diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml index c5523f1d..8d1d4144 100755 --- a/apis/v1alpha1/ack-generate-metadata.yaml +++ b/apis/v1alpha1/ack-generate-metadata.yaml @@ -1,13 +1,13 @@ ack_generate_info: - build_date: "2023-12-06T21:43:43Z" - build_hash: 892f29d00a4c4ad21a2fa32919921de18190979d - go_version: go1.21.1 - version: v0.27.1 -api_directory_checksum: 6e2d850d97f2f72db31c9bef522eca4ab95b3fcd + build_date: "2023-12-12T12:34:35Z" + build_hash: 3653329ceeb20015851b8776a6061a3fb0ec2935 + go_version: go1.21.0 + version: "3653329" +api_directory_checksum: d452bf19bfd1496aacdc215bf7cc9ea86c55c122 api_version: v1alpha1 aws_sdk_go_version: v1.44.93 generator_config_info: - file_checksum: d10a62517f87bacf988184f8c454b90b42dee732 + file_checksum: df1057de840147701c11acfdbed0e28e9b0ddd96 original_file_name: generator.yaml last_modification: reason: API generation diff --git a/apis/v1alpha1/generator.yaml b/apis/v1alpha1/generator.yaml index 0c64bb77..ed593f14 100644 --- a/apis/v1alpha1/generator.yaml +++ b/apis/v1alpha1/generator.yaml @@ -818,8 +818,6 @@ resources: path: Tags compare: is_ignored: True - update_operation: - omit_unchanged_fields: true hooks: delta_pre_compare: code: compareTags(delta, a, b) diff --git a/generator.yaml b/generator.yaml index 0c64bb77..ed593f14 100644 --- a/generator.yaml +++ b/generator.yaml @@ -818,8 +818,6 @@ resources: path: Tags compare: is_ignored: True - update_operation: - omit_unchanged_fields: true hooks: delta_pre_compare: code: compareTags(delta, a, b) diff --git a/pkg/resource/vpc_peering_connection/hooks.go b/pkg/resource/vpc_peering_connection/hooks.go index f55c73b6..ecc2aab4 100644 --- a/pkg/resource/vpc_peering_connection/hooks.go +++ b/pkg/resource/vpc_peering_connection/hooks.go @@ -27,15 +27,15 @@ import ( var ( ErrVPCPeeringConnectionCreating = fmt.Errorf( - "VPCPerringConnection in '%v' state, cannot be modified or deleted", + "VPCPeeringConnection in '%v' state, cannot be modified or deleted", "creating", ) ErrVPCPeeringConnectionProvisioning = fmt.Errorf( - "VPCPerringConnection in '%v' state, cannot be modified or deleted", + "VPCPeeringConnection in '%v' state, cannot be modified or deleted", svcsdk.VpcPeeringConnectionStateReasonCodeProvisioning, ) ErrVPCPeeringConnectionDeleting = fmt.Errorf( - "VPCPerringConnection in '%v' state, cannot be modified or deleted", + "VPCPeeringConnection in '%v' state, cannot be modified or deleted", svcsdk.VpcPeeringConnectionStateReasonCodeDeleting, ) ) diff --git a/pkg/resource/vpc_peering_connection/sdk.go b/pkg/resource/vpc_peering_connection/sdk.go index abeb2b85..88292b4d 100644 --- a/pkg/resource/vpc_peering_connection/sdk.go +++ b/pkg/resource/vpc_peering_connection/sdk.go @@ -241,6 +241,37 @@ func (rm *resourceManager) sdkFind( rm.setStatusDefaults(ko) + if r.ko.Spec.AccepterPeeringConnectionOptions != nil { + f0 := &svcapitypes.PeeringConnectionOptionsRequest{} + if r.ko.Spec.AccepterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC != nil { + f0.AllowEgressFromLocalClassicLinkToRemoteVPC = r.ko.Spec.AccepterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC + } + if r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC != nil { + f0.AllowEgressFromLocalClassicLinkToRemoteVPC = r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC + } + if r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink != nil { + f0.AllowEgressFromLocalVPCToRemoteClassicLink = r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink + } + ko.Spec.AccepterPeeringConnectionOptions = f0 + } else { + ko.Spec.AccepterPeeringConnectionOptions = nil + } + if r.ko.Spec.RequesterPeeringConnectionOptions != nil { + f1 := &svcapitypes.PeeringConnectionOptionsRequest{} + if r.ko.Spec.RequesterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC != nil { + f1.AllowDNSResolutionFromRemoteVPC = r.ko.Spec.RequesterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC + } + if r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC != nil { + f1.AllowEgressFromLocalClassicLinkToRemoteVPC = r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC + } + if r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink != nil { + f1.AllowEgressFromLocalVPCToRemoteClassicLink = r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink + } + ko.Spec.RequesterPeeringConnectionOptions = f1 + } else { + ko.Spec.RequesterPeeringConnectionOptions = nil + } + // Artificially trigger detection by delta.DifferentAt("Spec.AcceptRequest") res := &resource{ko} if isVPCPeeringConnectionPendingAcceptance(res) { @@ -248,9 +279,8 @@ func (rm *resourceManager) sdkFind( } else if isVPCPeeringConnectionActive(res) || isVPCPeeringConnectionProvisioning(res) { res.ko.Spec.AcceptRequest = aws.Bool(true) } else if isVPCPeeringConnectionCreating(res) { - return nil, requeueWaitWhileCreating + return res, requeueWaitWhileCreating } - return &resource{ko}, nil } @@ -500,20 +530,22 @@ func (rm *resourceManager) sdkUpdate( exit(err) }() - if isVPCPeeringConnectionCreating(desired) { + if isVPCPeeringConnectionCreating(latest) { return desired, requeueWaitWhileCreating } - if isVPCPeeringConnectionProvisioning(desired) { + if isVPCPeeringConnectionProvisioning(latest) { return desired, requeueWaitWhileProvisioning } - if isVPCPeeringConnectionDeleting(desired) { + if isVPCPeeringConnectionDeleting(latest) { return desired, requeueWaitWhileDeleting } + // If the VPC Peering Connection is Pending Acceptance or Active, continue - // in case of pending acceptance or accepted state we make the updates. if delta.DifferentAt("Spec.Tags") { if err := rm.syncTags(ctx, desired, latest); err != nil { - return nil, err + // This causes a requeue and the rest of the fields will be synced on the next reconciliation loop + ackcondition.SetSynced(desired, corev1.ConditionFalse, nil, nil) + return desired, err } } @@ -549,6 +581,37 @@ func (rm *resourceManager) sdkUpdate( if !delta.DifferentExcept("Spec.Tags", "Spec.AcceptRequest") { return desired, nil } + + if desired.ko.Spec.AccepterPeeringConnectionOptions != nil { + f0 := &svcapitypes.PeeringConnectionOptionsRequest{} + if desired.ko.Spec.AccepterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC != nil { + f0.AllowDNSResolutionFromRemoteVPC = desired.ko.Spec.AccepterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC + } + if desired.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC != nil { + f0.AllowEgressFromLocalClassicLinkToRemoteVPC = desired.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC + } + if desired.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink != nil { + f0.AllowEgressFromLocalVPCToRemoteClassicLink = desired.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink + } + desired.ko.Spec.AccepterPeeringConnectionOptions = f0 + } else { + desired.ko.Spec.AccepterPeeringConnectionOptions = nil + } + if desired.ko.Spec.RequesterPeeringConnectionOptions != nil { + f1 := &svcapitypes.PeeringConnectionOptionsRequest{} + if desired.ko.Spec.RequesterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC != nil { + f1.AllowDNSResolutionFromRemoteVPC = desired.ko.Spec.RequesterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC + } + if desired.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC != nil { + f1.AllowEgressFromLocalClassicLinkToRemoteVPC = desired.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC + } + if desired.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink != nil { + f1.AllowEgressFromLocalVPCToRemoteClassicLink = desired.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink + } + desired.ko.Spec.RequesterPeeringConnectionOptions = f1 + } else { + desired.ko.Spec.RequesterPeeringConnectionOptions = nil + } input, err := rm.newUpdateRequestPayload(ctx, desired, delta) if err != nil { return nil, err @@ -609,40 +672,34 @@ func (rm *resourceManager) newUpdateRequestPayload( ) (*svcsdk.ModifyVpcPeeringConnectionOptionsInput, error) { res := &svcsdk.ModifyVpcPeeringConnectionOptionsInput{} - if delta.DifferentAt("Spec.AccepterPeeringConnectionOptions") { - if r.ko.Spec.AccepterPeeringConnectionOptions != nil { - f0 := &svcsdk.PeeringConnectionOptionsRequest{} - if r.ko.Spec.AccepterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC != nil { - f0.SetAllowDnsResolutionFromRemoteVpc(*r.ko.Spec.AccepterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC) - } - if r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC != nil { - f0.SetAllowEgressFromLocalClassicLinkToRemoteVpc(*r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC) - } - if r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink != nil { - f0.SetAllowEgressFromLocalVpcToRemoteClassicLink(*r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink) - } - res.SetAccepterPeeringConnectionOptions(f0) + if r.ko.Spec.AccepterPeeringConnectionOptions != nil { + f0 := &svcsdk.PeeringConnectionOptionsRequest{} + if r.ko.Spec.AccepterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC != nil { + f0.SetAllowDnsResolutionFromRemoteVpc(*r.ko.Spec.AccepterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC) } - } - if delta.DifferentAt("Spec.RequesterPeeringConnectionOptions") { - if r.ko.Spec.RequesterPeeringConnectionOptions != nil { - f2 := &svcsdk.PeeringConnectionOptionsRequest{} - if r.ko.Spec.RequesterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC != nil { - f2.SetAllowDnsResolutionFromRemoteVpc(*r.ko.Spec.RequesterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC) - } - if r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC != nil { - f2.SetAllowEgressFromLocalClassicLinkToRemoteVpc(*r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC) - } - if r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink != nil { - f2.SetAllowEgressFromLocalVpcToRemoteClassicLink(*r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink) - } - res.SetRequesterPeeringConnectionOptions(f2) + if r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC != nil { + f0.SetAllowEgressFromLocalClassicLinkToRemoteVpc(*r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC) + } + if r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink != nil { + f0.SetAllowEgressFromLocalVpcToRemoteClassicLink(*r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink) } + res.SetAccepterPeeringConnectionOptions(f0) } - if delta.DifferentAt("Spec.VPCPeeringConnectionID") { - if r.ko.Status.VPCPeeringConnectionID != nil { - res.SetVpcPeeringConnectionId(*r.ko.Status.VPCPeeringConnectionID) + if r.ko.Spec.RequesterPeeringConnectionOptions != nil { + f2 := &svcsdk.PeeringConnectionOptionsRequest{} + if r.ko.Spec.RequesterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC != nil { + f2.SetAllowDnsResolutionFromRemoteVpc(*r.ko.Spec.RequesterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC) } + if r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC != nil { + f2.SetAllowEgressFromLocalClassicLinkToRemoteVpc(*r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC) + } + if r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink != nil { + f2.SetAllowEgressFromLocalVpcToRemoteClassicLink(*r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink) + } + res.SetRequesterPeeringConnectionOptions(f2) + } + if r.ko.Status.VPCPeeringConnectionID != nil { + res.SetVpcPeeringConnectionId(*r.ko.Status.VPCPeeringConnectionID) } return res, nil diff --git a/templates/hooks/vpc_peering_connection/sdk_read_many_post_set_output.go.tpl b/templates/hooks/vpc_peering_connection/sdk_read_many_post_set_output.go.tpl index 68c54a4b..67b551ed 100644 --- a/templates/hooks/vpc_peering_connection/sdk_read_many_post_set_output.go.tpl +++ b/templates/hooks/vpc_peering_connection/sdk_read_many_post_set_output.go.tpl @@ -1,4 +1,36 @@ + + if r.ko.Spec.AccepterPeeringConnectionOptions != nil { + f0 := &svcapitypes.PeeringConnectionOptionsRequest{} + if r.ko.Spec.AccepterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC != nil { + f0.AllowEgressFromLocalClassicLinkToRemoteVPC = r.ko.Spec.AccepterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC + } + if r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC != nil { + f0.AllowEgressFromLocalClassicLinkToRemoteVPC = r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC + } + if r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink != nil { + f0.AllowEgressFromLocalVPCToRemoteClassicLink = r.