From 10d2e590054c17615d3d7041346457f4ba6bb9fb Mon Sep 17 00:00:00 2001 From: ci-robot Date: Tue, 18 Feb 2025 01:04:14 +0000 Subject: [PATCH] Update to ACK runtime `v0.43.0`, code-generator `v0.43.0` --- OWNERS | 3 +- OWNERS_ALIASES | 19 ++++---- apis/v1alpha1/ack-generate-metadata.yaml | 8 ++-- config/controller/kustomization.yaml | 2 +- go.mod | 2 +- go.sum | 4 +- helm/Chart.yaml | 4 +- helm/templates/NOTES.txt | 2 +- helm/values.yaml | 2 +- pkg/resource/cache_cluster/manager.go | 44 +++++++++++++++++ pkg/resource/cache_cluster/tags.go | 48 ++++++++++++++++++- pkg/resource/cache_parameter_group/manager.go | 44 +++++++++++++++++ pkg/resource/cache_parameter_group/tags.go | 48 ++++++++++++++++++- pkg/resource/cache_subnet_group/manager.go | 44 +++++++++++++++++ pkg/resource/cache_subnet_group/tags.go | 48 ++++++++++++++++++- pkg/resource/replication_group/manager.go | 44 +++++++++++++++++ pkg/resource/replication_group/tags.go | 48 ++++++++++++++++++- pkg/resource/snapshot/manager.go | 44 +++++++++++++++++ pkg/resource/snapshot/tags.go | 48 ++++++++++++++++++- pkg/resource/user/manager.go | 44 +++++++++++++++++ pkg/resource/user/tags.go | 48 ++++++++++++++++++- pkg/resource/user_group/manager.go | 44 +++++++++++++++++ pkg/resource/user_group/tags.go | 48 ++++++++++++++++++- 23 files changed, 653 insertions(+), 37 deletions(-) diff --git a/OWNERS b/OWNERS index 5f7c991..ceb3426 100644 --- a/OWNERS +++ b/OWNERS @@ -1,5 +1,4 @@ # See the OWNERS docs at https://go.k8s.io/owners approvers: - - core-ack-team - - service-team \ No newline at end of file + - core-ack-team \ No newline at end of file diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 3332f9f..ded809f 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -1,15 +1,16 @@ # See the OWNERS docs at https://go.k8s.io/owners#owners_aliases aliases: - # Always allow the core ACK maintainers to have access to your repository core-ack-team: - - jaypipes - - mhausenblas - a-hilaly + - jlbutler + - michaelhtm + - TiberiuGC - rushmash91 - - RedbackThomson - - vijtrip2 - # TODO: Add your team members to your team controller alias - service-team: - - nmvk - - kumargauravsharma + # emeritus-core-ack-team: + # - jaypipes + # - jljaco + # - mhausenblas + # - RedbackThomson + # - vijtrip2 + # - ivelichkovich \ No newline at end of file diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml index 32b410f..decb1bb 100755 --- a/apis/v1alpha1/ack-generate-metadata.yaml +++ b/apis/v1alpha1/ack-generate-metadata.yaml @@ -1,8 +1,8 @@ ack_generate_info: - build_date: "2025-02-17T19:36:08Z" - build_hash: 8762917215d9902b2011a2b0b1b0c776855a683e - go_version: go1.23.4 - version: v0.42.0 + build_date: "2025-02-18T01:03:38Z" + build_hash: 66c0f840b0bcf6f552be46cf5ee0fb95ad57053e + go_version: go1.23.6 + version: v0.43.0 api_directory_checksum: 0f68037c7970cd69c9365d191e78762f7ed5a7c5 api_version: v1alpha1 aws_sdk_go_version: v1.32.6 diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml index 38a413e..f6bfc6c 100644 --- a/config/controller/kustomization.yaml +++ b/config/controller/kustomization.yaml @@ -6,4 +6,4 @@ kind: Kustomization images: - name: controller newName: public.ecr.aws/aws-controllers-k8s/elasticache-controller - newTag: 0.1.0 + newTag: 0.1.1 diff --git a/go.mod b/go.mod index 71fffe1..987b0c6 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ toolchain go1.23.4 require ( github.com/aws-controllers-k8s/ec2-controller v1.0.7 - github.com/aws-controllers-k8s/runtime v0.42.0 + github.com/aws-controllers-k8s/runtime v0.43.0 github.com/aws-controllers-k8s/sns-controller v1.0.11 github.com/aws/aws-sdk-go v1.49.0 github.com/aws/aws-sdk-go-v2 v1.36.1 diff --git a/go.sum b/go.sum index 404de65..27c3239 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/aws-controllers-k8s/ec2-controller v1.0.7 h1:7MDu2bq8NFKbgzzgHYPFRT7bf+SmTchgWuq8ixKK0Jc= github.com/aws-controllers-k8s/ec2-controller v1.0.7/go.mod h1:PvsQehgncHgcu9FiY13M45+GkVsKI98g7G83SrgH7vY= -github.com/aws-controllers-k8s/runtime v0.42.0 h1:fVb3cOwUtn0ZwTSedapES+Rspb97S8BTxMqXJt6R5uM= -github.com/aws-controllers-k8s/runtime v0.42.0/go.mod h1:Oy0JKvDxZMZ+SVupm4NZVqP00KLIIAMfk93KnOwlt5c= +github.com/aws-controllers-k8s/runtime v0.43.0 h1:mCtMHO0rew84VbqotquvBirnKysbao+y2G3QI8bKZxM= +github.com/aws-controllers-k8s/runtime v0.43.0/go.mod h1:Oy0JKvDxZMZ+SVupm4NZVqP00KLIIAMfk93KnOwlt5c= github.com/aws-controllers-k8s/sns-controller v1.0.11 h1:nnkywTHzO64y7RrrfoPNyYf1TOkkQHtlg+S0jEPKUZ8= github.com/aws-controllers-k8s/sns-controller v1.0.11/go.mod h1:ODQIDZR3hHQqcyif4UXVFQfEzTaWU1jqFtVr83K2p9M= github.com/aws/aws-sdk-go v1.49.0 h1:g9BkW1fo9GqKfwg2+zCD+TW/D36Ux+vtfJ8guF4AYmY= diff --git a/helm/Chart.yaml b/helm/Chart.yaml index d776d05..2ab96f9 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: elasticache-chart description: A Helm chart for the ACK service controller for Amazon ElastiCache (ElastiCache) -version: 0.1.0 -appVersion: 0.1.0 +version: 0.1.1 +appVersion: 0.1.1 home: https://github.com/aws-controllers-k8s/elasticache-controller icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt index 752add2..92e070c 100644 --- a/helm/templates/NOTES.txt +++ b/helm/templates/NOTES.txt @@ -1,5 +1,5 @@ {{ .Chart.Name }} has been installed. -This chart deploys "public.ecr.aws/aws-controllers-k8s/elasticache-controller:0.1.0". +This chart deploys "public.ecr.aws/aws-controllers-k8s/elasticache-controller:0.1.1". Check its status by running: kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/helm/values.yaml b/helm/values.yaml index ebb124b..f202f9a 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -4,7 +4,7 @@ image: repository: public.ecr.aws/aws-controllers-k8s/elasticache-controller - tag: 0.1.0 + tag: 0.1.1 pullPolicy: IfNotPresent pullSecrets: [] diff --git a/pkg/resource/cache_cluster/manager.go b/pkg/resource/cache_cluster/manager.go index e5949da..ac19458 100644 --- a/pkg/resource/cache_cluster/manager.go +++ b/pkg/resource/cache_cluster/manager.go @@ -102,6 +102,7 @@ func (rm *resourceManager) ReadOne( panic("resource manager's ReadOne() method received resource with nil CR object") } observed, err := rm.sdkFind(ctx, r) + mirrorAWSTags(r, observed) if err != nil { if observed != nil { return rm.onError(observed, err) @@ -305,6 +306,49 @@ func (rm *resourceManager) EnsureTags( return nil } +// FilterAWSTags ignores tags that have keys that start with "aws:" +// is needed to ensure the controller does not attempt to remove +// tags set by AWS. This function needs to be called after each Read +// operation. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { + r := rm.concreteResource(res) + if r == nil || r.ko == nil { + return + } + var existingTags []*svcapitypes.Tag + existingTags = r.ko.Spec.Tags + resourceTags := ToACKTags(existingTags) + ignoreSystemTags(resourceTags) + r.ko.Spec.Tags = FromACKTags(resourceTags) +} + +// mirrorAWSTags ensures that AWS tags are included in the desired resource +// if they are present in the latest resource. This will ensure that the +// aws tags are not present in a diff. The logic of the controller will +// ensure these tags aren't patched to the resource in the cluster, and +// will only be present to make sure we don't try to remove these tags. +// +// Although there are a lot of similarities between this function and +// EnsureTags, they are very much different. +// While EnsureTags tries to make sure the resource contains the controller +// tags, mirrowAWSTags tries to make sure tags injected by AWS are mirrored +// from the latest resoruce to the desired resource. +func mirrorAWSTags(a *resource, b *resource) { + if a == nil || a.ko == nil || b == nil || b.ko == nil { + return + } + var existingLatestTags []*svcapitypes.Tag + var existingDesiredTags []*svcapitypes.Tag + existingDesiredTags = a.ko.Spec.Tags + existingLatestTags = b.ko.Spec.Tags + desiredTags := ToACKTags(existingDesiredTags) + latestTags := ToACKTags(existingLatestTags) + syncAWSTags(desiredTags, latestTags) + a.ko.Spec.Tags = FromACKTags(desiredTags) +} + // newResourceManager returns a new struct implementing // acktypes.AWSResourceManager // This is for AWS-SDK-GO-V2 - Created newResourceManager With AWS sdk-Go-ClientV2 diff --git a/pkg/resource/cache_cluster/tags.go b/pkg/resource/cache_cluster/tags.go index 269967a..0f409b9 100644 --- a/pkg/resource/cache_cluster/tags.go +++ b/pkg/resource/cache_cluster/tags.go @@ -16,14 +16,18 @@ package cache_cluster import ( + "slices" + "strings" + acktags "github.com/aws-controllers-k8s/runtime/pkg/tags" svcapitypes "github.com/aws-controllers-k8s/elasticache-controller/apis/v1alpha1" ) var ( - _ = svcapitypes.CacheCluster{} - _ = acktags.NewTags() + _ = svcapitypes.CacheCluster{} + _ = acktags.NewTags() + ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} ) // ToACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -61,3 +65,43 @@ func FromACKTags(tags acktags.Tags) []*svcapitypes.Tag { } return result } + +// ignoreSystemTags ignores tags that have keys that start with "aws:" +// and ACKSystemTags, to avoid patching them to the resourceSpec. