Merge pull request #1461 from dudududi/feature/securitygrouprule-sour…

…ceSecurityGroup feat: Handle SourceSecurityGroup field from the spec
crossplane-contrib · Sep 1, 2022 · 1dd2552 · 1dd2552
2 parents c8c2946 + 4419d08
commit 1dd2552
Show file tree

Hide file tree

Showing 2 changed files with 311 additions and 14 deletions.
diff --git a/pkg/controller/ec2/securitygrouprule/controller.go b/pkg/controller/ec2/securitygrouprule/controller.go
@@ -155,6 +155,18 @@ func (e *external) createSgr(ctx context.Context, sgr *manualv1alpha1.SecurityGr
 				}},
 			}}
 		}
+		if providerValues.SourceSecurityGroupID != nil {
+			input.IpPermissions = []awsec2types.IpPermission{{
+				FromPort:   providerValues.FromPort,
+				ToPort:     providerValues.ToPort,
+				IpProtocol: providerValues.Protocol,
+				UserIdGroupPairs: []awsec2types.UserIdGroupPair{{
+					GroupId: providerValues.SourceSecurityGroupID,
+
+					Description: providerValues.Description,
+				}},
+			}}
+		}
 		result, err := e.client.AuthorizeSecurityGroupIngress(ctx, input)
 
 		if err != nil {
@@ -197,6 +209,18 @@ func (e *external) createSgr(ctx context.Context, sgr *manualv1alpha1.SecurityGr
 				}},
 			}}
 		}
+		if providerValues.SourceSecurityGroupID != nil {
+			input.IpPermissions = []awsec2types.IpPermission{{
+				FromPort:   providerValues.FromPort,
+				ToPort:     providerValues.ToPort,
+				IpProtocol: providerValues.Protocol,
+				UserIdGroupPairs: []awsec2types.UserIdGroupPair{{
+					GroupId: providerValues.SourceSecurityGroupID,
+
+					Description: providerValues.Description,
+				}},
+			}}
+		}
 		result, err := e.client.AuthorizeSecurityGroupEgress(ctx, input)
 
 		if err != nil {
@@ -304,6 +328,9 @@ func (e *external) Update(ctx context.Context, mgd resource.Managed) (managed.Ex
 		if cr.Spec.ForProvider.Ipv6CidrBlock != nil {
 			input.SecurityGroupRules[0].SecurityGroupRule.CidrIpv6 = cr.Spec.ForProvider.Ipv6CidrBlock
 		}
+		if cr.Spec.ForProvider.SourceSecurityGroupID != nil {
+			input.SecurityGroupRules[0].SecurityGroupRule.ReferencedGroupId = cr.Spec.ForProvider.SourceSecurityGroupID
+		}
 
 		_, err := e.client.ModifySecurityGroupRules(ctx, input)
 		if err != nil {
@@ -339,6 +366,10 @@ func compareSgr(desired *manualv1alpha1.SecurityGroupRuleParameters, actual *man
 		recreate = true
 	}
 
+	if awsclient.StringValue(desired.SourceSecurityGroupID) != awsclient.StringValue(actual.SourceSecurityGroupID) {
+		needsUpdate = true
+	}
+
 	if awsclient.StringValue(desired.Type) != awsclient.StringValue(actual.Type) {
 		needsUpdate = true
 		recreate = true
@@ -371,6 +402,9 @@ func (e *external) getExternalSgr(ctx context.Context, externalName string) (*ma
 		CidrBlock:     existingSgr.CidrIpv4,
 		Ipv6CidrBlock: existingSgr.CidrIpv6,
 	}
+	if existingSgr.ReferencedGroupInfo != nil {
+		cr.SourceSecurityGroupID = existingSgr.ReferencedGroupInfo.GroupId
+	}
 
 	return cr, nil
 }