Merge pull request #4549 from zac-nixon/main

[gateway api] remove route count check for deleting gateway

Author: k8s-ci-robot

controllers/gateway/gateway_controller.go

@@ -3,9 +3,10 @@ package gateway
 import (
 	"context"
 	"fmt"
-	"sigs.k8s.io/aws-load-balancer-controller/pkg/certs"
 	"time"
 
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/certs"
+
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/shared_utils"
 
 	elbv2types "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types"
@@ -220,6 +221,8 @@ func (r *gatewayReconciler) reconcileHelper(ctx context.Context, req reconcile.R
 		return err
 	}
 
+	isDeleting := isGatewayDeleting(gw)
+
 	loaderResults, err := r.gatewayLoader.LoadRoutesForGateway(ctx, *gw, r.routeFilter, r.controllerName)
 
 	if err != nil || loaderResults.ValidationResults.HasErrors {
@@ -253,7 +256,7 @@ func (r *gatewayReconciler) reconcileHelper(ctx context.Context, req reconcile.R
 		}
 	}
 
-	stack, lb, newAddOnConfig, backendSGRequired, secrets, err := r.buildModel(ctx, gw, mergedLbConfig, allRoutes, currentAddOns)
+	stack, lb, newAddOnConfig, backendSGRequired, secrets, err := r.buildModel(ctx, gw, mergedLbConfig, allRoutes, currentAddOns, isDeleting)
 
 	if err != nil {
 		return err
@@ -298,14 +301,6 @@ func (r *gatewayReconciler) reconcileHelper(ctx context.Context, req reconcile.R
 }
 
 func (r *gatewayReconciler) reconcileDelete(ctx context.Context, gw *gwv1.Gateway, stack core.Stack, routes map[int32][]routeutils.RouteDescriptor) error {
-	for _, routeList := range routes {
-		if len(routeList) != 0 {
-			err := errors.Errorf("Gateway deletion invoked with routes attached [%s]", generateRouteList(routes))
-			r.eventRecorder.Event(gw, corev1.EventTypeWarning, k8s.GatewayEventReasonFailedDeleteWithRoutesAttached, err.Error())
-			return err
-		}
-	}
-
 	if k8s.HasFinalizer(gw, r.finalizer) {
 		err := r.deployModel(ctx, gw, stack, nil)
 		if err != nil {
@@ -367,8 +362,8 @@ func (r *gatewayReconciler) deployModel(ctx context.Context, gw *gwv1.Gateway, s
 	return nil
 }
 
-func (r *gatewayReconciler) buildModel(ctx context.Context, gw *gwv1.Gateway, cfg elbv2gw.LoadBalancerConfiguration, listenerToRoute map[int32][]routeutils.RouteDescriptor, currentAddonConfig []addon.Addon) (core.Stack, *elbv2model.LoadBalancer, []addon.AddonMetadata, bool, []types.NamespacedName, error) {
-	stack, lb, newAddOnConfig, backendSGRequired, secrets, err := r.modelBuilder.Build(ctx, gw, cfg, listenerToRoute, currentAddonConfig, r.secretsManager, r.targetGroupNameToArnMapper)
+func (r *gatewayReconciler) buildModel(ctx context.Context, gw *gwv1.Gateway, cfg elbv2gw.LoadBalancerConfiguration, listenerToRoute map[int32][]routeutils.RouteDescriptor, currentAddonConfig []addon.Addon, isDelete bool) (core.Stack, *elbv2model.LoadBalancer, []addon.AddonMetadata, bool, []types.NamespacedName, error) {
+	stack, lb, newAddOnConfig, backendSGRequired, secrets, err := r.modelBuilder.Build(ctx, gw, cfg, listenerToRoute, currentAddonConfig, r.secretsManager, r.targetGroupNameToArnMapper, isDelete)
 	if err != nil {
 		r.eventRecorder.Event(gw, corev1.EventTypeWarning, k8s.GatewayEventReasonFailedBuildModel, fmt.Sprintf("Failed build model due to %v", err))
 		return nil, nil, nil, false, nil, err

controllers/gateway/utils.go

@@ -190,3 +190,8 @@ func getServicesFromRoutes(listenerRouteMap map[int32][]routeutils.RouteDescript
 	}
 	return res.UnsortedList()
 }
+
+// isGatewayDeleting returns true if the gateway has a deletion timestamp set
+func isGatewayDeleting(gw *gwv1.Gateway) bool {
+	return gw.DeletionTimestamp != nil && !gw.DeletionTimestamp.IsZero()
+}

pkg/gateway/model/base_model_builder.go

@@ -2,14 +2,15 @@ package model
 
 import (
 	"context"
+	"strconv"
+
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/addon"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/certs"
 	config2 "sigs.k8s.io/aws-load-balancer-controller/pkg/gateway"
 	modelAddons "sigs.k8s.io/aws-load-balancer-controller/pkg/gateway/model/addons"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/shared_utils"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"strconv"
 