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func ignoreSystemTags(tags acktags.Tags) { + for k := range tags { + if strings.HasPrefix(k, "aws:") || + slices.Contains(ACKSystemTags, k) { + delete(tags, k) + } + } +} + +// syncAWSTags ensures AWS-managed tags (prefixed with "aws:") from the latest resource state +// are preserved in the desired state. This prevents the controller from attempting to +// modify AWS-managed tags, which would result in an error. +// +// AWS-managed tags are automatically added by AWS services (e.g., CloudFormation, Service Catalog) +// and cannot be modified or deleted through normal tag operations. Common examples include: +// - aws:cloudformation:stack-name +// - aws:servicecatalog:productArn +// +// Parameters: +// - a: The target Tags map to be updated (typically desired state) +// - b: The source Tags map containing AWS-managed tags (typically latest state) +// +// Example: +// +// latest := Tags{"aws:cloudformation:stack-name": "my-stack", "environment": "prod"} +// desired := Tags{"environment": "dev"} +// SyncAWSTags(desired, latest) +// desired now contains {"aws:cloudformation:stack-name": "my-stack", "environment": "dev"} +func syncAWSTags(a acktags.Tags, b acktags.Tags) { + for k := range b { + if strings.HasPrefix(k, "aws:") { + a[k] = b[k] + } + } +} diff --git a/pkg/resource/cache_parameter_group/manager.go b/pkg/resource/cache_parameter_group/manager.go index 07da86e..611e325 100644 --- a/pkg/resource/cache_parameter_group/manager.go +++ b/pkg/resource/cache_parameter_group/manager.go @@ -102,6 +102,7 @@ func (rm *resourceManager) ReadOne( panic("resource manager's ReadOne() method received resource with nil CR object") } observed, err := rm.sdkFind(ctx, r) + mirrorAWSTags(r, observed) if err != nil { if observed != nil { return rm.onError(observed, err) @@ -296,6 +297,49 @@ func (rm *resourceManager) EnsureTags( return nil } +// FilterAWSTags ignores tags that have keys that start with "aws:" +// is needed to ensure the controller does not attempt to remove +// tags set by AWS. This function needs to be called after each Read +// operation. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { + r := rm.concreteResource(res) + if r == nil || r.ko == nil { + return + } + var existingTags []*svcapitypes.Tag + existingTags = r.ko.Spec.Tags + resourceTags := ToACKTags(existingTags) + ignoreSystemTags(resourceTags) + r.ko.Spec.Tags = FromACKTags(resourceTags) +} + +// mirrorAWSTags ensures that AWS tags are included in the desired resource +// if they are present in the latest resource. This will ensure that the +// aws tags are not present in a diff. The logic of the controller will +// ensure these tags aren't patched to the resource in the cluster, and +// will only be present to make sure we don't try to remove these tags. +// +// Although there are a lot of similarities between this function and +// EnsureTags, they are very much different. +// While EnsureTags tries to make sure the resource contains the controller +// tags, mirrowAWSTags tries to make sure tags injected by AWS are mirrored +// from the latest resoruce to the desired resource. +func mirrorAWSTags(a *resource, b *resource) { + if a == nil || a.ko == nil || b == nil || b.ko == nil { + return + } + var existingLatestTags []*svcapitypes.Tag + var existingDesiredTags []*svcapitypes.Tag + existingDesiredTags = a.ko.Spec.Tags + existingLatestTags = b.ko.Spec.Tags + desiredTags := ToACKTags(existingDesiredTags) + latestTags := ToACKTags(existingLatestTags) + syncAWSTags(desiredTags, latestTags) + a.ko.Spec.Tags = FromACKTags(desiredTags) +} + // newResourceManager returns a new struct implementing // acktypes.AWSResourceManager // This is for AWS-SDK-GO-V2 - Created newResourceManager With AWS sdk-Go-ClientV2 diff --git a/pkg/resource/cache_parameter_group/tags.go b/pkg/resource/cache_parameter_group/tags.go index b550a78..bb79713 100644 --- a/pkg/resource/cache_parameter_group/tags.go +++ b/pkg/resource/cache_parameter_group/tags.go @@ -16,14 +16,18 @@ package cache_parameter_group import ( + "slices" + "strings" + acktags "github.com/aws-controllers-k8s/runtime/pkg/tags" svcapitypes "github.com/aws-controllers-k8s/elasticache-controller/apis/v1alpha1" ) var ( - _ = svcapitypes.CacheParameterGroup{} - _ = acktags.NewTags() + _ = svcapitypes.CacheParameterGroup{} + _ = acktags.NewTags() + ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} ) // ToACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -61,3 +65,43 @@ func FromACKTags(tags acktags.Tags) []*svcapitypes.Tag { } return result } + +// ignoreSystemTags ignores tags that have keys that start with "aws:" +// and ACKSystemTags, to avoid patching them to the resourceSpec. