Add support for clusters running in private VPC (#627)

Add support for clusters running in private VPC

Author: aaroniscode

cmd/aws-application-networking-k8s/main.go

@@ -18,12 +18,13 @@ package main
 
 import (
 	"flag"
+	"os"
+	"strings"
+
 	"github.com/aws/aws-application-networking-k8s/pkg/webhook"
 	"github.com/go-logr/zapr"
 	"go.uber.org/zap/zapcore"
-	"os"
 	k8swebhook "sigs.k8s.io/controller-runtime/pkg/webhook"
-	"strings"
 
 	"github.com/aws/aws-application-networking-k8s/pkg/aws"
 	"github.com/aws/aws-application-networking-k8s/pkg/utils/gwlog"
@@ -121,13 +122,15 @@ func main() {
 		"DefaultServiceNetwork", config.DefaultServiceNetwork,
 		"ClusterName", config.ClusterName,
 		"LogLevel", logLevel,
+		"DisableTaggingServiceAPI", config.DisableTaggingServiceAPI,
 	)
 
 	cloud, err := aws.NewCloud(log.Named("cloud"), aws.CloudConfig{
-		VpcId:       config.VpcID,
-		AccountId:   config.AccountID,
-		Region:      config.Region,
-		ClusterName: config.ClusterName,
+		VpcId:                     config.VpcID,
+		AccountId:                 config.AccountID,
+		Region:                    config.Region,
+		ClusterName:               config.ClusterName,
+		TaggingServiceAPIDisabled: config.DisableTaggingServiceAPI,
 	}, metrics.Registry)
 	if err != nil {
 		setupLog.Fatal("cloud client setup failed: %s", err)

pkg/aws/cloud.go

@@ -1,6 +1,7 @@
 package aws
 
 import (
+	"context"
 	"fmt"
 
 	"github.com/prometheus/client_golang/prometheus"
@@ -10,7 +11,6 @@ import (
 	"github.com/aws/aws-sdk-go/service/vpclattice"
 	"golang.org/x/exp/maps"
 
-	"context"
 	"github.com/aws/aws-application-networking-k8s/pkg/aws/metrics"
 	"github.com/aws/aws-application-networking-k8s/pkg/aws/services"
 	"github.com/aws/aws-application-networking-k8s/pkg/utils/gwlog"
@@ -24,10 +24,11 @@ const (
 //go:generate mockgen -destination cloud_mocks.go -package aws github.com/aws/aws-application-networking-k8s/pkg/aws Cloud
 
 type CloudConfig struct {
-	VpcId       string
-	AccountId   string
-	Region      string
-	ClusterName string
+	VpcId                     string
+	AccountId                 string
+	Region                    string
+	ClusterName               string
+	TaggingServiceAPIDisabled bool
 }
 
 type Cloud interface {
@@ -82,7 +83,14 @@ func NewCloud(log gwlog.Logger, cfg CloudConfig, metricsRegisterer prometheus.Re
 	}
 
 	lattice := services.NewDefaultLattice(sess, cfg.AccountId, cfg.Region)
-	tagging := services.NewDefaultTagging(sess, cfg.Region)
+	var tagging services.Tagging
+
+	if cfg.TaggingServiceAPIDisabled {
+		tagging = services.NewLatticeTagging(sess, cfg.AccountId, cfg.Region, cfg.VpcId)
+	} else {
+		tagging = services.NewDefaultTagging(sess, cfg.Region)
+	}
+
 	cl := NewDefaultCloudWithTagging(lattice, tagging, cfg)
 	return cl, nil
 }

pkg/aws/cloud_test.go

@@ -30,7 +30,7 @@ func TestGetManagedByTag(t *testing.T) {
 }
 
 func TestDefaultTags(t *testing.T) {
-	cfg := CloudConfig{"acc", "vpc", "region", "cluster"}
+	cfg := CloudConfig{"acc", "vpc", "region", "cluster", false}
 	c := NewDefaultCloud(nil, cfg)
 	tags := c.DefaultTags()
 	tagWant := getManagedByTag(cfg)

pkg/aws/services/tagging.go

@@ -2,11 +2,14 @@ package services
 
 import (
 	"context"
+	"fmt"
+
 	"github.com/aws/aws-application-networking-k8s/pkg/utils"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
 	taggingapi "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi"
 	taggingapiiface "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi/resourcegroupstaggingapiiface"
+	"github.com/aws/aws-sdk-go/service/vpclattice"
 )
 
