Load more data in the team ID configMap

zicongmei · zicongmei · commit 745d0755421a · 2024-03-12T14:42:38.000-07:00
diff --git a/pkg/runtime/adoption_reconciler.go b/pkg/runtime/adoption_reconciler.go
@@ -128,7 +128,7 @@ func (r *adoptionReconciler) reconcile(ctx context.Context, req ctrlrt.Request)
 	if teamID != "" {
 		CARMLookupKey = string(teamID)
 		needCARMLookup = true
-		cmName = cache.ACKRoleTeamMap
+		cmName = cache.ACKTeamMap
 	} else {
 		CARMLookupKey = string(acctID)
 		cmName = cache.ACKRoleAccountMap
@@ -530,12 +530,21 @@ func (r *adoptionReconciler) getRoleARN(
 			return "", fmt.Errorf("unable to retrieve role ARN for annotation %q: %v", key, err)
 		}
 		return ackv1alpha1.AWSResourceName(roleARN), nil
-	} else if cmName == cache.ACKRoleTeamMap {
-		roleARN, err := r.cache.Teams.GetRoleARN(key)
+	} else if cmName == cache.ACKTeamMap {
+		value, err := r.cache.Teams.GetConfigMapValue(key)
 		if err != nil {
 			return "", fmt.Errorf("unable to retrieve role ARN for team ID %s: %v", key, err)
 		}
-		return ackv1alpha1.AWSResourceName(roleARN), nil
+		if valueMap, ok := value.(map[string]string); ok {
+			if roleARN, ok := valueMap[cache.ACKRoleTeamKey]; ok {
+				return ackv1alpha1.AWSResourceName(roleARN), nil
+			}
+			return "", fmt.Errorf("%q not set for team-id %q in configMap %q",
+				cache.ACKRoleTeamKey, key, cache.ACKTeamMap)
+		} else {
+			return "", fmt.Errorf("team-id %q in configMap %q is not map[stirng]string",
+				key, cache.ACKTeamMap)
+		}
 	}
 	return "", fmt.Errorf("unexpected CARM name %q", cmName)
 }
diff --git a/pkg/runtime/cache/account.go b/pkg/runtime/cache/account.go
@@ -44,9 +44,12 @@ const (
 	// all the AWS Account IDs associated with their AWS Role ARNs.
 	ACKRoleAccountMap CARMName = "ack-role-account-map"
 
-	// ACKRoleTeamMap is the name of the configmap map object storing
-	// all the AWS Team IDs associated with their AWS Role ARNs.
-	ACKRoleTeamMap CARMName = "ack-role-team-map"
+	// ACKTeamMap is the name of the configmap map object storing
+	// all the AWS Team IDs associated with their configs.
+	ACKTeamMap CARMName = "ack-team-map"
+
+	// ACKRoleTeamKey stores the role ARN key to the ACKTeamMap
+	ACKRoleTeamKey = "roleArn"
 )
 
 // CARMCache is responsible for caching the CARM configmap
@@ -122,27 +125,40 @@ func (c *CARMCache) Run(clientSet kubernetes.Interface, stopCh <-chan struct{})
 	go informer.Run(stopCh)
 }
 
-// GetRoleARN queries the associated Role ARN
+// GetConfigMapValue queries the associated value
 // from the cached CARM configmap. It will return an error if the
-// configmap is not found, the key is not found or the role ARN
-// is empty.
+// configmap is not found, the key is not found.
 //
 // This function is thread safe.
-func (c *CARMCache) GetRoleARN(key string) (string, error) {
+func (c *CARMCache) GetConfigMapValue(key string) (any, error) {
 	c.RLock()
 	defer c.RUnlock()
 
 	if !c.configMapCreated {
 		return "", ErrCARMConfigMapNotFound
 	}
-	roleARN, ok := c.roleARNs[key]
+	value, ok := c.roleARNs[key]
 	if !ok {
 		return "", ErrKeyNotFound
 	}
-	if roleARN == "" {
-		return "", ErrEmptyRoleARN
+	return value, nil
+}
+
+// GetRoleARN queries the role ARN
+// from the cached CARM configmap. It will return an error if the
+// configmap is not found, the key is not found or the value
+// is empty.
+//
+// This function is thread safe.
+func (c *CARMCache) GetRoleARN(key string) (string, error) {
+	value, err := c.GetConfigMapValue(key)
+	if err != nil {
+		return "", err
+	}
+	if roleARN, ok := value.(string); ok {
+		return roleARN, nil
 	}
-	return roleARN, nil
+	return "", fmt.Errorf("unexpected type in comfig map key %q: %v", key, value)
 }
 
 // updateRoleData updates the CARM map. This function is thread safe.
diff --git a/pkg/runtime/cache/account_test.go b/pkg/runtime/cache/account_test.go
@@ -71,7 +71,7 @@ func TestAccountCache(t *testing.T) {
 
 	// Before creating the configmap, the accountCache should error for any
 	// GetAccountRoleARN call.
-	_, err := accountCache.GetRoleARN(testAccount1)
+	_, err := accountCache.GetConfigMapValue(testAccount1)
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrCARMConfigMapNotFound)
 
@@ -91,12 +91,12 @@ func TestAccountCache(t *testing.T) {
 	time.Sleep(time.Second)
 
 	// Test with non existing account
-	_, err = accountCache.GetRoleARN("random-account-not-exist")
+	_, err = accountCache.GetConfigMapValue("random-account-not-exist")
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrCARMConfigMapNotFound)
 
 	// Test with existing account
-	_, err = accountCache.GetRoleARN(testAccount1)
+	_, err = accountCache.GetConfigMapValue(testAccount1)
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrCARMConfigMapNotFound)
 
