Merge pull request #302 from RaphaelBut/osd-24458

openshift-merge-bot[bot] · web-flow · commit 324519ff1be5 · 2024-07-22T09:58:18.000Z
Update security group and subnet tag filters for 4.16
diff --git a/README.md b/README.md
@@ -65,7 +65,7 @@ Example usage:`./test/generate_incident.sh ClusterHasGoneMissing 2b94brrrrrrrrrr
   ```
 3) Run `cadctl` using the payload file
   ```bash
-  ./cadctl/cadctl investigate --payload-path payload
+  ./bin/cadctl investigate --payload-path payload
   ```
 
 ## Documentation
diff --git a/pkg/aws/aws.go b/pkg/aws/aws.go
@@ -438,8 +438,10 @@ func (c *SdkClient) GetSecurityGroupID(infraID string) (string, error) {
 	in := &ec2.DescribeSecurityGroupsInput{
 		Filters: []*ec2.Filter{
 			{
+				// Prior to 4.16: <infra_id>-master-sg
+				// 4.16+: <infra_id>-controlplane
 				Name:   aws.String("tag:Name"),
-				Values: []*string{aws.String(fmt.Sprintf("%s-worker-sg", infraID))},
+				Values: []*string{aws.String(fmt.Sprintf("%s-master-sg", infraID)), aws.String(fmt.Sprintf("%s-controlplane", infraID))},
 			},
 		},
 	}
@@ -451,7 +453,7 @@ func (c *SdkClient) GetSecurityGroupID(infraID string) (string, error) {
 		return "", fmt.Errorf("security groups are empty")
 	}
 	if len(*out.SecurityGroups[0].GroupId) == 0 {
-		return "", fmt.Errorf("failed to list security group %s-worker-sg", infraID)
+		return "", fmt.Errorf("failed to list security groups: %s-master-sg, %s-controlplane", infraID, infraID)
 	}
 	return *out.SecurityGroups[0].GroupId, nil
 }
@@ -461,8 +463,8 @@ func (c *SdkClient) GetSubnetID(infraID string) ([]string, error) {
 	in := &ec2.DescribeSubnetsInput{
 		Filters: []*ec2.Filter{
 			{
-				Name:   aws.String(fmt.Sprintf("tag:kubernetes.io/cluster/%s", infraID)),
-				Values: []*string{aws.String("owned")},
+				Name:   aws.String("tag-key"),
+				Values: []*string{aws.String(fmt.Sprintf("kubernetes.io/cluster/%s", infraID))},
 			},
 			{
 				Name:   aws.String("tag-key"),
@@ -475,7 +477,7 @@ func (c *SdkClient) GetSubnetID(infraID string) ([]string, error) {
 		return nil, fmt.Errorf("failed to find private subnet for %s: %w", infraID, err)
 	}
 	if len(out.Subnets) == 0 {
-		return nil, fmt.Errorf("found 0 subnets with kubernetes.io/cluster/%s=owned and kubernetes.io/role/internal-elb", infraID)
+		return nil, fmt.Errorf("found 0 subnets with kubernetes.io/cluster/%s and kubernetes.io/role/internal-elb", infraID)
 	}
 	return []string{*out.Subnets[0].SubnetId}, nil
 }
@@ -633,4 +635,4 @@ func (c *SdkClient) getRouteTable(routeTableID string) (*ec2.RouteTable, error)
 		return &ec2.RouteTable{}, fmt.Errorf("no route tables found for route table id %v", routeTableID)
 	}
 	return describeRouteTablesOutput.RouteTables[0], nil
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -438,8 +438,10 @@ func (c *SdkClient) GetSecurityGroupID(infraID string) (string, error) {`
`438`	`438`	`in := &ec2.DescribeSecurityGroupsInput{`
`439`	`439`	`Filters: []*ec2.Filter{`
`440`	`440`	`{`
	`441`	`+ // Prior to 4.16: <infra_id>-master-sg`
	`442`	`+ // 4.16+: <infra_id>-controlplane`
`441`	`443`	`Name: aws.String("tag:Name"),`
`442`		`- Values: []*string{aws.String(fmt.Sprintf("%s-worker-sg", infraID))},`
	`444`	`+ Values: []*string{aws.String(fmt.Sprintf("%s-master-sg", infraID)), aws.String(fmt.Sprintf("%s-controlplane", infraID))},`
`443`	`445`	`},`
`444`	`446`	`},`
`445`	`447`	`}`
`@@ -451,7 +453,7 @@ func (c *SdkClient) GetSecurityGroupID(infraID string) (string, error) {`
`451`	`453`	`return "", fmt.Errorf("security groups are empty")`
`452`	`454`	`}`
`453`	`455`	`if len(*out.SecurityGroups[0].GroupId) == 0 {`
`454`		`- return "", fmt.Errorf("failed to list security group %s-worker-sg", infraID)`
	`456`	`+ return "", fmt.Errorf("failed to list security groups: %s-master-sg, %s-controlplane", infraID, infraID)`
`455`	`457`	`}`
`456`	`458`	`return *out.SecurityGroups[0].GroupId, nil`
`457`	`459`	`}`
`@@ -461,8 +463,8 @@ func (c *SdkClient) GetSubnetID(infraID string) ([]string, error) {`
`461`	`463`	`in := &ec2.DescribeSubnetsInput{`
`462`	`464`	`Filters: []*ec2.Filter{`
`463`	`465`	`{`
`464`		`- Name: aws.String(fmt.Sprintf("tag:kubernetes.io/cluster/%s", infraID)),`
`465`		`- Values: []*string{aws.String("owned")},`
	`466`	`+ Name: aws.String("tag-key"),`
	`467`	`+ Values: []*string{aws.String(fmt.Sprintf("kubernetes.io/cluster/%s", infraID))},`
`466`	`468`	`},`
`467`	`469`	`{`
`468`	`470`	`Name: aws.String("tag-key"),`
`@@ -475,7 +477,7 @@ func (c *SdkClient) GetSubnetID(infraID string) ([]string, error) {`
`475`	`477`	`return nil, fmt.Errorf("failed to find private subnet for %s: %w", infraID, err)`
`476`	`478`	`}`
`477`	`479`	`if len(out.Subnets) == 0 {`
`478`		`- return nil, fmt.Errorf("found 0 subnets with kubernetes.io/cluster/%s=owned and kubernetes.io/role/internal-elb", infraID)`
	`480`	`+ return nil, fmt.Errorf("found 0 subnets with kubernetes.io/cluster/%s and kubernetes.io/role/internal-elb", infraID)`
`479`	`481`	`}`
`480`	`482`	`return []string{*out.Subnets[0].SubnetId}, nil`
`481`	`483`	`}`
`@@ -633,4 +635,4 @@ func (c SdkClient) getRouteTable(routeTableID string) (ec2.RouteTable, error)`
`633`	`635`	`return &ec2.RouteTable{}, fmt.Errorf("no route tables found for route table id %v", routeTableID)`
`634`	`636`	`}`
`635`	`637`	`return describeRouteTablesOutput.RouteTables[0], nil`
`636`		`-}`
	`638`	`+}`