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func ignoreSystemTags(tags acktags.Tags) { + for k := range tags { + if strings.HasPrefix(k, "aws:") || + slices.Contains(ACKSystemTags, k) { + delete(tags, k) + } + } +} + +// syncAWSTags ensures AWS-managed tags (prefixed with "aws:") from the latest resource state +// are preserved in the desired state. This prevents the controller from attempting to +// modify AWS-managed tags, which would result in an error. +// +// AWS-managed tags are automatically added by AWS services (e.g., CloudFormation, Service Catalog) +// and cannot be modified or deleted through normal tag operations. Common examples include: +// - aws:cloudformation:stack-name +// - aws:servicecatalog:productArn +// +// Parameters: +// - a: The target Tags map to be updated (typically desired state) +// - b: The source Tags map containing AWS-managed tags (typically latest state) +// +// Example: +// +// latest := Tags{"aws:cloudformation:stack-name": "my-stack", "environment": "prod"} +// desired := Tags{"environment": "dev"} +// SyncAWSTags(desired, latest) +// desired now contains {"aws:cloudformation:stack-name": "my-stack", "environment": "dev"} +func syncAWSTags(a acktags.Tags, b acktags.Tags) { + for k := range b { + if strings.HasPrefix(k, "aws:") { + a[k] = b[k] + } + } +} diff --git a/pkg/resource/cache_subnet_group/manager.go b/pkg/resource/cache_subnet_group/manager.go index 9100556..6edd496 100644 --- a/pkg/resource/cache_subnet_group/manager.go +++ b/pkg/resource/cache_subnet_group/manager.go @@ -102,6 +102,7 @@ func (rm *resourceManager) ReadOne( panic("resource manager's ReadOne() method received resource with nil CR object") } observed, err := rm.sdkFind(ctx, r) + mirrorAWSTags(r, observed) if err != nil { if observed != nil { return rm.onError(observed, err) @@ -296,6 +297,49 @@ func (rm *resourceManager) EnsureTags( return nil } +// FilterAWSTags ignores tags that have keys that start with "aws:" +// is needed to ensure the controller does not attempt to remove +// tags set by AWS. This function needs to be called after each Read +// operation. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { + r := rm.concreteResource(res) + if r == nil || r.ko == nil { + return + } + var existingTags []*svcapitypes.Tag + existingTags = r.ko.Spec.Tags + resourceTags := ToACKTags(existingTags) + ignoreSystemTags(resourceTags) + r.ko.Spec.Tags = FromACKTags(resourceTags) +} + +// mirrorAWSTags ensures that AWS tags are included in the desired resource +// if they are present in the latest resource. This will ensure that the +// aws tags are not present in a diff. The logic of the controller will +// ensure these tags aren't patched to the resource in the cluster, and +// will only be present to make sure we don't try to remove these tags. +// +// Although there are a lot of similarities between this function and +// EnsureTags, they are very much different. +// While EnsureTags tries to make sure the resource contains the controller +// tags, mirrowAWSTags tries to make sure tags injected by AWS are mirrored +// from the latest resoruce to the desired resource. +func mirrorAWSTags(a *resource, b *resource) { + if a == nil || a.ko == nil || b == nil || b.ko == nil { + return + } + var existingLatestTags []*svcapitypes.Tag + var existingDesiredTags []*svcapitypes.Tag + existingDesiredTags = a.ko.Spec.Tags + existingLatestTags = b.ko.Spec.Tags + desiredTags := ToACKTags(existingDesiredTags) + latestTags := ToACKTags(existingLatestTags) + syncAWSTags(desiredTags, latestTags) + a.ko.Spec.Tags = FromACKTags(desiredTags) +} + // newResourceManager returns a new struct implementing // acktypes.AWSResourceManager // This is for AWS-SDK-GO-V2 - Created newResourceManager With AWS sdk-Go-ClientV2 diff --git a/pkg/resource/cache_subnet_group/tags.go b/pkg/resource/cache_subnet_group/tags.go index f722c7c..95fcc81 100644 --- a/pkg/resource/cache_subnet_group/tags.go +++ b/pkg/resource/cache_subnet_group/tags.go @@ -16,14 +16,18 @@ package cache_subnet_group import ( + "slices" + "strings" + acktags "github.com/aws-controllers-k8s/runtime/pkg/tags" svcapitypes "github.com/aws-controllers-k8s/elasticache-controller/apis/v1alpha1" ) var ( - _ = svcapitypes.CacheSubnetGroup{} - _ = acktags.NewTags() + _ = svcapitypes.CacheSubnetGroup{} + _ = acktags.NewTags() + ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} ) // ToACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -61,3 +65,43 @@ func FromACKTags(tags acktags.Tags) []*svcapitypes.Tag { } return result } + +// ignoreSystemTags ignores tags that have keys that start with "aws:" +// and ACKSystemTags, to avoid patching them to the resourceSpec. