Skip to content

feat(VPCEndpointService): add custom resource and allowedPrincipals functionality #172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 63 commits into from
Jan 3, 2024
Merged

feat(VPCEndpointService): add custom resource and allowedPrincipals functionality #172

merged 63 commits into from
Jan 3, 2024

Conversation

marcdavoli
Copy link
Contributor

@marcdavoli marcdavoli commented Dec 21, 2023
edited
Loading

Related to:

Description of changes:
This is the continuation of PR #134 (Credit to @ib-ak !).
This PR:

  • Adds the VPCEndpointService custom resource from the code-generator
  • Adds the field spec.allowedPrincipals of type []string, which allows the user to specify a list of ARNs to share the VPC Endpoint Service with. Any Principals added to this list will have the VPC Endpoint Service shared with them. This field also ensures that Principals that are removed from the list have the VPC Endpoint Service share removed.
  • Tests are added for creation/deletion and for adding/deleting Principals to the Allowed List

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ack-prow ack-prow bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 21, 2023
@ack-prow ack-prow bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Dec 21, 2023
@ack-prow ACK Prow
Copy link

ack-prow bot commented Dec 21, 2023

Hi @marcdavoli. Thanks for your PR.

I'm waiting for a aws-controllers-k8s member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@a-hilaly
Copy link
Member

/ok-to-test

@ack-prow ack-prow bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Dec 21, 2023
@marcdavoli marcdavoli changed the title feat(VPCEndpointService): add custom resource feat(VPCEndpointService): add custom resource and allowPrincipals and verifyPrivateDnsName functionality Dec 21, 2023
@marcdavoli marcdavoli changed the title feat(VPCEndpointService): add custom resource and allowPrincipals and verifyPrivateDnsName functionality feat(VPCEndpointService): add custom resource and allowPrincipals functionality Dec 21, 2023
a-hilaly
a-hilaly approved these changes Dec 29, 2023
View reviewed changes
Copy link
Member

@a-hilaly a-hilaly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, very much! i have few comments in-line

apis/v1alpha1/ack-generate-metadata.yaml Outdated
go_version: go1.21.5
version: v0.28.0
api_directory_checksum: d452bf19bfd1496aacdc215bf7cc9ea86c55c122
version: 994d9ab
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you generate this file using v0.28.0 tag please? git pull --all --tags should help i beleive

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I regen'd but I used the main branch version, because the v0.28.0 tag does not seem to allow me to use aws_sdk_go_version: v1.44.93 and that comes with a bunch of unwanted changes.

test/e2e/tests/test_vpc_endpoint_service_configuration.py Outdated
Comment on lines 41 to 42
nlb = NetworkLoadBalancer("vpc-ep-service-test")
nlb.bootstrap()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally you want to set this in tests/service_bootstrap.py and service_cleanup.py, same for L92

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed in commit 1ac2150

test/e2e/tests/test_vpc_endpoint_service_configuration.py
Comment on lines +87 to +88
_, deleted = k8s.delete_custom_resource(ref, 3, 10)
assert deleted
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might wanna call the validator after this to assert that VPCESC is indeeded deleted from AWS

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do this a little lower at L136, in def test_vpc_endpoint_service_configuration_create_delete function.

@ack-prow ack-prow bot added the approved label Dec 29, 2023
a-hilaly
a-hilaly reviewed Jan 3, 2024
View reviewed changes
a-hilaly
a-hilaly approved these changes Jan 3, 2024
View reviewed changes
Copy link
Member

@a-hilaly a-hilaly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much, sir!
/approve
/lgtm

@ack-prow ack-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jan 3, 2024
@ack-prow ACK Prow
Copy link

ack-prow bot commented Jan 3, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: a-hilaly, marcdavoli

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ack-prow ack-prow bot merged commit d037f58 into aws-controllers-k8s:main Jan 3, 2024
@marcdavoli marcdavoli mentioned this pull request Jan 4, 2024
Merged
ack-prow bot pushed a commit that referenced this pull request Jan 4, 2024
@marcdavoli
chore(v1.2.0): create new release (#173)
3ac4413 
Merged PRs since last release:
- #167 
- #168 
- #172 

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
nnbu pushed a commit to nnbu/ack-ec2-controller that referenced this pull request Sep 18, 2024
@marcdavoli
feat(VPCEndpointService): add custom resource and allowedPrincipals
2d9a0e7 
… functionality (aws-controllers-k8s#172)

Related to:
- aws-controllers-k8s/community#1711

Description of changes:
This is the continuation of PR aws-controllers-k8s#134 (Credit to @ib-ak !).
This PR:
- Adds the `VPCEndpointService` custom resource from the code-generator
- Adds the field `spec.allowedPrincipals` of type `[]string`, which allows the user to specify a list of ARNs to share the VPC Endpoint Service with. Any Principals added to this list will have the VPC Endpoint Service shared with them. This field also ensures that Principals that are removed from the list have the VPC Endpoint Service share removed.
- Tests are added for creation/deletion and for adding/deleting Principals to the Allowed List

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
nnbu pushed a commit to nnbu/ack-ec2-controller that referenced this pull request Sep 18, 2024
@marcdavoli
chore(v1.2.0): create new release (aws-controllers-k8s#173)
80212e3 
Merged PRs since last release:
- aws-controllers-k8s#167 
- aws-controllers-k8s#168 
- aws-controllers-k8s#172 

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@a-hilaly a-hilaly a-hilaly approved these changes

@LikithaVemulapalli LikithaVemulapalli Awaiting requested review from LikithaVemulapalli

@jljaco jljaco Awaiting requested review from jljaco

Assignees

@a-hilaly a-hilaly

Labels
approved lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@marcdavoli @a-hilaly @Marcvd316