use 'service' prefix for var name

Carlos Flores · Carlos Flores · commit b0ec7eef98af · 2023-08-28T13:39:25.000-07:00
diff --git a/main.go b/main.go
@@ -108,7 +108,7 @@ func main() {
 	tgbResManager := targetgroupbinding.NewDefaultResourceManager(mgr.GetClient(), cloud.ELBV2(), cloud.EC2(),
 		podInfoRepo, sgManager, sgReconciler, vpcInfoProvider,
 		cloud.VpcID(), controllerCFG.ClusterName, controllerCFG.FeatureGates.Enabled(config.EndpointsFailOpen), controllerCFG.EnableEndpointSlices, controllerCFG.DisableRestrictedSGRules,
-		controllerCFG.EndpointENISGTags, mgr.GetEventRecorderFor("targetGroupBinding"), ctrl.Log)
+		controllerCFG.ServiceTargetENISGTags, mgr.GetEventRecorderFor("targetGroupBinding"), ctrl.Log)
 	backendSGProvider := networking.NewBackendSGProvider(controllerCFG.ClusterName, controllerCFG.BackendSecurityGroup,
 		cloud.VpcID(), cloud.EC2(), mgr.GetClient(), controllerCFG.DefaultTags, ctrl.Log.WithName("backend-sg-provider"))
 	sgResolver := networking.NewDefaultSecurityGroupResolver(cloud.EC2(), cloud.VpcID())
diff --git a/pkg/config/controller_config.go b/pkg/config/controller_config.go
@@ -18,7 +18,7 @@ const (
 	flagDefaultTags                                  = "default-tags"
 	flagDefaultTargetType                            = "default-target-type"
 	flagExternalManagedTags                          = "external-managed-tags"
-	flagEndpointENISGTags                            = "endpoint-eni-security-group-tags"
+	flagServiceTargetENISGTags                       = "service-target-eni-security-group-tags"
 	flagServiceMaxConcurrentReconciles               = "service-max-concurrent-reconciles"
 	flagTargetGroupBindingMaxConcurrentReconciles    = "targetgroupbinding-max-concurrent-reconciles"
 	flagTargetGroupBindingMaxExponentialBackoffDelay = "targetgroupbinding-max-exponential-backoff-delay"
@@ -75,8 +75,8 @@ type ControllerConfig struct {
 	// List of Tag keys on AWS resources that will be managed externally.
 	ExternalManagedTags []string
 
-	// EndpointENISGTags are AWS tags, in addition to the cluster tags, for finding the target ENI security group to which to add inbound rules from NLBs.
-	EndpointENISGTags map[string]string
+	// ServiceTargetENISGTags are AWS tags, in addition to the cluster tags, for finding the target ENI security group to which to add inbound rules from NLBs.
+	ServiceTargetENISGTags map[string]string
 
 	// Default SSL Policy that will be applied to all ingresses or services that do not have
 	// the SSL Policy annotation.
@@ -132,7 +132,7 @@ func (cfg *ControllerConfig) BindFlags(fs *pflag.FlagSet) {
 		"Enable EndpointSlices for IP targets instead of Endpoints")
 	fs.BoolVar(&cfg.DisableRestrictedSGRules, flagDisableRestrictedSGRules, defaultDisableRestrictedSGRules,
 		"Disable the usage of restricted security group rules")
-	fs.StringToStringVar(&cfg.EndpointENISGTags, flagEndpointENISGTags, nil,
+	fs.StringToStringVar(&cfg.ServiceTargetENISGTags, flagServiceTargetENISGTags, nil,
 		"AWS Tags, in addition to cluster tags, for finding the target ENI security group to which to add inbound rules from NLBs")
 	cfg.FeatureGates.BindFlags(fs)
 	cfg.AWSConfig.BindFlags(fs)
diff --git a/pkg/targetgroupbinding/networking_manager.go b/pkg/targetgroupbinding/networking_manager.go
@@ -45,18 +45,18 @@ type NetworkingManager interface {
 
 // NewDefaultNetworkingManager constructs defaultNetworkingManager.
 func NewDefaultNetworkingManager(k8sClient client.Client, podENIResolver networking.PodENIInfoResolver, nodeENIResolver networking.NodeENIInfoResolver,
-	sgManager networking.SecurityGroupManager, sgReconciler networking.SecurityGroupReconciler, vpcID string, clusterName string, endpointENISGTags map[string]string, logger logr.Logger, disabledRestrictedSGRulesFlag bool) *defaultNetworkingManager {
+	sgManager networking.SecurityGroupManager, sgReconciler networking.SecurityGroupReconciler, vpcID string, clusterName string, serviceTargetENISGTags map[string]string, logger logr.Logger, disabledRestrictedSGRulesFlag bool) *defaultNetworkingManager {
 
