From 0ef1f2f2d89f82e35e3b56116a8c22950848f146 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas <davanum@gmail.com>
Date: Tue, 27 Jun 2023 07:45:36 -0400
Subject: [PATCH] Set AWS specific credential provider when running there

NOTE: we are not installing the ecr-credential-provider binary
itself here we are, we need to do it out-of-band from the test
suite itself before it runs.

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
---
 test/e2e_node/remote/node_e2e.go | 11 +++++++----
 test/e2e_node/remote/utils.go    | 20 +++++++++++++++++++-
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/test/e2e_node/remote/node_e2e.go b/test/e2e_node/remote/node_e2e.go
index a05aae75b7b..e4d3739b7f3 100644
--- a/test/e2e_node/remote/node_e2e.go
+++ b/test/e2e_node/remote/node_e2e.go
@@ -93,9 +93,9 @@ func prependMemcgNotificationFlag(args string) string {
 	return "--kubelet-flags=--kernel-memcg-notification=true " + args
 }
 
-// prependGCPCredentialProviderFlag prepends the flags for enabling
+// prependCredentialProviderFlag prepends the flags for enabling
 // a credential provider plugin.
-func prependGCPCredentialProviderFlag(args, workspace string) string {
+func prependCredentialProviderFlag(args, workspace string) string {
 	credentialProviderConfig := filepath.Join(workspace, "credential-provider.yaml")
 	featureGateFlag := "--kubelet-flags=--feature-gates=DisableKubeletCloudCredentialProviders=true"
 	configFlag := fmt.Sprintf("--kubelet-flags=--image-credential-provider-config=%s", credentialProviderConfig)
@@ -115,9 +115,12 @@ func osSpecificActions(args, host, workspace string) (string, error) {
 		return args, setKubeletSELinuxLabels(host, workspace)
 	case strings.Contains(output, "gci"), strings.Contains(output, "cos"):
 		args = prependMemcgNotificationFlag(args)
-		return prependGCPCredentialProviderFlag(args, workspace), nil
+		return prependCredentialProviderFlag(args, workspace), nil
 	case strings.Contains(output, "ubuntu"):
-		args = prependGCPCredentialProviderFlag(args, workspace)
+		args = prependCredentialProviderFlag(args, workspace)
+		return prependMemcgNotificationFlag(args), nil
+	case strings.Contains(output, "amzn"):
+		args = prependCredentialProviderFlag(args, workspace)
 		return prependMemcgNotificationFlag(args), nil
 	}
 	return args, nil
diff --git a/test/e2e_node/remote/utils.go b/test/e2e_node/remote/utils.go
index 488c568a5f2..8dc4405409d 100644
--- a/test/e2e_node/remote/utils.go
+++ b/test/e2e_node/remote/utils.go
@@ -48,7 +48,7 @@ const cniConfig = `{
 }
 `
 
-const credentialProviderConfig = `kind: CredentialProviderConfig
+const credentialGCPProviderConfig = `kind: CredentialProviderConfig
 apiVersion: kubelet.config.k8s.io/v1
 providers:
   - name: gcp-credential-provider
@@ -60,6 +60,19 @@ providers:
     - "*.pkg.dev"
     defaultCacheDuration: 1m`
 
+const credentialAWSProviderConfig = `kind: CredentialProviderConfig
+apiVersion: kubelet.config.k8s.io/v1
+providers:
+- name: ecr-credential-provider
+  apiVersion: credentialprovider.kubelet.k8s.io/v1
+  matchImages:
+  - "*.dkr.ecr.*.amazonaws.com"
+  - "*.dkr.ecr.*.amazonaws.com.cn"
+  - "*.dkr.ecr-fips.*.amazonaws.com"
+  - "*.dkr.ecr.us-iso-east-1.c2s.ic.gov"
+  - "*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov"
+  defaultCacheDuration: 12h`
+
 func getCNIURL() string {
 	cniArch := "amd64"
 	if builder.IsTargetArchArm64() {
@@ -102,6 +115,11 @@ func setupCNI(host, workspace string) error {
 func configureCredentialProvider(host, workspace string) error {
 	klog.V(2).Infof("Configuring kubelet credential provider on %q", host)
 
+	credentialProviderConfig := credentialGCPProviderConfig
+	if GetSSHUser() == "ec2-user" {
+		credentialProviderConfig = credentialAWSProviderConfig
+	}
+
 	cmd := getSSHCommand(" ; ",
 		fmt.Sprintf("echo %s > %s", quote(credentialProviderConfig), filepath.Join(workspace, "credential-provider.yaml")),
 	)