improve performance

pkg/networking/security_group_info.go

@@ -1,6 +1,7 @@
 package networking
 
 import (
+	"encoding/json"
 	"fmt"
 	awssdk "github.com/aws/aws-sdk-go/aws"
 	ec2sdk "github.com/aws/aws-sdk-go/service/ec2"
@@ -35,6 +36,35 @@ type IPPermissionInfo struct {
 	Labels map[string]string
 }
 
+// HashCode returns the hashcode for the IPPermissionInfo.
+// The hashCode should only include the actual permission but not labels/descriptions.
+func (perm *IPPermissionInfo) HashCode() string {
+	protocol := awssdk.StringValue(perm.Permission.IpProtocol)
+	fromPort := awssdk.Int64Value(perm.Permission.FromPort)
+	toPort := awssdk.Int64Value(perm.Permission.ToPort)
+	base := fmt.Sprintf("IpProtocol: %v, FromPort: %v, ToPort: %v", protocol, fromPort, toPort)
+	if len(perm.Permission.IpRanges) == 1 {
+		cidrIP := awssdk.StringValue(perm.Permission.IpRanges[0].CidrIp)
+		return fmt.Sprintf("%v, IpRange: %v", base, cidrIP)
+	}
+	if len(perm.Permission.Ipv6Ranges) == 1 {
+		cidrIPv6 := awssdk.StringValue(perm.Permission.Ipv6Ranges[0].CidrIpv6)
+		return fmt.Sprintf("%v, Ipv6Range: %v", base, cidrIPv6)
+	}
+	if len(perm.Permission.PrefixListIds) == 1 {
+		prefixListID := awssdk.StringValue(perm.Permission.PrefixListIds[0].PrefixListId)
+		return fmt.Sprintf("%v, PrefixListId: %v", base, prefixListID)
+	}
+	if len(perm.Permission.UserIdGroupPairs) == 1 {
+		groupID := awssdk.StringValue(perm.Permission.UserIdGroupPairs[0].GroupId)
+		return fmt.Sprintf("%v, UserIdGroupPair: %v", base, groupID)
+	}
+
+	// we are facing some unknown permission, let's include all fields.
+	payload, _ := json.Marshal(perm.Permission)
+	return string(payload)
+}
+
 // NewRawSecurityGroupInfo constructs new SecurityGroupInfo with raw ec2SDK's SecurityGroup object.
 func NewRawSecurityGroupInfo(sdkSG *ec2sdk.SecurityGroup) SecurityGroupInfo {
 	sgID := awssdk.StringValue(sdkSG.GroupId)

pkg/networking/security_group_info_test.go

@@ -0,0 +1,95 @@
+package networking
+
+import (
+	awssdk "github.com/aws/aws-sdk-go/aws"
+	ec2sdk "github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestIPPermissionInfo_HashCode(t *testing.T) {
+	type fields struct {
+		Permission ec2sdk.IpPermission
+		Labels     map[string]string
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		want   string
+	}{
+		{
+			name: "IpRange permission",
+			fields: fields{
+				Permission: ec2sdk.IpPermission{
+					IpProtocol: awssdk.String("tcp"),
+					FromPort:   awssdk.Int64(80),
+					ToPort:     awssdk.Int64(8080),
+					IpRanges: []*ec2sdk.IpRange{
+						{
+							CidrIp: awssdk.String("192.168.0.0/16"),
+						},
+					},
+				},
+			},
+			want: "IpProtocol: tcp, FromPort: 80, ToPort: 8080, IpRange: 192.168.0.0/16",
+		},
+		{
+			name: "Ipv6Range permission",
+			fields: fields{
+				Permission: ec2sdk.IpPermission{
+					IpProtocol: awssdk.String("tcp"),
+					FromPort:   awssdk.Int64(80),
+					ToPort:     awssdk.Int64(8080),
+					Ipv6Ranges: []*ec2sdk.Ipv6Range{
+						{
+							CidrIpv6: awssdk.String("::/0"),
+						},
+					},
+				},
+			},
+			want: "IpProtocol: tcp, FromPort: 80, ToPort: 8080, Ipv6Range: ::/0",
+		},
+		{
+			name: "PrefixListId permission",
+			fields: fields{
+				Permission: ec2sdk.IpPermission{
+					IpProtocol: awssdk.String("tcp"),
+					FromPort:   awssdk.Int64(80),
+					ToPort:     awssdk.Int64(8080),
+					PrefixListIds: []*ec2sdk.PrefixListId{
+						{
+							PrefixListId: awssdk.String("pl-123456abcde123456"),
+						},
+					},
+				},
+			},
+			want: "IpProtocol: tcp, FromPort: 80, ToPort: 8080, PrefixListId: pl-123456abcde123456",
+		},
+		{
+			name: "UserIdGroupPair permission",
+			fields: fields{
+				Permission: ec2sdk.IpPermission{
+					IpProtocol: awssdk.String("tcp"),
+					FromPort:   awssdk.Int64(80),
+					ToPort:     awssdk.Int64(8080),
+					UserIdGroupPairs: []*ec2sdk.UserIdGroupPair{
+						{
+							GroupId: awssdk.String("sg-xxxx"),
+						},
+					},
+				},
+			},
+			want: "IpProtocol: tcp, FromPort: 80, ToPort: 8080, UserIdGroupPair: sg-xxxx",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			perm := &IPPermissionInfo{
+				Permission: tt.fields.Permission,
+				Labels:     tt.fields.Labels,
+			}
+			got := perm.HashCode()
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}

pkg/networking/security_group_reconciler.go

@@ -4,11 +4,9 @@ import (
 	"context"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/go-logr/logr"
-	"github.com/google/go-cmp/cmp"
-	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/pkg/errors"
 	"k8s.io/apimachinery/pkg/labels"
-	ec2equality "sigs.k8s.io/aws-load-balancer-controller/pkg/equality/ec2"
+	"k8s.io/apimachinery/pkg/util/sets"
 )
 
 // configuration options for SecurityGroup Reconcile options.
@@ -128,22 +126,20 @@ func (r *defaultSecurityGroupReconciler) shouldRetryWithoutCache(err error) bool
 
 // diffIPPermissionInfos calculates set_difference as source - target
 func diffIPPermissionInfos(source []IPPermissionInfo, target []IPPermissionInfo) []IPPermissionInfo {
-	opts := cmp.Options{
-		ec2equality.CompareOptionForIPPermission(),
-		cmpopts.IgnoreFields(IPPermissionInfo{}, "Labels"),
+	sourceByHashCode := make(map[string]IPPermissionInfo, len(source))
+	for _, perm := range source {
+		sourceByHashCode[perm.HashCode()] = perm
 	}
+	targetByHashCode := make(map[string]IPPermissionInfo, len(target))
+	for _, perm := range target {
+		targetByHashCode[perm.HashCode()] = perm
+	}
+	sourceHashCodeSet := sets.StringKeySet(sourceByHashCode)
+	targetHashCodeSet := sets.StringKeySet(targetByHashCode)
+
 	var diffs []IPPermissionInfo
-	for _, sPermission := range source {
-		containsInTarget := false
-		for _, tPermission := range target {
-			if cmp.Equal(sPermission, tPermission, opts) {
-				containsInTarget = true
-				break
-			}
-		}
-		if !containsInTarget {
-			diffs = append(diffs, sPermission)
-		}
+	for _, hashCode := range sourceHashCodeSet.Difference(targetHashCodeSet).List() {
+		diffs = append(diffs, sourceByHashCode[hashCode])
 	}
 	return diffs
 }