Fix: Add option to delete default SG rule created upon VPC creation (aws-controllers-k8s#212)

Issue #, if available:

Description of changes:
When a VPC is created, it also creates 'default' security group. The 'default' security group has widely open egress rules. We need to have an option to delete this autocreated rules from 'default' security group. The 'default' security group itself can not be deleted.

Discussion:
https://kubernetes.slack.com/archives/C0402D8JJS1/p1720560499642019

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Author: nnbu

apis/v1alpha1/ack-generate-metadata.yaml

@@ -1,13 +1,13 @@
 ack_generate_info:
-  build_date: "2024-08-29T20:21:49Z"
+  build_date: "2024-09-12T18:02:26Z"
   build_hash: f8f98563404066ac3340db0a049d2e530e5c51cc
-  go_version: go1.22.5
+  go_version: go1.22.6
   version: v0.38.1
-api_directory_checksum: 1b53401670898ce50e6d6cc8bfba6b63ea7d5683
+api_directory_checksum: 585098fc7c99c27ca523f83e860107d22aaa5a10
 api_version: v1alpha1
 aws_sdk_go_version: v1.44.93
 generator_config_info:
-  file_checksum: b6cf44fddbe38dd354160538b750818e10bda45c
+  file_checksum: 976d1b5c435aeb198caa71b29c1449eb3c378c6f
   original_file_name: generator.yaml
 last_modification:
   reason: API generation

apis/v1alpha1/generator.yaml

@@ -725,6 +725,12 @@ resources:
         print:
           path: Status.vpcID
           name: ID
+      DisallowSecurityGroupDefaultRules:
+        type: bool
+        is_required: false
+      SecurityGroupDefaultRulesExist:
+        type: bool
+        is_read_only: true
     hooks:
       sdk_create_post_build_request:
         template_path: hooks/vpc/sdk_create_post_build_request.go.tpl

apis/v1alpha1/vpc.go

@@ -60,6 +60,8 @@ spec:
                 items:
                   type: string
                 type: array
+              disallowSecurityGroupDefaultRules:
+                type: boolean
               enableDNSHostnames:
                 description: The attribute value. The valid values are true or false.
                 type: boolean
@@ -273,6 +275,8 @@ spec:
                 description: The ID of the Amazon Web Services account that owns the
                   VPC.
                 type: string
+              securityGroupDefaultRulesExist:
+                type: boolean
               state:
                 description: The current state of the VPC.
                 type: string

apis/v1alpha1/zz_generated.deepcopy.go

@@ -725,6 +725,12 @@ resources:
         print:
           path: Status.vpcID
           name: ID
+      DisallowSecurityGroupDefaultRules:
+        type: bool
+        is_required: false
+      SecurityGroupDefaultRulesExist:
+        type: bool
+        is_read_only: true
     hooks:
       sdk_create_post_build_request:
         template_path: hooks/vpc/sdk_create_post_build_request.go.tpl

config/crd/bases/ec2.services.k8s.aws_vpcs.yaml

@@ -1,39 +1,41 @@
 module github.com/aws-controllers-k8s/ec2-controller
 
-go 1.19
+go 1.22.0
+
+toolchain go1.22.5
 
 replace github.com/aws-controllers-k8s/runtime => ../runtime
 
 require (
 	github.com/aws-controllers-k8s/runtime v0.0.0
-	github.com/aws/aws-sdk-go v1.44.93
-	github.com/go-logr/logr v1.2.3
+	github.com/aws/aws-sdk-go v1.49.0
+	github.com/go-logr/logr v1.4.1
 	github.com/samber/lo v1.37.0
 	github.com/spf13/pflag v1.0.5
-	k8s.io/api v0.26.8
-	k8s.io/apimachinery v0.26.8
-	k8s.io/client-go v0.26.8
-	sigs.k8s.io/controller-runtime v0.14.5
+	k8s.io/api v0.30.1
+	k8s.io/apimachinery v0.30.1
+	k8s.io/client-go v0.30.1
+	sigs.k8s.io/controller-runtime v0.18.4
 )
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
-	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
-	github.com/go-logr/zapr v1.2.3 // indirect
-	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.20.0 // indirect
-	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/go-logr/zapr v1.3.0 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/gnostic v0.5.7-v3refs // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/itchyny/gojq v0.12.6 // indirect
@@ -42,38 +44,36 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/mailru/easyjson v0.7.6 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.2 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_golang v1.14.0 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.37.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
-	go.uber.org/atomic v1.7.0 // indirect
-	go.uber.org/multierr v1.6.0 // indirect
-	go.uber.org/zap v1.24.0 // indirect
-	golang.org/x/exp v0.0.0-20220303212507-bbda1eaf7a17 // indirect
-	golang.org/x/net v0.8.0 // indirect
-	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
-	golang.org/x/sys v0.6.0 // indirect
-	golang.org/x/term v0.6.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
+	github.com/prometheus/client_golang v1.18.0 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
+	golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
+	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/oauth2 v0.12.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/term v0.18.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.26.1 // indirect
-	k8s.io/component-base v0.26.1 // indirect
-	k8s.io/klog/v2 v2.80.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
-	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect
-	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
-	sigs.k8s.io/yaml v1.3.0 // indirect
+	k8s.io/apiextensions-apiserver v0.30.1 // indirect
+	k8s.io/klog/v2 v2.120.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )