Skip to content

Commit 7040319

Browse files
fiunchinhofiunchinho
committed
Default AWSMachine in admission controller
1 parent 42b4f94 commit 7040319

File tree

5 files changed

+103
-2
lines changed

5 files changed

+103
-2
lines changed

api/v1beta2/awsmachine_webhook.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -460,6 +460,12 @@ func (*awsMachineWebhook) Default(_ context.Context, obj runtime.Object) error {
460460
r.Spec.Ignition.Version = DefaultIgnitionVersion
461461
}
462462

463+
// Set defaults for InstanceMetadataOptions if not already set
464+
if r.Spec.InstanceMetadataOptions == nil {
465+
r.Spec.InstanceMetadataOptions = &InstanceMetadataOptions{}
466+
}
467+
r.Spec.InstanceMetadataOptions.SetDefaults()
468+
463469
return nil
464470
}
465471

api/v1beta2/awsmachine_webhook_test.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,12 @@ func TestMachineDefault(t *testing.T) {
3838
err := (&awsMachineWebhook{}).Default(context.Background(), machine)
3939
g.Expect(err).NotTo(HaveOccurred())
4040
g.Expect(machine.Spec.CloudInit.SecureSecretsBackend).To(Equal(SecretBackendSecretsManager))
41+
// Verify InstanceMetadataOptions defaults are set
42+
g.Expect(machine.Spec.InstanceMetadataOptions).NotTo(BeNil())
43+
g.Expect(machine.Spec.InstanceMetadataOptions.HTTPEndpoint).To(Equal(InstanceMetadataEndpointStateEnabled))
44+
g.Expect(machine.Spec.InstanceMetadataOptions.HTTPPutResponseHopLimit).To(Equal(int64(1)))
45+
g.Expect(machine.Spec.InstanceMetadataOptions.HTTPTokens).To(Equal(HTTPTokensStateOptional))
46+
g.Expect(machine.Spec.InstanceMetadataOptions.InstanceMetadataTags).To(Equal(InstanceMetadataEndpointStateDisabled))
4147
}
4248

4349
func TestAWSMachineCreate(t *testing.T) {

controllers/awsmachine_controller.go

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -195,8 +195,6 @@ func (r *AWSMachineReconciler) Reconcile(ctx context.Context, req ctrl.Request)
195195
return ctrl.Result{}, nil
196196
}
197197

198-
infrav1.SetDefaults_AWSMachineSpec(&awsMachine.Spec)
199-
200198
if isPaused, conditionChanged, err := paused.EnsurePausedCondition(ctx, r.Client, cluster, awsMachine); err != nil || isPaused || conditionChanged {
201199
return ctrl.Result{}, err
202200
}
@@ -1320,6 +1318,12 @@ func (r *AWSMachineReconciler) ensureStorageTags(ec2svc services.EC2Interface, i
13201318
}
13211319

13221320
func (r *AWSMachineReconciler) ensureInstanceMetadataOptions(ec2svc services.EC2Interface, instance *infrav1.Instance, machine *infrav1.AWSMachine) error {
1321+
// If InstanceMetadataOptions is not set in the spec, don't modify the instance
1322+
// The webhook will set defaults on new resources, but we shouldn't force defaults on existing instances
1323+
if machine.Spec.InstanceMetadataOptions == nil {
1324+
return nil
1325+
}
1326+
13231327
if cmp.Equal(machine.Spec.InstanceMetadataOptions, instance.InstanceMetadataOptions) {
13241328
return nil
13251329
}

controllers/awsmachine_controller_test.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -482,6 +482,12 @@ func getAWSMachine() *infrav1.AWSMachine {
482482
},
483483
InstanceType: "test",
484484
Subnet: &infrav1.AWSResourceReference{ID: aws.String("subnet-1")},
485+
InstanceMetadataOptions: &infrav1.InstanceMetadataOptions{
486+
HTTPEndpoint: infrav1.InstanceMetadataEndpointStateEnabled,
487+
HTTPPutResponseHopLimit: 1,
488+
HTTPTokens: infrav1.HTTPTokensStateOptional,
489+
InstanceMetadataTags: infrav1.InstanceMetadataEndpointStateDisabled,
490+
},
485491
},
486492
}
487493
}
@@ -659,6 +665,7 @@ func mockedCreateInstanceCalls(m *mocks.MockEC2APIMockRecorder) {
659665
Attribute: ec2types.NetworkInterfaceAttributeGroupSet,
660666
})).Return(&ec2.DescribeNetworkInterfaceAttributeOutput{Groups: []ec2types.GroupIdentifier{{GroupId: aws.String("3")}}}, nil).MaxTimes(1)
661667
m.ModifyNetworkInterfaceAttribute(context.TODO(), gomock.Any()).AnyTimes()
668+
m.ModifyInstanceMetadataOptions(context.TODO(), gomock.Any()).MaxTimes(1)
662669
m.DescribeSubnets(context.TODO(), gomock.Eq(&ec2.DescribeSubnetsInput{Filters: []ec2types.Filter{
663670
{
664671
Name: aws.String("state"),

controllers/awsmachine_controller_unit_test.go

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,12 @@ func TestAWSMachineReconciler(t *testing.T) {
8787
}
8888
klog.SetOutput(GinkgoWriter)
8989