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink + } + ko.Spec.AccepterPeeringConnectionOptions = f0 + } else { + ko.Spec.AccepterPeeringConnectionOptions = nil + } + if r.ko.Spec.RequesterPeeringConnectionOptions != nil { + f1 := &svcapitypes.PeeringConnectionOptionsRequest{} + if r.ko.Spec.RequesterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC != nil { + f1.AllowDNSResolutionFromRemoteVPC = r.ko.Spec.RequesterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC + } + if r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC != nil { + f1.AllowEgressFromLocalClassicLinkToRemoteVPC = r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC + } + if r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink != nil { + f1.AllowEgressFromLocalVPCToRemoteClassicLink = r.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink + } + ko.Spec.RequesterPeeringConnectionOptions = f1 + } else { + ko.Spec.RequesterPeeringConnectionOptions = nil + } + // Artificially trigger detection by delta.DifferentAt("Spec.AcceptRequest") res := &resource{ko} if isVPCPeeringConnectionPendingAcceptance(res) { @@ -6,5 +38,5 @@ } else if isVPCPeeringConnectionActive(res) || isVPCPeeringConnectionProvisioning(res) { res.ko.Spec.AcceptRequest = aws.Bool(true) } else if isVPCPeeringConnectionCreating(res) { - return nil, requeueWaitWhileCreating - } + return res, requeueWaitWhileCreating + } \ No newline at end of file diff --git a/templates/hooks/vpc_peering_connection/sdk_update_pre_build_request.go.tpl b/templates/hooks/vpc_peering_connection/sdk_update_pre_build_request.go.tpl index 9fec83cc..0a8f7396 100644 --- a/templates/hooks/vpc_peering_connection/sdk_update_pre_build_request.go.tpl +++ b/templates/hooks/vpc_peering_connection/sdk_update_pre_build_request.go.tpl @@ -1,18 +1,20 @@ - if isVPCPeeringConnectionCreating(desired) { + if isVPCPeeringConnectionCreating(latest) { return desired, requeueWaitWhileCreating } - if isVPCPeeringConnectionProvisioning(desired) { + if isVPCPeeringConnectionProvisioning(latest) { return desired, requeueWaitWhileProvisioning } - if isVPCPeeringConnectionDeleting(desired) { + if isVPCPeeringConnectionDeleting(latest) { return desired, requeueWaitWhileDeleting } - - // in case of pending acceptance or accepted state we make the updates. + // If the VPC Peering Connection is Pending Acceptance or Active, continue + if delta.DifferentAt("Spec.Tags") { if err := rm.syncTags(ctx, desired, latest); err != nil { - return nil, err + // This causes a requeue and the rest of the fields will be synced on the next reconciliation loop + ackcondition.SetSynced(desired, corev1.ConditionFalse, nil, nil) + return desired, err } } @@ -44,8 +46,38 @@ } } + // Only continue if something other than Tags or certain fields has changed in the Spec + if !delta.DifferentExcept("Spec.Tags", "Spec.AcceptRequest") { + return desired, nil + } - // Only continue if something other than Tags or certain fields has changed in the Spec - if !delta.DifferentExcept("Spec.Tags", "Spec.AcceptRequest") { - return desired, nil - } \ No newline at end of file + if desired.ko.Spec.AccepterPeeringConnectionOptions != nil { + f0 := &svcapitypes.PeeringConnectionOptionsRequest{} + if desired.ko.Spec.AccepterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC != nil { + f0.AllowDNSResolutionFromRemoteVPC = desired.ko.Spec.AccepterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC + } + if desired.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC != nil { + f0.AllowEgressFromLocalClassicLinkToRemoteVPC = desired.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC + } + if desired.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink != nil { + f0.AllowEgressFromLocalVPCToRemoteClassicLink = desired.ko.Spec.AccepterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink + } + desired.ko.Spec.AccepterPeeringConnectionOptions = f0 + } else { + desired.ko.Spec.AccepterPeeringConnectionOptions = nil + } + if desired.ko.Spec.RequesterPeeringConnectionOptions != nil { + f1 := &svcapitypes.PeeringConnectionOptionsRequest{} + if desired.ko.Spec.RequesterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC != nil { + f1.AllowDNSResolutionFromRemoteVPC = desired.ko.Spec.RequesterPeeringConnectionOptions.AllowDNSResolutionFromRemoteVPC + } + if desired.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC != nil { + f1.AllowEgressFromLocalClassicLinkToRemoteVPC = desired.