Skip to content

Fix AWS Security Group leakage at creation when an error occures #174

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 18, 2024
Merged

Fix AWS Security Group leakage at creation when an error occures #174

merged 2 commits into from
Jan 18, 2024

Conversation

vflaux
Copy link
Contributor

@vflaux vflaux commented Jan 16, 2024

fix aws-controllers-k8s/community#1990

Description of changes:
Change the hook security_group/sdk_create_post_set_output.go.tpl to always return the resource even if an error occurred. At this point the Security Group exists and we should keep track of it.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ack-prow ack-prow bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jan 16, 2024
@ack-prow ACK Prow
Copy link

ack-prow bot commented Jan 16, 2024

Hi @vflaux. Thanks for your PR.

I'm waiting for a aws-controllers-k8s member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@vflaux vflaux mentioned this pull request Jan 16, 2024
Closed
@vflaux vflaux changed the title Fix SG leakage Fix Security Group leakage at creation when an error occures Jan 16, 2024
@vflaux vflaux changed the title Fix Security Group leakage at creation when an error occures Fix AWS Security Group leakage at creation when an error occures Jan 16, 2024
a-hilaly
a-hilaly reviewed Jan 16, 2024
View reviewed changes
Copy link
Member

@a-hilaly a-hilaly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great catch @vflaux !
/ok-to-test
/test all

apis/v1alpha1/ack-generate-metadata.yaml Outdated
build_date: "2024-01-16T14:28:05Z"
build_hash: 610c476ce898de19ef2552612761a0ed699fc444
go_version: go1.21.4
version: v0.28.0-14-g610c476-dirty
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you make any changes to the code-generator? If needed, we'll have to merge those as well.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't made any changes to the code-generator. But I built it from the main branch.

pkg/resource/dhcp_options/sdk.go Outdated
@@ -321,6 +321,7 @@ func (rm *resourceManager) sdkDelete(
defer func() {
exit(err)
}()

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering how did we get extra new line.

templates/hooks/security_group/sdk_create_post_set_output.go.tpl
Comment on lines -8 to +19
return nil, err
return &resource{ko}, err
}

if err = rm.syncSGRules(ctx, &resource{ko}, nil); err != nil {
return nil, err
return &resource{ko}, err
}

// A ReadOne call for SecurityGroup Rules (NOT SecurityGroups)
// is made to refresh Status.Rules with the recently-updated
// data from the above `sync` call
if rules, err := rm.getRules(ctx, &resource{ko}); err != nil {
return nil, err
return &resource{ko}, err
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@ack-prow ack-prow bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jan 16, 2024
@a-hilaly
Copy link
Member

/retest

2 similar comments
@a-hilaly
Copy link
Member

/retest

@a-hilaly
Copy link
Member

/retest

@a-hilaly
Copy link
Member

The uni tests failures are not related to your changes. Need to tweak our prow jobs cpu/mem limit :)

@vflaux
Copy link
Contributor Author

vflaux commented Jan 17, 2024

I used the main branch of code-generator without modifications to regen the code.
Should I use the v0.28.0-11-g3753ca3 tag instead so I do not introduce unrelated changes ?

@a-hilaly
Copy link
Member

/retest

@a-hilaly
Copy link
Member

@vflaux the current "issue" with the sdk.go should be fixed in aws-controllers-k8s/code-generator#489 - please pull the latest code-gen changes and regenerate the controller. Happy to lgtm right away

@a-hilaly
Copy link
Member

/retest

a-hilaly
a-hilaly approved these changes Jan 18, 2024
View reviewed changes
Copy link
Member

@a-hilaly a-hilaly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again @vflaux ! can you please ship a separate PR to release ec2-controller 1.2.1? All you need is to do is to run RELEASE_VERSION=v1.2.1 ./scripts/build-controller-release.sh ec2 and ship the changes :)

/test all
/approve
/lgtm

@ack-prow ack-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jan 18, 2024
@ack-prow ACK Prow
Copy link

ack-prow bot commented Jan 18, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: a-hilaly, vflaux

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ack-prow ack-prow bot added the approved label Jan 18, 2024
@a-hilaly
Copy link
Member

Also, the PR is still in draft state

@vflaux vflaux marked this pull request as ready for review January 18, 2024 10:49
@a-hilaly
Copy link
Member

/retest

@ack-prow ack-prow bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 18, 2024
@ack-prow ack-prow bot requested review from a-hilaly and vijtrip2 January 18, 2024 10:49
vflaux added a commit to vflaux/ack-ec2-controller that referenced this pull request Jan 18, 2024
@vflaux
chore(v1.2.0): create new release
8dac089 
    Merged PRs since last release:
    - aws-controllers-k8s#165
    - aws-controllers-k8s#174
@ack-prow ack-prow bot merged commit 2d98055 into aws-controllers-k8s:main Jan 18, 2024
vflaux added a commit to vflaux/ack-ec2-controller that referenced this pull request Jan 18, 2024
@vflaux
chore(v1.2.1): create new release
7cb3ab1 
    Merged PRs since last release:
    - aws-controllers-k8s#165
    - aws-controllers-k8s#174
vflaux added a commit to vflaux/ack-ec2-controller that referenced this pull request Jan 18, 2024
@vflaux
chore(v1.2.1): create new release
c72715e 
Merged PRs since last release:
- aws-controllers-k8s#165
- aws-controllers-k8s#174
@vflaux vflaux mentioned this pull request Jan 18, 2024
Merged
@vflaux vflaux deleted the fix/1990 branch January 18, 2024 11:31
ack-prow bot pushed a commit that referenced this pull request Jan 18, 2024
@vflaux
chore(v1.2.1): create new release (#175)
1122aa5 
Merged PRs since last release:
- #165
- #174

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
This was referenced Jun 4, 2024
Closed
Closed
nnbu pushed a commit to nnbu/ack-ec2-controller that referenced this pull request Sep 18, 2024
@vflaux
Fix AWS Security Group leakage at creation when an error occures (aws…
e29f08c 
…-controllers-k8s#174)

fix aws-controllers-k8s/community#1990

Description of changes: 
Change the hook `security_group/sdk_create_post_set_output.go.tpl` to always return the resource even if an error occurred. At this point the Security Group exists and we should keep track of it.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
nnbu pushed a commit to nnbu/ack-ec2-controller that referenced this pull request Sep 18, 2024
@vflaux
chore(v1.2.1): create new release (aws-controllers-k8s#175)
5b92b7c 
Merged PRs since last release:
- aws-controllers-k8s#165
- aws-controllers-k8s#174

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jljaco jljaco Awaiting requested review from jljaco

@LikithaVemulapalli LikithaVemulapalli Awaiting requested review from LikithaVemulapalli

@a-hilaly a-hilaly Awaiting requested review from a-hilaly

@vijtrip2 vijtrip2 Awaiting requested review from vijtrip2

Assignees

@a-hilaly a-hilaly

Labels
approved lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

EC2-controller: InvalidGroup.Duplicate when creating a Security Group with invalid spec
2 participants
@vflaux @a-hilaly