check for drifted coIPv4Pool settings

Author: M00nF1sh

docs/guide/ingress/annotations.md

@@ -132,7 +132,7 @@ Traffic Listening can be controlled with following annotations:
 
     !!!example
         ```
-        alb.ingress.kubernetes.io/customer-owned-ipv4-poole: ipv4pool-coip-xxxxxxxx
+        alb.ingress.kubernetes.io/customer-owned-ipv4-pool: ipv4pool-coip-xxxxxxxx
         ```
 
 ## Traffic Routing

pkg/deploy/elbv2/load_balancer_manager.go

@@ -6,6 +6,7 @@ import (
 	awssdk "github.com/aws/aws-sdk-go/aws"
 	elbv2sdk "github.com/aws/aws-sdk-go/service/elbv2"
 	"github.com/go-logr/logr"
+	"github.com/pkg/errors"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws/services"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/deploy/tracking"
@@ -92,6 +93,9 @@ func (m *defaultLoadBalancerManager) Update(ctx context.Context, resLB *elbv2mod
 	if err := m.attributesReconciler.Reconcile(ctx, resLB, sdkLB); err != nil {
 		return elbv2model.LoadBalancerStatus{}, err
 	}
+	if err := m.checkSDKLoadBalancerWithCOIPv4Pool(ctx, resLB, sdkLB); err != nil {
+		return elbv2model.LoadBalancerStatus{}, err
+	}
 	return buildResLoadBalancerStatus(sdkLB), nil
 }
 
@@ -206,6 +210,13 @@ func (m *defaultLoadBalancerManager) updateSDKLoadBalancerWithSecurityGroups(ctx
 	return nil
 }
 
+func (m *defaultLoadBalancerManager) checkSDKLoadBalancerWithCOIPv4Pool(_ context.Context, resLB *elbv2model.LoadBalancer, sdkLB LoadBalancerWithTags) error {
+	if awssdk.StringValue(resLB.Spec.CustomerOwnedIPv4Pool) != awssdk.StringValue(sdkLB.LoadBalancer.CustomerOwnedIpv4Pool) {
+		return errors.New("loadBalancer has drifted CustomerOwnedIPv4Pool setting")
+	}
+	return nil
+}
+
 func (m *defaultLoadBalancerManager) updateSDKLoadBalancerWithTags(ctx context.Context, resLB *elbv2model.LoadBalancer, sdkLB LoadBalancerWithTags) error {
 	desiredLBTags := m.trackingProvider.ResourceTags(resLB.Stack(), resLB, resLB.Spec.Tags)
 	return m.taggingManager.ReconcileTags(ctx, awssdk.StringValue(sdkLB.LoadBalancer.LoadBalancerArn), desiredLBTags,

pkg/deploy/elbv2/load_balancer_manager_test.go

@@ -1,6 +1,8 @@
 package elbv2
 
 import (
+	"context"
+	"errors"
 	awssdk "github.com/aws/aws-sdk-go/aws"
 	elbv2sdk "github.com/aws/aws-sdk-go/service/elbv2"
 	"github.com/stretchr/testify/assert"
@@ -304,3 +306,107 @@ func Test_buildResLoadBalancerStatus(t *testing.T) {
 		})
 	}
 }
+
+func Test_defaultLoadBalancerManager_checkSDKLoadBalancerWithCOIPv4Pool(t *testing.T) {
+	type args struct {
+		resLB *elbv2model.LoadBalancer
+		sdkLB LoadBalancerWithTags
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr error
+	}{
+		{
+			name: "both resLB and sdkLB don't have CustomerOwnedIPv4Pool setting",
+			args: args{
+				resLB: &elbv2model.LoadBalancer{
+					Spec: elbv2model.LoadBalancerSpec{
+						CustomerOwnedIPv4Pool: nil,
+					},
+				},
+				sdkLB: LoadBalancerWithTags{
+					LoadBalancer: &elbv2sdk.LoadBalancer{
+						CustomerOwnedIpv4Pool: nil,
+					},
+				},
+			},
+			wantErr: nil,
+		},
+		{
+			name: "both resLB and sdkLB have same CustomerOwnedIPv4Pool setting",
+			args: args{
+				resLB: &elbv2model.LoadBalancer{
+					Spec: elbv2model.LoadBalancerSpec{
+						CustomerOwnedIPv4Pool: awssdk.String("ipv4pool-coip-abc"),
+					},
+				},
+				sdkLB: LoadBalancerWithTags{
+					LoadBalancer: &elbv2sdk.LoadBalancer{
+						CustomerOwnedIpv4Pool: awssdk.String("ipv4pool-coip-abc"),
+					},
+				},
+			},
+			wantErr: nil,
+		},
+		{
+			name: "both resLB and sdkLB have different CustomerOwnedIPv4Pool setting",
+			args: args{
+				resLB: &elbv2model.LoadBalancer{
+					Spec: elbv2model.LoadBalancerSpec{
+						CustomerOwnedIPv4Pool: awssdk.String("ipv4pool-coip-abc"),
+					},
+				},
+				sdkLB: LoadBalancerWithTags{
+					LoadBalancer: &elbv2sdk.LoadBalancer{
+						CustomerOwnedIpv4Pool: awssdk.String("ipv4pool-coip-def"),
+					},
+				},
+			},
+			wantErr: errors.New("loadBalancer has drifted CustomerOwnedIPv4Pool setting"),
+		},
+		{
+			name: "only resLB have CustomerOwnedIPv4Pool setting",
+			args: args{
+				resLB: &elbv2model.LoadBalancer{
+					Spec: elbv2model.LoadBalancerSpec{
+						CustomerOwnedIPv4Pool: awssdk.String("ipv4pool-coip-abc"),
+					},
+				},
+				sdkLB: LoadBalancerWithTags{
+					LoadBalancer: &elbv2sdk.LoadBalancer{
+						CustomerOwnedIpv4Pool: nil,
+					},
+				},
+			},
+			wantErr: errors.New("loadBalancer has drifted CustomerOwnedIPv4Pool setting"),
+		},
+		{
+			name: "only sdkLB have CustomerOwnedIPv4Pool setting",
+			args: args{
+				resLB: &elbv2model.LoadBalancer{
+					Spec: elbv2model.LoadBalancerSpec{
+						CustomerOwnedIPv4Pool: nil,
+					},
+				},
+				sdkLB: LoadBalancerWithTags{
+					LoadBalancer: &elbv2sdk.LoadBalancer{
+						CustomerOwnedIpv4Pool: awssdk.String("ipv4pool-coip-abc"),
+					},
+				},
+			},
+			wantErr: errors.New("loadBalancer has drifted CustomerOwnedIPv4Pool setting"),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			m := &defaultLoadBalancerManager{}
+			err := m.checkSDKLoadBalancerWithCOIPv4Pool(context.Background(), tt.args.resLB, tt.args.sdkLB)
+			if tt.wantErr != nil {
+				assert.EqualError(t, err, tt.wantErr.Error())
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
+}