From ed9dd346ccab98ef574a310a690a3dbd685d2e86 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Tue, 18 Feb 2025 00:17:45 +0000 Subject: [PATCH] Update to ACK runtime `v0.43.0`, code-generator `v0.43.0` --- apis/v1alpha1/ack-generate-metadata.yaml | 8 ++-- config/controller/kustomization.yaml | 2 +- go.mod | 2 +- go.sum | 4 +- helm/Chart.yaml | 4 +- helm/templates/NOTES.txt | 2 +- helm/values.yaml | 2 +- pkg/resource/backup/manager.go | 26 +++++++++++++ pkg/resource/global_table/manager.go | 26 +++++++++++++ pkg/resource/table/manager.go | 44 ++++++++++++++++++++++ pkg/resource/table/tags.go | 48 +++++++++++++++++++++++- 11 files changed, 154 insertions(+), 14 deletions(-) diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml index 8c13846..4b276f8 100755 --- a/apis/v1alpha1/ack-generate-metadata.yaml +++ b/apis/v1alpha1/ack-generate-metadata.yaml @@ -1,8 +1,8 @@ ack_generate_info: - build_date: "2025-02-06T03:20:35Z" - build_hash: 8762917215d9902b2011a2b0b1b0c776855a683e - go_version: go1.23.5 - version: v0.42.0 + build_date: "2025-02-18T00:17:10Z" + build_hash: 66c0f840b0bcf6f552be46cf5ee0fb95ad57053e + go_version: go1.23.6 + version: v0.43.0 api_directory_checksum: cbd3e29134a6bc5a70efe61088179285fe9ae0c0 api_version: v1alpha1 aws_sdk_go_version: v1.32.6 diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml index 6dee898..204013a 100644 --- a/config/controller/kustomization.yaml +++ b/config/controller/kustomization.yaml @@ -6,4 +6,4 @@ kind: Kustomization images: - name: controller newName: public.ecr.aws/aws-controllers-k8s/dynamodb-controller - newTag: 1.2.18 + newTag: 1.2.19 diff --git a/go.mod b/go.mod index 5f8067c..57df6ef 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.22.0 toolchain go1.22.5 require ( - github.com/aws-controllers-k8s/runtime v0.42.0 + github.com/aws-controllers-k8s/runtime v0.43.0 github.com/aws/aws-sdk-go v1.49.0 github.com/aws/aws-sdk-go-v2 v1.36.0 github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.8 diff --git a/go.sum b/go.sum index 8e18cca..1f9d444 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/aws-controllers-k8s/runtime v0.42.0 h1:fVb3cOwUtn0ZwTSedapES+Rspb97S8BTxMqXJt6R5uM= -github.com/aws-controllers-k8s/runtime v0.42.0/go.mod h1:Oy0JKvDxZMZ+SVupm4NZVqP00KLIIAMfk93KnOwlt5c= +github.com/aws-controllers-k8s/runtime v0.43.0 h1:mCtMHO0rew84VbqotquvBirnKysbao+y2G3QI8bKZxM= +github.com/aws-controllers-k8s/runtime v0.43.0/go.mod h1:Oy0JKvDxZMZ+SVupm4NZVqP00KLIIAMfk93KnOwlt5c= github.com/aws/aws-sdk-go v1.49.0 h1:g9BkW1fo9GqKfwg2+zCD+TW/D36Ux+vtfJ8guF4AYmY= github.com/aws/aws-sdk-go v1.49.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aws/aws-sdk-go-v2 v1.36.0 h1:b1wM5CcE65Ujwn565qcwgtOTT1aT4ADOHHgglKjG7fk= diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 22d55bf..f7d5b85 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: dynamodb-chart description: A Helm chart for the ACK service controller for Amazon DynamoDB (DynamoDB) -version: 1.2.18 -appVersion: 1.2.18 +version: 1.2.19 +appVersion: 1.2.19 home: https://github.com/aws-controllers-k8s/dynamodb-controller icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt index d5643bf..9fe3fa3 100644 --- a/helm/templates/NOTES.txt +++ b/helm/templates/NOTES.txt @@ -1,5 +1,5 @@ {{ .Chart.Name }} has been installed. -This chart deploys "public.ecr.aws/aws-controllers-k8s/dynamodb-controller:1.2.18". +This chart deploys "public.ecr.aws/aws-controllers-k8s/dynamodb-controller:1.2.19". Check its status by running: kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/helm/values.yaml b/helm/values.yaml index 6e5a60c..eba57e8 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -4,7 +4,7 @@ image: repository: public.ecr.aws/aws-controllers-k8s/dynamodb-controller - tag: 1.2.18 + tag: 1.2.19 pullPolicy: IfNotPresent pullSecrets: [] diff --git a/pkg/resource/backup/manager.go b/pkg/resource/backup/manager.go index 760a9e4..655d732 100644 --- a/pkg/resource/backup/manager.go +++ b/pkg/resource/backup/manager.go @@ -102,6 +102,7 @@ func (rm *resourceManager) ReadOne( panic("resource manager's ReadOne() method received resource with nil CR object") } observed, err := rm.sdkFind(ctx, r) + mirrorAWSTags(r, observed) if err != nil { if observed != nil { return rm.onError(observed, err) @@ -294,6 +295,31 @@ func (rm *resourceManager) EnsureTags( return nil } +// FilterAWSTags ignores tags that have keys that start with "aws:" +// is needed to ensure the controller does not attempt to remove +// tags set by AWS. This function needs to be called after each Read +// operation. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { + +} + +// mirrorAWSTags ensures that AWS tags are included in the desired resource +// if they are present in the latest resource. This will ensure that the +// aws tags are not present in a diff. The logic of the controller will +// ensure these tags aren't patched to the resource in the cluster, and +// will only be present to make sure we don't try to remove these tags. +// +// Although there are a lot of similarities between this function and +// EnsureTags, they are very much different. +// While EnsureTags tries to make sure the resource contains the controller +// tags, mirrowAWSTags tries to make sure tags injected by AWS are mirrored +// from the latest resoruce to the desired resource. +func mirrorAWSTags(a *resource, b *resource) { + +} + // newResourceManager returns a new struct implementing // acktypes.AWSResourceManager // This is for AWS-SDK-GO-V2 - Created newResourceManager With AWS sdk-Go-ClientV2 diff --git a/pkg/resource/global_table/manager.go b/pkg/resource/global_table/manager.go index 70c93f8..e6e8761 100644 --- a/pkg/resource/global_table/manager.go +++ b/pkg/resource/global_table/manager.go @@ -102,6 +102,7 @@ func (rm *resourceManager) ReadOne( panic("resource manager's ReadOne() method received resource with nil CR object") } observed, err := rm.sdkFind(ctx, r) + mirrorAWSTags(r, observed) if err != nil { if observed != nil { return rm.onError(observed, err) @@ -294,6 +295,31 @@ func (rm *resourceManager) EnsureTags( return nil } +// FilterAWSTags ignores tags that have keys that start with "aws:" +// is needed to ensure the controller does not attempt to remove +// tags set by AWS. This function needs to be called after each Read +// operation. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { + +} + +// mirrorAWSTags ensures that AWS tags are included in the desired resource +// if they are present in the latest resource. This will ensure that the +// aws tags are not present in a diff. The logic of the controller will +// ensure these tags aren't patched to the resource in the cluster, and +// will only be present to make sure we don't try to remove these tags. +// +// Although there are a lot of similarities between this function and +// EnsureTags, they are very much different. +// While EnsureTags tries to make sure the resource contains the controller +// tags, mirrowAWSTags tries to make sure tags injected by AWS are mirrored +// from the latest resoruce to the desired resource. +func mirrorAWSTags(a *resource, b *resource) { + +} + // newResourceManager returns a new struct implementing // acktypes.AWSResourceManager // This is for AWS-SDK-GO-V2 - Created newResourceManager With AWS sdk-Go-ClientV2 diff --git a/pkg/resource/table/manager.go b/pkg/resource/table/manager.go index f330f4a..dda8240 100644 --- a/pkg/resource/table/manager.go +++ b/pkg/resource/table/manager.go @@ -102,6 +102,7 @@ func (rm *resourceManager) ReadOne( panic("resource manager's ReadOne() method received resource with nil CR object") } observed, err := rm.sdkFind(ctx, r) + mirrorAWSTags(r, observed) if err != nil { if observed != nil { return rm.onError(observed, err) @@ -304,6 +305,49 @@ func (rm *resourceManager) EnsureTags( return nil } +// FilterAWSTags ignores tags that have keys that start with "aws:" +// is needed to ensure the controller does not attempt to remove +// tags set by AWS. This function needs to be called after each Read +// operation. