refactor to make target group name -> arn mapper be a common utility

Author: zac-nixon

controllers/ingress/group_controller.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	awsmetrics "sigs.k8s.io/aws-load-balancer-controller/pkg/metrics/aws"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/shared_utils"
 
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
@@ -53,7 +54,7 @@ func NewGroupReconciler(cloud services.Cloud, k8sClient client.Client, eventReco
 	networkingManager networkingpkg.NetworkingManager, networkingSGReconciler networkingpkg.SecurityGroupReconciler, subnetsResolver networkingpkg.SubnetsResolver,
 	elbv2TaggingManager elbv2deploy.TaggingManager, controllerConfig config.ControllerConfig, backendSGProvider networkingpkg.BackendSGProvider,
 	sgResolver networkingpkg.SecurityGroupResolver, logger logr.Logger, metricsCollector lbcmetrics.MetricCollector, reconcileCounters *metricsutil.ReconcileCounters,
-	targetGroupCollector awsmetrics.TargetGroupCollector) *groupReconciler {
+	targetGroupCollector awsmetrics.TargetGroupCollector, targetGroupNameToArnMapper shared_utils.TargetGroupARNMapper) *groupReconciler {
 
 	annotationParser := annotations.NewSuffixAnnotationParser(annotations.AnnotationPrefixIngress)
 	authConfigBuilder := ingress.NewDefaultAuthConfigBuilder(annotationParser)
@@ -66,7 +67,7 @@ func NewGroupReconciler(cloud services.Cloud, k8sClient client.Client, eventReco
 		authConfigBuilder, enhancedBackendBuilder, trackingProvider, elbv2TaggingManager, controllerConfig.FeatureGates,
 		cloud.VpcID(), controllerConfig.ClusterName, controllerConfig.DefaultTags, controllerConfig.ExternalManagedTags,
 		controllerConfig.DefaultSSLPolicy, controllerConfig.DefaultTargetType, controllerConfig.DefaultLoadBalancerScheme, backendSGProvider, sgResolver,
-		controllerConfig.EnableBackendSecurityGroup, controllerConfig.EnableManageBackendSecurityGroupRules, controllerConfig.DisableRestrictedSGRules, controllerConfig.IngressConfig.AllowedCertificateAuthorityARNs, controllerConfig.FeatureGates.Enabled(config.EnableIPTargetType), logger, metricsCollector)
+		controllerConfig.EnableBackendSecurityGroup, controllerConfig.EnableManageBackendSecurityGroupRules, controllerConfig.DisableRestrictedSGRules, controllerConfig.IngressConfig.AllowedCertificateAuthorityARNs, controllerConfig.FeatureGates.Enabled(config.EnableIPTargetType), targetGroupNameToArnMapper, logger, metricsCollector)
 	stackMarshaller := deploy.NewDefaultStackMarshaller()
 	stackDeployer := deploy.NewDefaultStackDeployer(cloud, k8sClient, networkingManager, networkingSGManager, networkingSGReconciler, elbv2TaggingManager,
 		controllerConfig, ingressTagPrefix, logger, metricsCollector, controllerName, controllerConfig.FeatureGates.Enabled(config.EnhancedDefaultBehavior), targetGroupCollector)

main.go

@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"os"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/shared_utils"
 
 	elbv2gw "sigs.k8s.io/aws-load-balancer-controller/apis/gateway/v1beta1"
 	"sigs.k8s.io/aws-load-balancer-controller/controllers/gateway"
@@ -110,6 +111,7 @@ type gatewayControllerConfig struct {
 	serviceReferenceCounter referencecounter.ServiceReferenceCounter
 	networkingManager       networking.NetworkingManager
 	targetGroupCollector    awsmetrics.TargetGroupCollector
+	targetGroupARNMapper    shared_utils.TargetGroupARNMapper
 }
 
 func main() {
@@ -187,6 +189,8 @@ func main() {
 
 	networkingManager := networking.NewDefaultNetworkingManager(mgr.GetClient(), podENIResolver, nodeENIResolver, sgManager, sgReconciler, cloud.VpcID(), controllerCFG.ClusterName, controllerCFG.ServiceTargetENISGTags, ctrl.Log, controllerCFG.DisableRestrictedSGRules)
 
