Merge pull request #3189 from shivi28/scidr

k8s-ci-robot · web-flow · commit 123e023afdb4 · 2022-03-02T01:07:14.000-08:00
Test cases added for secondary cidr file
diff --git a/pkg/cloud/services/network/secondarycidr.go b/pkg/cloud/services/network/secondarycidr.go
@@ -17,12 +17,18 @@ limitations under the License.
 package network
 
 import (
+	"reflect"
+
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/pkg/errors"
 
 	"sigs.k8s.io/cluster-api-provider-aws/pkg/record"
 )
 
+func isVPCPresent(vpcs *ec2.DescribeVpcsOutput) bool {
+	return vpcs != nil && len(vpcs.Vpcs) > 0
+}
+
 func (s *Service) associateSecondaryCidr() error {
 	if s.scope.SecondaryCidrBlock() == nil {
 		return nil
@@ -35,8 +41,8 @@ func (s *Service) associateSecondaryCidr() error {
 		return err
 	}
 
-	if len(vpcs.Vpcs) != 1 {
-		return errors.Errorf("VPC not found")
+	if !isVPCPresent(vpcs) {
+		return errors.Errorf("failed to associateSecondaryCidr as there are no VPCs present")
 	}
 
 	existingAssociations := vpcs.Vpcs[0].CidrBlockAssociationSet
@@ -55,6 +61,7 @@ func (s *Service) associateSecondaryCidr() error {
 		return err
 	}
 
+	// once IPv6 is supported, we need to modify out.CidrBlockAssociation.AssociationId to out.Ipv6CidrBlockAssociation.AssociationId
 	record.Eventf(s.scope.InfraCluster(), "SuccessfulAssociateSecondaryCidr", "Associated secondary CIDR with VPC %q", *out.CidrBlockAssociation.AssociationId)
 
 	return nil
@@ -72,17 +79,16 @@ func (s *Service) disassociateSecondaryCidr() error {
 		return err
 	}
 
-	if len(vpcs.Vpcs) != 1 {
-		return errors.Errorf("VPC not found")
+	if !isVPCPresent(vpcs) {
+		return errors.Errorf("failed to associateSecondaryCidr as there are no VPCs present")
 	}
 
