diff --git a/.github/workflows/postsubmit.yaml b/.github/workflows/postsubmit.yaml new file mode 100644 index 00000000..db87c26c --- /dev/null +++ b/.github/workflows/postsubmit.yaml @@ -0,0 +1,10 @@ +name: Hydrate Go Proxy + +on: + push: + branches: + - main + +jobs: + call-hydrate-go-proxy: + uses: aws-controllers-k8s/.github/.github/workflows/reusable-postsubmit.yaml@main diff --git a/OWNERS b/OWNERS index 76d2e027..ceb3426c 100644 --- a/OWNERS +++ b/OWNERS @@ -1,6 +1,4 @@ # See the OWNERS docs at https://go.k8s.io/owners approvers: - - core-ack-team -reviewers: - - sagemaker-ack-team \ No newline at end of file + - core-ack-team \ No newline at end of file diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 90f1080e..53d9a0a2 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -14,9 +14,4 @@ aliases: # - mhausenblas # - RedbackThomson # - vijtrip2 - # - ivelichkovich - sagemaker-ack-team: - - surajkota - - ryansteakley - - ananth102 - - sirutBuasai \ No newline at end of file + # - ivelichkovich \ No newline at end of file diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml index a501ec43..34a83888 100755 --- a/apis/v1alpha1/ack-generate-metadata.yaml +++ b/apis/v1alpha1/ack-generate-metadata.yaml @@ -1,8 +1,8 @@ ack_generate_info: - build_date: "2025-11-12T22:32:38Z" - build_hash: c833f2d14f4fe8953663ff92f4661ae5fb01b8c8 + build_date: "2025-11-23T08:57:57Z" + build_hash: e922bb8587f26eeed72a531e5d92389b81e8b55b go_version: go1.25.4 - version: v0.53.1 + version: v0.54.0 api_directory_checksum: cdae97bbaa2ee28d0f130fa6ce3a7dfbf6393d1b api_version: v1alpha1 aws_sdk_go_version: v1.39.2 diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml index b715e519..d5f28684 100644 --- a/config/controller/kustomization.yaml +++ b/config/controller/kustomization.yaml @@ -6,4 +6,4 @@ kind: Kustomization images: - name: controller newName: public.ecr.aws/aws-controllers-k8s/sagemaker-controller - newTag: 1.5.1 + newTag: 1.5.2 diff --git a/go.mod b/go.mod index 129c3b4e..75489afe 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.24.0 toolchain go1.24.1 require ( - github.com/aws-controllers-k8s/runtime v0.53.1 + github.com/aws-controllers-k8s/runtime v0.54.1 github.com/aws/aws-sdk-go v1.55.6 github.com/aws/aws-sdk-go-v2 v1.39.2 github.com/aws/aws-sdk-go-v2/service/sagemaker v1.215.3 diff --git a/go.sum b/go.sum index 29335f01..c9e00213 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/aws-controllers-k8s/runtime v0.53.1 h1:l9MkR1KfZW8H8icT5rrRK3pdnVVA4io/eINVe5aspWs= -github.com/aws-controllers-k8s/runtime v0.53.1/go.mod h1:OkUJN+Ds799JLYZsMJrO2vDJ4snxUeHK2MgrQHbU+Qc= +github.com/aws-controllers-k8s/runtime v0.54.1 h1:0mbCJELz3t7jbG4abNecF0yeRd8YeFZQPr7nnzr8DC8= +github.com/aws-controllers-k8s/runtime v0.54.1/go.mod h1:OkUJN+Ds799JLYZsMJrO2vDJ4snxUeHK2MgrQHbU+Qc= github.com/aws/aws-sdk-go v1.55.6 h1:cSg4pvZ3m8dgYcgqB97MrcdjUmZ1BeMYKUxMMB89IPk= github.com/aws/aws-sdk-go v1.55.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aws/aws-sdk-go-v2 v1.39.2 h1:EJLg8IdbzgeD7xgvZ+I8M1e0fL0ptn/M47lianzth0I= diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 19a52790..9ceb190a 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: sagemaker-chart description: A Helm chart for the ACK service controller for Amazon SageMaker (SageMaker) -version: 1.5.1 -appVersion: 1.5.1 +version: 1.5.2 +appVersion: 1.5.2 home: https://github.com/aws-controllers-k8s/sagemaker-controller icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt index 422c13b7..6223e43e 100644 --- a/helm/templates/NOTES.txt +++ b/helm/templates/NOTES.txt @@ -1,5 +1,5 @@ {{ .Chart.Name }} has been installed. -This chart deploys "public.ecr.aws/aws-controllers-k8s/sagemaker-controller:1.5.1". +This chart deploys "public.ecr.aws/aws-controllers-k8s/sagemaker-controller:1.5.2". Check its status by running: kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/helm/values.yaml b/helm/values.yaml index de39884c..c621c323 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -4,7 +4,7 @@ image: repository: public.ecr.aws/aws-controllers-k8s/sagemaker-controller - tag: 1.5.1 + tag: 1.5.2 pullPolicy: IfNotPresent pullSecrets: [] @@ -120,8 +120,11 @@ watchSelectors: "" resourceTags: # Configures the ACK service controller to always set key/value pairs tags on # resources that it manages. + # Note: Tags with empty values are automatically skipped to keep resources clean. - services.k8s.aws/controller-version=%CONTROLLER_SERVICE%-%CONTROLLER_VERSION% - services.k8s.aws/namespace=%K8S_NAMESPACE% + - app.kubernetes.io/managed-by=%MANAGED_BY% + - kro.run/kro-version=%KRO_VERSION% # Set to "retain" to keep all AWS resources intact even after the K8s resources # have been deleted. By default, the ACK controller will delete the AWS