Load more data in the team ID configMap

pkg/runtime/adoption_reconciler.go

@@ -128,7 +128,7 @@ func (r *adoptionReconciler) reconcile(ctx context.Context, req ctrlrt.Request)
 	if teamID != "" {
 		CARMLookupKey = string(teamID)
 		needCARMLookup = true
-		cmName = cache.ACKRoleTeamMap
+		cmName = cache.ACKTeamMap
 	} else {
 		CARMLookupKey = string(acctID)
 		cmName = cache.ACKRoleAccountMap
@@ -530,7 +530,7 @@ func (r *adoptionReconciler) getRoleARN(
 			return "", fmt.Errorf("unable to retrieve role ARN for annotation %q: %v", key, err)
 		}
 		return ackv1alpha1.AWSResourceName(roleARN), nil
-	} else if cmName == cache.ACKRoleTeamMap {
+	} else if cmName == cache.ACKTeamMap {
 		roleARN, err := r.cache.Teams.GetRoleARN(key)
 		if err != nil {
 			return "", fmt.Errorf("unable to retrieve role ARN for team ID %s: %v", key, err)

pkg/runtime/cache/account.go

@@ -44,9 +44,12 @@ const (
 	// all the AWS Account IDs associated with their AWS Role ARNs.
 	ACKRoleAccountMap CARMName = "ack-role-account-map"
 
-	// ACKRoleTeamMap is the name of the configmap map object storing
-	// all the AWS Team IDs associated with their AWS Role ARNs.
-	ACKRoleTeamMap CARMName = "ack-role-team-map"
+	// ACKTeamMap is the name of the configmap map object storing
+	// all the AWS Team IDs associated with their configs.
+	ACKTeamMap CARMName = "ack-team-map"
+
+	// ACKRoleTeamKey stores the role ARN key to the ACKTeamMap
+	ACKRoleTeamKey = "roleArn"
 )
 
 // CARMCache is responsible for caching the CARM configmap
@@ -122,27 +125,54 @@ func (c *CARMCache) Run(clientSet kubernetes.Interface, stopCh <-chan struct{})
 	go informer.Run(stopCh)
 }
 
-// GetRoleARN queries the associated Role ARN
+// GetConfigMapValue queries the associated value
 // from the cached CARM configmap. It will return an error if the
-// configmap is not found, the key is not found or the role ARN
-// is empty.
+// configmap is not found, the key is not found.
 //
 // This function is thread safe.
-func (c *CARMCache) GetRoleARN(key string) (string, error) {
+func (c *CARMCache) GetConfigMapValue(key string) (any, error) {
 	c.RLock()
 	defer c.RUnlock()
 
 	if !c.configMapCreated {
 		return "", ErrCARMConfigMapNotFound
 	}
-	roleARN, ok := c.roleARNs[key]
+	value, ok := c.roleARNs[key]
 	if !ok {
 		return "", ErrKeyNotFound
 	}
-	if roleARN == "" {
-		return "", ErrEmptyRoleARN
+	return value, nil
+}
+
+// GetRoleARN queries the role ARN
+// from the cached CARM configmap. It will return an error if the
+// configmap is not found, the key is not found or the value
+// is empty.
+//
+// This function is thread safe.
+func (c *CARMCache) GetRoleARN(key string) (string, error) {
+	value, err := c.GetConfigMapValue(key)
+	if err != nil {
+		return "", err
+	}
+	switch v := value.(type) {
+	default:
+		return "", fmt.Errorf("unexpected type in comfig map key %q: %v", key, value)
+	case string:
+		if v == "" {
+			return "", ErrEmptyRoleARN
+		}
+		return v, nil
+	case map[string]string:
+		if roleARN, ok := v[ACKRoleTeamKey]; ok {
+			if roleARN == "" {
+				return "", ErrEmptyRoleARN
+			}
+			return roleARN, nil
+		}
+		return "", fmt.Errorf("%q not set for team-id %q in configMap %q",
+			ACKRoleTeamKey, key, ACKTeamMap)
 	}
-	return roleARN, nil
 }
 
 // updateRoleData updates the CARM map. This function is thread safe.

pkg/runtime/cache/account_test.go

@@ -71,7 +71,7 @@ func TestAccountCache(t *testing.T) {
 
 	// Before creating the configmap, the accountCache should error for any
 	// GetAccountRoleARN call.
-	_, err := accountCache.GetRoleARN(testAccount1)
+	_, err := accountCache.GetConfigMapValue(testAccount1)
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrCARMConfigMapNotFound)
 
@@ -91,12 +91,12 @@ func TestAccountCache(t *testing.T) {
 	time.Sleep(time.Second)
 
