Fix Httproute deletion leaking Target Group issue (#276)

* ## Changes:

- Changed model_build_targetgroup and model_build_service, make sure target group deletion request `model` triggered by httproute deletion could pass to target_group_synthesizer correctly

- Changed HttpRoute deletion's vpclattice resource deletion order: Delete latticeService first then delete the targetGroup

* Add more unit test for target_group_manager

---------

Co-authored-by: Zijun Wang <zijunw@amazon.com>

Author: zijun726911

Makefile

@@ -2,7 +2,7 @@ export KUBEBUILDER_ASSETS ?= ${HOME}/.kubebuilder/bin
 export CLUSTER_NAME ?= $(shell kubectl config view --minify -o jsonpath='{.clusters[].name}' | rev | cut -d"/" -f1 | rev | cut -d"." -f1)
 export CLUSTER_VPC_ID ?= $(shell aws eks describe-cluster --name $(CLUSTER_NAME) | jq -r ".cluster.resourcesVpcConfig.vpcId")
 export AWS_ACCOUNT_ID ?= $(shell aws sts get-caller-identity --query Account --output text)
-
+export REGION ?= $(shell aws configure get region)
 # Image URL to use all building/pushing image targets
 IMG ?= controller:latest
 VERSION ?= $(shell git tag --sort=committerdate | tail -1)

pkg/deploy/lattice/target_group_manager.go

@@ -3,6 +3,7 @@ package lattice
 import (
 	"context"
 	"errors"
+	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/golang/glog"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -160,13 +161,19 @@ func (s *defaultTargetGroupManager) Delete(ctx context.Context, targetGroup *lat
 	}
 	glog.V(6).Infof("TG manager list, listReq %v\n", listTargetsInput)
 	listResp, err := vpcLatticeSess.ListTargetsAsList(ctx, &listTargetsInput)
-	glog.V(6).Infof("manager delete,  listResp %v, err: %v \n", listResp, err)
+	glog.V(6).Infof("TG manager delete,  listResp %v, err: %v \n", listResp, err)
 	if err != nil {
 		return err
 	}
 
 	var targets []*vpclattice.Target
 	for _, t := range listResp {
+		if t.Status != nil && *t.Status != vpclattice.TargetStatusUnused {
+			glog.V(6).Infof("TargetGroupManager: The targetGroup [%v] has non-Unused status target(s), which means this targetGroup is still in use by latticeService, it cannot be deleted now\n", targetGroup.Spec.LatticeID)
+			// Before call the defaultTargetGroupManager.Delete(), we always call the latticeServiceManager.Delete() first,
+			//  *t.Status != vpclattice.TargetStatusUnused means previous delete latticeService still in the progress, we could wait for 20 seconds and then retry
+			return errors.New(LATTICE_RETRY)
+		}
 		targets = append(targets, &vpclattice.Target{
 			Id:   t.Id,
 			Port: t.Port,
@@ -200,7 +207,17 @@ func (s *defaultTargetGroupManager) Delete(ctx context.Context, targetGroup *lat
 	}
 
 	delResp, err := vpcLatticeSess.DeleteTargetGroupWithContext(ctx, &deleteTGInput)
-
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case vpclattice.ErrCodeResourceNotFoundException:
+				err = nil
+				break
+			default:
+				glog.V(6).Infof("vpcLatticeSess.DeleteTargetGroupWithContext() return error %v \n", err)
+			}
+		}
+	}
 	glog.V(2).Infof("TGManager delTGInput >>>> %v delTGResp :%v, err %v \n", deleteTGInput, delResp, err)
 
 	return err

pkg/deploy/lattice/target_group_manager_test.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"github.com/aws/aws-application-networking-k8s/pkg/config"
 	"github.com/aws/aws-application-networking-k8s/pkg/model/core"
+	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/vpclattice"
 	"testing"
 
@@ -511,20 +512,24 @@ func Test_CreateTargetGroup_CreateTGFailed(t *testing.T) {
 	assert.Equal(t, resp.TargetGroupID, "")
 }
 
-// Case1: Deregister targets and delete target group work perfectly fine
+// Case1: Deregister unused status targets and delete target group work perfectly fine
 // Case2: Delete target group that no targets register on it
 // Case3: While deleting target group, deregister targets fails
 // Case4: While deleting target group, list targets fails
 // Case5: While deleting target group, deregister targets unsuccessfully
 // Case6: Delete target group fails
+// Case7: While deleting target group, that it has non-unused status targets, return LATTICE_RETRY
+// Case8: While deleting target group, the vpcLatticeSess.DeleteTargetGroupWithContext() return ResourceNotFoundException, delete target group success and return err nil
 