 	return &defaultNetworkingManager{
-		k8sClient:         k8sClient,
-		podENIResolver:    podENIResolver,
-		nodeENIResolver:   nodeENIResolver,
-		sgManager:         sgManager,
-		sgReconciler:      sgReconciler,
-		vpcID:             vpcID,
-		clusterName:       clusterName,
-		endpointENISGTags: endpointENISGTags,
-		logger:            logger,
+		k8sClient:              k8sClient,
+		podENIResolver:         podENIResolver,
+		nodeENIResolver:        nodeENIResolver,
+		sgManager:              sgManager,
+		sgReconciler:           sgReconciler,
+		vpcID:                  vpcID,
+		clusterName:            clusterName,
+		serviceTargetENISGTags: serviceTargetENISGTags,
+		logger:                 logger,
 
 		mutex:                         sync.Mutex{},
 		ingressPermissionsPerSGByTGB:  make(map[types.NamespacedName]map[string][]networking.IPPermissionInfo),
@@ -68,15 +68,15 @@ func NewDefaultNetworkingManager(k8sClient client.Client, podENIResolver network
 
 // default implementation for NetworkingManager.
 type defaultNetworkingManager struct {
-	k8sClient         client.Client
-	podENIResolver    networking.PodENIInfoResolver
-	nodeENIResolver   networking.NodeENIInfoResolver
-	sgManager         networking.SecurityGroupManager
-	sgReconciler      networking.SecurityGroupReconciler
-	vpcID             string
-	clusterName       string
-	endpointENISGTags map[string]string
-	logger            logr.Logger
+	k8sClient              client.Client
+	podENIResolver         networking.PodENIInfoResolver
+	nodeENIResolver        networking.NodeENIInfoResolver
+	sgManager              networking.SecurityGroupManager
+	sgReconciler           networking.SecurityGroupReconciler
+	vpcID                  string
+	clusterName            string
+	serviceTargetENISGTags map[string]string
+	logger                 logr.Logger
 
 	// mutex will serialize our TargetGroup's networking reconcile requests.
 	mutex sync.Mutex
@@ -524,7 +524,7 @@ func (m *defaultNetworkingManager) resolveEndpointSGForENI(ctx context.Context,
 	for sgID, sgInfo := range sgInfoByID {
 		if _, ok := sgInfo.Tags[clusterResourceTagKey]; ok {
 			matchesEndpointSGTags := true
-			for endpointSGTagKey, endpointSGTagValue := range m.endpointENISGTags {
+			for endpointSGTagKey, endpointSGTagValue := range m.serviceTargetENISGTags {
 				if _, ok := sgInfo.Tags[endpointSGTagKey]; !ok || sgInfo.Tags[endpointSGTagKey] != endpointSGTagValue {
 					matchesEndpointSGTags = false
 					break
@@ -539,12 +539,12 @@ func (m *defaultNetworkingManager) resolveEndpointSGForENI(ctx context.Context,
 	if len(sgIDsWithMatchingEndpointSGTags) != 1 {
 		// user may provide incorrect `--cluster-name` at bootstrap or modify the tag key unexpectedly, it is hard to find out if no clusterName included in error message.
 		// having `clusterName` included in error message might be helpful for shorten the troubleshooting time spent.
-		if len(m.endpointENISGTags) == 0 {
+		if len(m.serviceTargetENISGTags) == 0 {
 			return "", errors.Errorf("expect exactly one securityGroup tagged with %v for eni %v, got: %v (clusterName: %v)",
 				clusterResourceTagKey, eniInfo.NetworkInterfaceID, sgIDsWithMatchingEndpointSGTags.List(), m.clusterName)
 		}
 		return "", errors.Errorf("expect exactly one securityGroup tagged with %v and %v for eni %v, got: %v (clusterName: %v)",
-			clusterResourceTagKey, m.endpointENISGTags, eniInfo.NetworkInterfaceID, sgIDsWithMatchingEndpointSGTags.List(), m.clusterName)
+			clusterResourceTagKey, m.serviceTargetENISGTags, eniInfo.NetworkInterfaceID, sgIDsWithMatchingEndpointSGTags.List(), m.clusterName)
 	}
 	sgID, _ := sgIDsWithMatchingEndpointSGTags.PopAny()
 	return sgID, nil
diff --git a/pkg/targetgroupbinding/networking_manager_test.go b/pkg/targetgroupbinding/networking_manager_test.go
@@ -1424,7 +1424,7 @@ func Test_defaultNetworkingManager_resolveEndpointSGForENI(t *testing.T) {
 