 	"github.com/go-logr/logr"
 	"github.com/pkg/errors"
@@ -33,7 +34,7 @@ import (
 // Builder builds the model stack for a Gateway resource.
 type Builder interface {
 	// Build model stack for a gateway
-	Build(ctx context.Context, gw *gwv1.Gateway, lbConf elbv2gw.LoadBalancerConfiguration, routes map[int32][]routeutils.RouteDescriptor, currentAddonConfig []addon.Addon, secretsManager k8s.SecretsManager, targetGroupNameToArnMapper shared_utils.TargetGroupARNMapper) (core.Stack, *elbv2model.LoadBalancer, []addon.AddonMetadata, bool, []types.NamespacedName, error)
+	Build(ctx context.Context, gw *gwv1.Gateway, lbConf elbv2gw.LoadBalancerConfiguration, routes map[int32][]routeutils.RouteDescriptor, currentAddonConfig []addon.Addon, secretsManager k8s.SecretsManager, targetGroupNameToArnMapper shared_utils.TargetGroupARNMapper, isDelete bool) (core.Stack, *elbv2model.LoadBalancer, []addon.AddonMetadata, bool, []types.NamespacedName, error)
 }
 
 // NewModelBuilder construct a new baseModelBuilder
@@ -122,19 +123,16 @@ type baseModelBuilder struct {
 	defaultIPType             elbv2model.IPAddressType
 }
 
-func (baseBuilder *baseModelBuilder) Build(ctx context.Context, gw *gwv1.Gateway, lbConf elbv2gw.LoadBalancerConfiguration, routes map[int32][]routeutils.RouteDescriptor, currentAddonConfig []addon.Addon, secretsManager k8s.SecretsManager, targetGroupNameToArnMapper shared_utils.TargetGroupARNMapper) (core.Stack, *elbv2model.LoadBalancer, []addon.AddonMetadata, bool, []types.NamespacedName, error) {
+func (baseBuilder *baseModelBuilder) Build(ctx context.Context, gw *gwv1.Gateway, lbConf elbv2gw.LoadBalancerConfiguration, routes map[int32][]routeutils.RouteDescriptor, currentAddonConfig []addon.Addon, secretsManager k8s.SecretsManager, targetGroupNameToArnMapper shared_utils.TargetGroupARNMapper, isDelete bool) (core.Stack, *elbv2model.LoadBalancer, []addon.AddonMetadata, bool, []types.NamespacedName, error) {
 	stack := core.NewDefaultStack(core.StackID(k8s.NamespacedName(gw)))
-	var isPreDelete bool
-	if gw.DeletionTimestamp != nil && !gw.DeletionTimestamp.IsZero() {
+	if isDelete {
 		if baseBuilder.isDeleteProtected(lbConf) {
 			return nil, nil, nil, false, nil, errors.Errorf("Unable to delete gateway %+v because deletion protection is enabled.", k8s.NamespacedName(gw))
 		}
 
 		if len(currentAddonConfig) == 0 {
 			return stack, nil, nil, false, nil, nil
 		}
-
-		isPreDelete = true
 	}
 
 	/* Basic LB stuff (Scheme, IP Address Type) */
@@ -171,7 +169,7 @@ func (baseBuilder *baseModelBuilder) Build(ctx context.Context, gw *gwv1.Gateway
 	}
 
 	addOnCfg := lbConf
-	if isPreDelete {
+	if isDelete {
 		addOnCfg = elbv2gw.LoadBalancerConfiguration{}
 	}
 