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalClassicLinkToRemoteVPC + } + if desired.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink != nil { + f1.AllowEgressFromLocalVPCToRemoteClassicLink = desired.ko.Spec.RequesterPeeringConnectionOptions.AllowEgressFromLocalVPCToRemoteClassicLink + } + desired.ko.Spec.RequesterPeeringConnectionOptions = f1 + } else { + desired.ko.Spec.RequesterPeeringConnectionOptions = nil + } \ No newline at end of file diff --git a/test/e2e/resources/vpc_peering_connection.yaml b/test/e2e/resources/vpc_peering_connection.yaml index 0459e9d2..0fb91dde 100644 --- a/test/e2e/resources/vpc_peering_connection.yaml +++ b/test/e2e/resources/vpc_peering_connection.yaml @@ -6,14 +6,6 @@ spec: vpcID: $VPC_ID peerVPCID: $PEER_VPC_ID acceptRequest: true - requesterPeeringConnectionOptions: - allowDNSResolutionFromRemoteVPC: true - allowEgressFromLocalClassicLinkToRemoteVPC: true - allowEgressFromLocalVPCToRemoteClassicLink: true - accepterPeeringConnectionOptions: - allowDNSResolutionFromRemoteVPC: true - allowEgressFromLocalClassicLinkToRemoteVPC: true - allowEgressFromLocalVPCToRemoteClassicLink: true tags: - key: $TAG_KEY value: $TAG_VALUE \ No newline at end of file diff --git a/test/e2e/resources/vpc_peering_connection_peering_options.yaml b/test/e2e/resources/vpc_peering_connection_peering_options.yaml new file mode 100644 index 00000000..19d32cf5 --- /dev/null +++ b/test/e2e/resources/vpc_peering_connection_peering_options.yaml @@ -0,0 +1,12 @@ +apiVersion: ec2.services.k8s.aws/v1alpha1 +kind: VPCPeeringConnection +metadata: + name: $VPC_PEERING_CONNECTION_NAME +spec: + vpcID: $VPC_ID + peerVPCID: $PEER_VPC_ID + acceptRequest: true + requesterPeeringConnectionOptions: + allowDNSResolutionFromRemoteVPC: true + accepterPeeringConnectionOptions: + allowDNSResolutionFromRemoteVPC: true \ No newline at end of file diff --git a/test/e2e/resources/vpc_peering_connection_ref.yaml b/test/e2e/resources/vpc_peering_connection_ref.yaml index 438ace32..de3c053f 100644 --- a/test/e2e/resources/vpc_peering_connection_ref.yaml +++ b/test/e2e/resources/vpc_peering_connection_ref.yaml @@ -11,13 +11,6 @@ spec: name: $PEER_VPC_REF_NAME acceptRequest: true requesterPeeringConnectionOptions: - allowDNSResolutionFromRemoteVPC: true - allowEgressFromLocalClassicLinkToRemoteVPC: true - allowEgressFromLocalVPCToRemoteClassicLink: true + allowDNSResolutionFromRemoteVPC: false accepterPeeringConnectionOptions: - allowDNSResolutionFromRemoteVPC: true - allowEgressFromLocalClassicLinkToRemoteVPC: true - allowEgressFromLocalVPCToRemoteClassicLink: true - tags: - - key: $TAG_KEY - value: $TAG_VALUE + allowDNSResolutionFromRemoteVPC: false diff --git a/test/e2e/tests/test_vpc_peering_connection.py b/test/e2e/tests/test_vpc_peering_connection.py index 780ba503..c87e7d7e 100644 --- a/test/e2e/tests/test_vpc_peering_connection.py +++ b/test/e2e/tests/test_vpc_peering_connection.py @@ -1,6 +1,7 @@ -import pytest import time import logging +import pytest +import boto3 from acktest import tags from acktest.resources import random_suffix_name @@ -17,9 +18,13 @@ DELETE_WAIT_AFTER_SECONDS = 10 MODIFY_WAIT_AFTER_SECONDS = 5 DEFAULT_WAIT_AFTER_SECONDS = 5 +PATCH_WAIT_AFTER_SECONDS = 30 @pytest.fixture def simple_vpc_peering_connection(request): + ''' + Fixture for creating a Peering Connection using 'VPCID' and 'PeerVPCID' + ''' resource_name = random_suffix_name("simple-vpc-peering-connection-test", 40) resources = get_bootstrap_resources() @@ -29,11 +34,11 @@ def simple_vpc_peering_connection(request): replacements = REPLACEMENT_VALUES.copy() replacements["VPC_NAME"] = resource_name replacements["CIDR_BLOCK"] = "10.1.0.0/16" - replacements["ENABLE_DNS_SUPPORT"] = "False" - replacements["ENABLE_DNS_HOSTNAMES"] = "False" + replacements["ENABLE_DNS_SUPPORT"] = "True" + replacements["ENABLE_DNS_HOSTNAMES"] = "True" replacements["TAG_KEY"] = "initialtagkey" replacements["TAG_VALUE"] = "initialtagvalue" - + marker = request.node.get_closest_marker("resource_data") if marker is not None: data = marker.args[0] @@ -62,7 +67,6 @@ def simple_vpc_peering_connection(request): assert k8s.get_resource_exists(vpc_ref) # Create the VPC Peering Connection - # Replacements for VPC Peering Connection