resource diff --git a/pkg/resource/app/manager.go b/pkg/resource/app/manager.go index bbe8ebff..33845183 100644 --- a/pkg/resource/app/manager.go +++ b/pkg/resource/app/manager.go @@ -306,13 +306,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -320,7 +333,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/app/tags.go b/pkg/resource/app/tags.go index e04c4536..f19e7fac 100644 --- a/pkg/resource/app/tags.go +++ b/pkg/resource/app/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.App{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.App{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/data_quality_job_definition/manager.go b/pkg/resource/data_quality_job_definition/manager.go index ccb8f60d..346a5c6f 100644 --- a/pkg/resource/data_quality_job_definition/manager.go +++ b/pkg/resource/data_quality_job_definition/manager.go @@ -297,13 +297,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -311,7 +324,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/data_quality_job_definition/tags.go b/pkg/resource/data_quality_job_definition/tags.go index 9cbdcf5f..44baa42b 100644 --- a/pkg/resource/data_quality_job_definition/tags.go +++ b/pkg/resource/data_quality_job_definition/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.DataQualityJobDefinition{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.DataQualityJobDefinition{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/domain/manager.go b/pkg/resource/domain/manager.go index 1ed2389c..832063b2 100644 --- a/pkg/resource/domain/manager.go +++ b/pkg/resource/domain/manager.go @@ -336,13 +336,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -350,7 +363,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/domain/tags.go b/pkg/resource/domain/tags.go index 911cf254..d3cbf401 100644 --- a/pkg/resource/domain/tags.go +++ b/pkg/resource/domain/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.Domain{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.Domain{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/endpoint/manager.go b/pkg/resource/endpoint/manager.go index 7100f655..8e4b8827 100644 --- a/pkg/resource/endpoint/manager.go +++ b/pkg/resource/endpoint/manager.go @@ -297,13 +297,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -311,7 +324,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/endpoint/tags.go b/pkg/resource/endpoint/tags.go index 23b05dda..17d99098 100644 --- a/pkg/resource/endpoint/tags.go +++ b/pkg/resource/endpoint/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.Endpoint{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.Endpoint{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/endpoint_config/manager.go b/pkg/resource/endpoint_config/manager.go index 4214cba8..496f065a 100644 --- a/pkg/resource/endpoint_config/manager.go +++ b/pkg/resource/endpoint_config/manager.go @@ -306,13 +306,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -320,7 +333,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/endpoint_config/tags.go b/pkg/resource/endpoint_config/tags.go index ea8560ce..782274ec 100644 --- a/pkg/resource/endpoint_config/tags.go +++ b/pkg/resource/endpoint_config/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.EndpointConfig{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.EndpointConfig{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/feature_group/manager.go b/pkg/resource/feature_group/manager.go index a0500ec7..dfea86bb 100644 --- a/pkg/resource/feature_group/manager.go +++ b/pkg/resource/feature_group/manager.go @@ -324,13 +324,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -338,7 +351,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/feature_group/tags.go b/pkg/resource/feature_group/tags.go index de456ad5..6f0754fc 100644 --- a/pkg/resource/feature_group/tags.go +++ b/pkg/resource/feature_group/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.FeatureGroup{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.FeatureGroup{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/hyper_parameter_tuning_job/manager.go b/pkg/resource/hyper_parameter_tuning_job/manager.go index b0a59b18..88e34aa4 100644 --- a/pkg/resource/hyper_parameter_tuning_job/manager.go +++ b/pkg/resource/hyper_parameter_tuning_job/manager.go @@ -358,13 +358,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -372,7 +385,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/hyper_parameter_tuning_job/tags.go b/pkg/resource/hyper_parameter_tuning_job/tags.go index fc1d85a4..bc67bbf4 100644 --- a/pkg/resource/hyper_parameter_tuning_job/tags.go +++ b/pkg/resource/hyper_parameter_tuning_job/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.HyperParameterTuningJob{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.HyperParameterTuningJob{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/inference_component/manager.go