pkg/gateway/model/base_model_builder_test.go

@@ -0,0 +1,268 @@
+package model
+
+import (
+	"testing"
+
+	"github.com/go-logr/logr"
+	"github.com/stretchr/testify/assert"
+	elbv2gw "sigs.k8s.io/aws-load-balancer-controller/apis/gateway/v1beta1"
+	elbv2model "sigs.k8s.io/aws-load-balancer-controller/pkg/model/elbv2"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/shared_constants"
+)
+
+func Test_baseModelBuilder_isDeleteProtected(t *testing.T) {
+	tests := []struct {
+		name   string
+		lbConf elbv2gw.LoadBalancerConfiguration
+		want   bool
+	}{
+		{
+			name: "deletion protection enabled",
+			lbConf: elbv2gw.LoadBalancerConfiguration{
+				Spec: elbv2gw.LoadBalancerConfigurationSpec{
+					LoadBalancerAttributes: []elbv2gw.LoadBalancerAttribute{
+						{
+							Key:   shared_constants.LBAttributeDeletionProtection,
+							Value: "true",
+						},
+					},
+				},
+			},
+			want: true,
+		},
+		{
+			name: "deletion protection disabled",
+			lbConf: elbv2gw.LoadBalancerConfiguration{
+				Spec: elbv2gw.LoadBalancerConfigurationSpec{
+					LoadBalancerAttributes: []elbv2gw.LoadBalancerAttribute{
+						{
+							Key:   shared_constants.LBAttributeDeletionProtection,
+							Value: "false",
+						},
+					},
+				},
+			},
+			want: false,
+		},
+		{
+			name: "deletion protection not specified",
+			lbConf: elbv2gw.LoadBalancerConfiguration{
+				Spec: elbv2gw.LoadBalancerConfigurationSpec{
+					LoadBalancerAttributes: []elbv2gw.LoadBalancerAttribute{},
+				},
+			},
+			want: false,
+		},
+		{
+			name: "deletion protection with invalid value",
+			lbConf: elbv2gw.LoadBalancerConfiguration{
+				Spec: elbv2gw.LoadBalancerConfigurationSpec{
+					LoadBalancerAttributes: []elbv2gw.LoadBalancerAttribute{
+						{
+							Key:   shared_constants.LBAttributeDeletionProtection,
+							Value: "invalid",
+						},
+					},
+				},
+			},
+			want: false,
+		},
+		{
+			name: "deletion protection among other attributes",
+			lbConf: elbv2gw.LoadBalancerConfiguration{
+				Spec: elbv2gw.LoadBalancerConfigurationSpec{
+					LoadBalancerAttributes: []elbv2gw.LoadBalancerAttribute{
+						{
+							Key:   "idle_timeout.timeout_seconds",
+							Value: "60",
+						},
+						{
+							Key:   shared_constants.LBAttributeDeletionProtection,
+							Value: "true",
+						},
+						{
+							Key:   "access_logs.s3.enabled",
+							Value: "false",
+						},
+					},
+				},
+			},
+			want: true,
+		},
+		{
+			name:   "empty config",
+			lbConf: elbv2gw.LoadBalancerConfiguration{},
+			want:   false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			builder := &baseModelBuilder{
+				logger: logr.Discard(),
+			}
+			got := builder.isDeleteProtected(tt.lbConf)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func Test_baseModelBuilder_buildLoadBalancerScheme(t *testing.T) {
+	internetFacing := elbv2gw.LoadBalancerScheme(elbv2model.LoadBalancerSchemeInternetFacing)
+	internal := elbv2gw.LoadBalancerScheme(elbv2model.LoadBalancerSchemeInternal)
+	unknown := elbv2gw.LoadBalancerScheme("unknown")
+
+	tests := []struct {
+		name          string
+		lbConf        elbv2gw.LoadBalancerConfiguration
+		defaultScheme elbv2model.LoadBalancerScheme
+		want          elbv2model.LoadBalancerScheme
+		wantErr       bool
+	}{
+		{
+			name: "internet-facing scheme",
+			lbConf: elbv2gw.LoadBalancerConfiguration{
+				Spec: elbv2gw.LoadBalancerConfigurationSpec{
+					Scheme: &internetFacing,
+				},
+			},
+			defaultScheme: elbv2model.LoadBalancerSchemeInternal,
+			want:          elbv2model.LoadBalancerSchemeInternetFacing,
+			wantErr:       false,
+		},
+		{