replacements["VPC_PEERING_CONNECTION_NAME"] = resource_name replacements["VPC_ID"] = resources.SharedTestVPC.vpc_id @@ -89,11 +93,11 @@ def simple_vpc_peering_connection(request): wait_for_vpc_peering_connection_status(ref) # Get the CR again after waiting for the Status to be updated cr = k8s.wait_resource_consumed_by_controller(ref) - assert cr["status"]["status"]["code"] == "active" + assert cr["status"]["status"]["code"] == "active" yield (ref, cr) - # Delete VPC Peering Connection k8s resource + # Delete VPC Peering Connection k8s resource try: _, deleted = k8s.delete_custom_resource(ref, 3, 10) assert deleted @@ -102,12 +106,15 @@ def simple_vpc_peering_connection(request): time.sleep(DELETE_WAIT_AFTER_SECONDS) - # Delete VPC resource + # Delete VPC resource _, vpc_deleted = k8s.delete_custom_resource(vpc_ref, 3, 10) assert vpc_deleted is True @pytest.fixture def ref_vpc_peering_connection(request): + ''' + Fixture for creating a Peering Connection using 'VPCRef' and 'PeerVPCRef' + ''' resource_name = random_suffix_name("ref-vpc-peering-connection-test", 40) # Create 2 VPCs with ACK to test Peering with and refer to them by their k8s resource name @@ -116,11 +123,9 @@ def ref_vpc_peering_connection(request): replacements = REPLACEMENT_VALUES.copy() replacements["VPC_NAME"] = resource_name + "-1" replacements["CIDR_BLOCK"] = "10.0.0.0/16" - replacements["ENABLE_DNS_SUPPORT"] = "False" - replacements["ENABLE_DNS_HOSTNAMES"] = "False" - replacements["TAG_KEY"] = "initialtagkey" - replacements["TAG_VALUE"] = "initialtagvalue" - + replacements["ENABLE_DNS_SUPPORT"] = "True" + replacements["ENABLE_DNS_HOSTNAMES"] = "True" + # Load VPC CR vpc_1_resource_data = load_ec2_resource( "vpc", @@ -143,7 +148,7 @@ def ref_vpc_peering_connection(request): # Replacements for Test VPC 2 (squashes previous values used by VPC 1) replacements["VPC_NAME"] = resource_name + "-2" replacements["CIDR_BLOCK"] = "10.1.0.0/16" - + # Load VPC CR vpc_2_resource_data = load_ec2_resource( "vpc", @@ -189,13 +194,115 @@ def ref_vpc_peering_connection(request): assert cr is not None assert k8s.get_resource_exists(ref) wait_for_vpc_peering_connection_status(ref) - # Get the CR again after waiting for the Status to be updated + + yield (ref, cr) + + # Delete VPC Peering Connection k8s resource + try: + _, deleted = k8s.delete_custom_resource(ref, 3, 10) + assert deleted + except: + pass + + time.sleep(DELETE_WAIT_AFTER_SECONDS) + + # Delete 2 x VPC resources + try: + _, vpc_1_deleted = k8s.delete_custom_resource(vpc_1_ref, 3, 10) + _, vpc_2_deleted = k8s.delete_custom_resource(vpc_2_ref, 3, 10) + assert vpc_1_deleted is True + assert vpc_2_deleted is True + except: + pass + +@pytest.fixture +def peering_options_vpc_peering_connection(request): + ''' + Fixture for creating a Peering Connection with Peering Options set to True + ''' + resource_name = random_suffix_name("peering-options-vpc-p-c-test", 40) + + # Create 2 VPCs with ACK to test Peering with and refer to them by their k8s resource name + + # Replacements for Test VPC 1 + replacements = REPLACEMENT_VALUES.copy() + replacements["VPC_NAME"] = resource_name + "-1" + replacements["CIDR_BLOCK"] = "10.0.0.0/16" + replacements["ENABLE_DNS_SUPPORT"] = "True" + replacements["ENABLE_DNS_HOSTNAMES"] = "True" + + # Load VPC CR + vpc_1_resource_data = load_ec2_resource( + "vpc", + additional_replacements=replacements, + ) + logging.debug(vpc_1_resource_data) + + # Create k8s resource + vpc_1_ref = k8s.CustomResourceReference( + CRD_GROUP, CRD_VERSION, VPC_RESOURCE_PLURAL, + replacements["VPC_NAME"], namespace="default", + ) + k8s.create_custom_resource(vpc_1_ref, vpc_1_resource_data) + time.sleep(CREATE_WAIT_AFTER_SECONDS) + + vpc_1_cr = k8s.wait_resource_consumed_by_controller(vpc_1_ref) + assert vpc_1_cr is not None + assert k8s.get_resource_exists(vpc_1_ref) + + # Replacements for Test VPC 2 (squashes previous values used by VPC 1) + replacements["VPC_NAME"] = resource_name + "-2" + replacements["CIDR_BLOCK"] = "10.1.0.0/16" + + # Load VPC CR + vpc_2_resource_data = load_ec2_resource( + "vpc", + additional_replacements=replacements, + ) + logging.debug(vpc_2_resource_data) + + # Create k8s resource + vpc_2_ref = k8s.CustomResourceReference( + CRD_GROUP, CRD_VERSION, VPC_RESOURCE_PLURAL, + replacements["VPC_NAME"], namespace="default", + ) + k8s.create_custom_resource(vpc_2_ref, vpc_2_resource_data) + time.sleep(CREATE_WAIT_AFTER_SECONDS) + + vpc_2_cr = k8s.wait_resource_consumed_by_controller(vpc_2_ref) + assert vpc_2_cr is not None + assert k8s.get_resource_exists(vpc_2_ref) + + # Create the VPC Peering Connection + + # Replacements for VPC Peering Connection + replacements["VPC_PEERING_CONNECTION_NAME"] = resource_name + replacements["VPC_ID"] = vpc_1_cr["status"]["vpcID"] + replacements["PEER_VPC_ID"] = vpc_2_cr["status"]["vpcID"] + + # Load VPCPeeringConnection CR + resource_data = load_ec2_resource( + "vpc_peering_connection_peering_options", + additional_replacements=replacements, + ) + logging.debug(resource_data) + + # Create k8s resource + ref = k8s.CustomResourceReference( + CRD_GROUP, CRD_VERSION, RESOURCE_PLURAL, + resource_name, namespace="default", + ) + k8s.create_custom_resource(ref, resource_data) + time.sleep(CREATE_WAIT_AFTER_SECONDS) + cr = k8s.wait_resource_consumed_by_controller(ref) - assert cr["status"]["status"]["code"] == "active" + assert cr is not None + assert k8s.get_resource_exists(ref) + wait_for_vpc_peering_connection_status(ref) yield (ref, cr) - # Delete VPC Peering Connection k8s resource + # Delete VPC Peering Connection k8s resource try: _, deleted = k8s.delete_custom_resource(ref, 3, 10) assert deleted @@ -205,7 +312,7 @@ def ref_vpc_peering_connection(request): time.sleep(DELETE_WAIT_AFTER_SECONDS) # Delete 2 x VPC resources - try: + try: _, vpc_1_deleted = k8s.delete_custom_resource(vpc_1_ref, 3, 10) _, vpc_2_deleted = k8s.delete_custom_resource(vpc_2_ref, 3, 10) assert vpc_1_deleted is True @@ -213,22 +320,53 @@ def ref_vpc_peering_connection(request): except: pass -def wait_for_vpc_peering_connection_status(ref, timeout_seconds=120): +def wait_for_vpc_peering_connection_status(ref, timeout_seconds=300): + ''' + Loops until the VPC Peering Connection's Status Code is 'active' + ''' start_time = time.time() while time.time() - start_time < timeout_seconds: - resource = k8s.wait_resource_consumed_by_controller(ref) - print("CR contents", resource) - if resource["status"]["status"]["code"] == "active": - logging.debug("VPC Peering Connection Status Code is 'active'", resource) - return resource + k8s_resource = k8s.wait_resource_consumed_by_controller(ref) + if k8s_resource["status"]["status"]["code"] == "active": + logging.debug("VPC Peering Connection Status Code is 'active'", k8s_resource) + return k8s_resource time.sleep(5) - print("CR contents", resource) - raise TimeoutError(f"Timed out waiting for VPC Peering Connection status to become 'active'", "Current status code", resource["status"]["status"]["code"]) + + # Fallback to AWS API if K8s resource status is not being updated (To be removed once k8s resource's status updates normally) + c = boto3.client('ec2') + aws_resource = c.describe_vpc_peering_connections(VpcPeeringConnectionIds=[k8s_resource["status"]["vpcPeeringConnectionID"]]) + if aws_resource["VpcPeeringConnections"][0]["Status"]["Code"] == "active": + logging.debug("VPC Peering Connection Status Code is 'active' (fallback to AWS API)", k8s_resource, "AWS resource", aws_resource) + return k8s_resource + + # Both options timed out + raise TimeoutError("Timed out waiting for VPC Peering Connection status to become 'active'", + "Current status code", k8s_resource["status"]["status"]["code"]) + +def wait_for_vpc_peering_connection_peering_options(ec2_client, boolean, vpc_peering_connection_id, timeout_seconds=300): + ''' + Loops until the VPC Peering Connection's Peering Options are set to the provided boolean value + ''' + start_time = time.time() + ec2_validator = EC2Validator(ec2_client) + while time.time() - start_time < timeout_seconds: + aws_resource = ec2_validator.get_vpc_peering_connection(vpc_peering_connection_id) + if (aws_resource['AccepterVpcInfo']['PeeringOptions']['AllowDnsResolutionFromRemoteVpc'] == boolean and + aws_resource['RequesterVpcInfo']['PeeringOptions']['AllowDnsResolutionFromRemoteVpc'] == boolean): + logging.debug("VPC Peering Connection Peering Options are " + str(boolean), aws_resource) + return