b/pkg/resource/inference_component/manager.go index f2403cdd..75b714a4 100644 --- a/pkg/resource/inference_component/manager.go +++ b/pkg/resource/inference_component/manager.go @@ -297,13 +297,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -311,7 +324,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/inference_component/tags.go b/pkg/resource/inference_component/tags.go index d0d50974..d2ff3ce6 100644 --- a/pkg/resource/inference_component/tags.go +++ b/pkg/resource/inference_component/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.InferenceComponent{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.InferenceComponent{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/labeling_job/manager.go b/pkg/resource/labeling_job/manager.go index ef5b361a..1acb2bea 100644 --- a/pkg/resource/labeling_job/manager.go +++ b/pkg/resource/labeling_job/manager.go @@ -340,13 +340,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -354,7 +367,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/labeling_job/tags.go b/pkg/resource/labeling_job/tags.go index b537c95c..225fef76 100644 --- a/pkg/resource/labeling_job/tags.go +++ b/pkg/resource/labeling_job/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.LabelingJob{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.LabelingJob{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/model/manager.go b/pkg/resource/model/manager.go index d2091a2b..369f4da7 100644 --- a/pkg/resource/model/manager.go +++ b/pkg/resource/model/manager.go @@ -306,13 +306,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -320,7 +333,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/model/tags.go b/pkg/resource/model/tags.go index 8038b5b6..a49905db 100644 --- a/pkg/resource/model/tags.go +++ b/pkg/resource/model/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.Model{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.Model{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/model_bias_job_definition/manager.go b/pkg/resource/model_bias_job_definition/manager.go index 835a8792..21b4ae09 100644 --- a/pkg/resource/model_bias_job_definition/manager.go +++ b/pkg/resource/model_bias_job_definition/manager.go @@ -297,13 +297,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -311,7 +324,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/model_bias_job_definition/tags.go b/pkg/resource/model_bias_job_definition/tags.go index 864d6b86..0e008144 100644 --- a/pkg/resource/model_bias_job_definition/tags.go +++ b/pkg/resource/model_bias_job_definition/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.ModelBiasJobDefinition{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.ModelBiasJobDefinition{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/model_explainability_job_definition/manager.go b/pkg/resource/model_explainability_job_definition/manager.go index 978cec69..db529552 100644 --- a/pkg/resource/model_explainability_job_definition/manager.go +++ b/pkg/resource/model_explainability_job_definition/manager.go @@ -297,13 +297,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -311,7 +324,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/model_explainability_job_definition/tags.go b/pkg/resource/model_explainability_job_definition/tags.go index 3aa3282c..3297e9f4 100644 --- a/pkg/resource/model_explainability_job_definition/tags.go +++ b/pkg/resource/model_explainability_job_definition/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.ModelExplainabilityJobDefinition{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.ModelExplainabilityJobDefinition{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/model_package/manager.go b/pkg/resource/model_package/manager.go index 7fb89270..62eb278f 100644 --- a/pkg/resource/model_package/manager.go +++ b/pkg/resource/model_package/manager.go @@ -296,13 +296,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { } diff --git a/pkg/resource/model_package_group/manager.go b/pkg/resource/model_package_group/manager.go index 9c81c565..a1cc876f 100644 --- a/pkg/resource/model_package_group/manager.go +++ b/pkg/resource/model_package_group/manager.go @@ -297,13 +297,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -311,7 +324,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/model_package_group/tags.go b/pkg/resource/model_package_group/tags.go index b4d7b031..ccc93294 100644 --- a/pkg/resource/model_package_group/tags.go +++ b/pkg/resource/model_package_group/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.ModelPackageGroup{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.ModelPackageGroup{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/model_quality_job_definition/manager.go