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func ignoreSystemTags(tags acktags.Tags) { + for k := range tags { + if strings.HasPrefix(k, "aws:") || + slices.Contains(ACKSystemTags, k) { + delete(tags, k) + } + } +} + +// syncAWSTags ensures AWS-managed tags (prefixed with "aws:") from the latest resource state +// are preserved in the desired state. This prevents the controller from attempting to +// modify AWS-managed tags, which would result in an error. +// +// AWS-managed tags are automatically added by AWS services (e.g., CloudFormation, Service Catalog) +// and cannot be modified or deleted through normal tag operations. Common examples include: +// - aws:cloudformation:stack-name +// - aws:servicecatalog:productArn +// +// Parameters: +// - a: The target Tags map to be updated (typically desired state) +// - b: The source Tags map containing AWS-managed tags (typically latest state) +// +// Example: +// +// latest := Tags{"aws:cloudformation:stack-name": "my-stack", "environment": "prod"} +// desired := Tags{"environment": "dev"} +// SyncAWSTags(desired, latest) +// desired now contains {"aws:cloudformation:stack-name": "my-stack", "environment": "dev"} +func syncAWSTags(a acktags.Tags, b acktags.Tags) { + for k := range b { + if strings.HasPrefix(k, "aws:") { + a[k] = b[k] + } + } +} diff --git a/pkg/resource/replication_group/manager.go b/pkg/resource/replication_group/manager.go index 3d7146e..67cc08e 100644 --- a/pkg/resource/replication_group/manager.go +++ b/pkg/resource/replication_group/manager.go @@ -102,6 +102,7 @@ func (rm *resourceManager) ReadOne( panic("resource manager's ReadOne() method received resource with nil CR object") } observed, err := rm.sdkFind(ctx, r) + mirrorAWSTags(r, observed) if err != nil { if observed != nil { return rm.onError(observed, err) @@ -296,6 +297,49 @@ func (rm *resourceManager) EnsureTags( return nil } +// FilterAWSTags ignores tags that have keys that start with "aws:" +// is needed to ensure the controller does not attempt to remove +// tags set by AWS. This function needs to be called after each Read +// operation. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { + r := rm.concreteResource(res) + if r == nil || r.ko == nil { + return + } + var existingTags []*svcapitypes.Tag + existingTags = r.ko.Spec.Tags + resourceTags := ToACKTags(existingTags) + ignoreSystemTags(resourceTags) + r.ko.Spec.Tags = FromACKTags(resourceTags) +} + +// mirrorAWSTags ensures that AWS tags are included in the desired resource +// if they are present in the latest resource. This will ensure that the +// aws tags are not present in a diff. The logic of the controller will +// ensure these tags aren't patched to the resource in the cluster, and +// will only be present to make sure we don't try to remove these tags. +// +// Although there are a lot of similarities between this function and +// EnsureTags, they are very much different. +// While EnsureTags tries to make sure the resource contains the controller +// tags, mirrowAWSTags tries to make sure tags injected by AWS are mirrored +// from the latest resoruce to the desired resource. +func mirrorAWSTags(a *resource, b *resource) { + if a == nil || a.ko == nil || b == nil || b.ko == nil { + return + } + var existingLatestTags []*svcapitypes.Tag + var existingDesiredTags []*svcapitypes.Tag + existingDesiredTags = a.ko.Spec.Tags + existingLatestTags = b.ko.Spec.Tags + desiredTags := ToACKTags(existingDesiredTags) + latestTags := ToACKTags(existingLatestTags) + syncAWSTags(desiredTags, latestTags) + a.ko.Spec.Tags = FromACKTags(desiredTags) +} + // newResourceManager returns a new struct implementing // acktypes.AWSResourceManager // This is for AWS-SDK-GO-V2 - Created newResourceManager With AWS sdk-Go-ClientV2 diff --git a/pkg/resource/replication_group/tags.go b/pkg/resource/replication_group/tags.go index 428d1b8..5435330 100644 --- a/pkg/resource/replication_group/tags.go +++ b/pkg/resource/replication_group/tags.go @@ -16,14 +16,18 @@ package replication_group import ( + "slices" + "strings" + acktags "github.com/aws-controllers-k8s/runtime/pkg/tags" svcapitypes "github.com/aws-controllers-k8s/elasticache-controller/apis/v1alpha1" ) var ( - _ = svcapitypes.ReplicationGroup{} - _ = acktags.NewTags() + _ = svcapitypes.ReplicationGroup{} + _ = acktags.NewTags() + ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} ) // ToACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -61,3 +65,43 @@ func FromACKTags(tags acktags.Tags) []*svcapitypes.Tag { } return result } + +// ignoreSystemTags ignores tags that have keys that start with "aws:" +// and ACKSystemTags, to avoid patching them to the resourceSpec. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func ignoreSystemTags(tags acktags.Tags) { + for k := range tags { + if strings.HasPrefix(k, "aws:") || + slices.Contains(ACKSystemTags, k) { + delete(tags, k) + } + } +} + +// syncAWSTags ensures AWS-managed tags (prefixed with "aws:") from the latest resource state +// are preserved in the desired state. This prevents the controller from attempting to +// modify AWS-managed tags, which would result in an error. +// +// AWS-managed tags are automatically added by AWS services (e.g., CloudFormation, Service Catalog) +// and cannot be modified or deleted through normal tag operations. Common examples include: +// - aws:cloudformation:stack-name +// - aws:servicecatalog:productArn +// +// Parameters: +// - a: The target Tags map to be updated (typically desired state) +// - b: The source Tags map containing AWS-managed tags (typically latest state) +// +// Example: +// +// latest := Tags{"aws:cloudformation:stack-name": "my-stack", "environment": "prod"} +// desired := Tags{"environment": "dev"} +// SyncAWSTags(desired, latest) +// desired now contains {"aws:cloudformation:stack-name": "my-stack", "environment": "dev"} +func syncAWSTags(a acktags.Tags, b acktags.Tags) { + for k := range b { + if strings.HasPrefix(k, "aws:") { + a[k] = b[k] + } + } +} diff --git a/pkg/resource/snapshot/manager.go b/pkg/resource/snapshot/manager.go index c3c2d7c..1a55a7c 100644 --- a/pkg/resource/snapshot/manager.go +++ b/pkg/resource/snapshot/manager.go @@ -102,6 +102,7 @@ func (rm *resourceManager) ReadOne( panic("resource manager's ReadOne() method received resource with nil CR object") } observed, err := rm.sdkFind(ctx, r) + mirrorAWSTags(r, observed) if err != nil { if observed != nil { return rm.onError(observed, err) @@ -296,6 +297,49 @@ func (rm *resourceManager) EnsureTags( return nil } +// FilterAWSTags ignores tags that have keys that start with "aws:" +// is needed to ensure the controller does not attempt to remove +// tags set by AWS. This function needs to be called after each Read +// operation. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { + r := rm.concreteResource(res) + if r == nil || r.ko == nil { + return + } + var existingTags []*svcapitypes.Tag + existingTags = r.ko.Spec.Tags + resourceTags := ToACKTags(existingTags) + ignoreSystemTags(resourceTags) + r.ko.Spec.Tags = FromACKTags(resourceTags) +} + +// mirrorAWSTags ensures that AWS tags are included in the desired resource +// if they are present in the latest resource. This will ensure that the +// aws tags are not present in a diff. The logic of the controller will +// ensure these tags aren't patched to the resource in the cluster, and +// will only be present to make sure we don't try to remove these tags. +// +// Although there are a lot of similarities between this function and +// EnsureTags, they are very much different. +// While EnsureTags tries to make sure the resource contains the controller +// tags, mirrowAWSTags tries to make sure tags injected by AWS are mirrored +// from the latest resoruce to the desired resource. +func mirrorAWSTags(a *resource, b *resource) { + if a == nil || a.ko == nil || b == nil || b.ko == nil { + return + } + var existingLatestTags []*svcapitypes.Tag + var existingDesiredTags []*svcapitypes.Tag + existingDesiredTags = a.ko.Spec.Tags + existingLatestTags = b.ko.Spec.Tags + desiredTags := ToACKTags(existingDesiredTags) + latestTags := ToACKTags(existingLatestTags) + syncAWSTags(desiredTags, latestTags) + a.ko.Spec.Tags = FromACKTags(desiredTags) +} + // newResourceManager returns a new struct implementing // acktypes.AWSResourceManager // This is for AWS-SDK-GO-V2 - Created newResourceManager With AWS sdk-Go-ClientV2 diff --git a/pkg/resource/snapshot/tags.go b/pkg/resource/snapshot/tags.go index 9ba952c..b4db8d4 100644 --- a/pkg/resource/snapshot/tags.go +++ b/pkg/resource/snapshot/tags.go @@ -16,14 +16,18 @@ package snapshot import ( + "slices" + "strings" + acktags "github.com/aws-controllers-k8s/runtime/pkg/tags" svcapitypes "github.com/aws-controllers-k8s/elasticache-controller/apis/v1alpha1" ) var ( - _ = svcapitypes.Snapshot{} - _ = acktags.NewTags() + _ = svcapitypes.Snapshot{} + _ = acktags.NewTags() + ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} ) // ToACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -61,3 +65,43 @@ func FromACKTags(tags acktags.Tags) []*svcapitypes.Tag { } return result } + +// ignoreSystemTags ignores tags that have keys that start with "aws:" +// and ACKSystemTags, to avoid patching them to the resourceSpec. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func ignoreSystemTags(tags acktags.Tags) { + for k := range tags { + if strings.HasPrefix(k, "aws:") || + slices.Contains(ACKSystemTags, k) { + delete(tags, k) + } + } +} + +// syncAWSTags ensures AWS-managed tags (prefixed with "aws:") from the latest resource state +// are preserved in the desired state. This prevents the controller from attempting to +// modify AWS-managed tags, which would result in an error. +// +// AWS-managed tags are automatically added by AWS services (e.g., CloudFormation, Service Catalog) +// and cannot be modified or deleted through normal tag operations. Common examples include: +// - aws:cloudformation:stack-name +// - aws:servicecatalog:productArn +// +// Parameters: +// - a: The target Tags map to be updated (typically desired state) +// - b: The source Tags map containing AWS-managed tags (typically latest state) +// +// Example: +// +// latest := Tags{"aws:cloudformation:stack-name": "my-stack", "environment": "prod"} +// desired := Tags{"environment": "dev"} +// SyncAWSTags(desired, latest) +// desired now contains {"aws:cloudformation:stack-name": "my-stack", "environment": "dev"} +func syncAWSTags(a acktags.Tags, b acktags.Tags) { + for k := range b { + if strings.HasPrefix(k, "aws:") { + a[k] = b[k] + } + } +} diff --git a/pkg/resource/user/manager.go b/pkg/resource/user/manager.go index a4d4ff5..6ad5d5c 100644 --- a/pkg/resource/user/manager.go +++ b/pkg/resource/user/manager.go @@ -102,6 +102,7 @@ func (rm *resourceManager) ReadOne( panic("resource manager's ReadOne() method received resource with nil CR object") } observed, err := rm.sdkFind(ctx, r) + mirrorAWSTags(r, observed) if err != nil { if observed != nil { return rm.onError(observed, err) @@ -296,6 +297,49 @@ func (rm *resourceManager) EnsureTags( return nil } +// FilterAWSTags ignores tags that have keys that start with "aws:" +// is needed to ensure the controller does not attempt to remove +// tags set by AWS. This function needs to be called after each Read +// operation. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { + r := rm.concreteResource(res) + if r == nil || r.ko == nil { + return + } + var existingTags []*svcapitypes.Tag + existingTags = r.ko.Spec.Tags + resourceTags := ToACKTags(existingTags) + ignoreSystemTags(resourceTags) + r.ko.Spec.Tags = FromACKTags(resourceTags) +} + +// mirrorAWSTags ensures that AWS tags are included in the desired resource +// if they are present in the latest resource. This will ensure that the +// aws tags are not present in a diff. The logic of the controller will +// ensure these tags aren't patched to the resource in the cluster, and +// will only be present to make sure we don't try to remove these tags. +// +// Although there are a lot of similarities between this function and +// EnsureTags, they are very much different. +// While EnsureTags tries to make sure the resource contains the controller +// tags, mirrowAWSTags tries to make sure tags injected by AWS are mirrored +// from the latest resoruce to the desired resource. +func mirrorAWSTags(a *resource, b *resource) { + if a == nil || a.ko == nil || b == nil || b.ko == nil { + return + } + var existingLatestTags []*svcapitypes.Tag + var existingDesiredTags []*svcapitypes.Tag + existingDesiredTags = a.ko.Spec.Tags + existingLatestTags = b.ko.Spec.Tags + desiredTags := ToACKTags(existingDesiredTags) + latestTags := ToACKTags(existingLatestTags) + syncAWSTags(desiredTags, latestTags) + a.ko.Spec.Tags = FromACKTags(desiredTags) +} + // newResourceManager returns a new struct implementing // acktypes.AWSResourceManager // This is for AWS-SDK-GO-V2 - Created newResourceManager With AWS sdk-Go-ClientV2 diff --git a/pkg/resource/user/tags.go b/pkg/resource/user/tags.go index 5261cfa..397b7dd 100644 --- a/pkg/resource/user/tags.go +++ b/pkg/resource/user/tags.go @@ -16,14 +16,18 @@ package user import ( + "slices" + "strings" + acktags "github.com/aws-controllers-k8s/runtime/pkg/tags" svcapitypes "github.com/aws-controllers-k8s/elasticache-controller/apis/v1alpha1" ) var ( - _ = svcapitypes.User{} - _ = acktags.NewTags() + _ = svcapitypes.User{} + _ = acktags.NewTags() + ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} ) // ToACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -61,3 +65,43 @@ func FromACKTags(tags acktags.Tags) []*svcapitypes.Tag { } return result } + +// ignoreSystemTags ignores tags that have keys that start with "aws:" +// and ACKSystemTags, to avoid patching them to the resourceSpec. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func ignoreSystemTags(tags acktags.Tags) { + for k := range tags { + if strings.HasPrefix(k, "aws:") || + slices.Contains(ACKSystemTags, k) { + delete(tags, k) + } + } +} + +// syncAWSTags ensures AWS-managed tags (prefixed with "aws:") from the latest resource state +// are preserved in the desired state. This prevents the controller from attempting to +// modify AWS-managed tags, which would result in an error. +// +// AWS-managed tags are automatically added by AWS services (e.g., CloudFormation, Service Catalog) +// and cannot be modified or deleted through normal tag operations. Common examples include: +// - aws:cloudformation:stack-name +// - aws:servicecatalog:productArn +// +// Parameters: +// - a: The target Tags map to be updated (typically desired state) +// - b: The source Tags map containing AWS-managed tags (typically latest state) +// +// Example: +// +// latest := Tags{"aws:cloudformation:stack-name": "my-stack", "environment": "prod"} +// desired := Tags{"environment": "dev"} +// SyncAWSTags(desired, latest) +// desired now contains {"aws:cloudformation:stack-name": "my-stack", "environment": "dev"} +func