Add default tags to backend SG

kishorj · kishorj · commit 2d33d3f9e291 · 2022-01-06T08:44:16.000-08:00
diff --git a/main.go b/main.go
@@ -108,7 +108,7 @@ func main() {
 	tgbResManager := targetgroupbinding.NewDefaultResourceManager(mgr.GetClient(), cloud.ELBV2(), cloud.EC2(),
 		podInfoRepo, sgManager, sgReconciler, cloud.VpcID(), controllerCFG.ClusterName, mgr.GetEventRecorderFor("targetGroupBinding"), ctrl.Log, controllerCFG.EnableEndpointSlices, controllerCFG.DisableRestrictedSGRules, vpcInfoProvider)
 	backendSGProvider := networking.NewBackendSGProvider(controllerCFG.ClusterName, controllerCFG.BackendSecurityGroup,
-		cloud.VpcID(), cloud.EC2(), mgr.GetClient(), ctrl.Log.WithName("backend-sg-provider"))
+		cloud.VpcID(), cloud.EC2(), mgr.GetClient(), controllerCFG.DefaultTags, ctrl.Log.WithName("backend-sg-provider"))
 	ingGroupReconciler := ingress.NewGroupReconciler(cloud, mgr.GetClient(), mgr.GetEventRecorderFor("ingress"),
 		finalizerManager, sgManager, sgReconciler, subnetResolver,
 		controllerCFG, backendSGProvider, ctrl.Log.WithName("controllers").WithName("ingress"))
diff --git a/pkg/config/controller_config.go b/pkg/config/controller_config.go
@@ -36,6 +36,7 @@ const (
 var (
 	trackingTagKeys = sets.NewString(
 		"elbv2.k8s.aws/cluster",
+		"elbv2.k8s.aws/resource",
 		"ingress.k8s.aws/stack",
 		"ingress.k8s.aws/resource",
 		"service.k8s.aws/stack",
diff --git a/pkg/networking/backend_sg_provider.go b/pkg/networking/backend_sg_provider.go
@@ -5,19 +5,21 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
+	"regexp"
+	"sort"
+	"strings"
+	"sync"
+	"time"
+
 	awssdk "github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	ec2sdk "github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/go-logr/logr"
 	"github.com/pkg/errors"
 	networking "k8s.io/api/networking/v1"
-	"regexp"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws/services"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"strings"
-	"sync"
-	"time"
 )
 
 const (
@@ -45,11 +47,12 @@ type BackendSGProvider interface {
 
 // NewBackendSGProvider constructs a new  defaultBackendSGProvider
 func NewBackendSGProvider(clusterName string, backendSG string, vpcID string,
-	ec2Client services.EC2, k8sClient client.Client, logger logr.Logger) *defaultBackendSGProvider {
+	ec2Client services.EC2, k8sClient client.Client, defaultTags map[string]string, logger logr.Logger) *defaultBackendSGProvider {
 	return &defaultBackendSGProvider{
 		vpcID:       vpcID,
 		clusterName: clusterName,
 		backendSG:   backendSG,
+		defaultTags: defaultTags,
 		ec2Client:   ec2Client,
 		k8sClient:   k8sClient,
 		logger:      logger,
@@ -69,6 +72,7 @@ type defaultBackendSGProvider struct {
 
 	backendSG       string
 	autoGeneratedSG string
+	defaultTags     map[string]string
 	ec2Client       services.EC2
 	k8sClient       client.Client
 	logger          logr.Logger
@@ -135,10 +139,20 @@ func (p *defaultBackendSGProvider) allocateBackendSG(ctx context.Context) error
 }
 
 func (p *defaultBackendSGProvider) buildBackendSGTags(_ context.Context) []*ec2sdk.TagSpecification {
+	var defaultTags []*ec2sdk.Tag
+	for key, val := range p.defaultTags {
+		defaultTags = append(defaultTags, &ec2sdk.Tag{
+			Key:   awssdk.String(key),
+			Value: awssdk.String(val),
+		})
+	}
+	sort.Slice(defaultTags, func(i, j int) bool {
+		return awssdk.StringValue(defaultTags[i].Key) < awssdk.StringValue(defaultTags[j].Key)
+	})
 	return []*ec2sdk.TagSpecification{
 		{
 			ResourceType: awssdk.String(resourceTypeSecurityGroup),
-			Tags: []*ec2sdk.Tag{
+			Tags: append(defaultTags, []*ec2sdk.Tag{
 				{
 					Key:   awssdk.String(tagKeyK8sCluster),
 					Value: awssdk.String(p.clusterName),
@@ -147,7 +161,7 @@ func (p *defaultBackendSGProvider) buildBackendSGTags(_ context.Context) []*ec2s
 					Key:   awssdk.String(tagKeyResource),
 					Value: awssdk.String(tagValueBackend),
 				},
-			},
+			}...),
 		},
 	}
 }
diff --git a/pkg/networking/backend_sg_provider_test.go b/pkg/networking/backend_sg_provider_test.go
@@ -36,6 +36,7 @@ func Test_defaultBackendSGProvider_Get(t *testing.T) {
 	}
 	type fields struct {
 		backendSG       string
+		defaultTags     map[string]string
 		describeSGCalls []describeSecurityGroupsAsListCall
 		createSGCalls   []createSecurityGroupWithContexCall
 	}
@@ -125,6 +126,64 @@ func Test_defaultBackendSGProvider_Get(t *testing.T) {
 			},
 			want: "sg-newauto",
 		},
+		{
+			name: "backend sg enabled, auto-gen new SG with additional defaultTags",
+			fields: fields{
+				describeSGCalls: []describeSecurityGroupsAsListCall{
+					{
+						req: &ec2sdk.DescribeSecurityGroupsInput{
+							Filters: defaultEC2Filters,
+						},
+						err: awserr.New("InvalidGroup.NotFound", "", nil),
+					},
+				},
+				createSGCalls: []createSecurityGroupWithContexCall{
+					{
+						req: &ec2sdk.CreateSecurityGroupInput{
+							Description: awssdk.String(sgDescription),
+							GroupName:   awssdk.String("k8s-traffic-testCluster-411a1bcdb1"),
+							TagSpecifications: []*ec2sdk.TagSpecification{
+								{
+									ResourceType: awssdk.String("security-group"),
+									Tags: []*ec2sdk.Tag{
+										{
+											Key:   awssdk.String("KubernetesCluster"),
+											Value: awssdk.String(defaultClusterName),
+										},
+										{
+											Key:   awssdk.String("defaultTag"),
+											Value: awssdk.String("specified"),
+										},
+										{
+											Key:   awssdk.String("zzzKey"),
+											Value: awssdk.String("value"),
+										},
+										{
+											Key:   awssdk.String("elbv2.k8s.aws/cluster"),
+											Value: awssdk.String(defaultClusterName),
+										},
+										{
+											Key:   awssdk.String("elbv2.k8s.aws/resource"),
+											Value: awssdk.String("backend-sg"),
+										},
+									},
+								},
+							},
+							VpcId: awssdk.String(defaultVPCID),
+						},
+						resp: &ec2sdk.CreateSecurityGroupOutput{
+							GroupId: awssdk.String("sg-newauto"),
+						},
+					},
+				},
+				defaultTags: map[string]string{
+					"zzzKey":            "value",
+					"KubernetesCluster": defaultClusterName,
+					"defaultTag":        "specified",
+				},
+			},
+			want: "sg-newauto",
+		},
 		{
 			name: "describe SG call returns error",
 			fields: fields{
@@ -193,7 +252,7 @@ func Test_defaultBackendSGProvider_Get(t *testing.T) {
 			}
 			k8sClient := mock_client.NewMockClient(ctrl)
 			sgProvider := NewBackendSGProvider(defaultClusterName, tt.fields.backendSG,
-				defaultVPCID, ec2Client, k8sClient, &log.NullLogger{})
+				defaultVPCID, ec2Client, k8sClient, tt.fields.defaultTags, &log.NullLogger{})
 
 			got, err := sgProvider.Get(context.Background())
 			if tt.wantErr != nil {
@@ -222,6 +281,7 @@ func Test_defaultBackendSGProvider_Release(t *testing.T) {
 	type fields struct {
 		autogenSG        string
 		backendSG        string
+		defaultTags      map[string]string
 		listIngressCalls []listIngressCall
 		deleteSGCalls    []deleteSecurityGroupWithContextCall
 	}
@@ -365,7 +425,7 @@ func Test_defaultBackendSGProvider_Release(t *testing.T) {
 			ec2Client := services.NewMockEC2(ctrl)
 			k8sClient := mock_client.NewMockClient(ctrl)
 			sgProvider := NewBackendSGProvider(defaultClusterName, tt.fields.backendSG,
-				defaultVPCID, ec2Client, k8sClient, &log.NullLogger{})
+				defaultVPCID, ec2Client, k8sClient, tt.fields.defaultTags, &log.NullLogger{})
 			if len(tt.fields.autogenSG) > 0 {
 				sgProvider.backendSG = ""
 				sgProvider.autoGeneratedSG = tt.fields.autogenSG