90+
// Ensure InstanceMetadataOptions defaults are set (webhook sets these normally, but not in unit tests)
91+
if awsMachine.Spec.InstanceMetadataOptions == nil {
92+
awsMachine.Spec.InstanceMetadataOptions = &infrav1.InstanceMetadataOptions{}
93+
awsMachine.Spec.InstanceMetadataOptions.SetDefaults()
94+
}
95+
9096
secret := &corev1.Secret{
9197
ObjectMeta: metav1.ObjectMeta{
9298
Name: "bootstrap-data",
@@ -346,6 +352,12 @@ func TestAWSMachineReconciler(t *testing.T) {
346352
instance = &infrav1.Instance{
347353
ID: "myMachine",
348354
VolumeIDs: []string{"volume-1", "volume-2"},
355+
InstanceMetadataOptions: &infrav1.InstanceMetadataOptions{
356+
HTTPEndpoint: infrav1.InstanceMetadataEndpointStateEnabled,
357+
HTTPPutResponseHopLimit: 1,
358+
HTTPTokens: infrav1.HTTPTokensStateOptional,
359+
InstanceMetadataTags: infrav1.InstanceMetadataEndpointStateDisabled,
360+
},
349361
}
350362
instance.State = infrav1.InstanceStatePending
351363

@@ -752,6 +764,12 @@ func TestAWSMachineReconciler(t *testing.T) {
752764
ID: "myMachine",
753765
VolumeIDs: []string{"volume-1", "volume-2"},
754766
AvailabilityZone: "us-east-1",
767+
InstanceMetadataOptions: &infrav1.InstanceMetadataOptions{
768+
HTTPEndpoint: infrav1.InstanceMetadataEndpointStateEnabled,
769+
HTTPPutResponseHopLimit: 1,
770+
HTTPTokens: infrav1.HTTPTokensStateOptional,
771+
InstanceMetadataTags: infrav1.InstanceMetadataEndpointStateDisabled,
772+
},
755773
}
756774
instance.State = infrav1.InstanceStatePending
757775
}
@@ -1008,6 +1026,12 @@ func TestAWSMachineReconciler(t *testing.T) {
10081026
instance = &infrav1.Instance{
10091027
ID: "myMachine",
10101028
State: infrav1.InstanceStatePending,
1029+
InstanceMetadataOptions: &infrav1.InstanceMetadataOptions{
1030+
HTTPEndpoint: infrav1.InstanceMetadataEndpointStateEnabled,
1031+
HTTPPutResponseHopLimit: 1,
1032+
HTTPTokens: infrav1.HTTPTokensStateOptional,
1033+
InstanceMetadataTags: infrav1.InstanceMetadataEndpointStateDisabled,
1034+
},
10111035
}
10121036

10131037
ec2Svc.EXPECT().GetRunningInstanceByTags(gomock.Any()).Return(nil, nil).AnyTimes()
@@ -1045,6 +1069,12 @@ func TestAWSMachineReconciler(t *testing.T) {
10451069
instance = &infrav1.Instance{
10461070
ID: "myMachine",
10471071
State: infrav1.InstanceStatePending,
1072+
InstanceMetadataOptions: &infrav1.InstanceMetadataOptions{
1073+
HTTPEndpoint: infrav1.InstanceMetadataEndpointStateEnabled,
1074+
HTTPPutResponseHopLimit: 1,
1075+
HTTPTokens: infrav1.HTTPTokensStateOptional,
1076+
InstanceMetadataTags: infrav1.InstanceMetadataEndpointStateDisabled,
1077+
},
10481078
}
10491079

10501080
ec2Svc.EXPECT().GetRunningInstanceByTags(gomock.Any()).Return(nil, nil).AnyTimes()
@@ -1069,6 +1099,12 @@ func TestAWSMachineReconciler(t *testing.T) {
10691099

10701100
instance = &infrav1.Instance{
10711101
ID: "myMachine",
1102+
InstanceMetadataOptions: &infrav1.InstanceMetadataOptions{
1103+
HTTPEndpoint: infrav1.InstanceMetadataEndpointStateEnabled,
1104+
HTTPPutResponseHopLimit: 1,
1105+
HTTPTokens: infrav1.HTTPTokensStateOptional,
1106+
InstanceMetadataTags: infrav1.InstanceMetadataEndpointStateDisabled,
1107+
},
10721108
}
10731109

10741110
ms.Machine.Status.NodeRef = &corev1.ObjectReference{
@@ -1205,6 +1241,12 @@ func TestAWSMachineReconciler(t *testing.T) {
12051241

