Fix for Circular dependency while creating RouteTable and a VPCEndpoint (#142)

nishant221 · web-flow · commit 5d501f48bec8 · 2023-06-29T18:59:40.000Z
Issue: aws-controllers-k8s/community#1817 Description of changes: This is for fixing circular dependency bug while creating a new RouteTable and a VPCEndpoint. As per the changes in this PR, any route to `DestinationPrefixList` which is owned by "AWS" will be ignored while syncing routes and will be used as is. Tested via following : ``` apiVersion: ec2.services.k8s.aws/v1alpha1 kind: VPC metadata: name: circular-dependency-vpc spec: cidrBlocks: - 10.10.0.0/16 enableDNSSupport: True enableDNSHostnames: True tags: - key: Name value: circular-dependency-vpc --- apiVersion: ec2.services.k8s.aws/v1alpha1 kind: RouteTable metadata: name: circular-dependency-rtb spec: routes: - destinationCIDRBlock: 0.0.0.0/0 gatewayRef: from: name: circular-dependency-igw vpcRef: from: name: circular-dependency-vpc --- apiVersion: ec2.services.k8s.aws/v1alpha1 kind: VPCEndpoint metadata: name: circular-dependency-vpc-endpoint-s3 spec: serviceName: com.amazonaws.us-west-2.s3 vpcRef: from: name: circular-dependency-vpc routeTableRefs: - from: name: circular-dependency-rtb tags: - key: Name value: circular-dependency-vpc-endpoint-s3 --- apiVersion: ec2.services.k8s.aws/v1alpha1 kind: InternetGateway metadata: name: circular-dependency-igw spec: vpcRef: from: name: circular-dependency-vpc tags: - key: "Adobe.Owner" value: "Ethos" - key: Name value: circular-dependency-igw ``` Status (before reconciliation i.e. before ACK synced from AWS actual resources): ``` $ kubectl get routetable circular-dependency-rtb -o json | jq .status.routeStatuses [ { "destinationCIDRBlock": "10.10.0.0/16", "gatewayID": "local", "origin": "CreateRouteTable", "state": "active" }, { "destinationCIDRBlock": "0.0.0.0/0", "gatewayID": "igw-06d5825a3e9ba9dee", "origin": "CreateRoute", "state": "active" } ] ``` Status (after reconciliation i.e. after ACK synced from AWS actual resources): ``` [ { "destinationCIDRBlock": "10.10.0.0/16", "gatewayID": "local", "origin": "CreateRouteTable", "state": "active" }, { "destinationCIDRBlock": "0.0.0.0/0", "gatewayID": "igw-06d5825a3e9ba9dee", "origin": "CreateRoute", "state": "active" }, { "destinationPrefixListID": "pl-68a54001", "gatewayID": "vpce-017f902c0d2c007e3", "origin": "CreateRoute", "state": "active" } ] ``` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
diff --git a/pkg/resource/route_table/hooks.go b/pkg/resource/route_table/hooks.go
@@ -15,11 +15,13 @@ package route_table
 
 import (
 	"context"
+	"strings"
 
 	svcapitypes "github.com/aws-controllers-k8s/ec2-controller/apis/v1alpha1"
 	ackcompare "github.com/aws-controllers-k8s/runtime/pkg/compare"
 	ackrtlog "github.com/aws-controllers-k8s/runtime/pkg/runtime/log"
 	svcsdk "github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/samber/lo"
 )
 
 const LocalRouteGateway = "local"
@@ -45,6 +47,13 @@ func (rm *resourceManager) syncRoutes(
 	toAdd := []*svcapitypes.CreateRouteInput{}
 	toDelete := []*svcapitypes.CreateRouteInput{}
 
+	if latest != nil {
+		latest.ko.Spec.Routes = rm.excludeAwsRoute(latest.ko.Spec.Routes)
+	}
+	if desired != nil {
+		desired.ko.Spec.Routes = rm.excludeAwsRoute(desired.ko.Spec.Routes)
+	}
+
 	for _, desiredRoute := range desired.ko.Spec.Routes {
 		if (*desiredRoute).GatewayID != nil && *desiredRoute.GatewayID == LocalRouteGateway {
 			// no-op for default route
@@ -290,6 +299,53 @@ func removeLocalRoute(
 	return ret
 }
 
+func (rm *resourceManager) excludeAwsRoute(
+	routes []*svcapitypes.CreateRouteInput,
+) (ret []*svcapitypes.CreateRouteInput) {
+	ret = make([]*svcapitypes.CreateRouteInput, 0)
+	var prefixListIds []*string
+
+	// Preparing a list of prefixIds from all the DestinationPrefixListIDs in Routes
+	// This is to prevent multiple AWS API calls of DescribeManagedPrefixLists
+
+	ret = lo.Reject(routes, func(route *svcapitypes.CreateRouteInput, index int) bool {
+		return route.DestinationPrefixListID != nil
+	})
+
+	prefix_list_routes := lo.Filter(routes, func(route *svcapitypes.CreateRouteInput, index int) bool {
+		return route.DestinationPrefixListID != nil
+	})
+
+	prefixListIds = lo.Map(prefix_list_routes, func(route *svcapitypes.CreateRouteInput, _ int) *string {
+		return route.DestinationPrefixListID
+
+	})
+
+	var resp *svcsdk.DescribeManagedPrefixListsOutput
+	input := &svcsdk.DescribeManagedPrefixListsInput{}
+	input.PrefixListIds = prefixListIds
+	resp, _ = rm.sdkapi.DescribeManagedPrefixLists(input)
+	rm.metrics.RecordAPICall("READ_MANY", "DescribeManagedPrefixLists", nil)
+
+	m := lo.FilterMap(resp.PrefixLists, func(mpl *svcsdk.ManagedPrefixList, _ int) (string, bool) {
+		if strings.EqualFold(*mpl.OwnerId, "AWS") {
+			return *mpl.PrefixListId, true
+		}
+		return "", false
+	})
+
+	filtered_routes := lo.FilterMap(prefix_list_routes, func(route *svcapitypes.CreateRouteInput, _ int) (*svcapitypes.CreateRouteInput, bool) {
+		found := lo.IndexOf(m, *route.DestinationPrefixListID)
+		if found == -1 {
+			return route, true
+		}
+		return nil, false
+	})
+	ret = append(ret, filtered_routes...)
+
+	return ret
+}
+
 // syncTags used to keep tags in sync by calling Create and Delete Tags API's
 func (rm *resourceManager) syncTags(
 	ctx context.Context,
