Move tags to cloudformation stack

Signed-off-by: Mustafa Abdelrahman <[email protected]>
zalando-incubator · Feb 27, 2024 · 9a6d9af · 9a6d9af
1 parent 25df506
commit 9a6d9af
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 20 deletions.
diff --git a/aws/adapter.go b/aws/adapter.go
@@ -702,7 +702,7 @@ func (a *Adapter) UpdateTargetGroupsAndAutoScalingGroups(stacks []*Stack, proble
 // All the required resources (listeners and target group) are created in a
 // transactional fashion.
 // Failure to create the stack causes it to be deleted automatically.
-func (a *Adapter) CreateStack(certificateARNs []string, scheme, securityGroup, owner, sslPolicy, ipAddressType, wafWebACLID string, cwAlarms CloudWatchAlarmList, loadBalancerType string, http2 bool) (string, error) {
+func (a *Adapter) CreateStack(certificateARNs []string, scheme, securityGroup, owner, sslPolicy, ipAddressType, wafWebACLID string, cwAlarms CloudWatchAlarmList, loadBalancerType string, http2 bool, stackTags map[string]string) (string, error) {
 	certARNs := make(map[string]time.Time, len(certificateARNs))
 	for _, arn := range certificateARNs {
 		certARNs[arn] = time.Time{}
@@ -754,7 +754,7 @@ func (a *Adapter) CreateStack(certificateARNs []string, scheme, securityGroup, o
 		httpRedirectToHTTPS:               a.httpRedirectToHTTPS,
 		nlbCrossZone:                      a.nlbCrossZone,
 		http2:                             http2,
-		tags:                              a.stackTags,
+		tags:                              mergeTags(a.stackTags, stackTags),
 		internalDomains:                   a.internalDomains,
 		denyInternalDomains:               a.denyInternalDomains,
 		denyInternalDomainsResponse: denyResp{
@@ -767,7 +767,7 @@ func (a *Adapter) CreateStack(certificateARNs []string, scheme, securityGroup, o
 	return createStack(a.cloudformation, spec)
 }
 
-func (a *Adapter) UpdateStack(stackName string, certificateARNs map[string]time.Time, scheme, securityGroup, owner, sslPolicy, ipAddressType, wafWebACLID string, cwAlarms CloudWatchAlarmList, loadBalancerType string, http2 bool) (string, error) {
+func (a *Adapter) UpdateStack(stackName string, certificateARNs map[string]time.Time, scheme, securityGroup, owner, sslPolicy, ipAddressType, wafWebACLID string, cwAlarms CloudWatchAlarmList, loadBalancerType string, http2 bool, stackTags map[string]string) (string, error) {
 	if _, ok := SSLPolicies[sslPolicy]; !ok {
 		return "", fmt.Errorf("invalid SSLPolicy '%s' defined", sslPolicy)
 	}
@@ -810,7 +810,7 @@ func (a *Adapter) UpdateStack(stackName string, certificateARNs map[string]time.
 		httpRedirectToHTTPS:               a.httpRedirectToHTTPS,
 		nlbCrossZone:                      a.nlbCrossZone,
 		http2:                             http2,
-		tags:                              a.stackTags,
+		tags:                              mergeTags(a.stackTags, stackTags),
 		internalDomains:                   a.internalDomains,
 		denyInternalDomains:               a.denyInternalDomains,
 		denyInternalDomainsResponse: denyResp{

diff --git a/aws/cf.go b/aws/cf.go
@@ -38,7 +38,7 @@ type Stack struct {
 	TargetGroupARNs   []string
 	WAFWebACLID       string
 	CertificateARNs   map[string]time.Time
-	tags              map[string]string
+	Tags              map[string]string
 }
 
 // IsComplete returns true if the stack status is a complete state.
@@ -513,7 +513,7 @@ func mapToManagedStack(stack *cloudformation.Stack) *Stack {
 		LoadBalancerType:  parameters[parameterLoadBalancerTypeParameter],
 		HTTP2:             http2,
 		CertificateARNs:   certificateARNs,
-		tags:              tags,
+		Tags:              tags,
 		OwnerIngress:      ownerIngress,
 		status:            aws.StringValue(stack.StackStatus),
 		statusReason:      aws.StringValue(stack.StackStatusReason),

