diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go b/cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go index 52ab2b5112..6b7fabbe65 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go +++ b/cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go @@ -151,6 +151,7 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument { "ec2:RevokeSecurityGroupIngress", "ec2:RunInstances", "ec2:TerminateInstances", + "ec2:GetSecurityGroupsForVpc", "tag:GetResources", "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateLoadBalancer", @@ -174,6 +175,7 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument { "elasticloadbalancing:CreateListener", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:DeleteListener", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeInstanceRefreshes", diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml index 6b4f907f72..9d1b3549a3 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml @@ -211,6 +211,7 @@ Resources: - ec2:RevokeSecurityGroupIngress - ec2:RunInstances - ec2:TerminateInstances + - ec2:GetSecurityGroupsForVpc - tag:GetResources - elasticloadbalancing:AddTags - elasticloadbalancing:CreateLoadBalancer @@ -234,6 +235,7 @@ Resources: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeTargetHealth - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DeregisterTargets - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml index a3c9102ab2..42b0764b62 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml @@ -211,6 +211,7 @@ Resources: - ec2:RevokeSecurityGroupIngress - ec2:RunInstances - ec2:TerminateInstances + - ec2:GetSecurityGroupsForVpc - tag:GetResources - elasticloadbalancing:AddTags - elasticloadbalancing:CreateLoadBalancer @@ -234,6 +235,7 @@ Resources: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeTargetHealth - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DeregisterTargets - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml index 3b0ced5ac5..980fb5389e 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml @@ -217,6 +217,7 @@ Resources: - ec2:RevokeSecurityGroupIngress - ec2:RunInstances - ec2:TerminateInstances + - ec2:GetSecurityGroupsForVpc - tag:GetResources - elasticloadbalancing:AddTags - elasticloadbalancing:CreateLoadBalancer @@ -240,6 +241,7 @@ Resources: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeTargetHealth - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DeregisterTargets - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml index 5cebf6e7ab..155c66210a 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml @@ -211,6 +211,7 @@ Resources: - ec2:RevokeSecurityGroupIngress - ec2:RunInstances - ec2:TerminateInstances + - ec2:GetSecurityGroupsForVpc - tag:GetResources - elasticloadbalancing:AddTags - elasticloadbalancing:CreateLoadBalancer @@ -234,6 +235,7 @@ Resources: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeTargetHealth - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DeregisterTargets - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml index c71cb9d6ad..d8fde6d6b5 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml @@ -217,6 +217,7 @@ Resources: - ec2:RevokeSecurityGroupIngress - ec2:RunInstances - ec2:TerminateInstances + - ec2:GetSecurityGroupsForVpc - tag:GetResources - elasticloadbalancing:AddTags - elasticloadbalancing:CreateLoadBalancer @@ -240,6 +241,7 @@ Resources: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeTargetHealth - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DeregisterTargets - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml index aa3db2c042..f42a9b0588 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml @@ -217,6 +217,7 @@ Resources: - ec2:RevokeSecurityGroupIngress - ec2:RunInstances - ec2:TerminateInstances + - ec2:GetSecurityGroupsForVpc - tag:GetResources - elasticloadbalancing:AddTags - elasticloadbalancing:CreateLoadBalancer @@ -240,6 +241,7 @@ Resources: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeTargetHealth - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DeregisterTargets - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml index 9aea893cc7..4635dcb7da 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml @@ -211,6 +211,7 @@ Resources: - ec2:RevokeSecurityGroupIngress - ec2:RunInstances - ec2:TerminateInstances + - ec2:GetSecurityGroupsForVpc - tag:GetResources - elasticloadbalancing:AddTags - elasticloadbalancing:CreateLoadBalancer @@ -234,6 +235,7 @@ Resources: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeTargetHealth - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DeregisterTargets - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml index dea39d02d9..9bbfc7db2d 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml @@ -211,6 +211,7 @@ Resources: - ec2:RevokeSecurityGroupIngress - ec2:RunInstances - ec2:TerminateInstances + - ec2:GetSecurityGroupsForVpc - tag:GetResources - elasticloadbalancing:AddTags - elasticloadbalancing:CreateLoadBalancer @@ -234,6 +235,7 @@ Resources: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeTargetHealth - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DeregisterTargets - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_default_roles.