b/pkg/resource/model_quality_job_definition/manager.go index 6b766a1d..4ccbab54 100644 --- a/pkg/resource/model_quality_job_definition/manager.go +++ b/pkg/resource/model_quality_job_definition/manager.go @@ -297,13 +297,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -311,7 +324,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/model_quality_job_definition/tags.go b/pkg/resource/model_quality_job_definition/tags.go index 5d4f6c0c..b4382566 100644 --- a/pkg/resource/model_quality_job_definition/tags.go +++ b/pkg/resource/model_quality_job_definition/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.ModelQualityJobDefinition{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.ModelQualityJobDefinition{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/monitoring_schedule/manager.go b/pkg/resource/monitoring_schedule/manager.go index 2e3bb55e..dd7524c5 100644 --- a/pkg/resource/monitoring_schedule/manager.go +++ b/pkg/resource/monitoring_schedule/manager.go @@ -297,13 +297,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -311,7 +324,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/monitoring_schedule/tags.go b/pkg/resource/monitoring_schedule/tags.go index 04eca51b..ec483768 100644 --- a/pkg/resource/monitoring_schedule/tags.go +++ b/pkg/resource/monitoring_schedule/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.MonitoringSchedule{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.MonitoringSchedule{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/notebook_instance/manager.go b/pkg/resource/notebook_instance/manager.go index a8799374..1af9ba59 100644 --- a/pkg/resource/notebook_instance/manager.go +++ b/pkg/resource/notebook_instance/manager.go @@ -312,13 +312,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -326,7 +339,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/notebook_instance/tags.go b/pkg/resource/notebook_instance/tags.go index dd35ba45..22366d43 100644 --- a/pkg/resource/notebook_instance/tags.go +++ b/pkg/resource/notebook_instance/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.NotebookInstance{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.NotebookInstance{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/notebook_instance_lifecycle_config/manager.go b/pkg/resource/notebook_instance_lifecycle_config/manager.go index bd08bf98..e6250506 100644 --- a/pkg/resource/notebook_instance_lifecycle_config/manager.go +++ b/pkg/resource/notebook_instance_lifecycle_config/manager.go @@ -287,13 +287,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { } diff --git a/pkg/resource/pipeline/manager.go b/pkg/resource/pipeline/manager.go index 390ac587..1dc622cc 100644 --- a/pkg/resource/pipeline/manager.go +++ b/pkg/resource/pipeline/manager.go @@ -297,13 +297,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -311,7 +324,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/pipeline/tags.go b/pkg/resource/pipeline/tags.go index 491e12e3..bc11bc76 100644 --- a/pkg/resource/pipeline/tags.go +++ b/pkg/resource/pipeline/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.Pipeline{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.Pipeline{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/pipeline_execution/manager.go b/pkg/resource/pipeline_execution/manager.go index 8b8abe40..bf32369c 100644 --- a/pkg/resource/pipeline_execution/manager.go +++ b/pkg/resource/pipeline_execution/manager.go @@ -287,13 +287,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { } diff --git a/pkg/resource/processing_job/manager.go b/pkg/resource/processing_job/manager.go index 7f43c548..1912b432 100644 --- a/pkg/resource/processing_job/manager.go +++ b/pkg/resource/processing_job/manager.go @@ -297,13 +297,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -311,7 +324,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/processing_job/tags.go b/pkg/resource/processing_job/tags.go index e375d426..eebe09b6 100644 --- a/pkg/resource/processing_job/tags.go +++ b/pkg/resource/processing_job/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.ProcessingJob{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.ProcessingJob{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/space/manager.go b/pkg/resource/space/manager.go index 66cc1b29..fc221880 100644 --- a/pkg/resource/space/manager.go +++ b/pkg/resource/space/manager.go @@ -297,13 +297,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -311,7 +324,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/space/tags.go b/pkg/resource/space/tags.go index b7e43ee9..66e57e73 100644 --- a/pkg/resource/space/tags.go +++ b/pkg/resource/space/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.Space{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.Space{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/training_job/manager.go