diff --git a/aws/cf_test.go b/aws/cf_test.go
@@ -478,7 +478,7 @@ func TestFindManagedStacks(t *testing.T) {
 						"cert-arn": {},
 					},
 					TargetGroupARNs: []string{"tg-arn"},
-					tags: map[string]string{
+					Tags: map[string]string{
 						kubernetesCreatorTag:                 DefaultControllerID,
 						clusterIDTagPrefix + "test-cluster":  resourceLifecycleOwned,
 						certificateARNTagPrefix + "cert-arn": time.Time{}.Format(time.RFC3339),
@@ -494,7 +494,7 @@ func TestFindManagedStacks(t *testing.T) {
 						"cert-arn": {},
 					},
 					TargetGroupARNs: []string{"tg-arn"},
-					tags: map[string]string{
+					Tags: map[string]string{
 						kubernetesCreatorTag:                 DefaultControllerID,
 						clusterIDTagPrefix + "test-cluster":  resourceLifecycleOwned,
 						certificateARNTagPrefix + "cert-arn": time.Time{}.Format(time.RFC3339),
@@ -510,7 +510,7 @@ func TestFindManagedStacks(t *testing.T) {
 						"cert-arn": {},
 					},
 					TargetGroupARNs: []string{"tg-arn", "http-tg-arn"},
-					tags: map[string]string{
+					Tags: map[string]string{
 						kubernetesCreatorTag:                 DefaultControllerID,
 						clusterIDTagPrefix + "test-cluster":  resourceLifecycleOwned,
 						certificateARNTagPrefix + "cert-arn": time.Time{}.Format(time.RFC3339),
@@ -522,7 +522,7 @@ func TestFindManagedStacks(t *testing.T) {
 				{
 					Name:            "managed-stack-not-ready",
 					CertificateARNs: map[string]time.Time{},
-					tags: map[string]string{
+					Tags: map[string]string{
 						kubernetesCreatorTag:                DefaultControllerID,
 						clusterIDTagPrefix + "test-cluster": resourceLifecycleOwned,
 					},
@@ -558,7 +558,7 @@ func TestFindManagedStacks(t *testing.T) {
 					CertificateARNs: map[string]time.Time{
 						"cert-arn": {},
 					},
-					tags: map[string]string{
+					Tags: map[string]string{
 						kubernetesCreatorTag:                 DefaultControllerID,
 						clusterIDTagPrefix + "test-cluster":  resourceLifecycleOwned,
 						certificateARNTagPrefix + "cert-arn": time.Time{}.Format(time.RFC3339),
@@ -595,7 +595,7 @@ func TestFindManagedStacks(t *testing.T) {
 					CertificateARNs: map[string]time.Time{
 						"cert-arn": {},
 					},
-					tags: map[string]string{
+					Tags: map[string]string{
 						kubernetesCreatorTag:                 DefaultControllerID,
 						clusterIDTagPrefix + "test-cluster":  resourceLifecycleOwned,
 						certificateARNTagPrefix + "cert-arn": time.Time{}.Format(time.RFC3339),
@@ -644,7 +644,7 @@ func TestFindManagedStacks(t *testing.T) {
 					DNSName:         "example-notready.com",
 					TargetGroupARNs: []string{"tg-arn"},
 					CertificateARNs: map[string]time.Time{},
-					tags: map[string]string{
+					Tags: map[string]string{
 						kubernetesCreatorTag:                DefaultControllerID,
 						clusterIDTagPrefix + "test-cluster": resourceLifecycleOwned,
 						targetGroupsArnsTag:                 "dGctYXJu", // "tg-arn"
@@ -657,7 +657,7 @@ func TestFindManagedStacks(t *testing.T) {
 					DNSName:         "example.com",
 					TargetGroupARNs: []string{"tg-arn"},
 					CertificateARNs: map[string]time.Time{},
-					tags: map[string]string{
+					Tags: map[string]string{
 						kubernetesCreatorTag:                DefaultControllerID,
 						clusterIDTagPrefix + "test-cluster": resourceLifecycleOwned,
 						targetGroupsArnsTag:                 "dGctYXJu", // "tg-arn"
@@ -738,7 +738,7 @@ func TestGetStack(t *testing.T) {
 					"cert-arn": {},
 				},
 				TargetGroupARNs: []string{"tg-arn"},
-				tags: map[string]string{
+				Tags: map[string]string{
 					kubernetesCreatorTag:                 DefaultControllerID,
 					clusterIDTagPrefix + "test-cluster":  resourceLifecycleOwned,
 					certificateARNTagPrefix + "cert-arn": time.Time{}.Format(time.RFC3339),
@@ -779,7 +779,7 @@ func TestGetStack(t *testing.T) {
 					"cert-arn": {},
 				},
 				TargetGroupARNs: []string{"tg-arn", "tg-http-arn"},
-				tags: map[string]string{
+				Tags: map[string]string{
 					kubernetesCreatorTag:                 DefaultControllerID,
 					clusterIDTagPrefix + "test-cluster":  resourceLifecycleOwned,
 					certificateARNTagPrefix + "cert-arn": time.Time{}.Format(time.RFC3339),