 	// Test with non existing account
-	_, err = accountCache.GetRoleARN("random-account-not-exist")
+	_, err = accountCache.GetConfigMapValue("random-account-not-exist")
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrCARMConfigMapNotFound)
 
 	// Test with existing account
-	_, err = accountCache.GetRoleARN(testAccount1)
+	_, err = accountCache.GetConfigMapValue(testAccount1)
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrCARMConfigMapNotFound)
 
@@ -115,17 +115,17 @@ func TestAccountCache(t *testing.T) {
 	time.Sleep(time.Second)
 
 	// Test with non existing account
-	_, err = accountCache.GetRoleARN("random-account-not-exist")
+	_, err = accountCache.GetConfigMapValue("random-account-not-exist")
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrKeyNotFound)
 
 	// Test with existing account - but role ARN is empty
-	_, err = accountCache.GetRoleARN(testAccount3)
+	_, err = accountCache.GetConfigMapValue(testAccount3)
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrEmptyRoleARN)
 
 	// Test with existing account
-	roleARN, err := accountCache.GetRoleARN(testAccount1)
+	roleARN, err := accountCache.GetConfigMapValue(testAccount1)
 	require.Nil(t, err)
 	require.Equal(t, roleARN, testAccountARN1)
 
@@ -145,21 +145,21 @@ func TestAccountCache(t *testing.T) {
 	time.Sleep(time.Second)
 
 	// Test with non existing account
-	_, err = accountCache.GetRoleARN("random-account-not-exist")
+	_, err = accountCache.GetConfigMapValue("random-account-not-exist")
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrKeyNotFound)
 
 	// Test that account was removed
-	_, err = accountCache.GetRoleARN(testAccount3)
+	_, err = accountCache.GetConfigMapValue(testAccount3)
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrKeyNotFound)
 
 	// Test with existing account
-	roleARN, err = accountCache.GetRoleARN(testAccount1)
+	roleARN, err = accountCache.GetConfigMapValue(testAccount1)
 	require.Nil(t, err)
 	require.Equal(t, roleARN, testAccountARN1)
 
-	roleARN, err = accountCache.GetRoleARN(testAccount2)
+	roleARN, err = accountCache.GetConfigMapValue(testAccount2)
 	require.Nil(t, err)
 	require.Equal(t, roleARN, testAccountARN2)
 
@@ -173,15 +173,15 @@ func TestAccountCache(t *testing.T) {
 	time.Sleep(time.Second)
 
 	// Test that accounts ware removed
-	_, err = accountCache.GetRoleARN(testAccount1)
+	_, err = accountCache.GetConfigMapValue(testAccount1)
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrCARMConfigMapNotFound)
 
-	_, err = accountCache.GetRoleARN(testAccount2)
+	_, err = accountCache.GetConfigMapValue(testAccount2)
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrCARMConfigMapNotFound)
 
-	_, err = accountCache.GetRoleARN(testAccount3)
+	_, err = accountCache.GetConfigMapValue(testAccount3)
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrCARMConfigMapNotFound)
 }

pkg/runtime/cache/cache.go

@@ -86,7 +86,7 @@ type Caches struct {
 func New(log logr.Logger, config Config) Caches {
 	return Caches{
 		Accounts:   NewCARMCache(ACKRoleAccountMap, log),
-		Teams:      NewCARMCache(ACKRoleTeamMap, log),
+		Teams:      NewCARMCache(ACKTeamMap, log),
 		Namespaces: NewNamespaceCache(log, config.WatchScope, config.Ignored),
 	}
 }

pkg/runtime/reconciler.go

@@ -196,7 +196,7 @@ func (r *resourceReconciler) Reconcile(ctx context.Context, req ctrlrt.Request)
 	if teamID != "" {
 		CARMLookupKey = string(teamID)
 		needCARMLookup = true
-		cmName = cache.ACKRoleTeamMap
+		cmName = cache.ACKTeamMap
 	} else {
 		CARMLookupKey = string(acctID)
 		cmName = cache.ACKRoleAccountMap
@@ -1092,7 +1092,7 @@ func (r *resourceReconciler) getRoleARN(
 			return "", fmt.Errorf("unable to retrieve role ARN for account %s: %v", key, err)
 		}
 		return ackv1alpha1.AWSResourceName(roleARN), nil
-	} else if cmName == cache.ACKRoleTeamMap {
+	} else if cmName == cache.ACKTeamMap {
 		roleARN, err := r.cache.Teams.GetRoleARN(key)
 		if err != nil {
 			return "", fmt.Errorf("unable to retrieve role ARN for team ID %s: %v", key, err)