aws_resource + time.sleep(5) + raise TimeoutError("Timed out waiting for VPC Peering Connection Peering Options to become " + str(boolean), + "Current values are", aws_resource['AccepterVpcInfo']['PeeringOptions']['AllowDnsResolutionFromRemoteVpc'], + "and", aws_resource['RequesterVpcInfo']['PeeringOptions']['AllowDnsResolutionFromRemoteVpc']) @service_marker @pytest.mark.canary class TestVPCPeeringConnections: def test_create_delete_ref(self, ec2_client, ref_vpc_peering_connection): + ''' + Creates a Peering Connection using 'VPCRef' and 'PeerVPCRef' + ''' (ref, cr) = ref_vpc_peering_connection vpc_peering_connection_id = cr["status"]["vpcPeeringConnectionID"] @@ -246,6 +384,9 @@ def test_create_delete_ref(self, ec2_client, ref_vpc_peering_connection): ec2_validator.assert_vpc_peering_connection(vpc_peering_connection_id, exists=False) def test_create_delete(self, ec2_client, simple_vpc_peering_connection): + ''' + Creates a Peering Connection using 'VPCID' and 'PeerVPCID' and 'Tags' + ''' (ref, cr) = simple_vpc_peering_connection vpc_peering_connection_id = cr["status"]["vpcPeeringConnectionID"] @@ -263,6 +404,9 @@ def test_create_delete(self, ec2_client, simple_vpc_peering_connection): ec2_validator.assert_vpc_peering_connection(vpc_peering_connection_id, exists=False) def test_crud_tags(self, ec2_client, simple_vpc_peering_connection): + ''' + Creates a Peering Connection with a set of 'Tags', then updates them + ''' (ref, cr) = simple_vpc_peering_connection resource = k8s.get_resource(ref) @@ -286,7 +430,7 @@ def test_crud_tags(self, ec2_client, simple_vpc_peering_connection): expected=user_tags, actual=vpc_peering_connection["Tags"], ) - + # Update tags update_tags = [ { @@ -355,3 +499,57 @@ def test_crud_tags(self, ec2_client, simple_vpc_peering_connection): # Check VPC Peering Connection no longer exists in AWS ec2_validator.assert_vpc_peering_connection(resource_id, exists=False) + def test_update_peering_options(self, ec2_client, peering_options_vpc_peering_connection): + ''' + Creates a Peering Connection with Peering Options set to True, it then updates them to False + ''' + (ref, cr) = peering_options_vpc_peering_connection + vpc_peering_connection_id = cr["status"]["vpcPeeringConnectionID"] + + # Check VPC Peering Connection exists + ec2_validator = EC2Validator(ec2_client) + ec2_validator.assert_vpc_peering_connection(vpc_peering_connection_id) + + # Check resource synced successfully, after waiting for requeue after Patch Peering Options to True + time.sleep(PATCH_WAIT_AFTER_SECONDS) + assert k8s.wait_on_condition(ref, "ACK.ResourceSynced", "True", wait_periods=5) + + # Check Peering Options in AWS + aws_res = wait_for_vpc_peering_connection_peering_options(ec2_client, True, vpc_peering_connection_id) + assert aws_res['AccepterVpcInfo']['PeeringOptions']['AllowDnsResolutionFromRemoteVpc'] is True + assert aws_res['RequesterVpcInfo']['PeeringOptions']['AllowDnsResolutionFromRemoteVpc'] is True + + # Payload used to update the VPC Peering Connection + update_peering_options_payload = { + "spec": { + "requesterPeeringConnectionOptions": { + "allowDNSResolutionFromRemoteVPC": False, + }, + "accepterPeeringConnectionOptions": { + "allowDNSResolutionFromRemoteVPC": False, + }, + }, + } + + # Patch the VPCPeeringConnection with the payload + k8s.patch_custom_resource(ref, update_peering_options_payload) + time.sleep(MODIFY_WAIT_AFTER_SECONDS) + + # Check resource synced successfully + assert k8s.wait_on_condition(ref, "ACK.ResourceSynced", "True", wait_periods=5) + + # Check for updated peering options + latest_aws_res = wait_for_vpc_peering_connection_peering_options(ec2_client, False, vpc_peering_connection_id) + assert latest_aws_res['AccepterVpcInfo']['PeeringOptions']['AllowDnsResolutionFromRemoteVpc'] is False + assert latest_aws_res['RequesterVpcInfo']['PeeringOptions']['AllowDnsResolutionFromRemoteVpc'] is False + + # Delete k8s resource + try: + _, deleted = k8s.delete_custom_resource(ref, 3, 10) + assert deleted + except: + pass + time.sleep(DELETE_WAIT_AFTER_SECONDS) + + # Check VPC Peering Connection no longer exists in AWS + ec2_validator.assert_vpc_peering_connection(vpc_peering_connection_id, exists=False)