 	type fields struct {
 		fetchSGInfosByRequestCalls []fetchSGInfosByIDCall
-		endpointENISGTags          map[string]string
+		serviceTargetENISGTags     map[string]string
 	}
 	type args struct {
 		ctx     context.Context
@@ -1440,7 +1440,7 @@ func Test_defaultNetworkingManager_resolveEndpointSGForENI(t *testing.T) {
 		{
 			name: "Only one security group in eniInfo returns early",
 			fields: fields{
-				endpointENISGTags: map[string]string{},
+				serviceTargetENISGTags: map[string]string{},
 			},
 			args: args{
 				ctx: context.Background(),
@@ -1455,7 +1455,7 @@ func Test_defaultNetworkingManager_resolveEndpointSGForENI(t *testing.T) {
 		{
 			name: "No security group in eniInfo returns error",
 			fields: fields{
-				endpointENISGTags: map[string]string{},
+				serviceTargetENISGTags: map[string]string{},
 				fetchSGInfosByRequestCalls: []fetchSGInfosByIDCall{
 					{
 						req:  []string{},
@@ -1476,7 +1476,7 @@ func Test_defaultNetworkingManager_resolveEndpointSGForENI(t *testing.T) {
 		{
 			name: "A single security group with cluster name tag and no service target tags set",
 			fields: fields{
-				endpointENISGTags: map[string]string{},
+				serviceTargetENISGTags: map[string]string{},
 				fetchSGInfosByRequestCalls: []fetchSGInfosByIDCall{
 					{
 						req: []string{"sg-a", "sg-b"},
@@ -1513,7 +1513,7 @@ func Test_defaultNetworkingManager_resolveEndpointSGForENI(t *testing.T) {
 		{
 			name: "A single security group with cluster name tag and one service target tag set",
 			fields: fields{
-				endpointENISGTags: map[string]string{
+				serviceTargetENISGTags: map[string]string{
 					"keyA": "valueA",
 				},
 				fetchSGInfosByRequestCalls: []fetchSGInfosByIDCall{
@@ -1553,7 +1553,7 @@ func Test_defaultNetworkingManager_resolveEndpointSGForENI(t *testing.T) {
 		{
 			name: "A single security group with cluster name tag and one service target tag set with no matches",
 			fields: fields{
-				endpointENISGTags: map[string]string{
+				serviceTargetENISGTags: map[string]string{
 					"keyA": "valueNotA",
 				},
 				fetchSGInfosByRequestCalls: []fetchSGInfosByIDCall{
@@ -1593,7 +1593,7 @@ func Test_defaultNetworkingManager_resolveEndpointSGForENI(t *testing.T) {
 		{
 			name: "A single security group with cluster name tag and multiple service target tags set",
 			fields: fields{
-				endpointENISGTags: map[string]string{
+				serviceTargetENISGTags: map[string]string{
 					"keyA": "valueA",
 					"keyB": "valueB2",
 				},
@@ -1634,7 +1634,7 @@ func Test_defaultNetworkingManager_resolveEndpointSGForENI(t *testing.T) {
 		{
 			name: "A single security group with cluster name tag and multiple service target tags set with no matches",
 			fields: fields{
-				endpointENISGTags: map[string]string{
+				serviceTargetENISGTags: map[string]string{
 					"keyA": "valueA",
 					"keyB": "valueNotB2",
 				},
@@ -1675,7 +1675,7 @@ func Test_defaultNetworkingManager_resolveEndpointSGForENI(t *testing.T) {
 		{
 			name: "A single security group with cluster name tag and a service target tags with an empty value",
 			fields: fields{
-				endpointENISGTags: map[string]string{
+				serviceTargetENISGTags: map[string]string{
 					"keyA": "",
 				},
 				fetchSGInfosByRequestCalls: []fetchSGInfosByIDCall{
@@ -1715,7 +1715,7 @@ func Test_defaultNetworkingManager_resolveEndpointSGForENI(t *testing.T) {
 		{
 			name: "A single security group with cluster name tag and a service target tags with an empty value with no matches",
 			fields: fields{
-				endpointENISGTags: map[string]string{
+				serviceTargetENISGTags: map[string]string{
 					"keyE": "",
 				},
 				fetchSGInfosByRequestCalls: []fetchSGInfosByIDCall{
@@ -1764,9 +1764,9 @@ func Test_defaultNetworkingManager_resolveEndpointSGForENI(t *testing.T) {
 
 		t.Run(tt.name, func(t *testing.T) {
 			m := &defaultNetworkingManager{
-				sgManager:         sgManager,
-				clusterName:       "cluster-a",
-				endpointENISGTags: tt.fields.endpointENISGTags,
+				sgManager:              sgManager,
+				clusterName:            "cluster-a",
+				serviceTargetENISGTags: tt.fields.serviceTargetENISGTags,
 			}
 			got, err := m.resolveEndpointSGForENI(tt.args.ctx, tt.args.eniInfo)
 			if (err != nil) != tt.wantErr {
