Fix broken aws flow

test/e2e/encryption_at_rest_test.go

@@ -43,7 +43,7 @@ const (
 	KeyName           = "encryption-at-rest-test-key"
 )
 
-var _ = FDescribe("Encryption at REST test", Label("encryption-at-rest"), func() {
+var _ = Describe("Encryption at REST test", Label("encryption-at-rest"), func() {
 	var testData *model.TestDataProvider
 
 	_ = BeforeEach(func() {
@@ -154,7 +154,7 @@ func encryptionAtRestFlow(userData *model.TestDataProvider, encAtRest v1.Encrypt
 			aRole = userData.Project.Status.CloudProviderAccessRoles[0]
 		}
 
-		fillKMSforAWS(&encAtRest, aRole)
+		fillKMSforAWS(&encAtRest, aRole.AtlasAWSAccountArn, aRole.IamAssumedRoleArn, true)
 		fillVaultforAzure(&encAtRest)
 		fillKMSforGCP(&encAtRest)
 
@@ -189,20 +189,23 @@ func encryptionAtRestFlow(userData *model.TestDataProvider, encAtRest v1.Encrypt
 	})
 }
 
-func fillKMSforAWS(encAtRest *v1.EncryptionAtRest, awsCloudAccess status.CloudProviderAccessRole) {
+func fillKMSforAWS(encAtRest *v1.EncryptionAtRest, atlasAccountArn, assumedRoleArn string, withRoleID bool) {
 	if (encAtRest.AwsKms == v1.AwsKms{}) {
 		return
 	}
 
 	Expect(encAtRest.AwsKms.Region).NotTo(Equal(""))
 	awsAction, err := cloud.NewAWSAction(GinkgoT())
 	Expect(err).ToNot(HaveOccurred())
-	CustomerMasterKeyID, err := awsAction.CreateKMS(config.AWSRegionUS, awsCloudAccess.AtlasAWSAccountArn, awsCloudAccess.IamAssumedRoleArn)
+	CustomerMasterKeyID, err := awsAction.CreateKMS(config.AWSRegionUS, atlasAccountArn, assumedRoleArn)
 	Expect(err).ToNot(HaveOccurred())
 	Expect(CustomerMasterKeyID).NotTo(Equal(""))
 
 	encAtRest.AwsKms.CustomerMasterKeyID = CustomerMasterKeyID
-	encAtRest.AwsKms.RoleID = awsCloudAccess.RoleID
+
+	if withRoleID {
+		encAtRest.AwsKms.RoleID = assumedRoleArn
+	}
 }
 
 func fillVaultforAzure(encAtRest *v1.EncryptionAtRest) {
@@ -347,13 +350,23 @@ var _ = Describe("Encryption at rest AWS", Label("encryption-at-rest"), func() {
 			Expect(len(userData.Project.Status.CloudProviderAccessRoles)).NotTo(Equal(0))
 			aRole := userData.Project.Status.CloudProviderAccessRoles[0]
 
-			fillKMSforAWS(&encAtRest, aRole)
+			fillKMSforAWS(&encAtRest, aRole.AtlasAWSAccountArn, aRole.IamAssumedRoleArn, false)
 			fillVaultforAzure(&encAtRest)
 			fillKMSforGCP(&encAtRest)
 
 			Expect(userData.K8SClient.Get(userData.Context, types.NamespacedName{Name: userData.Project.Name,
 				Namespace: userData.Resources.Namespace}, userData.Project)).Should(Succeed())
 			userData.Project.Spec.EncryptionAtRest = &encAtRest
+
+			var roleARNToSet string
+			for _, r := range atlasRoles.AWSIAMRoles {
+				if r.IAMAssumedRoleARN == aRole.IamAssumedRoleArn {
+					roleARNToSet = r.IAMAssumedRoleARN
+					break
+				}
+			}
+			Expect(roleARNToSet).NotTo(BeEmpty())
+			userData.Project.Spec.EncryptionAtRest.AwsKms.RoleID = roleARNToSet
 			Expect(userData.K8SClient.Update(userData.Context, userData.Project)).Should(Succeed())
 			actions.WaitForConditionsToBecomeTrue(userData, status.EncryptionAtRestReadyType, status.ReadyType)
 		})
@@ -439,15 +452,26 @@ var _ = Describe("Encryption at rest AWS", Label("encryption-at-rest"), func() {
 
 			encAtRest.AwsKms.Region = string(secret.Data["Region"])
 
-			fillKMSforAWS(&encAtRest, aRole)
+			fillKMSforAWS(&encAtRest, aRole.AtlasAWSAccountArn, aRole.IamAssumedRoleArn, false)
 
 			Expect(userData.K8SClient.Get(userData.Context, types.NamespacedName{Name: userData.Project.Name,
 				Namespace: userData.Resources.Namespace}, userData.Project)).Should(Succeed())
 			userData.Project.Spec.EncryptionAtRest = &encAtRest
 
-			secret.Data["RoleID"] = []byte(aRole.RoleID)
+			var roleARNToSet string
+			for _, r := range atlasRoles.AWSIAMRoles {
+				if r.IAMAssumedRoleARN == aRole.IamAssumedRoleArn {
+					roleARNToSet = r.IAMAssumedRoleARN
+					break
+				}
+			}
+
+			Expect(roleARNToSet).NotTo(BeEmpty())
+
+			secret.Data["RoleID"] = []byte(roleARNToSet)
 			secret.Data["CustomerMasterKeyID"] = []byte(encAtRest.AwsKms.CustomerMasterKeyID)
 			userData.Project.Spec.EncryptionAtRest.AwsKms.CustomerMasterKeyID = ""
+			userData.Project.Spec.EncryptionAtRest.AwsKms.RoleID = roleARNToSet
 			userData.Project.Spec.EncryptionAtRest.AwsKms.SecretRef = common.ResourceRefNamespaced{
 				Name:      secret.Name,
 				Namespace: secret.Namespace,

test/e2e/k8s/operator.go

@@ -1,15 +1,13 @@
 package k8s
 
 import (
+	"errors"
 	"fmt"
 	"os"
+	"path"
 	"strings"
 	"time"
 
-	"go.uber.org/zap/zaptest"
-
-	. "github.com/onsi/ginkgo/v2"
-
 	"github.com/go-logr/zapr"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
@@ -48,13 +46,7 @@ func RunOperator(initCfg *Config) (manager.Manager, error) {
 	if err != nil {
 		return nil, fmt.Errorf("failed to create log directory: %w", err)
 	}
-	//logger, err := initCustomZapLogger(config.LogLevel, config.LogEncoder, path.Join(config.LogDir, "operator.log"))
-	logger := zaptest.NewLogger(
-		GinkgoT(),
-		zaptest.WrapOptions(
-			zap.ErrorOutput(zapcore.Lock(zapcore.AddSync(GinkgoWriter))),
-		),
-	)
+	logger, err := initCustomZapLogger(config.LogLevel, config.LogEncoder, path.Join(config.LogDir, "operator.log"))
 	if err != nil {
 		return nil, fmt.Errorf("failed to initialize custom zap logger: %w", err)
 	}
@@ -213,7 +205,6 @@ func mergeConfiguration(initCfg *Config) *Config {
 	return config
 }
 
-/*
 func initCustomZapLogger(level, encoding, logFileName string) (*zap.Logger, error) {
 	lv := zap.AtomicLevel{}
 	err := lv.UnmarshalText([]byte(strings.ToLower(level)))
@@ -242,4 +233,3 @@ func initCustomZapLogger(level, encoding, logFileName string) (*zap.Logger, erro
 	}
 	return cfg.Build()
 }
-*/