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { + r := rm.concreteResource(res) + if r == nil || r.ko == nil { + return + } + var existingTags []*svcapitypes.Tag + existingTags = r.ko.Spec.Tags + resourceTags := ToACKTags(existingTags) + ignoreSystemTags(resourceTags) + r.ko.Spec.Tags = FromACKTags(resourceTags) +} + +// mirrorAWSTags ensures that AWS tags are included in the desired resource +// if they are present in the latest resource. This will ensure that the +// aws tags are not present in a diff. The logic of the controller will +// ensure these tags aren't patched to the resource in the cluster, and +// will only be present to make sure we don't try to remove these tags. +// +// Although there are a lot of similarities between this function and +// EnsureTags, they are very much different. +// While EnsureTags tries to make sure the resource contains the controller +// tags, mirrowAWSTags tries to make sure tags injected by AWS are mirrored +// from the latest resoruce to the desired resource. +func mirrorAWSTags(a *resource, b *resource) { + if a == nil || a.ko == nil || b == nil || b.ko == nil { + return + } + var existingLatestTags []*svcapitypes.Tag + var existingDesiredTags []*svcapitypes.Tag + existingDesiredTags = a.ko.Spec.Tags + existingLatestTags = b.ko.Spec.Tags + desiredTags := ToACKTags(existingDesiredTags) + latestTags := ToACKTags(existingLatestTags) + syncAWSTags(desiredTags, latestTags) + a.ko.Spec.Tags = FromACKTags(desiredTags) +} + // newResourceManager returns a new struct implementing // acktypes.AWSResourceManager // This is for AWS-SDK-GO-V2 - Created newResourceManager With AWS sdk-Go-ClientV2 diff --git a/pkg/resource/table/tags.go b/pkg/resource/table/tags.go index 47aa22f..fa49d2a 100644 --- a/pkg/resource/table/tags.go +++ b/pkg/resource/table/tags.go @@ -16,14 +16,18 @@ package table import ( + "slices" + "strings" + acktags "github.com/aws-controllers-k8s/runtime/pkg/tags" svcapitypes "github.com/aws-controllers-k8s/dynamodb-controller/apis/v1alpha1" ) var ( - _ = svcapitypes.Table{} - _ = acktags.NewTags() + _ = svcapitypes.Table{} + _ = acktags.NewTags() + ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} ) // ToACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -61,3 +65,43 @@ func FromACKTags(tags acktags.Tags) []*svcapitypes.Tag { } return result } + +// ignoreSystemTags ignores tags that have keys that start with "aws:" +// and ACKSystemTags, to avoid patching them to the resourceSpec. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func ignoreSystemTags(tags acktags.Tags) { + for k := range tags { + if strings.HasPrefix(k, "aws:") || + slices.Contains(ACKSystemTags, k) { + delete(tags, k) + } + } +} + +// syncAWSTags ensures AWS-managed tags (prefixed with "aws:") from the latest resource state +// are preserved in the desired state. This prevents the controller from attempting to +// modify AWS-managed tags, which would result in an error. +// +// AWS-managed tags are automatically added by AWS services (e.g., CloudFormation, Service Catalog) +// and cannot be modified or deleted through normal tag operations. Common examples include: +// - aws:cloudformation:stack-name +// - aws:servicecatalog:productArn +// +// Parameters: +// - a: The target Tags map to be updated (typically desired state) +// - b: The source Tags map containing AWS-managed tags (typically latest state) +// +// Example: +// +// latest := Tags{"aws:cloudformation:stack-name": "my-stack", "environment": "prod"} +// desired := Tags{"environment": "dev"} +// SyncAWSTags(desired, latest) +// desired now contains {"aws:cloudformation:stack-name": "my-stack", "environment": "dev"} +func syncAWSTags(a acktags.Tags, b acktags.Tags) { + for k := range b { + if strings.HasPrefix(k, "aws:") { + a[k] = b[k] + } + } +}