lint fix

updated access entry descriptions taken from latest AWS CDK

Author: joshfrench

controlplane/eks/api/v1beta2/awsmanagedcontrolplane_webhook_test.go

@@ -1206,4 +1206,3 @@ func TestWebhookValidateAccessEntries(t *testing.T) {
 		})
 	}
 }
-

controlplane/eks/api/v1beta2/types.go

@@ -100,38 +100,46 @@ var (
 	EKSAuthenticationModeAPIAndConfigMap = EKSAuthenticationMode("api_and_config_map")
 )
 
-// AccessEntryType defines the type of an access entry
+// AccessEntryType represents the different types of access entries that can be used in an Amazon EKS cluster
 type AccessEntryType string
 
+// APIValue returns the corresponding EKS API value for the access entry type
 func (a AccessEntryType) APIValue() *string {
 	v := strings.ToUpper(string(a))
 	return &v
 }
 
 var (
-	AccessEntryTypeStandard      = AccessEntryType("standard")
-	AccessEntryTypeEC2Linux      = AccessEntryType("ec2_linux")
-	AccessEntryTypeEC2Windows    = AccessEntryType("ec2_windows")
-	AccessEntryTypeFargateLinux  = AccessEntryType("fargate_linux")
-	AccessEntryTypeEC2           = AccessEntryType("ec2")
-	AccessEntryTypeHybridLinux   = AccessEntryType("hybrid_linux")
+	// AccessEntryTypeStandard represents a standard access entry
+	AccessEntryTypeStandard = AccessEntryType("standard")
+	// AccessEntryTypeEC2Linux represents an EC2 Linux access entry
+	AccessEntryTypeEC2Linux = AccessEntryType("ec2_linux")
+	// AccessEntryTypeEC2Windows represents an EC2 Windows access entry
+	AccessEntryTypeEC2Windows = AccessEntryType("ec2_windows")
+	// AccessEntryTypeFargateLinux represents a Fargate Linux access entry
+	AccessEntryTypeFargateLinux = AccessEntryType("fargate_linux")
+	// AccessEntryTypeEC2 represents a generic EC2 access entry
+	AccessEntryTypeEC2 = AccessEntryType("ec2")
+	// AccessEntryTypeHybridLinux represents a hybrid node access entry
+	AccessEntryTypeHybridLinux = AccessEntryType("hybrid_linux")
+	// AccessEntryTypeHyperpodLinux represents a SageMaker HyperPod access entry
 	AccessEntryTypeHyperpodLinux = AccessEntryType("hyperpod_linux")
 )
 
 // AccessScopeType defines the scope type for an access policy
 type AccessScopeType string
 
 var (
+	// AccessScopeTypeCluster indicates that the access policy applies to the entire cluster
 	AccessScopeTypeCluster = AccessScopeType("cluster")
+	// AccessScopeTypeNamespace indicates that the access policy applies to a specific namespace within the cluster
 	AccessScopeTypeNamespace = AccessScopeType("namespace")
 )
 
-var (
-	// DefaultEKSControlPlaneRole is the name of the default IAM role to use for the EKS control plane
-	// if no other role is supplied in the spec and if iam role creation is not enabled. The default
-	// can be created using clusterawsadm or created manually.
-	DefaultEKSControlPlaneRole = fmt.Sprintf("eks-controlplane%s", iamv1.DefaultNameSuffix)
-)
+// DefaultEKSControlPlaneRole is the name of the default IAM role to use for the EKS control plane
+// if no other role is supplied in the spec and if iam role creation is not enabled. The default
+// can be created using clusterawsadm or created manually.
+var DefaultEKSControlPlaneRole = fmt.Sprintf("eks-controlplane%s", iamv1.DefaultNameSuffix)
 
 // IAMAuthenticatorConfig represents an aws-iam-authenticator configuration.
 type IAMAuthenticatorConfig struct {

pkg/cloud/services/eks/accessentry.go

@@ -277,4 +277,3 @@ func (s *Service) getExistingAccessPolicies(ctx context.Context, principalARN st
 
 	return existingPolicies, nil
 }
-

pkg/cloud/services/eks/accessentry_test.go

@@ -796,4 +796,3 @@ func TestDeleteAccessEntry(t *testing.T) {
 		})
 	}
 }
-

test/e2e/suites/managed/eks_access_entries_test.go

@@ -23,11 +23,9 @@ import (
 	"context"
 	"fmt"
 
