approved these changes

@jpculp jpculp jpculp approved these changes

@stmcginnis stmcginnis stmcginnis approved these changes

@cbgbt cbgbt Awaiting requested review from cbgbt

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jpmcb @stmcginnis @jpculp @etungsten