@@ -115,17 +115,17 @@ func TestAccountCache(t *testing.T) {
 	time.Sleep(time.Second)
 
 	// Test with non existing account
-	_, err = accountCache.GetRoleARN("random-account-not-exist")
+	_, err = accountCache.GetConfigMapValue("random-account-not-exist")
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrKeyNotFound)
 
 	// Test with existing account - but role ARN is empty
-	_, err = accountCache.GetRoleARN(testAccount3)
+	_, err = accountCache.GetConfigMapValue(testAccount3)
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrEmptyRoleARN)
 
 	// Test with existing account
-	roleARN, err := accountCache.GetRoleARN(testAccount1)
+	roleARN, err := accountCache.GetConfigMapValue(testAccount1)
 	require.Nil(t, err)
 	require.Equal(t, roleARN, testAccountARN1)
 
@@ -145,21 +145,21 @@ func TestAccountCache(t *testing.T) {
 	time.Sleep(time.Second)
 
 	// Test with non existing account
-	_, err = accountCache.GetRoleARN("random-account-not-exist")
+	_, err = accountCache.GetConfigMapValue("random-account-not-exist")
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrKeyNotFound)
 
 	// Test that account was removed
-	_, err = accountCache.GetRoleARN(testAccount3)
+	_, err = accountCache.GetConfigMapValue(testAccount3)
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrKeyNotFound)
 
 	// Test with existing account
-	roleARN, err = accountCache.GetRoleARN(testAccount1)
+	roleARN, err = accountCache.GetConfigMapValue(testAccount1)
 	require.Nil(t, err)
 	require.Equal(t, roleARN, testAccountARN1)
 
-	roleARN, err = accountCache.GetRoleARN(testAccount2)
+	roleARN, err = accountCache.GetConfigMapValue(testAccount2)
 	require.Nil(t, err)
 	require.Equal(t, roleARN, testAccountARN2)
 
@@ -173,15 +173,15 @@ func TestAccountCache(t *testing.T) {
 	time.Sleep(time.Second)
 
 	// Test that accounts ware removed
-	_, err = accountCache.GetRoleARN(testAccount1)
+	_, err = accountCache.GetConfigMapValue(testAccount1)
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrCARMConfigMapNotFound)
 
-	_, err = accountCache.GetRoleARN(testAccount2)
+	_, err = accountCache.GetConfigMapValue(testAccount2)
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrCARMConfigMapNotFound)
 
-	_, err = accountCache.GetRoleARN(testAccount3)
+	_, err = accountCache.GetConfigMapValue(testAccount3)
 	require.NotNil(t, err)
 	require.Equal(t, err, ackrtcache.ErrCARMConfigMapNotFound)
 }
diff --git a/pkg/runtime/cache/cache.go b/pkg/runtime/cache/cache.go
@@ -86,7 +86,7 @@ type Caches struct {
 func New(log logr.Logger, config Config) Caches {
 	return Caches{
 		Accounts:   NewCARMCache(ACKRoleAccountMap, log),
-		Teams:      NewCARMCache(ACKRoleTeamMap, log),
+		Teams:      NewCARMCache(ACKTeamMap, log),
 		Namespaces: NewNamespaceCache(log, config.WatchScope, config.Ignored),
 	}
 }
diff --git a/pkg/runtime/reconciler.go b/pkg/runtime/reconciler.go
@@ -196,7 +196,7 @@ func (r *resourceReconciler) Reconcile(ctx context.Context, req ctrlrt.Request)
 	if teamID != "" {
 		CARMLookupKey = string(teamID)
 		needCARMLookup = true
-		cmName = cache.ACKRoleTeamMap
+		cmName = cache.ACKTeamMap
 	} else {
 		CARMLookupKey = string(acctID)
 		cmName = cache.ACKRoleAccountMap
@@ -1092,12 +1092,21 @@ func (r *resourceReconciler) getRoleARN(
 			return "", fmt.Errorf("unable to retrieve role ARN for account %s: %v", key, err)
 		}
 		return ackv1alpha1.AWSResourceName(roleARN), nil
-	} else if cmName == cache.ACKRoleTeamMap {
-		roleARN, err := r.cache.Teams.GetRoleARN(key)
+	} else if cmName == cache.ACKTeamMap {
+		value, err := r.cache.Teams.GetConfigMapValue(key)
 		if err != nil {
 			return "", fmt.Errorf("unable to retrieve role ARN for team ID %s: %v", key, err)
 		}
-		return ackv1alpha1.AWSResourceName(roleARN), nil
+		if valueMap, ok := value.(map[string]string); ok {
+			if roleARN, ok := valueMap[cache.ACKRoleTeamKey]; ok {
+				return ackv1alpha1.AWSResourceName(roleARN), nil
+			}
+			return "", fmt.Errorf("%q not set for team-id %q in configMap %q",
+				cache.ACKRoleTeamKey, key, cache.ACKTeamMap)
+		} else {
+			return "", fmt.Errorf("team-id %q in configMap %q is not map[stirng]string",
+				key, cache.ACKTeamMap)
+		}
 	}
 	return "", fmt.Errorf("unexpected CARM name %q", cmName)
 }

Original file line number	Diff line number	Diff line change
`@@ -86,7 +86,7 @@ type Caches struct {`
`86`	`86`	`func New(log logr.Logger, config Config) Caches {`
`87`	`87`	`return Caches{`
`88`	`88`	`Accounts: NewCARMCache(ACKRoleAccountMap, log),`
`89`		`- Teams: NewCARMCache(ACKRoleTeamMap, log),`
	`89`	`+ Teams: NewCARMCache(ACKTeamMap, log),`
`90`	`90`	`Namespaces: NewNamespaceCache(log, config.WatchScope, config.Ignored),`
`91`	`91`	`}`
`92`	`92`	`}`