Merge pull request #2065 from haarchri/feature/more-status-sg

feat(sg): add more status atProvider for missing fields
crossplane-contrib · Jun 10, 2024 · bad55db · bad55db
2 parents 6966f8d + 9bf9611
commit bad55db
Show file tree

Hide file tree

Showing 5 changed files with 246 additions and 8 deletions.
diff --git a/apis/ec2/v1beta1/securitygroup_types.go b/apis/ec2/v1beta1/securitygroup_types.go
@@ -273,6 +273,41 @@ type SecurityGroupRuleObservation struct {
 
 	// Description of this rule.
 	Description *string `json:"description,omitempty"`
+
+	// The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type. A
+	// value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6
+	// types, you must specify all codes.
+	FromPort *int32 `json:"fromPort,omitempty"`
+
+	// The ID of the prefix list.
+	PrefixListId *string `json:"prefixListId,omitempty"`
+
+	// Describes the security group that is referenced in the rule.
+	ReferencedGroupInfo *ReferencedSecurityGroup `json:"referencedGroupInfo,omitempty"`
+
+	// The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A
+	// value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6
+	// types, you must specify all codes.
+	ToPort *int32 `json:"toPort,omitempty"`
+}
+
+// A ReferencedSecurityGroup describes the security group that is referenced in the security group rule.
+type ReferencedSecurityGroup struct {
+
+	// The ID of the security group.
+	GroupId *string `json:"groupId,omitempty"`
+
+	// The status of a VPC peering connection, if applicable.
+	PeeringStatus *string `json:"peeringStatus,omitempty"`
+
+	// The Amazon Web Services account ID.
+	UserId *string `json:"userId,omitempty"`
+
+	// The ID of the VPC.
+	VpcId *string `json:"vpcId,omitempty"`
+
+	// The ID of the VPC peering connection.
+	VpcPeeringConnectionId *string `json:"vpcPeeringConnectionId,omitempty"`
 }
 
 // A SecurityGroupStatus represents the observed state of a SecurityGroup.

diff --git a/apis/ec2/v1beta1/zz_generated.deepcopy.go b/apis/ec2/v1beta1/zz_generated.deepcopy.go
diff --git a/package/crds/ec2.aws.crossplane.io_securitygroups.yaml b/package/crds/ec2.aws.crossplane.io_securitygroups.yaml
@@ -978,6 +978,13 @@ spec:
                         description:
                           description: Description of this rule.
                           type: string
+                        fromPort:
+                          description: The start of port range for the TCP and UDP
+                            protocols, or an ICMP/ICMPv6 type. A value of -1 indicates
+                            all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6
+                            types, you must specify all codes.
+                          format: int32
+                          type: integer
                         id:
                           description: ID of the security group rule.
                           type: string
@@ -986,6 +993,37 @@ spec:
                             or number (see Protocol Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)).
                             Use -1 to specify all protocols.
                           type: string
+                        prefixListId:
+                          description: The ID of the prefix list.
+                          type: string
+                        referencedGroupInfo:
+                          description: Describes the security group that is referenced
+                            in the rule.
+                          properties:
+                            groupId:
+                              description: The ID of the security group.
+                              type: string
+                            peeringStatus:
+                              description: The status of a VPC peering connection,
+                                if applicable.
+                              type: string
+                            userId:
+                              description: The Amazon Web Services account ID.
+                              type: string
+                            vpcId:
+                              description: The ID of the VPC.
+                              type: string
+                            vpcPeeringConnectionId:
+                              description: The ID of the VPC peering connection.
+                              type: string
+                          type: object
+                        toPort:
+                          description: The end of port range for the TCP and UDP protocols,
+                            or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6
+                            codes. If you specify all ICMP/ICMPv6 types, you must
+                            specify all codes.
+                          format: int32
+                          type: integer
                       type: object
                     type: array
                   ingressRules:
@@ -1001,6 +1039,13 @@ spec:
                         description:
                           description: Description of this rule.
                           type: string
+                        fromPort:
+                          description: The start of port range for the TCP and UDP
+                            protocols, or an ICMP/ICMPv6 type. A value of -1 indicates
+                            all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6
+                            types, you must specify all codes.
+                          format: int32
+                          type: integer
                         id:
                           description: ID of the security group rule.
                           type: string
@@ -1009,6 +1054,37 @@ spec:
                             or number (see Protocol Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)).
                             Use -1 to specify all protocols.
                           type: string
+                        prefixListId:
+                          description: The ID of the prefix list.
+                          type: string
+                        referencedGroupInfo:
+                          description: Describes the security group that is referenced
+                            in the rule.
+                          properties:
+                            groupId:
+                              description: The ID of the security group.
+                              type: string
+                            peeringStatus:
+                              description: The status of a VPC peering connection,
+                                if applicable.
+                              type: string
+                            userId:
+                              description: The Amazon Web Services account ID.
+                              type: string
+                            vpcId:
+                              description: The ID of the VPC.
+                              type: string
+                            vpcPeeringConnectionId:
+                              description: The ID of the VPC peering connection.
+                              type: string
+                          type: object
+                        toPort:
+                          description: The end of port range for the TCP and UDP protocols,
+                            or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6
+                            codes. If you specify all ICMP/ICMPv6 types, you must
+                            specify all codes.
+                          format: int32
+                          type: integer
                       type: object
                     type: array
                   ownerId:

diff --git a/pkg/clients/ec2/securitygroup.go b/pkg/clients/ec2/securitygroup.go
@@ -106,10 +106,23 @@ func GenerateSGObservation(sg ec2types.SecurityGroup, rules []ec2types.SecurityG
 
 	for _, r := range rules {
 		observedRule := v1beta1.SecurityGroupRuleObservation{
-			ID:         r.SecurityGroupRuleId,
-			CidrIpv4:   r.CidrIpv4,
-			CidrIpv6:   r.CidrIpv6,
-			IpProtocol: r.IpProtocol,
+			ID:           r.SecurityGroupRuleId,
+			CidrIpv4:     r.CidrIpv4,
+			CidrIpv6:     r.CidrIpv6,
+			IpProtocol:   r.IpProtocol,
+			Description:  r.Description,
+			FromPort:     r.FromPort,
+			ToPort:       r.ToPort,
+			PrefixListId: r.PrefixListId,
+		}
+		if r.ReferencedGroupInfo != nil {
+			observedRule.ReferencedGroupInfo = &v1beta1.ReferencedSecurityGroup{
+				GroupId:                r.ReferencedGroupInfo.GroupId,
+				PeeringStatus:          r.ReferencedGroupInfo.PeeringStatus,
+				UserId:                 r.ReferencedGroupInfo.UserId,
+				VpcId:                  r.ReferencedGroupInfo.VpcId,
+				VpcPeeringConnectionId: r.ReferencedGroupInfo.VpcPeeringConnectionId,
+			}
 		}
 		if ptr.Deref(r.IsEgress, false) {
 			egressRules = append(egressRules, observedRule)

diff --git a/pkg/clients/ec2/securitygroup_test.go b/pkg/clients/ec2/securitygroup_test.go
@@ -157,21 +157,75 @@ func TestGenerateSGObservation(t *testing.T) {
 						IpProtocol:  ptr.To("tcp"),
 						IsEgress:    ptr.To(false),
 					},
+					{
+						CidrIpv4:    ptr.To("10.0.0.0/16"),
+						Description: ptr.To("ingress rule"),
+						FromPort:    aws.Int32(int32(8080)),
+						ToPort:      aws.Int32(int32(8443)),
+						GroupId:     ptr.To("efgh"),
+						IpProtocol:  ptr.To("tcp"),
+						IsEgress:    ptr.To(false),
+					},
+					{
+						ReferencedGroupInfo: &ec2types.ReferencedSecurityGroup{
+							GroupId: ptr.To("groupId"),
+						},
+						Description: ptr.To("ingress rule sg"),
+						FromPort:    aws.Int32(int32(8080)),
+						ToPort:      aws.Int32(int32(8443)),
+						GroupId:     ptr.To("efgh"),
+						IpProtocol:  ptr.To("tcp"),
+						IsEgress:    ptr.To(false),
+					},
+					{
+						PrefixListId: ptr.To("pl-12345676"),
+						Description:  ptr.To("ingress rule pl"),
+						FromPort:     aws.Int32(int32(8080)),
+						ToPort:       aws.Int32(int32(8443)),
+						GroupId:      ptr.To("efgh"),
+						IpProtocol:   ptr.To("tcp"),
+						IsEgress:     ptr.To(false),
+					},
 				},
 			},
 			out: v1beta1.SecurityGroupObservation{
 				OwnerID:         sgOwner,
 				SecurityGroupID: sgID,
 				EgressRules: []v1beta1.SecurityGroupRuleObservation{
 					{
-						CidrIpv4:   ptr.To("10.0.0.16/32"),
-						IpProtocol: ptr.To("tcp"),
+						CidrIpv4:    ptr.To("10.0.0.16/32"),
+						IpProtocol:  ptr.To("tcp"),
+						Description: ptr.To("egress rule"),
 					},
 				},
 				IngressRules: []v1beta1.SecurityGroupRuleObservation{
 					{
-						CidrIpv4:   ptr.To("10.0.100.16/16"),
-						IpProtocol: ptr.To("tcp"),
+						CidrIpv4:    ptr.To("10.0.100.16/16"),
+						IpProtocol:  ptr.To("tcp"),
+						Description: ptr.To("ingress rule"),
+					},
+					{
+						CidrIpv4:    ptr.To("10.0.0.0/16"),
+						IpProtocol:  ptr.To("tcp"),
+						Description: ptr.To("ingress rule"),
+						FromPort:    aws.Int32(int32(8080)),
+						ToPort:      aws.Int32(int32(8443)),
+					},
+					{
+						IpProtocol:  ptr.To("tcp"),
+						Description: ptr.To("ingress rule sg"),
+						FromPort:    aws.Int32(int32(8080)),
+						ToPort:      aws.Int32(int32(8443)),
+						ReferencedGroupInfo: &v1beta1.ReferencedSecurityGroup{
+							GroupId: ptr.To("groupId"),
+						},
+					},
+					{
+						PrefixListId: ptr.To("pl-12345676"),
+						IpProtocol:   ptr.To("tcp"),
+						Description:  ptr.To("ingress rule pl"),
+						FromPort:     aws.Int32(int32(8080)),
+						ToPort:       aws.Int32(int32(8443)),
 					},
 				},
 			},