b/pkg/resource/training_job/manager.go index 31101f59..20d643dd 100644 --- a/pkg/resource/training_job/manager.go +++ b/pkg/resource/training_job/manager.go @@ -358,13 +358,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -372,7 +385,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/training_job/tags.go b/pkg/resource/training_job/tags.go index f4e741e1..e8a60041 100644 --- a/pkg/resource/training_job/tags.go +++ b/pkg/resource/training_job/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.TrainingJob{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.TrainingJob{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/transform_job/manager.go b/pkg/resource/transform_job/manager.go index 9e9b0430..bfe35605 100644 --- a/pkg/resource/transform_job/manager.go +++ b/pkg/resource/transform_job/manager.go @@ -320,13 +320,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -334,7 +347,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/transform_job/tags.go b/pkg/resource/transform_job/tags.go index 0b628e04..90cecdd9 100644 --- a/pkg/resource/transform_job/tags.go +++ b/pkg/resource/transform_job/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.TransformJob{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.TransformJob{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } } diff --git a/pkg/resource/user_profile/manager.go b/pkg/resource/user_profile/manager.go index 0e744839..2e6770e1 100644 --- a/pkg/resource/user_profile/manager.go +++ b/pkg/resource/user_profile/manager.go @@ -310,13 +310,26 @@ func (rm *resourceManager) EnsureTags( return nil } -// FilterAWSTags ignores tags that have keys that start with "aws:" -// is needed to ensure the controller does not attempt to remove -// tags set by AWS. This function needs to be called after each Read -// operation. -// Eg. resources created with cloudformation have tags that cannot be -// removed by an ACK controller -func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { +// FilterSystemTags removes system-managed tags from the resource's tag collection +// to prevent the controller from attempting to manage them. This includes: +// - Tags with keys starting with "aws:" (AWS-managed system tags) +// - Tags specified via the --resource-tags startup flag (controller-level tags) +// - Tags injected by AWS services (e.g., CloudFormation, EKS, etc.) +// +// This filtering is essential because: +// 1. AWS services automatically add system tags that cannot be modified by users +// 2. Attempting to remove these tags would result in API errors +// 3. The controller should only manage user-defined tags, not system tags +// +// Must be called after each Read operation to ensure the resource state +// reflects only manageable tags. This prevents unnecessary update attempts +// and maintains consistency between desired and actual resource state. +// +// Example system tags that are filtered: +// - aws:cloudformation:stack-name (CloudFormation) +// - aws:eks:cluster-name (EKS) +// - services.k8s.aws/* (Kubernetes-managed) +func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource, systemTags []string) { r := rm.concreteResource(res) if r == nil || r.ko == nil { return @@ -324,7 +337,7 @@ func (rm *resourceManager) FilterSystemTags(res acktypes.AWSResource) { var existingTags []*svcapitypes.Tag existingTags = r.ko.Spec.Tags resourceTags, tagKeyOrder := convertToOrderedACKTags(existingTags) - ignoreSystemTags(resourceTags) + ignoreSystemTags(resourceTags, systemTags) r.ko.Spec.Tags = fromACKTags(resourceTags, tagKeyOrder) } diff --git a/pkg/resource/user_profile/tags.go b/pkg/resource/user_profile/tags.go index a0ce276a..e58db1f0 100644 --- a/pkg/resource/user_profile/tags.go +++ b/pkg/resource/user_profile/tags.go @@ -25,9 +25,8 @@ import ( ) var ( - _ = svcapitypes.UserProfile{} - _ = acktags.NewTags() - ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} + _ = svcapitypes.UserProfile{} + _ = acktags.NewTags() ) // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. @@ -79,13 +78,14 @@ func fromACKTags(tags acktags.Tags, keyOrder []string) []*svcapitypes.Tag { } // ignoreSystemTags ignores tags that have keys that start with "aws:" -// and ACKSystemTags, to avoid patching them to the resourceSpec. +// and systemTags defined on startup via the --resource-tags flag, +// to avoid patching them to the resourceSpec. // Eg. resources created with cloudformation have tags that cannot be // removed by an ACK controller -func ignoreSystemTags(tags acktags.Tags) { +func ignoreSystemTags(tags acktags.Tags, systemTags []string) { for k := range tags { if strings.HasPrefix(k, "aws:") || - slices.Contains(ACKSystemTags, k) { + slices.Contains(systemTags, k) { delete(tags, k) } }