12061242
instance = &infrav1.Instance{
12071243
ID: "myMachine",
1244+
InstanceMetadataOptions: &infrav1.InstanceMetadataOptions{
1245+
HTTPEndpoint: infrav1.InstanceMetadataEndpointStateEnabled,
1246+
HTTPPutResponseHopLimit: 1,
1247+
HTTPTokens: infrav1.HTTPTokensStateOptional,
1248+
InstanceMetadataTags: infrav1.InstanceMetadataEndpointStateDisabled,
1249+
},
12081250
}
12091251

12101252
ms.AWSMachine.Spec.CloudInit = infrav1.CloudInit{
@@ -1302,6 +1344,12 @@ func TestAWSMachineReconciler(t *testing.T) {
13021344

13031345
instance = &infrav1.Instance{
13041346
ID: "myMachine",
1347+
InstanceMetadataOptions: &infrav1.InstanceMetadataOptions{
1348+
HTTPEndpoint: infrav1.InstanceMetadataEndpointStateEnabled,
1349+
HTTPPutResponseHopLimit: 1,
1350+
HTTPTokens: infrav1.HTTPTokensStateOptional,
1351+
InstanceMetadataTags: infrav1.InstanceMetadataEndpointStateDisabled,
1352+
},
13051353
}
13061354
instance.State = infrav1.InstanceStatePending
13071355
secretSvc.EXPECT().Create(gomock.Any(), gomock.Any()).Return(secretPrefix, int32(1), nil).Times(1)
@@ -1354,6 +1402,12 @@ func TestAWSMachineReconciler(t *testing.T) {
13541402
instance = &infrav1.Instance{
13551403
ID: "myMachine",
13561404
State: infrav1.InstanceStatePending,
1405+
InstanceMetadataOptions: &infrav1.InstanceMetadataOptions{
1406+
HTTPEndpoint: infrav1.InstanceMetadataEndpointStateEnabled,
1407+
HTTPPutResponseHopLimit: 1,
1408+
HTTPTokens: infrav1.HTTPTokensStateOptional,
1409+
InstanceMetadataTags: infrav1.InstanceMetadataEndpointStateDisabled,
1410+
},
13571411
}
13581412
fakeS3URL := "s3://foo"
13591413

@@ -1387,6 +1441,12 @@ func TestAWSMachineReconciler(t *testing.T) {
13871441
instance = &infrav1.Instance{
13881442
ID: "myMachine",
13891443
State: infrav1.InstanceStatePending,
1444+
InstanceMetadataOptions: &infrav1.InstanceMetadataOptions{
1445+
HTTPEndpoint: infrav1.InstanceMetadataEndpointStateEnabled,
1446+
HTTPPutResponseHopLimit: 1,
1447+
HTTPTokens: infrav1.HTTPTokensStateOptional,
1448+
InstanceMetadataTags: infrav1.InstanceMetadataEndpointStateDisabled,
1449+
},
13901450
}
13911451

13921452
//nolint:gosec
@@ -1414,6 +1474,12 @@ func TestAWSMachineReconciler(t *testing.T) {
14141474

14151475
instance = &infrav1.Instance{
14161476
ID: "myMachine",
1477+
InstanceMetadataOptions: &infrav1.InstanceMetadataOptions{
1478+
HTTPEndpoint: infrav1.InstanceMetadataEndpointStateEnabled,
1479+
HTTPPutResponseHopLimit: 1,
1480+
HTTPTokens: infrav1.HTTPTokensStateOptional,
1481+
InstanceMetadataTags: infrav1.InstanceMetadataEndpointStateDisabled,
1482+
},
14171483
}
14181484

14191485
ms.Machine.Status.NodeRef = &corev1.ObjectReference{
@@ -1497,6 +1563,12 @@ func TestAWSMachineReconciler(t *testing.T) {
14971563

14981564
instance = &infrav1.Instance{
14991565
ID: "myMachine",
1566+
InstanceMetadataOptions: &infrav1.InstanceMetadataOptions{
1567+
HTTPEndpoint: infrav1.InstanceMetadataEndpointStateEnabled,
1568+
HTTPPutResponseHopLimit: 1,
1569+
HTTPTokens: infrav1.HTTPTokensStateOptional,
1570+
InstanceMetadataTags: infrav1.InstanceMetadataEndpointStateDisabled,
1571+
},
15001572
}
15011573
ec2Svc.EXPECT().GetRunningInstanceByTags(gomock.Any()).Return(instance, nil).AnyTimes()
15021574
}
@@ -1606,6 +1678,12 @@ func TestAWSMachineReconciler(t *testing.T) {
16061678
instance = &infrav1.Instance{
16071679
ID: "myMachine",
16081680
State: infrav1.InstanceStatePending,
1681+
InstanceMetadataOptions: &infrav1.InstanceMetadataOptions{
1682+
HTTPEndpoint: infrav1.InstanceMetadataEndpointStateEnabled,
1683+
HTTPPutResponseHopLimit: 1,
1684+
HTTPTokens: infrav1.HTTPTokensStateOptional,
1685+
InstanceMetadataTags: infrav1.InstanceMetadataEndpointStateDisabled,
1686+
},
16091687
}
16101688
fakeS3URL := "s3://foo"
16111689

0 commit comments

Comments
 (0)