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_default_roles.yaml index 789f347fcc..6ea929e3d8 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_default_roles.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_default_roles.yaml @@ -211,6 +211,7 @@ Resources: - ec2:RevokeSecurityGroupIngress - ec2:RunInstances - ec2:TerminateInstances + - ec2:GetSecurityGroupsForVpc - tag:GetResources - elasticloadbalancing:AddTags - elasticloadbalancing:CreateLoadBalancer @@ -234,6 +235,7 @@ Resources: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeTargetHealth - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DeregisterTargets - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_disable.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_disable.yaml index c092783d60..b0416eba8c 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_disable.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_disable.yaml @@ -211,6 +211,7 @@ Resources: - ec2:RevokeSecurityGroupIngress - ec2:RunInstances - ec2:TerminateInstances + - ec2:GetSecurityGroupsForVpc - tag:GetResources - elasticloadbalancing:AddTags - elasticloadbalancing:CreateLoadBalancer @@ -234,6 +235,7 @@ Resources: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeTargetHealth - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DeregisterTargets - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_kms_prefix.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_kms_prefix.yaml index f34f670fbf..70e27777fa 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_kms_prefix.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_kms_prefix.yaml @@ -211,6 +211,7 @@ Resources: - ec2:RevokeSecurityGroupIngress - ec2:RunInstances - ec2:TerminateInstances + - ec2:GetSecurityGroupsForVpc - tag:GetResources - elasticloadbalancing:AddTags - elasticloadbalancing:CreateLoadBalancer @@ -234,6 +235,7 @@ Resources: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeTargetHealth - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DeregisterTargets - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_extra_statements.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_extra_statements.yaml index ad61a26906..15334f4107 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_extra_statements.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_extra_statements.yaml @@ -217,6 +217,7 @@ Resources: - ec2:RevokeSecurityGroupIngress - ec2:RunInstances - ec2:TerminateInstances + - ec2:GetSecurityGroupsForVpc - tag:GetResources - elasticloadbalancing:AddTags - elasticloadbalancing:CreateLoadBalancer @@ -240,6 +241,7 @@ Resources: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeTargetHealth - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DeregisterTargets - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml index 9e84b2f223..384599882b 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml @@ -211,6 +211,7 @@ Resources: - ec2:RevokeSecurityGroupIngress - ec2:RunInstances - ec2:TerminateInstances + - ec2:GetSecurityGroupsForVpc - tag:GetResources - elasticloadbalancing:AddTags - elasticloadbalancing:CreateLoadBalancer @@ -234,6 +235,7 @@ Resources: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeTargetHealth - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DeregisterTargets - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_ssm_secret_backend.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_ssm_secret_backend.yaml index a11d38e58f..a82726d157 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_ssm_secret_backend.