From 98b66d317198fc6fe123c164c87509a448ec1b0c Mon Sep 17 00:00:00 2001
From: Adam Malcontenti-Wilson <amalcontenti-wilson@zendesk.com>
Date: Tue, 17 Sep 2024 16:49:59 +1000
Subject: [PATCH] add accessConfig to v1beta1 type as well

---
 ...ster.x-k8s.io_awsmanagedcontrolplanes.yaml | 15 +++++++++
 .../v1beta1/awsmanagedcontrolplane_types.go   | 13 ++++++++
 controlplane/eks/api/v1beta1/types.go         | 15 +++++++++
 .../api/v1beta1/zz_generated.conversion.go    | 33 ++++++++++++++++++-
 .../eks/api/v1beta1/zz_generated.deepcopy.go  | 20 +++++++++++
 5 files changed, 95 insertions(+), 1 deletion(-)

diff --git a/config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml b/config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml
index 6d38cd1bb3..d2bedf16c0 100644
--- a/config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml
+++ b/config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml
@@ -67,6 +67,21 @@ spec:
             description: AWSManagedControlPlaneSpec defines the desired state of an
               Amazon EKS Cluster.
             properties:
+              accessConfig:
+                description: AccessConfig specifies the access configuration information
+                  for the cluster
+                properties:
+                  authenticationMode:
+                    default: CONFIG_MAP
+                    description: |-
+                      AuthenticationMode specifies the desired authentication mode for the cluster
+                      Defaults to CONFIG_MAP
+                    enum:
+                    - CONFIG_MAP
+                    - API
+                    - API_AND_CONFIG_MAP
+                    type: string
+                type: object
               additionalTags:
                 additionalProperties:
                   type: string
diff --git a/controlplane/eks/api/v1beta1/awsmanagedcontrolplane_types.go b/controlplane/eks/api/v1beta1/awsmanagedcontrolplane_types.go
index a965bef381..97398e4e03 100644
--- a/controlplane/eks/api/v1beta1/awsmanagedcontrolplane_types.go
+++ b/controlplane/eks/api/v1beta1/awsmanagedcontrolplane_types.go
@@ -165,6 +165,10 @@ type AWSManagedControlPlaneSpec struct { //nolint: maligned
 	// +optional
 	OIDCIdentityProviderConfig *OIDCIdentityProviderConfig `json:"oidcIdentityProviderConfig,omitempty"`
 
+	// AccessConfig specifies the access configuration information for the cluster
+	// +optional
+	AccessConfig *AccessConfig `json:"accessConfig,omitempty"`
+
 	// DisableVPCCNI indicates that the Amazon VPC CNI should be disabled. With EKS clusters the
 	// Amazon VPC CNI is automatically installed into the cluster. For clusters where you want
 	// to use an alternate CNI this option provides a way to specify that the Amazon VPC CNI
@@ -212,6 +216,15 @@ type EndpointAccess struct {
 	Private *bool `json:"private,omitempty"`
 }
 
+// AccessConfig represents the access configuration information for the cluster
+type AccessConfig struct {
+	// AuthenticationMode specifies the desired authentication mode for the cluster
+	// Defaults to CONFIG_MAP
+	// +kubebuilder:default=CONFIG_MAP
+	// +kubebuilder:validation:Enum=CONFIG_MAP;API;API_AND_CONFIG_MAP
+	AuthenticationMode EKSAuthenticationMode `json:"authenticationMode,omitempty"`
+}
+
 // EncryptionConfig specifies the encryption configuration for the EKS clsuter.
 type EncryptionConfig struct {
 	// Provider specifies the ARN or alias of the CMK (in AWS KMS)
diff --git a/controlplane/eks/api/v1beta1/types.go b/controlplane/eks/api/v1beta1/types.go
index 0ca9a64ebe..73370445ad 100644
--- a/controlplane/eks/api/v1beta1/types.go
+++ b/controlplane/eks/api/v1beta1/types.go
@@ -79,6 +79,21 @@ var (
 	EKSTokenMethodAWSCli = EKSTokenMethod("aws-cli")
 )
 