 //go:generate mockgen -destination tagging_mocks.go -package services github.com/aws/aws-application-networking-k8s/pkg/aws/services Tagging
@@ -26,8 +29,6 @@ const (
 type Tags = map[string]*string
 
 type Tagging interface {
-	taggingapiiface.ResourceGroupsTaggingAPIAPI
-
 	// Receives a list of arns and returns arn-to-tags map.
 	GetTagsForArns(ctx context.Context, arns []string) (map[string]Tags, error)
 
@@ -39,6 +40,11 @@ type defaultTagging struct {
 	taggingapiiface.ResourceGroupsTaggingAPIAPI
 }
 
+type latticeTagging struct {
+	Lattice
+	vpcId string
+}
+
 func (t *defaultTagging) GetTagsForArns(ctx context.Context, arns []string) (map[string]Tags, error) {
 	chunks := utils.Chunks(utils.SliceMap(arns, aws.String), maxArnsPerGetResourcesApi)
 	result := make(map[string]Tags)
@@ -80,6 +86,67 @@ func NewDefaultTagging(sess *session.Session, region string) *defaultTagging {
 	return &defaultTagging{ResourceGroupsTaggingAPIAPI: api}
 }
 
+// Use VPC Lattice API instead of the Resource Groups Tagging API
+func NewLatticeTagging(sess *session.Session, acc string, region string, vpcId string) *latticeTagging {
+	api := NewDefaultLattice(sess, acc, region)
+	return &latticeTagging{Lattice: api, vpcId: vpcId}
+}
+
+func (t *latticeTagging) GetTagsForArns(ctx context.Context, arns []string) (map[string]Tags, error) {
+	result := map[string]Tags{}
+
+	for _, arn := range arns {
+		tags, err := t.ListTagsForResourceWithContext(ctx,
+			&vpclattice.ListTagsForResourceInput{ResourceArn: aws.String(arn)},
+		)
+		if err != nil {
+			return nil, err
+		}
+		result[arn] = tags.Tags
+	}
+	return result, nil
+}
+
+func (t *latticeTagging) FindResourcesByTags(ctx context.Context, resourceType ResourceType, tags Tags) ([]string, error) {
+	if resourceType != ResourceTypeTargetGroup {
+		return nil, fmt.Errorf("unsupported resource type %q for FindResourcesByTags", resourceType)
+	}
+
+	tgs, err := t.ListTargetGroupsAsList(ctx, &vpclattice.ListTargetGroupsInput{
+		VpcIdentifier: aws.String(t.vpcId),
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	arns := make([]string, 0, len(tgs))
+
+	for _, tg := range tgs {
+		resp, err := t.ListTagsForResourceWithContext(ctx,
+			&vpclattice.ListTagsForResourceInput{ResourceArn: tg.Arn},
+		)
+		if err != nil {
+			return nil, err
+		}
+
+		if containsTags(resp.Tags, tags) {
+			arns = append(arns, aws.StringValue(tg.Arn))
+		}
+	}
+
+	return arns, nil
+}
+
+func containsTags(source, check Tags) bool {
+	for k, v := range check {
+		sourceV, ok := source[k]
+		if !ok || aws.StringValue(sourceV) != aws.StringValue(v) {
+			return false
+		}
+	}
+	return len(check) != 0
+}
+
 func convertTags(tags []*taggingapi.Tag) Tags {
 	out := make(Tags)
 	for _, tag := range tags {