chore: AssumeRoleDuration to time.Duration (aws#4433)

pkg/apis/settings/settings.go

@@ -24,11 +24,9 @@ import (
 	"github.com/go-playground/validator/v10"
 	"go.uber.org/multierr"
 	v1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"knative.dev/pkg/apis"
 	"knative.dev/pkg/configmap"
 
-	coresettings "github.com/aws/karpenter-core/pkg/apis/settings"
 	"github.com/aws/karpenter/pkg/apis/v1alpha1"
 )
 
@@ -38,7 +36,7 @@ var ContextKey = settingsKeyType{}
 
 var defaultSettings = &Settings{
 	AssumeRoleARN:              "",
-	AssumeRoleDuration:         &metav1.Duration{Duration: time.Minute * 15},
+	AssumeRoleDuration:         time.Minute * 15,
 	ClusterName:                "",
 	ClusterEndpoint:            "",
 	DefaultInstanceProfile:     "",
@@ -54,8 +52,8 @@ var defaultSettings = &Settings{
 // +k8s:deepcopy-gen=true
 type Settings struct {
 	AssumeRoleARN              string
-	AssumeRoleDuration         *metav1.Duration `validate:"min=15m"`
-	ClusterName                string           `validate:"required"`
+	AssumeRoleDuration         time.Duration `validate:"min=15m"`
+	ClusterName                string        `validate:"required"`
 	ClusterEndpoint            string
 	DefaultInstanceProfile     string
 	EnablePodENI               bool
@@ -77,7 +75,7 @@ func (*Settings) Inject(ctx context.Context, cm *v1.ConfigMap) (context.Context,
 
 	if err := configmap.Parse(cm.Data,
 		configmap.AsString("aws.assumeRoleARN", &s.AssumeRoleARN),
-		coresettings.AsMetaDuration("aws.assumeRoleDuration", &s.AssumeRoleDuration),
+		configmap.AsDuration("aws.assumeRoleDuration", &s.AssumeRoleDuration),
 		configmap.AsString("aws.clusterName", &s.ClusterName),
 		configmap.AsString("aws.clusterEndpoint", &s.ClusterEndpoint),
 		configmap.AsString("aws.defaultInstanceProfile", &s.DefaultInstanceProfile),

pkg/apis/settings/suite_test.go

@@ -47,7 +47,7 @@ var _ = Describe("Validation", func() {
 		Expect(err).ToNot(HaveOccurred())
 		s := settings.FromContext(ctx)
 		Expect(s.AssumeRoleARN).To(Equal(""))
-		Expect(s.AssumeRoleDuration.Duration).To(Equal(time.Duration(15) * time.Minute))
+		Expect(s.AssumeRoleDuration).To(Equal(time.Duration(15) * time.Minute))
 		Expect(s.DefaultInstanceProfile).To(Equal(""))
 		Expect(s.EnablePodENI).To(BeFalse())
 		Expect(s.EnableENILimitedPodDensity).To(BeTrue())
@@ -76,7 +76,7 @@ var _ = Describe("Validation", func() {
 		Expect(err).ToNot(HaveOccurred())
 		s := settings.FromContext(ctx)
 		Expect(s.AssumeRoleARN).To(Equal("arn:aws:iam::111222333444:role/testrole"))
-		Expect(s.AssumeRoleDuration.Duration).To(Equal(time.Duration(27) * time.Minute))
+		Expect(s.AssumeRoleDuration).To(Equal(time.Duration(27) * time.Minute))
 		Expect(s.DefaultInstanceProfile).To(Equal("karpenter"))
 		Expect(s.EnablePodENI).To(BeTrue())
 		Expect(s.EnableENILimitedPodDensity).To(BeFalse())
@@ -198,6 +198,17 @@ var _ = Describe("Validation", func() {
 		cm := &v1.ConfigMap{
 			Data: map[string]string{
 				"aws.reservedENIs": "-1",
+				"aws.clusterName":  "my-cluster",
+			},
+		}
+		_, err := (&settings.Settings{}).Inject(ctx, cm)
+		Expect(err).To(HaveOccurred())
+	})
+	It("should fail validation with assumeDurationRole is less then 15m", func() {
+		cm := &v1.ConfigMap{
+			Data: map[string]string{
+				"aws.assumeRoleDuration": "2m",
+				"aws.clusterName":        "my-cluster",
 			},
 		}
 		_, err := (&settings.Settings{}).Inject(ctx, cm)

pkg/operator/operator.go

@@ -239,6 +239,6 @@ func kubeDNSIP(ctx context.Context, kubernetesInterface kubernetes.Interface) (n
 }
 
 func setDurationAndExpiry(ctx context.Context, provider *stscreds.AssumeRoleProvider) {
-	provider.Duration = settings.FromContext(ctx).AssumeRoleDuration.Duration
+	provider.Duration = settings.FromContext(ctx).AssumeRoleDuration
 	provider.ExpiryWindow = time.Duration(10) * time.Second
 }