+	tgArnMapper := shared_utils.NewTargetGroupNameToArnMapper(cloud.ELBV2())
+
 	tgbResManager := targetgroupbinding.NewDefaultResourceManager(mgr.GetClient(), cloud.ELBV2(),
 		podInfoRepo, networkingManager, vpcInfoProvider, multiClusterManager, lbcMetricsCollector,
 		cloud.VpcID(), controllerCFG.FeatureGates.Enabled(config.EndpointsFailOpen), controllerCFG.EnableEndpointSlices,
@@ -198,7 +202,7 @@ func main() {
 	ingGroupReconciler := ingress.NewGroupReconciler(cloud, mgr.GetClient(), mgr.GetEventRecorderFor("ingress"),
 		finalizerManager, sgManager, networkingManager, sgReconciler, subnetResolver, elbv2TaggingManager,
 		controllerCFG, backendSGProvider, sgResolver, ctrl.Log.WithName("controllers").WithName("ingress"), lbcMetricsCollector, reconcileCounters,
-		targetGroupCollector)
+		targetGroupCollector, tgArnMapper)
 	svcReconciler := service.NewServiceReconciler(cloud, mgr.GetClient(), mgr.GetEventRecorderFor("service"),
 		finalizerManager, networkingManager, sgManager, sgReconciler, subnetResolver, vpcInfoProvider, elbv2TaggingManager,
 		controllerCFG, backendSGProvider, sgResolver, ctrl.Log.WithName("controllers").WithName("service"), lbcMetricsCollector, reconcileCounters,
@@ -268,6 +272,7 @@ func main() {
 			networkingManager:       networkingManager,
 			serviceReferenceCounter: serviceReferenceCounter,
 			targetGroupCollector:    targetGroupCollector,
+			targetGroupARNMapper:    tgArnMapper,
 		}
 
 		enabledControllers := sets.Set[string]{}
@@ -473,6 +478,7 @@ func setupGatewayController(ctx context.Context, mgr ctrl.Manager, cfg *gatewayC
 			cfg.metricsCollector,
 			cfg.reconcileCounters,
 			cfg.targetGroupCollector,
+			cfg.targetGroupARNMapper,
 		)
 	case gateway_constants.ALBGatewayController:
 		reconciler = gateway.NewALBGatewayReconciler(
@@ -495,6 +501,7 @@ func setupGatewayController(ctx context.Context, mgr ctrl.Manager, cfg *gatewayC
 			cfg.metricsCollector,
 			cfg.reconcileCounters,
 			cfg.targetGroupCollector,
+			cfg.targetGroupARNMapper,
 		)
 	default:
 		return fmt.Errorf("unknown controller type: %s", controllerType)

pkg/ingress/model_build_actions.go

@@ -107,7 +107,7 @@ func (t *defaultModelBuildTask) buildForwardAction(ctx context.Context, ing Clas
 		if tgt.TargetGroupARN != nil {
 			tgARN = core.LiteralStringToken(*tgt.TargetGroupARN)
 		} else if tgt.TargetGroupName != nil {
-			targetGroupARN, err := t.targetGroupNameToArnMapper.getArnByName(ctx, *tgt.TargetGroupName)
+			targetGroupARN, err := t.targetGroupNameToArnMapper.GetArnByName(ctx, *tgt.TargetGroupName)
 			if err != nil {
 				return elbv2model.Action{}, fmt.Errorf("searching TargetGroup with name %s: %w", *tgt.TargetGroupName, err)
 			}

pkg/ingress/model_build_actions_test.go

@@ -15,8 +15,10 @@ import (
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws/services"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/model/core"
 	elbv2model "sigs.k8s.io/aws-load-balancer-controller/pkg/model/elbv2"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/shared_utils"
 	testclient "sigs.k8s.io/controller-runtime/pkg/client/fake"
 	"testing"
+	"time"
 )
 
 func Test_defaultModelBuildTask_buildAuthenticateOIDCAction(t *testing.T) {
@@ -435,11 +437,11 @@ func Test_defaultModelBuildTask_buildForwardActionWithTargetGroupName(t *testing
 			}
 			task := &defaultModelBuildTask{
 				elbv2Client:                elbv2Client,
-				targetGroupNameToArnMapper: newTargetGroupNameToArnMapper(elbv2Client, defaultTargetGroupNameToARNCacheTTL),
+				targetGroupNameToArnMapper: shared_utils.NewTargetGroupNameToArnMapper(elbv2Client),
 			}
 
 			for targetGroupName, cachedArn := range tt.args.cache {
-				task.targetGroupNameToArnMapper.cache.Set(targetGroupName, cachedArn, defaultTargetGroupNameToARNCacheTTL)
+				task.targetGroupNameToArnMapper.GetCache().Set(targetGroupName, cachedArn, 10*time.Minute)
 			}
 