syncAWSTags(a acktags.Tags, b acktags.Tags) { + for k := range b { + if strings.HasPrefix(k, "aws:") { + a[k] = b[k] + } + } +} diff --git a/pkg/resource/user_group/manager.go b/pkg/resource/user_group/manager.go index d66aef4..c575b49 100644 --- a/pkg/resource/user_group/manager.go +++ b/pkg/resource/user_group/manager.go @@ -102,6 +102,7 @@ func (rm *resourceManager) ReadOne( panic("resource manager's ReadOne() method received resource with nil CR object") } observed, err := rm.sdkFind(ctx, r) + mirrorAWSTags(r, observed) if err != nil { if observed != nil { return rm.onError(observed, err) @@ -296,6 +297,49 @@ func (rm *resourceManager) EnsureTags( return nil } +// FilterAWSTags ignores tags that have keys that start with "aws:" +// is needed to ensure the controller does not attempt to remove +// tags set by AWS. This function needs to be called after each Read +// operation. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { + r := rm.concreteResource(res) + if r == nil || r.ko == nil { + return + } + var existingTags []*svcapitypes.Tag + existingTags = r.ko.Spec.Tags + resourceTags := ToACKTags(existingTags) + ignoreSystemTags(resourceTags) + r.ko.Spec.Tags = FromACKTags(resourceTags) +} + +// mirrorAWSTags ensures that AWS tags are included in the desired resource +// if they are present in the latest resource. This will ensure that the +// aws tags are not present in a diff. The logic of the controller will +// ensure these tags aren't patched to the resource in the cluster, and +// will only be present to make sure we don't try to remove these tags. +// +// Although there are a lot of similarities between this function and +// EnsureTags, they are very much different. +// While EnsureTags tries to make sure the resource contains the controller +// tags, mirrowAWSTags tries to make sure tags injected by AWS are mirrored +// from the latest resoruce to the desired resource. +func mirrorAWSTags(a *resource, b *resource) { + if a == nil || a.ko == nil || b == nil || b.ko == nil { + return + } + var existingLatestTags []*svcapitypes.Tag + var existingDesiredTags []*svcapitypes.Tag + existingDesiredTags = a.ko.Spec.Tags + existingLatestTags = b.ko.Spec.Tags + desiredTags := ToACKTags(existingDesiredTags) + latestTags := ToACKTags(existingLatestTags) + syncAWSTags(desiredTags, latestTags) + a.ko.Spec.Tags = FromACKTags(desiredTags) +} + // newResourceManager returns a new struct implementing // acktypes.AWSResourceManager // This is for AWS-SDK-GO-V2 - Created newResourceManager With AWS sdk-Go-ClientV2 diff --git a/pkg/resource/user_group/tags.go b/pkg/resource/user_group/tags.go index d6aa58e..c493c44 100644 --- a/pkg/resource/user_group/tags.go +++ b/pkg/resource/user_group/tags.go @@ -16,14 +16,18 @@ package user_group import ( + "slices" + "strings" + acktags "github.com/aws-controllers-k8s/runtime/pkg/tags" svcapitypes "github.com/aws-controllers-k8s/elasticache-controller/apis/v1alpha1" ) var ( - _ = svcapitypes.UserGroup{} - _ = acktags.NewTags() + _ = svcapitypes.UserGroup{} + _ = acktags.NewTags() + ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} ) // ToACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -61,3 +65,43 @@ func FromACKTags(tags acktags.Tags) []*svcapitypes.Tag { } return result } + +// ignoreSystemTags ignores tags that have keys that start with "aws:" +// and ACKSystemTags, to avoid patching them to the resourceSpec. +// Eg. resources created with cloudformation have tags that cannot be +// removed by an ACK controller +func ignoreSystemTags(tags acktags.Tags) { + for k := range tags { + if strings.HasPrefix(k, "aws:") || + slices.Contains(ACKSystemTags, k) { + delete(tags, k) + } + } +} + +// syncAWSTags ensures AWS-managed tags (prefixed with "aws:") from the latest resource state +// are preserved in the desired state. This prevents the controller from attempting to +// modify AWS-managed tags, which would result in an error. +// +// AWS-managed tags are automatically added by AWS services (e.g., CloudFormation, Service Catalog) +// and cannot be modified or deleted through normal tag operations. Common examples include: +// - aws:cloudformation:stack-name +// - aws:servicecatalog:productArn +// +// Parameters: +// - a: The target Tags map to be updated (typically desired state) +// - b: The source Tags map containing AWS-managed tags (typically latest state) +// +// Example: +// +// latest := Tags{"aws:cloudformation:stack-name": "my-stack", "environment": "prod"} +// desired := Tags{"environment": "dev"} +// SyncAWSTags(desired, latest) +// desired now contains {"aws:cloudformation:stack-name": "my-stack", "environment": "dev"} +func syncAWSTags(a acktags.Tags, b acktags.Tags) { + for k := range b { + if strings.HasPrefix(k, "aws:") { + a[k] = b[k] + } + } +}