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_ssm_secret_backend.yaml @@ -211,6 +211,7 @@ Resources: - ec2:RevokeSecurityGroupIngress - ec2:RunInstances - ec2:TerminateInstances + - ec2:GetSecurityGroupsForVpc - tag:GetResources - elasticloadbalancing:AddTags - elasticloadbalancing:CreateLoadBalancer @@ -234,6 +235,7 @@ Resources: - elasticloadbalancing:CreateListener - elasticloadbalancing:DescribeTargetHealth - elasticloadbalancing:RegisterTargets + - elasticloadbalancing:DeregisterTargets - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes diff --git a/test/e2e/suites/unmanaged/helpers_test.go b/test/e2e/suites/unmanaged/helpers_test.go index fb0c97aeaf..3283202e33 100644 --- a/test/e2e/suites/unmanaged/helpers_test.go +++ b/test/e2e/suites/unmanaged/helpers_test.go @@ -414,16 +414,31 @@ type conditionAssertion struct { reason string } -func expectAWSClusterConditions(m *infrav1.AWSCluster, expected []conditionAssertion) { - Expect(len(m.Status.Conditions)).To(BeNumerically(">=", len(expected)), "number of conditions") +func hasAWSClusterConditions(m *infrav1.AWSCluster, expected []conditionAssertion) bool { + if len(m.Status.Conditions) < len(expected) { + return false + } for _, c := range expected { actual := conditions.Get(m, c.conditionType) - Expect(actual).To(Not(BeNil())) - Expect(actual.Type).To(Equal(c.conditionType)) - Expect(actual.Status).To(Equal(c.status)) - Expect(actual.Severity).To(Equal(c.severity)) - Expect(actual.Reason).To(Equal(c.reason)) + if actual == nil { + return false + } + + if actual.Type != c.conditionType { + return false + } + if actual.Status != c.status { + return false + } + if actual.Severity != c.severity { + return false + } + if actual.Reason != c.reason { + return false + } } + + return true } func createEFS() *efs.FileSystemDescription { diff --git a/test/e2e/suites/unmanaged/unmanaged_functional_clusterclass_test.go b/test/e2e/suites/unmanaged/unmanaged_functional_clusterclass_test.go index d7426a5ce4..836861b37c 100644 --- a/test/e2e/suites/unmanaged/unmanaged_functional_clusterclass_test.go +++ b/test/e2e/suites/unmanaged/unmanaged_functional_clusterclass_test.go @@ -23,6 +23,7 @@ import ( "context" "fmt" "path/filepath" + "time" "github.com/gofrs/flock" "github.com/onsi/ginkgo/v2" @@ -81,11 +82,24 @@ var _ = ginkgo.Context("[unmanaged] [functional] [ClusterClass]", func() { WaitForControlPlaneIntervals: e2eCtx.E2EConfig.GetIntervals(specName, "wait-control-plane"), }, result) - ginkgo.By("Checking if bastion host is running") - awsCluster, err := GetAWSClusterByName(ctx, e2eCtx.Environment.BootstrapClusterProxy, namespace.Name, clusterName) - Expect(err).To(BeNil()) - Expect(awsCluster.Status.Bastion.State).To(Equal(infrav1.InstanceStateRunning)) - expectAWSClusterConditions(awsCluster, []conditionAssertion{{infrav1.BastionHostReadyCondition, corev1.ConditionTrue, "", ""}}) + Eventually(func(gomega Gomega) (bool, error) { + ginkgo.By("Checking if the bastion is ready") + awsCluster, err := GetAWSClusterByName(ctx, e2eCtx.Environment.BootstrapClusterProxy, namespace.Name, clusterName) + if err != nil { + return false, err + } + if awsCluster.Status.Bastion.State != infrav1.InstanceStateRunning { + shared.Byf("Bastion is not running, state is %s", awsCluster.Status.Bastion.State) + return false, nil + } + + if !hasAWSClusterConditions(awsCluster, []conditionAssertion{{infrav1.BastionHostReadyCondition, corev1.ConditionTrue, "", ""}}) { + ginkgo.By("AWSCluster missing bastion host ready condition") + return false, nil + } + + return true, nil + }, 15*time.Minute, 30*time.Second).Should(BeTrue(), "Should've eventually succeeded creating bastion host") ginkgo.By("PASSED!") }) diff --git a/test/e2e/suites/unmanaged/unmanaged_functional_test.go b/test/e2e/suites/unmanaged/unmanaged_functional_test.go index e7d68f7bca..a445700208 100644 --- a/test/e2e/suites/unmanaged/unmanaged_functional_test.go +++ b/test/e2e/suites/unmanaged/unmanaged_functional_test.go @@ -204,10 +204,24 @@ var _ = ginkgo.Context("[unmanaged] [functional]", func() { }, result) // Check if bastion host is up and running - awsCluster, err := GetAWSClusterByName(ctx, e2eCtx.Environment.BootstrapClusterProxy, namespace.Name, clusterName) - Expect(err).To(BeNil()) - Expect(awsCluster.Status.Bastion.State).To(Equal(infrav1.InstanceStateRunning)) - expectAWSClusterConditions(awsCluster, []conditionAssertion{{infrav1.BastionHostReadyCondition, corev1.ConditionTrue, "", ""}}) + Eventually(func(gomega Gomega) (bool, error) { + ginkgo.By("Checking if the bastion is ready") + awsCluster, err := GetAWSClusterByName(ctx, e2eCtx.Environment.BootstrapClusterProxy, namespace.Name, clusterName) + if err != nil { + return false, err + } + if awsCluster.Status.Bastion.State != infrav1.InstanceStateRunning { + shared.Byf("Bastion is not running, state is %s", awsCluster.Status.Bastion.State) + return false, nil + } + + if !hasAWSClusterConditions(awsCluster, []conditionAssertion{{infrav1.BastionHostReadyCondition, corev1.ConditionTrue, "", ""}}) { + ginkgo.By("AWSCluster missing bastion host ready condition") + return false, nil + } + + return true, nil + }, 15*time.Minute, 30*time.Second).Should(BeTrue(), "Should've eventually succeeded creating bastion host") mdName := clusterName + "-md01" machineTempalte := makeAWSMachineTemplate(namespace.Name, mdName, e2eCtx.E2EConfig.GetVariable(shared.AwsNodeMachineType), nil)