commit 598795a38a048f5c012dfc15ab16bde96dda701a
from: murilo ijanc <murilo@ijanc.org>
date: Sun Dec  7 14:04:44 2025 UTC

Delete kops_eks

commit - 98feb1bd031c39ee0bd8ead61967ce766e4f591f
commit + 598795a38a048f5c012dfc15ab16bde96dda701a
blob - cddf32fda8c3b4f2ffaa843912bcca4858945bf2
blob + 3dd15aaaf3b787b2d6f339e2dba538fc1bdd14bd
--- Cargo.lock
+++ Cargo.lock
@@ -1811,25 +1811,12 @@ dependencies = [
 ]
 
 [[package]]
-name = "kops_aws_sso"
+name = "kops_aws_eks"
 version = "0.1.0"
 dependencies = [
  "anyhow",
  "aws-config",
  "aws-credential-types",
- "aws-sdk-sso",
- "aws-sdk-ssooidc",
- "chrono",
- "tokio",
-]
-
-[[package]]
-name = "kops_eks"
-version = "0.1.0"
-dependencies = [
- "anyhow",
- "aws-config",
- "aws-credential-types",
  "aws-sdk-eks",
  "aws-sdk-sts",
  "aws-sigv4",
@@ -1848,6 +1835,19 @@ dependencies = [
 ]
 
 [[package]]
+name = "kops_aws_sso"
+version = "0.1.0"
+dependencies = [
+ "anyhow",
+ "aws-config",
+ "aws-credential-types",
+ "aws-sdk-sso",
+ "aws-sdk-ssooidc",
+ "chrono",
+ "tokio",
+]
+
+[[package]]
 name = "kops_log"
 version = "0.1.0"
 dependencies = [
blob - f62f88dfbbf876b7f19291bc78d6c856a115d1f8
blob + 9264dbf83668cb2f085f885a3a07b54120134f78
--- Cargo.toml
+++ Cargo.toml
@@ -28,6 +28,7 @@ unused_unsafe = "warn"
 all = { level = "warn", priority = -1 }
 