+// EKSAuthenticationMode defines the authentication mode for the cluster
+type EKSAuthenticationMode string
+
+var (
+	// EKSAuthenticationModeConfigMap indicates that only `aws-auth` ConfigMap will be used for authentication
+	EKSAuthenticationModeConfigMap = EKSAuthenticationMode("CONFIG_MAP")
+
+	// EKSAuthenticationModeAPI indicates that only AWS Access Entries will be used for authentication
+	EKSAuthenticationModeAPI = EKSAuthenticationMode("API")
+
+	// EKSAuthenticationModeAPIAndConfigMap indicates that both `aws-auth` ConfigMap and AWS Access Entries will
+	// be used for authentication
+	EKSAuthenticationModeAPIAndConfigMap = EKSAuthenticationMode("API_AND_CONFIG_MAP")
+)
+
 var (
 	// DefaultEKSControlPlaneRole is the name of the default IAM role to use for the EKS control plane
 	// if no other role is supplied in the spec and if iam role creation is not enabled. The default
diff --git a/controlplane/eks/api/v1beta1/zz_generated.conversion.go b/controlplane/eks/api/v1beta1/zz_generated.conversion.go
index 5c32594c48..2bc5690804 100644
--- a/controlplane/eks/api/v1beta1/zz_generated.conversion.go
+++ b/controlplane/eks/api/v1beta1/zz_generated.conversion.go
@@ -70,6 +70,16 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddGeneratedConversionFunc((*AccessConfig)(nil), (*v1beta2.AccessConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1beta1_AccessConfig_To_v1beta2_AccessConfig(a.(*AccessConfig), b.(*v1beta2.AccessConfig), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*v1beta2.AccessConfig)(nil), (*AccessConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1beta2_AccessConfig_To_v1beta1_AccessConfig(a.(*v1beta2.AccessConfig), b.(*AccessConfig), scope)
+	}); err != nil {
+		return err
+	}
 	if err := s.AddGeneratedConversionFunc((*Addon)(nil), (*v1beta2.Addon)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1beta1_Addon_To_v1beta2_Addon(a.(*Addon), b.(*v1beta2.Addon), scope)
 	}); err != nil {
@@ -363,6 +373,7 @@ func autoConvert_v1beta1_AWSManagedControlPlaneSpec_To_v1beta2_AWSManagedControl
 	out.AssociateOIDCProvider = in.AssociateOIDCProvider
 	out.Addons = (*[]v1beta2.Addon)(unsafe.Pointer(in.Addons))
 	out.OIDCIdentityProviderConfig = (*v1beta2.OIDCIdentityProviderConfig)(unsafe.Pointer(in.OIDCIdentityProviderConfig))
+	out.AccessConfig = (*v1beta2.AccessConfig)(unsafe.Pointer(in.AccessConfig))
 	// WARNING: in.DisableVPCCNI requires manual conversion: does not exist in peer-type
 	if err := Convert_v1beta1_VpcCni_To_v1beta2_VpcCni(&in.VpcCni, &out.VpcCni, s); err != nil {
 		return err
@@ -400,7 +411,7 @@ func autoConvert_v1beta2_AWSManagedControlPlaneSpec_To_v1beta1_AWSManagedControl
 	out.AssociateOIDCProvider = in.AssociateOIDCProvider
 	out.Addons = (*[]Addon)(unsafe.Pointer(in.Addons))
 	out.OIDCIdentityProviderConfig = (*OIDCIdentityProviderConfig)(unsafe.Pointer(in.OIDCIdentityProviderConfig))
-	// WARNING: in.AccessConfig requires manual conversion: does not exist in peer-type
+	out.AccessConfig = (*AccessConfig)(unsafe.Pointer(in.AccessConfig))
 	if err := Convert_v1beta2_VpcCni_To_v1beta1_VpcCni(&in.VpcCni, &out.VpcCni, s); err != nil {
 		return err
 	}
@@ -459,6 +470,26 @@ func Convert_v1beta2_AWSManagedControlPlaneStatus_To_v1beta1_AWSManagedControlPl
 	return autoConvert_v1beta2_AWSManagedControlPlaneStatus_To_v1beta1_AWSManagedControlPlaneStatus(in, out, s)
 }
 
+func autoConvert_v1beta1_AccessConfig_To_v1beta2_AccessConfig(in *AccessConfig, out *v1beta2.AccessConfig, s conversion.Scope) error {
+	out.AuthenticationMode = v1beta2.EKSAuthenticationMode(in.AuthenticationMode)
+	return nil
+}
+
+// Convert_v1beta1_AccessConfig_To_v1beta2_AccessConfig is an autogenerated conversion function.
+func Convert_v1beta1_AccessConfig_To_v1beta2_AccessConfig(in *AccessConfig, out *v1beta2.AccessConfig, s conversion.Scope) error {
+	return autoConvert_v1beta1_AccessConfig_To_v1beta2_AccessConfig(in, out, s)
+}
+
+func autoConvert_v1beta2_AccessConfig_To_v1beta1_AccessConfig(in *v1beta2.AccessConfig, out *AccessConfig, s conversion.Scope) error {
+	out.AuthenticationMode = EKSAuthenticationMode(in.AuthenticationMode)
+	return nil
+}
+
+// Convert_v1beta2_AccessConfig_To_v1beta1_AccessConfig is an autogenerated conversion function.
+func Convert_v1beta2_AccessConfig_To_v1beta1_AccessConfig(in *v1beta2.AccessConfig, out *AccessConfig, s conversion.Scope) error {
+	return autoConvert_v1beta2_AccessConfig_To_v1beta1_AccessConfig(in, out, s)
+}
+
 func autoConvert_v1beta1_Addon_To_v1beta2_Addon(in *Addon, out *v1beta2.Addon, s conversion.Scope) error {
 	out.Name = in.Name
 	out.Version = in.Version
diff --git a/controlplane/eks/api/v1beta1/zz_generated.deepcopy.go b/controlplane/eks/api/v1beta1/zz_generated.deepcopy.go
index f6db3b2da0..73056c1469 100644
--- a/controlplane/eks/api/v1beta1/zz_generated.deepcopy.go
+++ b/controlplane/eks/api/v1beta1/zz_generated.deepcopy.go
@@ -170,6 +170,11 @@ func (in *AWSManagedControlPlaneSpec) DeepCopyInto(out *AWSManagedControlPlaneSp
 		*out = new(OIDCIdentityProviderConfig)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.AccessConfig != nil {
+		in, out := &in.AccessConfig, &out.AccessConfig
+		*out = new(AccessConfig)
+		**out = **in
+	}
 	in.VpcCni.DeepCopyInto(&out.VpcCni)
 	out.KubeProxy = in.KubeProxy
 }
@@ -238,6 +243,21 @@ func (in *AWSManagedControlPlaneStatus) DeepCopy() *AWSManagedControlPlaneStatus
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AccessConfig) DeepCopyInto(out *AccessConfig) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessConfig.
+func (in *AccessConfig) DeepCopy() *AccessConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(AccessConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Addon) DeepCopyInto(out *Addon) {
 	*out = *in