 	existingAssociations := vpcs.Vpcs[0].CidrBlockAssociationSet
 	for _, existing := range existingAssociations {
-		if existing.CidrBlock == s.scope.SecondaryCidrBlock() {
-			_, err := s.EC2Client.DisassociateVpcCidrBlock(&ec2.DisassociateVpcCidrBlockInput{
+		if reflect.DeepEqual(existing.CidrBlock, s.scope.SecondaryCidrBlock()) {
+			if _, err := s.EC2Client.DisassociateVpcCidrBlock(&ec2.DisassociateVpcCidrBlockInput{
 				AssociationId: existing.AssociationId,
-			})
-			if err != nil {
+			}); err != nil {
 				record.Warnf(s.scope.InfraCluster(), "FailedDisassociateSecondaryCidr", "Failed disassociating secondary CIDR with VPC %v", err)
 				return err
 			}
diff --git a/pkg/cloud/services/network/secondarycidr_test.go b/pkg/cloud/services/network/secondarycidr_test.go
@@ -0,0 +1,249 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package network
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/golang/mock/gomock"
+	. "github.com/onsi/gomega"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/utils/pointer"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+
+	infrav1 "sigs.k8s.io/cluster-api-provider-aws/api/v1beta1"
+	ekscontrolplanev1 "sigs.k8s.io/cluster-api-provider-aws/controlplane/eks/api/v1beta1"
+	"sigs.k8s.io/cluster-api-provider-aws/pkg/cloud/awserrors"
+	"sigs.k8s.io/cluster-api-provider-aws/pkg/cloud/scope"
+	"sigs.k8s.io/cluster-api-provider-aws/pkg/cloud/services/ec2/mock_ec2iface"
+	"sigs.k8s.io/cluster-api/api/v1beta1"
+)
+
+func setupNewManagedControlPlaneScope(cl client.Client) (*scope.ManagedControlPlaneScope, error) {
+	return scope.NewManagedControlPlaneScope(scope.ManagedControlPlaneScopeParams{
+		Client:  cl,
+		Cluster: &v1beta1.Cluster{},
+		ControlPlane: &ekscontrolplanev1.AWSManagedControlPlane{
+			Spec: ekscontrolplanev1.AWSManagedControlPlaneSpec{
+				SecondaryCidrBlock: pointer.StringPtr("secondary-cidr"),
+				NetworkSpec: infrav1.NetworkSpec{
+					VPC: infrav1.VPCSpec{ID: "vpc-id"},
+				},
+			},
+		},
+	})
+}
+
+func setupScheme() (*runtime.Scheme, error) {
+	scheme := runtime.NewScheme()
+	if err := ekscontrolplanev1.AddToScheme(scheme); err != nil {
+		return nil, err
+	}
+	return scheme, nil
+}
+
+func TestService_associateSecondaryCidr(t *testing.T) {
+	mockCtrl := gomock.NewController(t)
+	defer mockCtrl.Finish()
+
+	tests := []struct {
+		name              string
+		haveSecondaryCIDR bool
+		expect            func(m *mock_ec2iface.MockEC2APIMockRecorder)
+		wantErr           bool
+	}{
+		{
+			name: "Should not associate secondary CIDR if no secondary cidr block info present in control plane",
+		},
+		{
+			name:              "Should return error if unable to describe VPC",
+			haveSecondaryCIDR: true,
+			expect: func(m *mock_ec2iface.MockEC2APIMockRecorder) {
+				m.DescribeVpcs(gomock.AssignableToTypeOf(&ec2.DescribeVpcsInput{})).Return(nil, awserrors.NewFailedDependency("dependency-failure"))
+			},
+			wantErr: true,
+		},
+		{
+			name:              "Should not associate secondary cidr block if already exist in VPC",
+			haveSecondaryCIDR: true,
+			expect: func(m *mock_ec2iface.MockEC2APIMockRecorder) {
+				m.DescribeVpcs(gomock.AssignableToTypeOf(&ec2.DescribeVpcsInput{})).Return(&ec2.DescribeVpcsOutput{
+					Vpcs: []*ec2.Vpc{
+						{
+							CidrBlockAssociationSet: []*ec2.VpcCidrBlockAssociation{
+								{CidrBlock: aws.String("secondary-cidr")},
+							},
+						},
+					}}, nil)
+			},
+		},
+		{
+			name:              "Should return error if no VPC found",
+			haveSecondaryCIDR: true,
+			expect: func(m *mock_ec2iface.MockEC2APIMockRecorder) {
+				m.DescribeVpcs(gomock.AssignableToTypeOf(&ec2.DescribeVpcsInput{})).Return(nil, nil)
+			},
+			wantErr: true,
+		},
+		{
+			name:              "Should return error if failed during associating secondary cidr block",
+			haveSecondaryCIDR: true,
+			expect: func(m *mock_ec2iface.MockEC2APIMockRecorder) {
+				m.DescribeVpcs(gomock.AssignableToTypeOf(&ec2.DescribeVpcsInput{})).Return(&ec2.DescribeVpcsOutput{
+					Vpcs: []*ec2.Vpc{
+						{
