Commit b7400b1d authored by Tiger's avatar Tiger Committed by Enrique Alcantara

Allow AWS role auth to update an existing role

Now that AWS credentials are passed to the frontend
for the EKS form, we need to be able to re-authorize
an existing role to generate a new set of credentials
(in the event that the previous set expired).

This will be a no-op most of the time (as the user
simply needs credentials for their role without changing
it), but the role will be updated if requested.
parent 9594f544
......@@ -147,7 +147,7 @@ class Clusters::ClustersController < Clusters::BaseController
def authorize_aws_role
response = Clusters::Aws::AuthorizeRoleService.new(
current_user,
params: create_role_params
params: aws_role_params
).execute
render json: response.body, status: response.status
......@@ -262,7 +262,7 @@ class Clusters::ClustersController < Clusters::BaseController
)
end
def create_role_params
def aws_role_params
params.require(:cluster).permit(:role_arn, :role_external_id)
end
......
......@@ -20,7 +20,7 @@ module Clusters
end
def execute
@role = create_role!
@role = create_or_update_role!
Response.new(:ok, credentials)
rescue *ERRORS
......@@ -31,8 +31,14 @@ module Clusters
attr_reader :role, :params
def create_role!
user.create_aws_role!(params)
def create_or_update_role!
if role = user.aws_role
role.update!(params)
role
else
user.create_aws_role!(params)
end
end
def credentials
......
......@@ -25,12 +25,26 @@ describe Clusters::Aws::AuthorizeRoleService do
.with(instance_of(Aws::Role)).and_return(credentials_service)
end
it 'creates an Aws::Role record and returns a set of credentials' do
expect(user).to receive(:create_aws_role!)
.with(params).and_call_original
context 'role does not exist' do
it 'creates an Aws::Role record and returns a set of credentials' do
expect(user).to receive(:create_aws_role!)
.with(params).and_call_original
expect(subject.status).to eq(:ok)
expect(subject.body).to eq(credentials)
expect(subject.status).to eq(:ok)
expect(subject.body).to eq(credentials)
end
end
context 'role already exists' do
let(:role) { create(:aws_role, user: user) }
it 'updates the existing Aws::Role record and returns a set of credentials' do
expect(role).to receive(:update!)
.with(params).and_call_original
expect(subject.status).to eq(:ok)
expect(subject.body).to eq(credentials)
end
end
context 'errors' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment