Skip to content

Commit 09383cb

Browse files
aemada-awsaemada-aws
authored
feat(eks): add OidcProviderNative using L1 and deprecate OpenIdConnectProvider custom resource (#36589)
### Issue # (if applicable) ### Reason for this change EKS V2 use a custom resource for OpenIdConnectProvider. There is already an L1 for OpenIdConnectProvider, which should be used instead of the custom resource. The L1 construct is needed for migrating from v1 to v2 as custom resources are not importable and recreating the OIDC provider results in a conflict. ### Description of changes - Deprecate OpenIdConnectProvider in eks-v2-alpha - Add migration instructions - Add OidcProviderNative - Add integ tests - Add unit tests - Add feature flag to use OidcProviderNative inside EKS cluster construct. - Add removal policy support for OpenIdConnectProvider so users can use it in order to migrate. - Add token support for OidcProviderNative in aws-iam to prevent trying to validate token values. This was breaking when using it with EKS and should have been there anyway from the beginning. **BREAKING CHANGE**: The `openIdConnectProviderArn` and `openIdConnectProviderIssuer` properties have been added as required members of the `IOidcProvider` interface. This was the least disruptive change required to allow existing EKS constructs to support the `OidcProviderNative` construct. This change is non-breaking for consumers of the interface, but breaking for implementors. If you implement `iam.IOidcProvider`, you must now add these two properties, typically as aliases to the existing `oidcProviderArn` and `oidcProviderIssuer` properties. ### Describe any new or updated permissions being added None ### Description of how you validated changes Integ tests deployed ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent cf61814 commit 09383cb

File tree

110 files changed

+21177
-289
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

110 files changed

+21177
-289
lines changed

packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-native-oidc.js.snapshot/asset.0dd0dd1ef89b3038f0deba816f45170e60083713fc97684a9ba1f076d529d46e/index.js

Lines changed: 51 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-native-oidc.js.snapshot/asset.4c0f7bf9173df1c120604820692548150b09e29f6fba95f38b11caa17c9696bb.zip

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-native-oidc.js.snapshot/asset.4ca2c8a263c5ac6ec1a067fe3cf77cd51e7190eda4e69f18591c506ede77323a/cfn-response.js

Lines changed: 104 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-native-oidc.js.snapshot/asset.4ca2c8a263c5ac6ec1a067fe3cf77cd51e7190eda4e69f18591c506ede77323a/consts.js

Lines changed: 10 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)