-	ekstypes "github.com/aws/aws-sdk-go-v2/service/eks/types"
 	"github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	corev1 "k8s.io/api/core/v1"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	ekscontrolplanev1 "sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2"
 	"sigs.k8s.io/cluster-api-provider-aws/v2/test/e2e/shared"
@@ -75,17 +73,17 @@ var _ = ginkgo.Describe("[managed] [auth] EKS authentication mode tests", func()
 
 		ginkgo.By("should create a cluster with access entries")
 		ManagedClusterSpec(ctx, func() ManagedClusterSpecInput {
-						return ManagedClusterSpecInput{
-										E2EConfig:                e2eCtx.E2EConfig,
-										ConfigClusterFn:          defaultConfigCluster,
-										BootstrapClusterProxy:    e2eCtx.Environment.BootstrapClusterProxy,
-										AWSSession:               e2eCtx.BootstrapUserAWSSession,
-										Namespace:                namespace,
-										ClusterName:              clusterName,
-										Flavour:                  EKSControlPlaneOnlyWithAccessEntriesFlavor,
-										ControlPlaneMachineCount: 1, // NOTE: this cannot be zero as clusterctl returns an error
-										WorkerMachineCount:       0,
-						}
+			return ManagedClusterSpecInput{
+				E2EConfig:                e2eCtx.E2EConfig,
+				ConfigClusterFn:          defaultConfigCluster,
+				BootstrapClusterProxy:    e2eCtx.Environment.BootstrapClusterProxy,
+				AWSSession:               e2eCtx.BootstrapUserAWSSession,
+				Namespace:                namespace,
+				ClusterName:              clusterName,
+				Flavour:                  EKSControlPlaneOnlyWithAccessEntriesFlavor,
+				ControlPlaneMachineCount: 1, // NOTE: this cannot be zero as clusterctl returns an error
+				WorkerMachineCount:       0,
+			}
 		})
 
 		ginkgo.By("should have created the expected access entries")
@@ -122,7 +120,6 @@ var _ = ginkgo.Describe("[managed] [auth] EKS authentication mode tests", func()
 		}
 		verifyAccessEntries(ctx, eksClusterName, expectedEntries, e2eCtx.BootstrapUserAWSSession)
 
-
 		ginkgo.By("EKS cluster should be active")
 		verifyClusterActiveAndOwned(ctx, eksClusterName, e2eCtx.BootstrapUserAWSSession)
 

test/e2e/suites/managed/helpers.go

@@ -108,7 +108,6 @@ func getEKSCluster(ctx context.Context, eksClusterName string, sess *aws.Config)
 		Name: aws.String(eksClusterName),
 	}
 	result, err := eksClient.DescribeCluster(ctx, input)
-
 	if err != nil {
 		return nil, err
 	}
@@ -281,8 +280,8 @@ func verifyAccessEntries(ctx context.Context, eksClusterName string, expectedEnt
 		})
 		Expect(err).ToNot(HaveOccurred(), fmt.Sprintf("failed to describe access entry: %s", principalARN))
 
-		Expect(describeOutput.AccessEntry.Type).To(Equal(expectedEntry.Type), "access entry type does not match")
-		Expect(describeOutput.AccessEntry.Username).To(Equal(expectedEntry.Username), "access entry username does not match")
+		Expect(describeOutput.AccessEntry.Type).To(HaveValue(BeEquivalentTo(expectedEntry.Type)), "access entry type does not match")
+		Expect(describeOutput.AccessEntry.Username).To(HaveValue(BeEquivalentTo(expectedEntry.Username)), "access entry username does not match")
 
 		if len(expectedEntry.KubernetesGroups) > 0 {
 			slices.Sort(expectedEntry.KubernetesGroups)
@@ -306,7 +305,7 @@ func verifyAccessEntries(ctx context.Context, eksClusterName string, expectedEnt
 				expectedPolicy, exists := expectedPolicies[*policy.PolicyArn]
 				Expect(exists).To(BeTrue(), fmt.Sprintf("unexpected access policy: %s", *policy.PolicyArn))
 
-				Expect(policy.AccessScope.Type).To(Equal(expectedPolicy.AccessScope.Type), "access policy scope type does not match")
+				Expect(policy.AccessScope.Type).To(BeEquivalentTo(expectedPolicy.AccessScope.Type), "access policy scope type does not match")
 
 				if expectedPolicy.AccessScope.Type == "namespace" {
 					slices.Sort(expectedPolicy.AccessScope.Namespaces)