 			got, err := task.buildForwardAction(context.Background(), tt.args.ingress, Action{
@@ -448,9 +450,9 @@ func Test_defaultModelBuildTask_buildForwardActionWithTargetGroupName(t *testing
 			})
 			assert.Equal(t, tt.want, got)
 			assert.Equal(t, tt.wantErr, err)
-			assert.Equal(t, len(tt.wantCache), task.targetGroupNameToArnMapper.cache.Len())
+			assert.Equal(t, len(tt.wantCache), task.targetGroupNameToArnMapper.GetCache().Len())
 			for targetGroupName, expectedArn := range tt.wantCache {
-				rawCacheItem, exists := task.targetGroupNameToArnMapper.cache.Get(targetGroupName)
+				rawCacheItem, exists := task.targetGroupNameToArnMapper.GetCache().Get(targetGroupName)
 				assert.True(t, exists)
 				cachedArn := rawCacheItem.(string)
 				assert.Equal(t, expectedArn, cachedArn)

pkg/ingress/model_builder.go

@@ -2,11 +2,11 @@ package ingress
 
 import (
 	"context"
-	elbv2sdk "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2"
 	wafv2sdk "github.com/aws/aws-sdk-go-v2/service/wafv2"
 	wafv2types "github.com/aws/aws-sdk-go-v2/service/wafv2/types"
 	"k8s.io/apimachinery/pkg/util/cache"
 	"reflect"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/shared_utils"
 	"strconv"
 	"sync"
 	"time"
@@ -39,9 +39,8 @@ import (
 )
 
 const (
-	controllerName                      = "ingress"
-	defaultTargetGroupNameToARNCacheTTL = 20 * time.Minute
-	defaultWebACLNameToARNCacheTTL      = 60 * time.Minute
+	controllerName                 = "ingress"
+	defaultWebACLNameToARNCacheTTL = 60 * time.Minute
 )
 
 // ModelBuilder is responsible for build mode stack for a IngressGroup.
@@ -58,7 +57,7 @@ func NewDefaultModelBuilder(k8sClient client.Client, eventRecorder record.EventR
 	trackingProvider tracking.Provider, elbv2TaggingManager elbv2deploy.TaggingManager, featureGates config.FeatureGates,
 	vpcID string, clusterName string, defaultTags map[string]string, externalManagedTags []string, defaultSSLPolicy string, defaultTargetType string, defaultLoadBalancerScheme string,
 	backendSGProvider networkingpkg.BackendSGProvider, sgResolver networkingpkg.SecurityGroupResolver,
-	enableBackendSG bool, defaultEnableManageBackendSGRules bool, disableRestrictedSGRules bool, allowedCAARNs []string, enableIPTargetType bool, logger logr.Logger, metricsCollector lbcmetrics.MetricCollector) *defaultModelBuilder {
+	enableBackendSG bool, defaultEnableManageBackendSGRules bool, disableRestrictedSGRules bool, allowedCAARNs []string, enableIPTargetType bool, targetGroupNameToArnMapper shared_utils.TargetGroupARNMapper, logger logr.Logger, metricsCollector lbcmetrics.MetricCollector) *defaultModelBuilder {
 	certDiscovery := certs.NewACMCertDiscovery(acmClient, allowedCAARNs, logger)
 	ruleOptimizer := NewDefaultRuleOptimizer(logger)
 	return &defaultModelBuilder{
@@ -88,7 +87,7 @@ func NewDefaultModelBuilder(k8sClient client.Client, eventRecorder record.EventR
 		enableManageBackendSGRules: defaultEnableManageBackendSGRules,
 		disableRestrictedSGRules:   disableRestrictedSGRules,
 		enableIPTargetType:         enableIPTargetType,
-		targetGroupNameToArnMapper: newTargetGroupNameToArnMapper(elbv2Client, defaultTargetGroupNameToARNCacheTTL),
+		targetGroupNameToArnMapper: targetGroupNameToArnMapper,
 		webACLNameToArnMapper:      newWebACLNameToArnMapper(wafv2Client, defaultWebACLNameToARNCacheTTL),
 		logger:                     logger,
 		metricsCollector:           metricsCollector,
@@ -128,7 +127,7 @@ type defaultModelBuilder struct {
 	enableManageBackendSGRules bool
 	disableRestrictedSGRules   bool
 	enableIPTargetType         bool
-	targetGroupNameToArnMapper *targetGroupNameToArnMapper
+	targetGroupNameToArnMapper shared_utils.TargetGroupARNMapper
 	webACLNameToArnMapper      *webACLNameToArnMapper
 
 	logger           logr.Logger
@@ -255,7 +254,7 @@ type defaultModelBuildTask struct {
 	secretKeys                         []types.NamespacedName
 	frontendNlb                        *elbv2model.LoadBalancer
 	frontendNlbTargetGroupDesiredState *core.FrontendNlbTargetGroupDesiredState
-	targetGroupNameToArnMapper         *targetGroupNameToArnMapper
+	targetGroupNameToArnMapper         shared_utils.TargetGroupARNMapper
 	webACLNameToArnMapper              *webACLNameToArnMapper
 
 	metricsCollector lbcmetrics.MetricCollector
@@ -566,45 +565,6 @@ func newWebACLNameToArnMapper(wafv2Client services.WAFv2, ttl time.Duration) *we
 	}
 }
 
-type targetGroupNameToArnMapper struct {
-	elbv2Client services.ELBV2
-	cache       *cache.Expiring
-	cacheTTL    time.Duration
-	cacheMutex  sync.RWMutex
-}
-
-func newTargetGroupNameToArnMapper(elbv2Client services.ELBV2, ttl time.Duration) *targetGroupNameToArnMapper {
-	return &targetGroupNameToArnMapper{
-		elbv2Client: elbv2Client,
-		cache:       cache.NewExpiring(),
-		cacheTTL:    ttl,
-	}
-}
-
-// getArnByName returns the ARN of an AWS target group identified by its name
-func (t *targetGroupNameToArnMapper) getArnByName(ctx context.Context, targetGroupName string) (string, error) {
-	t.cacheMutex.Lock()
-	defer t.cacheMutex.Unlock()
-
-	if rawCacheItem, exists := t.cache.Get(targetGroupName); exists {
-		return rawCacheItem.(string), nil
-	}
-	req := &elbv2sdk.DescribeTargetGroupsInput{
-		Names: []string{targetGroupName},
-	}
-
-	targetGroups, err := t.elbv2Client.DescribeTargetGroupsAsList(ctx, req)
-	if err != nil {
-		return "", err
-	}
-	if len(targetGroups) != 1 {
-		return "", errors.Errorf("expecting a single targetGroup with query [%s] but got %v", targetGroupName, len(targetGroups))
-	}
-	arn := *targetGroups[0].TargetGroupArn
-	t.cache.Set(targetGroupName, arn, t.cacheTTL)
-	return arn, nil
-}
-
 func (w *webACLNameToArnMapper) getArnByName(ctx context.Context, webACLName string) (string, error) {
 	w.cacheMutex.Lock()
 	defer w.cacheMutex.Unlock()

pkg/shared_utils/target_group_arn_mapper.go

@@ -0,0 +1,63 @@
+package shared_utils
+
+import (
+	"context"
+	elbv2sdk "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2"
+	"github.com/pkg/errors"
+	"k8s.io/apimachinery/pkg/util/cache"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws/services"
+	"sync"
+	"time"
+)
+
+const (
+	defaultTargetGroupNameToARNCacheTTL = 20 * time.Minute
+)
+
+type TargetGroupARNMapper interface {
+	GetArnByName(ctx context.Context, targetGroupName string) (string, error)
+	GetCache() *cache.Expiring
+}
+
+type targetGroupNameToArnMapper struct {
+	elbv2Client services.ELBV2
+	cache       *cache.Expiring
+	cacheTTL    time.Duration
+	cacheMutex  sync.RWMutex
+}
+
+func (t *targetGroupNameToArnMapper) GetCache() *cache.Expiring {
+	return t.cache
+}
+
+func NewTargetGroupNameToArnMapper(elbv2Client services.ELBV2) TargetGroupARNMapper {
+	return &targetGroupNameToArnMapper{
+		elbv2Client: elbv2Client,
+		cache:       cache.NewExpiring(),
+		cacheTTL:    defaultTargetGroupNameToARNCacheTTL,
+	}
+}
+
+// GetArnByName returns the ARN of an AWS target group identified by its name
+func (t *targetGroupNameToArnMapper) GetArnByName(ctx context.Context, targetGroupName string) (string, error) {
+	t.cacheMutex.Lock()
+	defer t.cacheMutex.Unlock()
+
+	if rawCacheItem, exists := t.cache.Get(targetGroupName); exists {
+		return rawCacheItem.(string), nil
+	}
+	req := &elbv2sdk.DescribeTargetGroupsInput{
+		Names: []string{targetGroupName},
+	}
+
+	targetGroups, err := t.elbv2Client.DescribeTargetGroupsAsList(ctx, req)
+	if err != nil {
+		return "", err
+	}
+	if len(targetGroups) != 1 {
+		return "", errors.Errorf("expecting a single targetGroup with query [%s] but got %v", targetGroupName, len(targetGroups))
+	}
+	arn := *targetGroups[0].TargetGroupArn
+	t.cache.Set(targetGroupName, arn, t.cacheTTL)
+	return arn, nil
+}