+			name: "internal scheme",
+			lbConf: elbv2gw.LoadBalancerConfiguration{
+				Spec: elbv2gw.LoadBalancerConfigurationSpec{
+					Scheme: &internal,
+				},
+			},
+			defaultScheme: elbv2model.LoadBalancerSchemeInternetFacing,
+			want:          elbv2model.LoadBalancerSchemeInternal,
+			wantErr:       false,
+		},
+		{
+			name: "nil scheme uses default",
+			lbConf: elbv2gw.LoadBalancerConfiguration{
+				Spec: elbv2gw.LoadBalancerConfigurationSpec{
+					Scheme: nil,
+				},
+			},
+			defaultScheme: elbv2model.LoadBalancerSchemeInternal,
+			want:          elbv2model.LoadBalancerSchemeInternal,
+			wantErr:       false,
+		},
+		{
+			name: "unknown scheme returns error",
+			lbConf: elbv2gw.LoadBalancerConfiguration{
+				Spec: elbv2gw.LoadBalancerConfigurationSpec{
+					Scheme: &unknown,
+				},
+			},
+			defaultScheme: elbv2model.LoadBalancerSchemeInternal,
+			want:          "",
+			wantErr:       true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			builder := &baseModelBuilder{
+				defaultLoadBalancerScheme: tt.defaultScheme,
+			}
+			got, err := builder.buildLoadBalancerScheme(tt.lbConf)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func Test_baseModelBuilder_buildLoadBalancerIPAddressType(t *testing.T) {
+	ipv4 := elbv2gw.LoadBalancerIpAddressType(elbv2model.IPAddressTypeIPV4)
+	dualStack := elbv2gw.LoadBalancerIpAddressType(elbv2model.IPAddressTypeDualStack)
+	dualStackWithoutPublicIPv4 := elbv2gw.LoadBalancerIpAddressType(elbv2model.IPAddressTypeDualStackWithoutPublicIPV4)
+	unknown := elbv2gw.LoadBalancerIpAddressType("unknown")
+
+	tests := []struct {
+		name        string
+		lbConf      elbv2gw.LoadBalancerConfiguration
+		defaultType elbv2model.IPAddressType
+		want        elbv2model.IPAddressType
+		wantErr     bool
+	}{
+		{
+			name: "ipv4 address type",
+			lbConf: elbv2gw.LoadBalancerConfiguration{
+				Spec: elbv2gw.LoadBalancerConfigurationSpec{
+					IpAddressType: &ipv4,
+				},
+			},
+			defaultType: elbv2model.IPAddressTypeDualStack,
+			want:        elbv2model.IPAddressTypeIPV4,
+			wantErr:     false,
+		},
+		{
+			name: "dualstack address type",
+			lbConf: elbv2gw.LoadBalancerConfiguration{
+				Spec: elbv2gw.LoadBalancerConfigurationSpec{
+					IpAddressType: &dualStack,
+				},
+			},
+			defaultType: elbv2model.IPAddressTypeIPV4,
+			want:        elbv2model.IPAddressTypeDualStack,
+			wantErr:     false,
+		},
+		{
+			name: "dualstack without public ipv4 address type",
+			lbConf: elbv2gw.LoadBalancerConfiguration{
+				Spec: elbv2gw.LoadBalancerConfigurationSpec{
+					IpAddressType: &dualStackWithoutPublicIPv4,
+				},
+			},
+			defaultType: elbv2model.IPAddressTypeIPV4,
+			want:        elbv2model.IPAddressTypeDualStackWithoutPublicIPV4,
+			wantErr:     false,
+		},
+		{
+			name: "nil address type uses default",
+			lbConf: elbv2gw.LoadBalancerConfiguration{
+				Spec: elbv2gw.LoadBalancerConfigurationSpec{
+					IpAddressType: nil,
+				},
+			},
+			defaultType: elbv2model.IPAddressTypeIPV4,
+			want:        elbv2model.IPAddressTypeIPV4,
+			wantErr:     false,
+		},
+		{
+			name: "unknown address type returns error",
+			lbConf: elbv2gw.LoadBalancerConfiguration{
+				Spec: elbv2gw.LoadBalancerConfigurationSpec{
+					IpAddressType: &unknown,
+				},
+			},
+			defaultType: elbv2model.IPAddressTypeIPV4,
+			want:        "",
+			wantErr:     true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			builder := &baseModelBuilder{
+				defaultIPType: tt.defaultType,
+			}
+			got, err := builder.buildLoadBalancerIPAddressType(tt.lbConf)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}