diff --git a/aws/fake/cf.go b/aws/fake/cf.go
@@ -69,6 +69,7 @@ func (m *CFClient) DescribeStacks(in *cloudformation.DescribeStacksInput) (*clou
 }
 
 func (m *CFClient) CreateStack(params *cloudformation.CreateStackInput) (*cloudformation.CreateStackOutput, error) {
+	print("\n ======== CreateStack ======== \n")
 	m.tagCreationHistory = append(m.tagCreationHistory, params.Tags)
 	m.paramCreationHistory = append(m.paramCreationHistory, params.Parameters)
 	m.templateCreationHistory = append(m.templateCreationHistory, *params.TemplateBody)

diff --git a/worker.go b/worker.go
@@ -534,7 +534,12 @@ func createStack(awsAdapter *aws.Adapter, lb *loadBalancer, problems *problem.Li
 
 	log.Infof("Creating stack for certificates %q / ingress %q", certificates, lb.ingresses)
 
-	stackId, err := awsAdapter.CreateStack(certificates, lb.scheme, lb.securityGroup, lb.Owner(), lb.sslPolicy, lb.ipAddressType, lb.wafWebACLID, lb.cwAlarms, lb.loadBalancerType, lb.http2)
+	tags := make(map[string]string)
+	if lb.stack != nil && lb.stack.Tags != nil {
+		tags = lb.stack.Tags
+	}
+
+	stackId, err := awsAdapter.CreateStack(certificates, lb.scheme, lb.securityGroup, lb.Owner(), lb.sslPolicy, lb.ipAddressType, lb.wafWebACLID, lb.cwAlarms, lb.loadBalancerType, lb.http2, tags)
 	if err != nil {
 		if isAlreadyExistsError(err) {
 			lb.stack, err = awsAdapter.GetStack(stackId)
@@ -554,7 +559,12 @@ func updateStack(awsAdapter *aws.Adapter, lb *loadBalancer, problems *problem.Li
 
 	log.Infof("Updating %q stack for %d certificates / %d ingresses", lb.scheme, len(certificates), len(lb.ingresses))
 
-	stackId, err := awsAdapter.UpdateStack(lb.stack.Name, certificates, lb.scheme, lb.securityGroup, lb.Owner(), lb.sslPolicy, lb.ipAddressType, lb.wafWebACLID, lb.cwAlarms, lb.loadBalancerType, lb.http2)
+	tags := make(map[string]string)
+	if lb.stack != nil && lb.stack.Tags != nil {
+		tags = lb.stack.Tags
+	}
+
+	stackId, err := awsAdapter.UpdateStack(lb.stack.Name, certificates, lb.scheme, lb.securityGroup, lb.Owner(), lb.sslPolicy, lb.ipAddressType, lb.wafWebACLID, lb.cwAlarms, lb.loadBalancerType, lb.http2, tags)
 	if isNoUpdatesToBePerformedError(err) {
 		log.Debugf("Stack(%q) is already up to date", certificates)
 	} else if err != nil {

diff --git a/worker_test.go b/worker_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/x509"
 	"encoding/json"
+	"fmt"
 	"io"
 	"net/http/httptest"
 	"os"
@@ -527,9 +528,9 @@ func TestResourceConversionOneToOne(tt *testing.T) {
 				t.Error(problems.Errors())
 			}
 
-			assert.Equal(t, len(clientCF.GetTagCreationHistory()), len(tags))
+			assert.Equal(t, len(clientCF.GetTagCreationHistory()), len(tags), fmt.Sprintf("got %v, expected %v", tags, clientCF.GetTagCreationHistory()))
 			assert.Equal(t, len(clientCF.GetParamCreationHistory()), len(params))
-			assert.Equal(t, len(clientCF.GetTemplateCreationHistory()), len(templates))
+			assert.Equal(t, len(clientCF.GetTemplateCreationHistory()), len(templates), fmt.Sprintf("got %v, expected %v", templates, clientCF.GetTemplateCreationHistory()))
 
 			// This loop is necessary because assert.ElementsMatch only do set-style comparison
 			// for the first level of the array. So for nested arrays it would not behave like expected.