-// Case1: Deregister targets and delete target group work perfectly fine
+// Case1: Deregister unused status targets and delete target group work perfectly fine
 func Test_DeleteTG_DeRegisterTargets_DeleteTargetGroup(t *testing.T) {
 	sId := "123.456.7.890"
 	sPort := int64(80)
+	targetStatus := vpclattice.TargetStatusUnused
 	targetsList := &vpclattice.TargetSummary{
-		Id:   &sId,
-		Port: &sPort,
+		Id:     &sId,
+		Port:   &sPort,
+		Status: &targetStatus,
 	}
 	targetsSuccessful := &vpclattice.Target{
 		Id:   &sId,
@@ -774,6 +779,84 @@ func Test_DeleteTG_DeRegisterTargets_DeleteTargetGroupFailed(t *testing.T) {
 	assert.Equal(t, err, errors.New("DeleteTG_failed"))
 }
 
+// Case7: While deleting target group, it has non-unused status targets, return LATTICE_RETRY
+func Test_DeleteTG_TargetsNonUnused(t *testing.T) {
+	targetId := "123.456.7.890"
+	targetPort := int64(80)
+	targetStatus := vpclattice.TargetStatusHealthy
+	targets := &vpclattice.TargetSummary{
+		Id:     &targetId,
+		Port:   &targetPort,
+		Status: &targetStatus,
+	}
+	listTargetsOutput := []*vpclattice.TargetSummary{targets}
+
+	tgSpec := latticemodel.TargetGroupSpec{
+		Name:      "test",
+		Config:    latticemodel.TargetGroupConfig{},
+		Type:      "IP",
+		IsDeleted: false,
+		LatticeID: "123",
+	}
+	tgDeleteInput := latticemodel.TargetGroup{
+		ResourceMeta: core.ResourceMeta{},
+		Spec:         tgSpec,
+		Status:       nil,
+	}
+	c := gomock.NewController(t)
+	defer c.Finish()
+	ctx := context.TODO()
+	mockCloud := mocks_aws.NewMockCloud(c)
+	mockVpcLatticeSess := mocks.NewMockLattice(c)
+	mockVpcLatticeSess.EXPECT().ListTargetsAsList(ctx, gomock.Any()).Return(listTargetsOutput, nil)
+	mockCloud.EXPECT().Lattice().Return(mockVpcLatticeSess)
+	tgManager := NewTargetGroupManager(mockCloud)
+
+	err := tgManager.Delete(ctx, &tgDeleteInput)
+
+	assert.NotNil(t, err)
+	assert.Equal(t, err, errors.New(LATTICE_RETRY))
+}
+
+// Case8: While deleting target group, the vpcLatticeSess.DeleteTargetGroupWithContext() return ResourceNotFoundException, delete target group success and return err nil
+func Test_DeleteTG_vpcLatticeSessReturnResourceNotFound_DeleteTargetGroupSuccessAndErrIsNil(t *testing.T) {
+	sId := "123.456.7.890"
+	sPort := int64(80)
+	targets := &vpclattice.TargetSummary{
+		Id:   &sId,
+		Port: &sPort,
+	}
+	listTargetsOutput := []*vpclattice.TargetSummary{targets}
+	deRegisterTargetsOutput := &vpclattice.DeregisterTargetsOutput{}
+	deleteTargetGroupOutput := &vpclattice.DeleteTargetGroupOutput{}
+
+	tgSpec := latticemodel.TargetGroupSpec{
+		Name:      "test",
+		Config:    latticemodel.TargetGroupConfig{},
+		Type:      "IP",
+		IsDeleted: false,
+		LatticeID: "123",
+	}
+	tgDeleteInput := latticemodel.TargetGroup{
+		ResourceMeta: core.ResourceMeta{},
+		Spec:         tgSpec,
+	}
+	c := gomock.NewController(t)
+	defer c.Finish()
+	ctx := context.TODO()
+	mockCloud := mocks_aws.NewMockCloud(c)
+	mockVpcLatticeSess := mocks.NewMockLattice(c)
+	mockVpcLatticeSess.EXPECT().ListTargetsAsList(ctx, gomock.Any()).Return(listTargetsOutput, nil)
+	mockVpcLatticeSess.EXPECT().DeregisterTargetsWithContext(ctx, gomock.Any()).Return(deRegisterTargetsOutput, nil)
+	mockVpcLatticeSess.EXPECT().DeleteTargetGroupWithContext(ctx, gomock.Any()).Return(deleteTargetGroupOutput, awserr.New(vpclattice.ErrCodeResourceNotFoundException, "", nil))
+	mockCloud.EXPECT().Lattice().Return(mockVpcLatticeSess).AnyTimes()
+	tgManager := NewTargetGroupManager(mockCloud)
+
+	err := tgManager.Delete(ctx, &tgDeleteInput)
+
+	assert.Nil(t, err)
+}
+
 func Test_ListTG_TGsExist(t *testing.T) {
 	arn := "123456789"
 	id := "123456789"

