chore: put logic in syncAllowedPrincipals func

marcdavoli · marcdavoli · commit 18985be08570 · 2023-12-29T12:18:32.000-05:00
diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml
@@ -1,9 +1,9 @@
 ack_generate_info:
-  build_date: "2023-12-29T16:40:07Z"
+  build_date: "2023-12-29T17:15:23Z"
   build_hash: 994d9abdb629dd34b9c5afe4db42b05ff0eca9f1
   go_version: go1.21.5
   version: 994d9ab
-api_directory_checksum: 6575949feb243b8f23c4ae3006e6a0a12b8bfa4f
+api_directory_checksum: 8b27f9e65dbad1f5f825c84d1dbe8fd333baf2a5
 api_version: v1alpha1
 aws_sdk_go_version: v1.44.93
 generator_config_info:
diff --git a/pkg/resource/vpc_endpoint_service_configuration/hooks.go b/pkg/resource/vpc_endpoint_service_configuration/hooks.go
@@ -45,6 +45,87 @@ func addIDToDeleteRequest(r *resource,
 	return nil
 }
 
+// syncAllowedPrincipals adds & removes allowed principals with the 'ModifyVpcEndpointServicePermissions' API call
+func (rm *resourceManager) syncAllowedPrincipals(
+	ctx context.Context,
+	desired *resource,
+	latest *resource,
+) (updated *resource, err error) {
+	rlog := ackrtlog.FromContext(ctx)
+	exit := rlog.Trace("updateAllowedPrincipals")
+	defer func(err error) {
+		exit(err)
+	}(err)
+
+	var listOfPrincipalsToAdd []*string
+	var listOfPrincipalsToRemove []*string
+
+	// If the latest list of principals is empty, we want to add all principals
+	if len(latest.ko.Spec.AllowedPrincipals) == 0 && len(desired.ko.Spec.AllowedPrincipals) > 0 {
+		listOfPrincipalsToAdd = desired.ko.Spec.AllowedPrincipals
+
+		// If the desired list of principals is empty, we want to remove all principals
+	} else if len(desired.ko.Spec.AllowedPrincipals) == 0 && len(latest.ko.Spec.AllowedPrincipals) > 0 {
+		listOfPrincipalsToRemove = latest.ko.Spec.AllowedPrincipals
+		// Otherwise, we'll compare the two lists and add/remove principals as needed
+	} else {
+		// Add any 'desired' principal that is not on the allowed list
+		for _, desiredPrincipal := range desired.ko.Spec.AllowedPrincipals {
+			principalToAddAlreadyFound := false
+			for _, latestPrincipal := range latest.ko.Spec.AllowedPrincipals {
+				if *desiredPrincipal == *latestPrincipal {
+					// Principal already in Allow List, skip
+					principalToAddAlreadyFound = true
+					break
+				}
+			}
+			if !principalToAddAlreadyFound {
+				// Desired Principal is not in the Allowed List, add it to the list of those to add
+				listOfPrincipalsToAdd = append(listOfPrincipalsToAdd, desiredPrincipal)
+			}
+		}
+
+		// Remove any 'latest' principal that is not on the allowed list anymore
+		for _, latestPrincipal := range latest.ko.Spec.AllowedPrincipals {
+			principalToRemoveAlreadyFound := false
+			for _, desiredPrincipal := range desired.ko.Spec.AllowedPrincipals {
+				if *desiredPrincipal == *latestPrincipal {
+					// Principal still in Allow List, skip
+					principalToRemoveAlreadyFound = true
+					break
+				}
+			}
+			if !principalToRemoveAlreadyFound {
+				// Latest Principal is not in the Allowed List, add it to the list of those to remove
+				listOfPrincipalsToRemove = append(listOfPrincipalsToRemove, latestPrincipal)
+			}
+		}
+
+	}
+
+	// Make the AWS API call to update the allowed principals
+	if len(listOfPrincipalsToAdd) > 0 || len(listOfPrincipalsToRemove) > 0 {
+		modifyPermissionsInput := &svcsdk.ModifyVpcEndpointServicePermissionsInput{
+			ServiceId: latest.ko.Status.ServiceID,
+		}
+
+		if len(listOfPrincipalsToAdd) > 0 {
+			modifyPermissionsInput.AddAllowedPrincipals = listOfPrincipalsToAdd
+		}
+
+		if len(listOfPrincipalsToRemove) > 0 {
+			modifyPermissionsInput.RemoveAllowedPrincipals = listOfPrincipalsToRemove
+		}
+
+		_, err := rm.sdkapi.ModifyVpcEndpointServicePermissions(modifyPermissionsInput)
+		rm.metrics.RecordAPICall("UPDATE", "ModifyVpcEndpointServicePermissions", err)
+		if err != nil {
+			return desired, err
+		}
+	}
+	return desired, nil
+}
+
 // syncTags used to keep tags in sync by calling Create and Delete API's
 func (rm *resourceManager) syncTags(
 	ctx context.Context,
diff --git a/pkg/resource/vpc_endpoint_service_configuration/sdk.go b/pkg/resource/vpc_endpoint_service_configuration/sdk.go
diff --git a/templates/hooks/vpc_endpoint_service_configuration/sdk_update_pre_build_request.go.tpl b/templates/hooks/vpc_endpoint_service_configuration/sdk_update_pre_build_request.go.tpl
@@ -13,71 +13,10 @@
 	}
 
