Enable autodiscovery for ACM using SSL hosts annotation

Kavinraja-G · Kavinraja-G · commit 195f6a2951fb · 2024-06-01T21:39:38.000+05:30
diff --git a/pkg/annotations/constants.go b/pkg/annotations/constants.go
@@ -63,6 +63,7 @@ const (
 	SvcLBSuffixAccessLogS3BucketName                     = "aws-load-balancer-access-log-s3-bucket-name"
 	SvcLBSuffixAccessLogS3BucketPrefix                   = "aws-load-balancer-access-log-s3-bucket-prefix"
 	SvcLBSuffixCrossZoneLoadBalancingEnabled             = "aws-load-balancer-cross-zone-load-balancing-enabled"
+	SvcLBSuffixSSLDomains                                = "aws-load-balancer-ssl-domains"
 	SvcLBSuffixSSLCertificate                            = "aws-load-balancer-ssl-cert"
 	SvcLBSuffixSSLPorts                                  = "aws-load-balancer-ssl-ports"
 	SvcLBSuffixSSLNegotiationPolicy                      = "aws-load-balancer-ssl-negotiation-policy"
diff --git a/pkg/ingress/model_builder.go b/pkg/ingress/model_builder.go
@@ -110,7 +110,7 @@ type defaultModelBuilder struct {
 	logger logr.Logger
 }
 
-// build mode stack for a IngressGroup.
+// Build builds mode stack for a IngressGroup.
 func (b *defaultModelBuilder) Build(ctx context.Context, ingGroup Group) (core.Stack, *elbv2model.LoadBalancer, []types.NamespacedName, bool, error) {
 	stack := core.NewDefaultStack(core.StackID(ingGroup.ID))
 	task := &defaultModelBuildTask{
diff --git a/pkg/service/model_build_listener.go b/pkg/service/model_build_listener.go
@@ -108,14 +108,27 @@ func (t *defaultModelBuildTask) buildSSLNegotiationPolicy(_ context.Context) *st
 	return &t.defaultSSLPolicy
 }
 
-func (t *defaultModelBuildTask) buildListenerCertificates(_ context.Context) []elbv2model.Certificate {
+func (t *defaultModelBuildTask) buildListenerCertificates(ctx context.Context) []elbv2model.Certificate {
 	var rawCertificateARNs []string
+	var rawSSLDomains []string
 	_ = t.annotationParser.ParseStringSliceAnnotation(annotations.SvcLBSuffixSSLCertificate, &rawCertificateARNs, t.service.Annotations)
+	_ = t.annotationParser.ParseStringSliceAnnotation(annotations.SvcLBSuffixSSLDomains, &rawSSLDomains, t.service.Annotations)
 
 	var certificates []elbv2model.Certificate
 	for _, cert := range rawCertificateARNs {
 		certificates = append(certificates, elbv2model.Certificate{CertificateARN: aws.String(cert)})
 	}
+
+	// TODO: Refactoring required
+	autoDiscoveredCertARNs, err := t.certDiscovery.Discover(ctx, rawSSLDomains)
+	if err != nil {
+		return certificates
+	}
+	for _, cert := range autoDiscoveredCertARNs {
+		certificates = append(certificates, elbv2model.Certificate{
+			CertificateARN: aws.String(cert),
+		})
+	}
 	return certificates
 }
 
diff --git a/pkg/service/model_builder.go b/pkg/service/model_builder.go
@@ -2,6 +2,9 @@ package service
 
 import (
 	"context"
+	"github.com/go-logr/logr"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws/services"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/ingress"
 	"strconv"
 	"sync"
 
@@ -41,7 +44,7 @@ func NewDefaultModelBuilder(annotationParser annotations.Parser, subnetsResolver
 	elbv2TaggingManager elbv2deploy.TaggingManager, ec2Client services.EC2, featureGates config.FeatureGates, clusterName string, defaultTags map[string]string,
 	externalManagedTags []string, defaultSSLPolicy string, defaultTargetType string, enableIPTargetType bool, serviceUtils ServiceUtils,
 	backendSGProvider networking.BackendSGProvider, sgResolver networking.SecurityGroupResolver, enableBackendSG bool,
-	disableRestrictedSGRules bool, logger logr.Logger) *defaultModelBuilder {
+	disableRestrictedSGRules bool, certDiscovery ingress.CertDiscovery, logger logr.Logger) *defaultModelBuilder {
 	return &defaultModelBuilder{
 		annotationParser:         annotationParser,
 		subnetsResolver:          subnetsResolver,
@@ -50,6 +53,7 @@ func NewDefaultModelBuilder(annotationParser annotations.Parser, subnetsResolver
 		elbv2TaggingManager:      elbv2TaggingManager,
 		featureGates:             featureGates,
 		serviceUtils:             serviceUtils,
+		certDiscovery:            certDiscovery,
 		clusterName:              clusterName,
 		vpcID:                    vpcID,
 		defaultTags:              defaultTags,
@@ -78,6 +82,7 @@ type defaultModelBuilder struct {
 	elbv2TaggingManager      elbv2deploy.TaggingManager
 	featureGates             config.FeatureGates
 	serviceUtils             ServiceUtils
+	certDiscovery            ingress.CertDiscovery
 	ec2Client                services.EC2
 	enableBackendSG          bool
 	disableRestrictedSGRules bool
@@ -165,6 +170,7 @@ type defaultModelBuildTask struct {
 	featureGates        config.FeatureGates
 	serviceUtils        ServiceUtils
 	enableIPTargetType  bool
+	certDiscovery       ingress.CertDiscovery
 	ec2Client           services.EC2
 	logger              logr.Logger
 

Original file line number	Diff line number	Diff line change
`@@ -110,7 +110,7 @@ type defaultModelBuilder struct {`
`110`	`110`	`logger logr.Logger`
`111`	`111`	`}`
`112`	`112`
`113`		`-// build mode stack for a IngressGroup.`
	`113`	`+// Build builds mode stack for a IngressGroup.`
`114`	`114`	`func (b defaultModelBuilder) Build(ctx context.Context, ingGroup Group) (core.Stack, elbv2model.LoadBalancer, []types.NamespacedName, bool, error) {`
`115`	`115`	`stack := core.NewDefaultStack(core.StackID(ingGroup.ID))`
`116`	`116`	`task := &defaultModelBuildTask{`