Skip to content

WIP: feat(vpc): add auto acceptance & rejection of VPC Peering Connection requests #159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 9 commits into from
Closed

WIP: feat(vpc): add auto acceptance & rejection of VPC Peering Connection requests #159

wants to merge 9 commits into from

Conversation

marcdavoli
Copy link
Contributor

@marcdavoli marcdavoli commented Nov 24, 2023
edited
Loading

Related to

Context

In the context of adding the VPC Peering Connections CRD to the EC2 controller (see issue above), it makes sense to complete the e2e automation of that resource by allowing ACK VPC CRs to auto-accept (or auto-reject) VPC Peering Requests (thus eliminating the need for manual intervention), if the VPC Peering Request meets certain conditions:

  1. Has the status 'Pending Acceptance'
  2. Has the current VPC as the 'Accepter VPC'
  3. The 'Requester VPC' is in the list of VPC IDs/Ref in one of the allow/reject lists below

Description of changes

  • Adds the fields below to allow you to add a list of VPC's from which you'd like to automatically accept or reject incoming VPC Peering requests from
    • .spec.acceptVpcPeeringRequestsFromVpcIds
    • .spec.acceptVpcPeeringRequestsFromVpcRefs
    • .spec.rejectVpcPeeringRequestsFromVpcIds
    • .spec.rejectVpcPeeringRequestsFromVpcRefs
  • Implements the logic that auto-accepts and auto-rejects VPC Peering Requests

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ack-prow ack-prow bot requested review from a-hilaly and vijtrip2 November 24, 2023 17:10
@ack-prow ACK Prow
Copy link

ack-prow bot commented Nov 24, 2023

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: marcdavoli
Once this PR has been reviewed and has the lgtm label, please assign likithavemulapalli for approval by writing /assign @likithavemulapalli in a comment. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ack-prow ACK Prow
Copy link

ack-prow bot commented Nov 24, 2023

Hi @marcdavoli. Thanks for your PR.

I'm waiting for a aws-controllers-k8s member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ack-prow ack-prow bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Nov 24, 2023
@marcdavoli marcdavoli changed the title feat(vpc): add .spec.acceptVpcPeeringRequestsFromVpc... fields WIP: feat(vpc): add .spec.acceptVpcPeeringRequestsFromVpc... fields Nov 24, 2023
@ack-prow ack-prow bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 24, 2023
@marcdavoli marcdavoli marked this pull request as draft November 24, 2023 17:10
@marcdavoli marcdavoli mentioned this pull request Nov 24, 2023
Merged
@a-hilaly
Copy link
Member

/ok-to-test

@ack-prow ack-prow bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Nov 24, 2023
@marcdavoli marcdavoli mentioned this pull request Nov 29, 2023
Closed
@marcdavoli marcdavoli changed the title WIP: feat(vpc): add .spec.acceptVpcPeeringRequestsFromVpc... fields WIP: feat(vpc): add auto acceptance & rejection of VPC Peering Connection requests Nov 29, 2023
@marcdavoli
Copy link
Contributor Author

/test all

ack-prow bot pushed a commit that referenced this pull request Dec 6, 2023
@marcdavoli
feat(VPCPeeringConnection): add support for custom resource and addit…
0ab38d5 
…ional fields for Modify OP and auto-accepting (#158)

## Changes
This PR adds the `vpcpeeringconnections` custom resource via the standard code-generator output, but with a few custom additions:
- Adds the possibility to use an ACK VPC resource as a [Reference](https://aws-controllers-k8s.github.io/community/docs/contributor-docs/code-generator-config/#references-making-a-field-refer-to-another-resource) for the fields `spec.vpcRef` (instead of `spec.vpcId`) and `spec.peerVpcRef` (instead of `spec.peerVpcId`).
- Adds the `spec.accepterPeeringConnectionOptions` and `spec.requesterPeeringConnectionOptions` fields, which come from the `ModifyVpcPeeringConnectionOptions` API call, to allow the use of the `allowDnsResolutionFromRemoteVpc`, `AllowEgressFromLocalVpcToRemoteClassicLink` and `AllowEgressFromLocalClassicLinkToRemoteVpc` sub-fields.
- Adds the `spec.acceptRequest` (boolean) which will allow the VPC Peering Connection Request to automatically switch from status `pending-acceptance` to `active` without manual intervention. (Inspired by Crossplane's implementation ([Ref](https://doc.crds.dev/github.com/crossplane/provider-aws/ec2.aws.crossplane.io/VPCPeeringConnection/[email protected])))
- Adds the field `spec.routes.vpcPeeringConnectionRef` to the Route Table CR

> Note: In [a separate PR](#159), we add the fields `spec.acceptVPCPeeringRequestsFromVPCID` and `spec.acceptVPCPeeringRequestsFromVPCRefs` to the VPC CRD, to allow you to add a list of VPC's from which you'd like to automatically accept incoming VPC Peering requests from.

## References
- [Slack Thread](https://kubernetes.slack.com/archives/C0402D8JJS1/p1700682197552809)
- Github Issue: aws-controllers-k8s/community#1943

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
@a-hilaly a-hilaly marked this pull request as ready for review December 13, 2023 20:17
@ack-prow ack-prow bot requested a review from jljaco December 13, 2023 20:17
@ack-prow ACK Prow
Copy link

ack-prow bot commented Dec 13, 2023

@marcdavoli: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ec2-kind-e2e 1738eb7 link true /test ec2-kind-e2e
ec2-release-test 1738eb7 link true /test ec2-release-test
ec2-unit-test 1738eb7 link true /test ec2-unit-test
ec2-metadata-file-test 1738eb7 link true /test ec2-metadata-file-test
ec2-recommended-policy-test 1738eb7 link true /test ec2-recommended-policy-test

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@marcdavoli
Copy link
Contributor Author

As discussed with @a-hilaly , given that the VPCPeeringConnection resource now has the functionality of approving itself via the .spec.acceptRequest field, the functionality described in this PR will in most cases be redundant.
Closing this PR for now.

@marcdavoli marcdavoli closed this Dec 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@a-hilaly a-hilaly Awaiting requested review from a-hilaly

@vijtrip2 vijtrip2 Awaiting requested review from vijtrip2

@jljaco jljaco Awaiting requested review from jljaco

Assignees
No one assigned
Labels
do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. ok-to-test Indicates a non-member PR verified by an org member that is safe to test.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@marcdavoli @a-hilaly