 [workspace.dependencies]
+kops_aws_eks = { version = "=0.1.0", path = "crates/kops_aws_eks" }
 kops_aws_sso = { version = "=0.1.0", path = "crates/kops_aws_sso" }
 kops_log = { version = "=0.1.0", path = "crates/kops_log" }
 kops_protocol = { version = "=0.1.0", path = "crates/kops_protocol" }
blob - e6280c624983fb18db1dd07b68481404b8d6514a (mode 644)
blob + /dev/null
--- crates/kops_eks/Cargo.toml
+++ /dev/null
@@ -1,24 +0,0 @@
-[package]
-name = "kops_eks"
-version = "0.1.0"
-edition = "2024"
-
-[dependencies]
-anyhow = "1"
-aws-config = { version = "1", features = ["behavior-version-latest"] }
-aws-credential-types = "1"
-aws-sdk-eks = "1"
-aws-sdk-sts = "1.94.0"
-aws-sigv4 = "1"
-aws-smithy-runtime-api = "1.9.2"
-base64 = "0.22"
-http = "1"
-k8s-openapi = { version = "0.22", features = ["v1_30"] }
-kube = { version = "0.91", features = ["client", "rustls-tls"] }
-pem = "3.0.6"
-percent-encoding = "2.3"
-rustls = { version = "0.23", default-features = false, features = ["ring"] }
-rustls-pemfile = "2"
-tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
-url = "2.5.7"
-urlencoding = "2.1"
blob - af49952d19701b111d829f21a24b2bcc32addb14 (mode 644)
blob + /dev/null
--- crates/kops_eks/src/main.rs
+++ /dev/null
@@ -1,144 +0,0 @@
-#![allow(unused_imports, unused_variables, unused_mut)]
-use anyhow::{Context, Result, anyhow};
-use aws_config::BehaviorVersion;
-use aws_credential_types::provider::ProvideCredentials;
-use aws_sdk_eks as eks;
-use aws_sigv4::http_request::SignatureLocation;
-use aws_sigv4::http_request::{
-    SignableBody, SignableRequest, SigningParams, SigningSettings, sign,
-};
-use aws_sigv4::sign::v4;
-use aws_smithy_runtime_api::client::identity::Identity;
-use base64::Engine;
-use base64::engine::general_purpose::{STANDARD, URL_SAFE_NO_PAD};
-use http::Uri;
-use http::header;
-use k8s_openapi::api::core::v1::Pod;
-use kube::Api;
-use kube::config::{AuthInfo, Config as KubeConfig};
-use percent_encoding::{NON_ALPHANUMERIC, utf8_percent_encode};
-use rustls::crypto::aws_lc_rs;
-use rustls_pemfile::Item;
-use std::io::Cursor;
-use std::time::{Duration, SystemTime};
-
-#[tokio::main]
-async fn main() -> Result<()> {
-    aws_lc_rs::default_provider()
-        .install_default()
-        .expect("failed to install aws-lc provider");
-
-    let region = "us-east-1";
-    let cluster_name = "my-cluster";
-
-    let token = main2(cluster_name, region).await?;
-
-    let (eks_cluster_url, eks_cluster_cert) =
-        eks_k8s_cluster_info(cluster_name).await?;
-
-    let kubeconfig = kube::Config {
-        cluster_url: eks_cluster_url,
-        default_namespace: "observability".to_string(),
-        auth_info: kube::config::AuthInfo {
-            token: Some(token.clone().into()),
-            ..Default::default()
-        },
-        root_cert: Some(eks_cluster_cert),
-        accept_invalid_certs: false,
-        connect_timeout: Some(Duration::from_secs(30)),
-        read_timeout: Some(Duration::from_secs(295)),
-        write_timeout: None,
-        proxy_url: None,
-        tls_server_name: None,
-    };
-
-    let client = kube::Client::try_from(kubeconfig)?;
-    let pods: Api<Pod> = Api::namespaced(client, "observability");
-    for p in pods.list(&Default::default()).await?.items {
-        println!("{}", p.metadata.name.unwrap_or_default());
-    }
-
-    Ok(())
-}
-
-pub async fn eks_k8s_cluster_info(
-    cluster_name: &str,
-) -> Result<(http::Uri, Vec<Vec<u8>>)> {
-    let sdk_config =
-        aws_config::load_defaults(BehaviorVersion::latest()).await;
-    let client = eks::Client::new(&sdk_config);
-
-    let resp = client.describe_cluster().name(cluster_name).send().await?;
-
-    let cluster = resp.cluster().context("Unable to find cluster")?.to_owned();
-    let b64_cert = cluster
-        .certificate_authority()
-        .context("Unable to find certificate authority")?
-        .data()
-        .context("Unable to find certificate data")?;
-    let cert = pem::parse(STANDARD.decode(b64_cert)?)?.into_contents();
-    let endpoint = cluster
-        .endpoint()
-        .context("Unable to find endpoint")?
-        .parse::<http::Uri>()?;
-
-    Ok((endpoint, [cert].to_vec()))
-}
-
-pub async fn main2(cluster_name: &str, region: &str) -> Result<String> {
-    let sdk_config =
-        aws_config::load_defaults(BehaviorVersion::latest()).await;
-    let credentials = sdk_config
-        .credentials_provider()
-        .ok_or_else(|| anyhow!("no credentials provider in sdk_config"))?
-        .provide_credentials()
-        .await
-        .context("failed to provide AWS credentials")?;
-
-    let mut signing_settings = SigningSettings::default();
-    signing_settings.expires_in = Some(Duration::from_secs(60));
-    signing_settings.signature_location = SignatureLocation::QueryParams;
-
-    let identity = Identity::from(credentials.clone());
-
-    let signing_params = match aws_sigv4::sign::v4::SigningParams::builder()
-        .identity(&identity)
-        .region(region)
-        .name("sts")
-        .time(SystemTime::now())
-        .settings(signing_settings)
-        .build()
-    {
-        Ok(params) => params,
-        Err(e) => {
-            return Err(anyhow!("Unable to create signing params: {:?}", e));
-        }
-    };
-
-    let url = format!(
-        "https://sts.{region}.amazonaws.com/?Action=GetCallerIdentity&Version=2011-06-15"
-    );
-    let headers = vec![("x-k8s-aws-id", cluster_name)];
-    let signable_request = SignableRequest::new(
-        "GET",
-        url.clone(),
-        headers.into_iter(),
-        SignableBody::Bytes(&[]),
-    )?;
-
-    let (signing_instructions, _signature) = aws_sigv4::http_request::sign(
-        signable_request,
-        &aws_sigv4::http_request::SigningParams::V4(signing_params),
-    )?
-    .into_parts();
-
-    let mut fake_req = http::Request::builder()
-        .uri(url)
-        .body(())
-        .expect("empty body request should not fail");
-
-    signing_instructions.apply_to_request_http1x(&mut fake_req);
-    let uri = fake_req.uri().to_string();
-
-    Ok(format!("k8s-aws-v1.{}", &URL_SAFE_NO_PAD.encode(uri)))
-}