Merge pull request #16830 from rifelpet/automated-cherry-pick-of-#168…

…18-origin-release-1.30 Automated cherry pick of #16818: Conditionally set TF aws_s3_object SSE and ACLs
kubernetes · Sep 14, 2024 · bed6567 · bed6567
2 parents 57d1f18 + 1c9756a
commit bed6567
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 4 deletions.
diff --git a/tests/e2e/kubetest2-kops/deployer/common.go b/tests/e2e/kubetest2-kops/deployer/common.go
@@ -114,7 +114,7 @@ func (d *deployer) initialize() error {
 		d.SSHUser = os.Getenv("KUBE_SSH_USER")
 	}
 	if d.TerraformVersion != "" {
-		t, err := target.NewTerraform(d.TerraformVersion)
+		t, err := target.NewTerraform(d.TerraformVersion, d.ArtifactsDir)
 		if err != nil {
 			return err
 		}

diff --git a/tests/e2e/pkg/target/terraform.go b/tests/e2e/pkg/target/terraform.go
@@ -20,6 +20,7 @@ import (
 	"bytes"
 	"fmt"
 	"os"
+	"path"
 	"path/filepath"
 	"runtime"
 	"strings"
@@ -34,10 +35,11 @@ import (
 type Terraform struct {
 	dir           string
 	terraformPath string
+	artifactsDir  string
 }
 
 // NewTerraform creates a new Terraform object
-func NewTerraform(version string) (*Terraform, error) {
+func NewTerraform(version, artifactsDir string) (*Terraform, error) {
 	var b bytes.Buffer
 	url := fmt.Sprintf("https://releases.hashicorp.com/terraform/%v/terraform_%v_%v_%v.zip", version, version, runtime.GOOS, runtime.GOARCH)
 
@@ -52,9 +54,15 @@ func NewTerraform(version string) (*Terraform, error) {
 	if err != nil {
 		return nil, err
 	}
+	artifacts := filepath.Join(artifactsDir, "terraform")
+	if err := os.MkdirAll(artifacts, 0644); err != nil {
+		return nil, err
+	}
+
 	t := &Terraform{
 		dir:           tfDir,
 		terraformPath: filepath.Join(binaryDir, "terraform"),
+		artifactsDir:  artifacts,
 	}
 	return t, nil
 }
@@ -80,6 +88,11 @@ func (t *Terraform) InitApply() error {
 		return err
 	}
 
+	err = t.Backup()
+	if err != nil {
+		return err
+	}
+
 	args = []string{
 		t.terraformPath, "apply",
 		"-auto-approve",
@@ -115,3 +128,26 @@ func (t *Terraform) Destroy() error {
 	}
 	return nil
 }
+
+func (t *Terraform) Backup() error {
+	if t.artifactsDir == "" {
+		return nil
+	}
+
+	files := []string{
+		"kubernetes.tf",
+		".terraform.lock.hcl",
+	}
+	for _, f := range files {
+		klog.Infof("Copying %s to artifacts", f)
+		contents, err := os.ReadFile(path.Join(t.Dir(), f))
+		if err != nil {
+			return fmt.Errorf("failed to read %s: %v", f, err)
+		}
+		err = os.WriteFile(path.Join(t.artifactsDir, f), contents, 0644)
+		if err != nil {
+			return fmt.Errorf("failed to write %s: %v", f, err)
+		}
+	}
+	return nil
+}
diff --git a/util/pkg/vfs/s3fs.go b/util/pkg/vfs/s3fs.go
@@ -743,10 +743,14 @@ func (p *S3Path) RenderTerraform(w *terraformWriter.TerraformWriter, name string
 			Bucket:   p.Bucket(),
 			Key:      p.Key(),
 			Content:  content,
-			SSE:      &sseVal,
-			Acl:      &aclVal,
 			Provider: terraformWriter.LiteralTokens("aws", "files"),
 		}
+		if sseVal != "" {
+			tf.SSE = &sseVal
+		}
+		if aclVal != "" {
+			tf.Acl = &aclVal
+		}
 		return w.RenderResource("aws_s3_object", name, tf)
 	}