Allow AWS role auth to update an existing role

Now that AWS credentials are passed to the frontend for the EKS form, we need to be able to re-authorize an existing role to generate a new set of credentials (in the event that the previous set expired). This will be a no-op most of the time (as the user simply needs credentials for their role without changing it), but the role will be updated if requested.

Allow AWS role auth to update an existing role
Now that AWS credentials are passed to the frontend for the EKS form, we need to be able to re-authorize an existing role to generate a new set of credentials (in the event that the previous set expired). This will be a no-op most of the time (as the user simply needs credentials for their role without changing it), but the role will be updated if requested.
b7400b1d · Tiger · Enrique Alcantara · 9594f544 · b7400b1d · b7400b1d
Commit b7400b1d authored Nov 19, 2019 by Tiger Committed by Enrique Alcantara Dec 11, 2019
3 changed files
--- a/app/controllers/clusters/clusters_controller.rb
+++ b/app/controllers/clusters/clusters_controller.rb
@@ -147,7 +147,7 @@ class Clusters::ClustersController < Clusters::BaseController
  def authorize_aws_role
    response = Clusters::Aws::AuthorizeRoleService.new(
      current_user,
-      params: create_role_params
+      params: aws_role_params
    ).execute
    render json: response.body, status: response.status
@@ -262,7 +262,7 @@ class Clusters::ClustersController < Clusters::BaseController
      )
  end
-  def create_role_params
+  def aws_role_params
    params.require(:cluster).permit(:role_arn, :role_external_id)
  end

--- a/app/services/clusters/aws/authorize_role_service.rb
+++ b/app/services/clusters/aws/authorize_role_service.rb
@@ -20,7 +20,7 @@ module Clusters
      end
      def execute
-        @role = create_role!
+        @role = create_or_update_role!
        Response.new(:ok, credentials)
      rescue *ERRORS
@@ -31,8 +31,14 @@ module Clusters
      attr_reader :role, :params
-      def create_role!
+      def create_or_update_role!
-        user.create_aws_role!(params)
+        if role = user.aws_role
+          role.update!(params)
+          role
+        else
+          user.create_aws_role!(params)
+        end
      end
      def credentials

--- a/spec/services/clusters/aws/authorize_role_service_spec.rb
+++ b/spec/services/clusters/aws/authorize_role_service_spec.rb
@@ -25,12 +25,26 @@ describe Clusters::Aws::AuthorizeRoleService do
      .with(instance_of(Aws::Role)).and_return(credentials_service)
  end
-  it 'creates an Aws::Role record and returns a set of credentials' do
+  context 'role does not exist' do
-    expect(user).to receive(:create_aws_role!)
+    it 'creates an Aws::Role record and returns a set of credentials' do
-      .with(params).and_call_original
+      expect(user).to receive(:create_aws_role!)
+        .with(params).and_call_original
-    expect(subject.status).to eq(:ok)
+      expect(subject.status).to eq(:ok)
-    expect(subject.body).to eq(credentials)
+      expect(subject.body).to eq(credentials)
+    end
+  end
+  context 'role already exists' do
+    let(:role) { create(:aws_role, user: user) }
+    it 'updates the existing Aws::Role record and returns a set of credentials' do
+      expect(role).to receive(:update!)
+        .with(params).and_call_original
+      expect(subject.status).to eq(:ok)
+      expect(subject.body).to eq(credentials)
+    end
  end
  context 'errors' do