+							CidrBlockAssociationSet: []*ec2.VpcCidrBlockAssociation{
+								{CidrBlock: aws.String("secondary-cidr-new")},
+							},
+						},
+					}}, nil)
+				m.AssociateVpcCidrBlock(gomock.AssignableToTypeOf(&ec2.AssociateVpcCidrBlockInput{})).Return(nil, awserrors.NewFailedDependency("dependency-failure"))
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			scheme, err := setupScheme()
+			g.Expect(err).NotTo(HaveOccurred())
+			cl := fake.NewClientBuilder().WithScheme(scheme).Build()
+
+			ec2Mock := mock_ec2iface.NewMockEC2API(mockCtrl)
+
+			mcpScope, err := setupNewManagedControlPlaneScope(cl)
+			g.Expect(err).NotTo(HaveOccurred())
+
+			if !tt.haveSecondaryCIDR {
+				mcpScope.ControlPlane.Spec.SecondaryCidrBlock = nil
+			}
+
+			s := NewService(mcpScope)
+			s.EC2Client = ec2Mock
+
+			if tt.expect != nil {
+				tt.expect(ec2Mock.EXPECT())
+			}
+
+			err = s.associateSecondaryCidr()
+			if tt.wantErr {
+				g.Expect(err).To(HaveOccurred())
+				return
+			}
+			g.Expect(err).NotTo(HaveOccurred())
+		})
+	}
+}
+
+func TestService_diassociateSecondaryCidr(t *testing.T) {
+	mockCtrl := gomock.NewController(t)
+	defer mockCtrl.Finish()
+
+	tests := []struct {
+		name              string
+		haveSecondaryCIDR bool
+		expect            func(m *mock_ec2iface.MockEC2APIMockRecorder)
+		wantErr           bool
+	}{
+		{
+			name: "Should not disassociate secondary CIDR if no secondary cidr block info present in control plane",
+		},
+		{
+			name:              "Should return error if unable to describe VPC",
+			haveSecondaryCIDR: true,
+			expect: func(m *mock_ec2iface.MockEC2APIMockRecorder) {
+				m.DescribeVpcs(gomock.AssignableToTypeOf(&ec2.DescribeVpcsInput{})).Return(nil, awserrors.NewFailedDependency("dependency-failure"))
+			},
+			wantErr: true,
+		},
+		{
+			name:              "Should return error if no VPC found",
+			haveSecondaryCIDR: true,
+			expect: func(m *mock_ec2iface.MockEC2APIMockRecorder) {
+				m.DescribeVpcs(gomock.AssignableToTypeOf(&ec2.DescribeVpcsInput{})).Return(nil, nil)
+			},
+			wantErr: true,
+		},
+		{
+			name:              "Should diassociate secondary cidr block if already exist in VPC",
+			haveSecondaryCIDR: true,
+			expect: func(m *mock_ec2iface.MockEC2APIMockRecorder) {
+				m.DescribeVpcs(gomock.AssignableToTypeOf(&ec2.DescribeVpcsInput{})).Return(&ec2.DescribeVpcsOutput{
+					Vpcs: []*ec2.Vpc{
+						{
+							CidrBlockAssociationSet: []*ec2.VpcCidrBlockAssociation{
+								{CidrBlock: aws.String("secondary-cidr")},
+							},
+						},
+					}}, nil)
+				m.DisassociateVpcCidrBlock(gomock.AssignableToTypeOf(&ec2.DisassociateVpcCidrBlockInput{})).Return(nil, nil)
+			},
+		},
+		{
+			name:              "Should return error if failed to diassociate secondary cidr block",
+			haveSecondaryCIDR: true,
+			expect: func(m *mock_ec2iface.MockEC2APIMockRecorder) {
+				m.DescribeVpcs(gomock.AssignableToTypeOf(&ec2.DescribeVpcsInput{})).Return(&ec2.DescribeVpcsOutput{
+					Vpcs: []*ec2.Vpc{
+						{
+							CidrBlockAssociationSet: []*ec2.VpcCidrBlockAssociation{
+								{CidrBlock: aws.String("secondary-cidr")},
+							},
+						},
+					}}, nil)
+				m.DisassociateVpcCidrBlock(gomock.AssignableToTypeOf(&ec2.DisassociateVpcCidrBlockInput{})).Return(nil, awserrors.NewFailedDependency("dependency-failure"))
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			scheme, err := setupScheme()
+			g.Expect(err).NotTo(HaveOccurred())
+			cl := fake.NewClientBuilder().WithScheme(scheme).Build()
+
+			ec2Mock := mock_ec2iface.NewMockEC2API(mockCtrl)
+
+			mcpScope, err := setupNewManagedControlPlaneScope(cl)
+			g.Expect(err).NotTo(HaveOccurred())
+
+			if !tt.haveSecondaryCIDR {
+				mcpScope.ControlPlane.Spec.SecondaryCidrBlock = nil
+			}
+
+			s := NewService(mcpScope)
+			s.EC2Client = ec2Mock
+
+			if tt.expect != nil {
+				tt.expect(ec2Mock.EXPECT())
+			}
+
+			err = s.disassociateSecondaryCidr()
+			if tt.wantErr {
+				g.Expect(err).To(HaveOccurred())
+				return
+			}
+			g.Expect(err).NotTo(HaveOccurred())
+		})
+	}
+}
