-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added Support for Updating Access Log Policies #442
Conversation
Pull Request Test Coverage Report for Build 6593477191
💛 - Coveralls |
if err != nil { | ||
switch e := err.(type) { | ||
case *vpclattice.AccessDeniedException: | ||
return nil, services.NewInvalidError(e.Message()) | ||
case *vpclattice.ResourceNotFoundException: | ||
if *e.ResourceType == "SERVICE_NETWORK" || *e.ResourceType == "SERVICE" { | ||
return nil, services.NewNotFoundError(string(accessLogSubscription.Spec.SourceType), accessLogSubscription.Spec.SourceName) | ||
} | ||
return nil, services.NewInvalidError(e.Message()) | ||
case *vpclattice.ConflictException: | ||
/* | ||
* A conflict can happen when the destination type of the new ALS is different from the original. | ||
* To gracefully handle this, we create a new ALS with the new destination, then delete the old one. | ||
*/ | ||
alsStatus, err := m.Create(ctx, accessLogSubscription) | ||
if err != nil { | ||
return nil, err | ||
} | ||
err = m.Delete(ctx, accessLogSubscription) | ||
if err != nil { | ||
return nil, err | ||
} | ||
return alsStatus, nil | ||
} | ||
} | ||
|
||
return &lattice.AccessLogSubscriptionStatus{ | ||
Arn: *updateALSOutput.Arn, | ||
}, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since you are getting into de-nesting code. You can change this one too.
if err == nil {
return &lattice.AccessLogSubscriptionStatus{
Arn: *updateALSOutput.Arn,
}, nil
}
swtich ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, will do
Had to fixed some git issues, but commit history should be cleaner now. Addressed above comments. |
ResourceType: aws.String("ACCESS_LOG_SUBSCRIPTION"), | ||
} | ||
|
||
mockLattice.EXPECT().UpdateAccessLogSubscriptionWithContext(ctx, updateALSInput).Return(nil, updateALSError) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a thought, which can reduce code for unit tests, makes it easier to read and change in future.
In this mock we do 2 things, 1. assert input into lattice client is correct and 2. it produces output which use later in manager.
And every test here asserts that input to lattice is correct. I dont think we need that, we can create a single test that makes sure we call Lattice with expected fields populated. For remaining tests we use any() in place of input. For example:
mockLattice.EXPECT().
FindService(gomock.Any(), gomock.Any()).
Return(&vpclattice.ServiceSummary{
Arn: aws.String("svc-arn"),
Id: aws.String("svc-id"),
Name: aws.String(svc.LatticeServiceName()),
}, nil)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it was a minor comment, I'm ok with current version
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I prefer the more explicit nature of the existing code
/* | ||
* A conflict can happen when the destination type of the new ALS is different from the original. | ||
* To gracefully handle this, we create a new ALS with the new destination, then delete the old one. | ||
*/ | ||
alsStatus, err := m.Create(ctx, accessLogSubscription) | ||
if err != nil { | ||
return nil, err | ||
} | ||
err = m.Delete(ctx, accessLogSubscription) | ||
if err != nil { | ||
return nil, err | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like we create and delete same accessLogSubscription, not "new" and "old" ones.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Create uses the ALS Spec to call VPC Lattice Create API
Delete uses the ARN of the ALS to call VPC Lattice Delete API
I could change Delete function to simply accept an ARN, I think that would make more sense anyways
New functionality:
|
What type of PR is this?
feature
Which issue does this PR fix:
#200 partially
What does this PR do / Why do we need it:
destinationArn
of the same destination type (i.e. S3 Bucket, CloudWatch Log Group, or Firehose Delivery Stream), the underlying Access Log Subscription (ALS) is updateddestinationArn
of a different destination type, a new ALS is created to replace it, then the previous one is deletedVpcLatticeAccessLogSubscription
annotation is updated with the new ARNtargetRef
, a new ALS is created to replace the existing one, then the old one is deleted and the ALP'sVpcLatticeAccessLogSubscription
annotation is updateddestinationArn
for a destination that does not exist, the status of the ALP is set to InvalidtargetRef
for a non-existent target, the status of the ALP is set to TargetNotFounddestinationArn
for a destination type that is already in use for that target, the status of the ALP is set to ConflictedIf an issue # is not available please add repro steps and logs from aws-gateway-controller showing the issue:
Testing done on this change:
Automation added to e2e:
New test:
update properly changes or replaces Access Log Subscription and sets Access Log Policy status
Will this PR introduce any new dependencies?:
No new dependencies, but one new CloudWatch Log Group is created/deleted as part of the e2e test. This is needed since we need two different destinations of the same type to verify the conflict scenario.
Will this break upgrades or downgrades. Has updating a running cluster been tested?:
No.
Does this PR introduce any user-facing change?:
Yes, but release note will be added in the final PR, which will include the API spec
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.