 	if delta.DifferentAt("Spec.AllowedPrincipals") {
-		var listOfPrincipalsToAdd []*string
-		var listOfPrincipalsToRemove []*string
-
-		// If the latest list of principals is empty, we want to add all principals
-		if len(latest.ko.Spec.AllowedPrincipals) == 0 && len(desired.ko.Spec.AllowedPrincipals) > 0 {
-			listOfPrincipalsToAdd = desired.ko.Spec.AllowedPrincipals
-
-			// If the desired list of principals is empty, we want to remove all principals
-		} else if len(desired.ko.Spec.AllowedPrincipals) == 0 && len(latest.ko.Spec.AllowedPrincipals) > 0 {
-			listOfPrincipalsToRemove = latest.ko.Spec.AllowedPrincipals
-			// Otherwise, we'll compare the two lists and add/remove principals as needed
-		} else {
-			// Add any 'desired' principal that is not on the allowed list
-			for _, desiredPrincipal := range desired.ko.Spec.AllowedPrincipals {
-				principalToAddAlreadyFound := false
-				for _, latestPrincipal := range latest.ko.Spec.AllowedPrincipals {
-					if *desiredPrincipal == *latestPrincipal {
-						// Principal already in Allow List, skip
-						principalToAddAlreadyFound = true
-						break
-					}
-				}
-				if !principalToAddAlreadyFound {
-					// Desired Principal is not in the Allowed List, add it to the list of those to add
-					listOfPrincipalsToAdd = append(listOfPrincipalsToAdd, desiredPrincipal)
-				}
-			}
-
-			// Remove any 'latest' principal that is not on the allowed list anymore
-			for _, latestPrincipal := range latest.ko.Spec.AllowedPrincipals {
-				principalToRemoveAlreadyFound := false
-				for _, desiredPrincipal := range desired.ko.Spec.AllowedPrincipals {
-					if *desiredPrincipal == *latestPrincipal {
-						// Principal still in Allow List, skip
-						principalToRemoveAlreadyFound = true
-						break
-					}
-				}
-				if !principalToRemoveAlreadyFound {
-					// Latest Principal is not in the Allowed List, add it to the list of those to remove
-					listOfPrincipalsToRemove = append(listOfPrincipalsToRemove, latestPrincipal)
-				}
-			}
-
-		}
-
-		// Make the AWS API call to update the allowed principals
-		if len(listOfPrincipalsToAdd) > 0 || len(listOfPrincipalsToRemove) > 0 {
-			modifyPermissionsInput := &svcsdk.ModifyVpcEndpointServicePermissionsInput{
-				ServiceId: latest.ko.Status.ServiceID,
-			}
-
-			if len(listOfPrincipalsToAdd) > 0 {
-				modifyPermissionsInput.AddAllowedPrincipals = listOfPrincipalsToAdd
-			}
-
-			if len(listOfPrincipalsToRemove) > 0 {
-				modifyPermissionsInput.RemoveAllowedPrincipals = listOfPrincipalsToRemove
-			}
-
-			_, err := rm.sdkapi.ModifyVpcEndpointServicePermissions(modifyPermissionsInput)
-			rm.metrics.RecordAPICall("UPDATE", "ModifyVpcEndpointServicePermissions", err)
-			if err != nil {
-				return desired, err
-			}
+		if desired, err := rm.syncAllowedPrincipals(ctx, desired, latest); err != nil {
+			// This causes a requeue and the rest of the fields will be synced on the next reconciliation loop
+			ackcondition.SetSynced(desired, corev1.ConditionFalse, nil, nil)
+			return desired, err
 		}
 	}
 
