Try storing targetgroups encoded in a tag

Signed-off-by: Mustafa Abdelrahman <[email protected]>
zalando-incubator · Jan 8, 2024 · e030b93 · e030b93
1 parent 2275800
commit e030b93
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 3 deletions.
diff --git a/aws/cf.go b/aws/cf.go
@@ -1,20 +1,24 @@
 package aws
 
 import (
+	"encoding/base64"
 	"fmt"
 	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/cloudformation"
 	"github.com/aws/aws-sdk-go/service/cloudformation/cloudformationiface"
+
+	log "github.com/sirupsen/logrus"
 )
 
 const (
 	certificateARNTagLegacy = "ingress:certificate-arn"
 	certificateARNTagPrefix = "ingress:certificate-arn/"
 	ingressOwnerTag         = "ingress:owner"
 	cwAlarmConfigHashTag    = "cloudwatch:alarm-config-hash"
+	targetGroupsArnsTag     = "ingress:targetgroups"
 )
 
 // Stack is a simple wrapper around a CloudFormation Stack.
@@ -480,10 +484,28 @@ func mapToManagedStack(stack *cloudformation.Stack) *Stack {
 		http2 = false
 	}
 
+	tgARNs := outputs.targetGroupARNs()
+
+	// If the stack is in rollback state, the outputs are not available.
+	// We need to store target group ARNs in the tags.
+	if aws.StringValue(stack.StackStatus) == cloudformation.StackStatusRollbackInProgress && len(tgARNs) == 0 {
+		if tgARNsTag, ok := tags[targetGroupsArnsTag]; ok {
+			values, err := base64.StdEncoding.DecodeString(tgARNsTag)
+			if err != nil {
+				log.Errorf("failed to decode target group ARNs from tags: %v", err)
+				tgARNs = []string{}
+			} else {
+				tgARNs = strings.Split(string(values), ",")
+			}
+		}
+	} else if len(tgARNs) > 0 {
+		tags[targetGroupsArnsTag] = base64.StdEncoding.EncodeToString([]byte(strings.Join(tgARNs, ",")))
+	}
+
 	return &Stack{
 		Name:              aws.StringValue(stack.StackName),
 		DNSName:           outputs.dnsName(),
-		TargetGroupARNs:   outputs.targetGroupARNs(),
+		TargetGroupARNs:   tgARNs,
 		Scheme:            parameters[parameterLoadBalancerSchemeParameter],
 		SecurityGroup:     parameters[parameterLoadBalancerSecurityGroupParameter],
 		SSLPolicy:         parameters[parameterListenerSslPolicyParameter],

diff --git a/aws/cf_test.go b/aws/cf_test.go
@@ -482,6 +482,7 @@ func TestFindManagedStacks(t *testing.T) {
 						kubernetesCreatorTag:                 DefaultControllerID,
 						clusterIDTagPrefix + "test-cluster":  resourceLifecycleOwned,
 						certificateARNTagPrefix + "cert-arn": time.Time{}.Format(time.RFC3339),
+						targetGroupsArnsTag:                  "dGctYXJu", // "tg-arn"
 					},
 					status: cloudformation.StackStatusUpdateInProgress,
 					HTTP2:  true,
@@ -497,6 +498,7 @@ func TestFindManagedStacks(t *testing.T) {
 						kubernetesCreatorTag:                 DefaultControllerID,
 						clusterIDTagPrefix + "test-cluster":  resourceLifecycleOwned,
 						certificateARNTagPrefix + "cert-arn": time.Time{}.Format(time.RFC3339),
+						targetGroupsArnsTag:                  "dGctYXJu", // "tg-arn"
 					},
 					status: cloudformation.StackStatusCreateComplete,
 					HTTP2:  true,
@@ -512,6 +514,7 @@ func TestFindManagedStacks(t *testing.T) {
 						kubernetesCreatorTag:                 DefaultControllerID,
 						clusterIDTagPrefix + "test-cluster":  resourceLifecycleOwned,
 						certificateARNTagPrefix + "cert-arn": time.Time{}.Format(time.RFC3339),
+						targetGroupsArnsTag:                  "dGctYXJuLGh0dHAtdGctYXJu", // "tg-arn,http-tg-arn"
 					},
 					status: cloudformation.StackStatusCreateComplete,
 					HTTP2:  true,
@@ -542,6 +545,7 @@ func TestFindManagedStacks(t *testing.T) {
 								cfTag(kubernetesCreatorTag, DefaultControllerID),
 								cfTag(clusterIDTagPrefix+"test-cluster", resourceLifecycleOwned),
 								cfTag(certificateARNTagPrefix+"cert-arn", time.Time{}.Format(time.RFC3339)),
+								cfTag(targetGroupsArnsTag, "YXJuOmF3czpzbnM6dXMtZWFzdC0xOnRhcmdldGdyb3VwczpsYi10YXJnZXQtZ3JvdXBzMSxhcm46YXdzOnNuczp1cy1lYXN0LTE6dGFyZ2V0Z3JvdXBzOmxiLXRhcmdldC1ncm91cHMy"), // "arn:aws:sns:us-east-1:targetgroups:lb-target-groups1", "arn:aws:sns:us-east-1:targetgroups:lb-target-groups2"
 							},
 							Outputs: []*cloudformation.Output{},
 						},
@@ -558,9 +562,11 @@ func TestFindManagedStacks(t *testing.T) {
 						kubernetesCreatorTag:                 DefaultControllerID,
 						clusterIDTagPrefix + "test-cluster":  resourceLifecycleOwned,
 						certificateARNTagPrefix + "cert-arn": time.Time{}.Format(time.RFC3339),
+						targetGroupsArnsTag:                  "YXJuOmF3czpzbnM6dXMtZWFzdC0xOnRhcmdldGdyb3VwczpsYi10YXJnZXQtZ3JvdXBzMSxhcm46YXdzOnNuczp1cy1lYXN0LTE6dGFyZ2V0Z3JvdXBzOmxiLXRhcmdldC1ncm91cHMy", // "arn:aws:sns:us-east-1:targetgroups:lb-target-groups1", "arn:aws:sns:us-east-1:targetgroups:lb-target-groups2"
 					},
-					status: cloudformation.StackStatusRollbackInProgress,
-					HTTP2:  true,
+					TargetGroupARNs: []string{"arn:aws:sns:us-east-1:targetgroups:lb-target-groups1", "arn:aws:sns:us-east-1:targetgroups:lb-target-groups2"},
+					status:          cloudformation.StackStatusRollbackInProgress,
+					HTTP2:           true,
 				},
 			},
 		},
@@ -606,6 +612,7 @@ func TestFindManagedStacks(t *testing.T) {
 					tags: map[string]string{
 						kubernetesCreatorTag:                DefaultControllerID,
 						clusterIDTagPrefix + "test-cluster": resourceLifecycleOwned,
+						targetGroupsArnsTag:                 "dGctYXJu", // "tg-arn"
 					},
 					status: cloudformation.StackStatusReviewInProgress,
 					HTTP2:  true,
@@ -618,6 +625,7 @@ func TestFindManagedStacks(t *testing.T) {
 					tags: map[string]string{
 						kubernetesCreatorTag:                DefaultControllerID,
 						clusterIDTagPrefix + "test-cluster": resourceLifecycleOwned,
+						targetGroupsArnsTag:                 "dGctYXJu", // "tg-arn"
 					},
 					status: cloudformation.StackStatusRollbackComplete,
 					HTTP2:  true,