pkg/deploy/lattice/target_group_synthesizer.go

@@ -359,3 +359,84 @@ func (t *targetGroupSynthesizer) PostSynthesize(ctx context.Context) error {
 	// nothing to do here
 	return nil
 }
+
+func (t *targetGroupSynthesizer) SynthesizeTriggeredTargetGroupsCreation(ctx context.Context) error {
+	var resTargetGroups []*latticemodel.TargetGroup
+	var returnErr = false
+	t.stack.ListResources(&resTargetGroups)
+	glog.V(6).Infof("SynthesizeTriggeredTargetGroupsCreation TargetGroups: [%v]\n", resTargetGroups)
+	for _, resTargetGroup := range resTargetGroups {
+		if resTargetGroup.Spec.IsDeleted {
+			glog.V(6).Infof("In the SynthesizeTriggeredTargetGroupsCreation(), we only handle TG Creation request and skip any deletion request [%v] \n", resTargetGroup)
+			continue
+		}
+		if resTargetGroup.Spec.Config.IsServiceImport {
+			tgStatus, err := t.targetGroupManager.Get(ctx, resTargetGroup)
+			if err != nil {
+				glog.V(6).Infof("Error on t.targetGroupManager.Get for %v err %v\n", resTargetGroup, err)
+				returnErr = true
+				continue
+			}
+			// for serviceimport, the httproutename is ""
+			t.latticeDataStore.AddTargetGroup(resTargetGroup.Spec.Name,
+				resTargetGroup.Spec.Config.VpcID, tgStatus.TargetGroupARN, tgStatus.TargetGroupID,
+				resTargetGroup.Spec.Config.IsServiceImport, "")
+			glog.V(6).Infof("targetGroup Synthesized successfully for %s: %v\n", resTargetGroup.Spec.Name, tgStatus)
+		} else { // handle TargetGroup creation request that triggered by httproute with backendref k8sService creation or serviceExport creation
+			resTargetGroup.Spec.Config.VpcID = config.VpcID
+			tgStatus, err := t.targetGroupManager.Create(ctx, resTargetGroup)
+			if err != nil {
+				glog.V(6).Infof("Error on t.targetGroupManager.Create for %v err %v\n", resTargetGroup, err)
+				returnErr = true
+				continue
+			}
+			//In the ModelBuildTask, it should already add a tg entry in the latticeDataStore,
+			//in here, only UPDATE the entry with tgStatus.TargetGroupARN and tgStatus.TargetGroupID
+			t.latticeDataStore.AddTargetGroup(resTargetGroup.Spec.Name,
+				resTargetGroup.Spec.Config.VpcID, tgStatus.TargetGroupARN,
+				tgStatus.TargetGroupID, resTargetGroup.Spec.Config.IsServiceImport,
+				resTargetGroup.Spec.Config.K8SHTTPRouteName)
+			glog.V(6).Infof("targetGroup Synthesized successfully for %v: %v\n", resTargetGroup.Spec, tgStatus)
+		}
+	}
+	glog.V(6).Infof("Done -- SynthesizeTriggeredTargetGroupsCreation %v\n", resTargetGroups)
+	if returnErr {
+		return errors.New(LATTICE_RETRY)
+	} else {
+		return nil
+	}
+
+}
+
+func (t *targetGroupSynthesizer) SynthesizeTriggeredTargetGroupsDeletion(ctx context.Context) error {
+	var resTargetGroups []*latticemodel.TargetGroup
+	var returnErr = false
+	t.stack.ListResources(&resTargetGroups)
+	glog.V(2).Infof("SynthesizeTriggeredTargetGroupsDeletion: TargetGroups ==[%v]\n", resTargetGroups)
+	for _, resTargetGroup := range resTargetGroups {
+		if !resTargetGroup.Spec.IsDeleted {
+			glog.V(6).Infof("SynthesizeTriggeredTargetGroupsDeletion should ignore target group creation request for tg: [%v]\n", resTargetGroup)
+			continue
+		}
+		if resTargetGroup.Spec.Config.IsServiceImport {
+			// For delete TargetGroup request triggered by service import, we just delete the tg in the datastore
+			t.latticeDataStore.DelTargetGroup(resTargetGroup.Spec.Name, resTargetGroup.Spec.Config.K8SHTTPRouteName, resTargetGroup.Spec.Config.IsServiceImport)
+		} else {
+			// For delete TargetGroup request triggered by k8s service, invoke vpc lattice api to delete it, if success, delete the tg in the datastore as well
+			err := t.targetGroupManager.Delete(ctx, resTargetGroup)
+			glog.V(6).Infof("err := t.targetGroupManager.Delete(ctx, resTargetGroup) err: %v\n", err)
+			if err == nil {
+				glog.V(6).Infof("Delete Target Group in SynthesizeTriggeredTargetGroupsDeletion: successfully deleted target group %v\n", resTargetGroup)
+				t.latticeDataStore.DelTargetGroup(resTargetGroup.Spec.Name, resTargetGroup.Spec.Config.K8SHTTPRouteName, resTargetGroup.Spec.Config.IsServiceImport)
+			} else {
+				glog.V(6).Infof("Delete Target Group in SynthesizeTriggeredTargetGroupsDeletion: failed to delete target group %v, err %v \n", resTargetGroup, err)
+				returnErr = true
+			}
+		}
+	}
+	if returnErr {
+		return errors.New(LATTICE_RETRY)
+	} else {
+		return nil
+	}
+}