def build_desired_state_tgw_attachments(clusters, ocm_map: OCMMap,
awsapi: AWSApi):
"""
Fetch state for TGW attachments between a cluster and all TGWs
in an account in the same region as the cluster
"""
desired_state = []
error = False
for cluster_info in clusters:
cluster = cluster_info["name"]
ocm = ocm_map.get(cluster)
peering_info = cluster_info["peering"]
peer_connections = peering_info["connections"]
for peer_connection in peer_connections:
# We only care about account-tgw peering providers
peer_connection_provider = peer_connection["provider"]
if not peer_connection_provider == "account-tgw":
continue
# accepter is the cluster's AWS account
cluster_region = cluster_info["spec"]["region"]
cluster_cidr_block = cluster_info["network"]["vpc"]
accepter = {
"cidr_block": cluster_cidr_block,
"region": cluster_region
}
account = peer_connection["account"]
# assume_role is the role to assume to provision the
# peering connection request, through the accepter AWS account.
provided_assume_role = peer_connection.get("assumeRole")
# if an assume_role is provided, it means we don't need
# to get the information from OCM. it likely means that
# there is no OCM at all.
if provided_assume_role:
account["assume_role"] = provided_assume_role
else:
account[
"assume_role"] = ocm.get_aws_infrastructure_access_terraform_assume_role(
cluster, account["uid"], account["terraformUsername"])
account["assume_region"] = accepter["region"]
account["assume_cidr"] = accepter["cidr_block"]
(
accepter_vpc_id,
accepter_route_table_ids,
accepter_subnets_id_az,
) = awsapi.get_cluster_vpc_details(
account,
route_tables=peer_connection.get("manageRoutes"),
subnets=True,
)
if accepter_vpc_id is None:
logging.error(f"[{cluster} could not find VPC ID for cluster")
error = True
continue
accepter["vpc_id"] = accepter_vpc_id
accepter["route_table_ids"] = accepter_route_table_ids
accepter["subnets_id_az"] = accepter_subnets_id_az
accepter["account"] = account
account_tgws = awsapi.get_tgws_details(
account,
cluster_region,
cluster_cidr_block,
tags=json.loads(peer_connection.get("tags") or "{}"),
route_tables=peer_connection.get("manageRoutes"),
security_groups=peer_connection.get("manageSecurityGroups"),
)
for tgw in account_tgws:
tgw_id = tgw["tgw_id"]
connection_name = (f"{peer_connection['name']}_" +
f"{account['name']}-{tgw_id}")
requester = {
"tgw_id": tgw_id,
"tgw_arn": tgw["tgw_arn"],
"region": tgw["region"],
"routes": tgw.get("routes"),
"rules": tgw.get("rules"),
"cidr_block": peer_connection.get("cidrBlock"),
"account": account,
}
item = {
"connection_provider": peer_connection_provider,
"connection_name": connection_name,
"requester": requester,
"accepter": accepter,
"deleted": peer_connection.get("delete", False),
}
desired_state.append(item)
return desired_state, error
def build_desired_state_tgw_attachments(clusters, ocm_map, settings):
"""
Fetch state for TGW attachments between a cluster and all TGWs
in an account in the same region as the cluster
"""
desired_state = []
error = False
for cluster_info in clusters:
cluster = cluster_info['name']
ocm = ocm_map.get(cluster)
peering_info = cluster_info['peering']
peer_connections = peering_info['connections']
for peer_connection in peer_connections:
# We only care about account-tgw peering providers
peer_connection_provider = peer_connection['provider']
if not peer_connection_provider == 'account-tgw':
continue
# accepter is the cluster's AWS account
cluster_region = cluster_info['spec']['region']
cluster_cidr_block = cluster_info['network']['vpc']
accepter = {
'cidr_block': cluster_cidr_block,
'region': cluster_region
}
account = peer_connection['account']
# assume_role is the role to assume to provision the
# peering connection request, through the accepter AWS account.
account['assume_role'] = \
ocm.get_aws_infrastructure_access_terraform_assume_role(
cluster,
account['uid'],
account['terraformUsername']
)
account['assume_region'] = accepter['region']
account['assume_cidr'] = accepter['cidr_block']
aws_api = AWSApi(1, [account], settings=settings)
accepter_vpc_id, accepter_route_table_ids, \
accepter_subnets_id_az = \
aws_api.get_cluster_vpc_details(
account,
route_tables=peer_connection.get('manageRoutes'),
subnets=True,
)
if accepter_vpc_id is None:
logging.error(f'[{cluster} could not find VPC ID for cluster')
error = True
continue
accepter['vpc_id'] = accepter_vpc_id
accepter['route_table_ids'] = accepter_route_table_ids
accepter['subnets_id_az'] = accepter_subnets_id_az
accepter['account'] = account
account_tgws = \
aws_api.get_tgws_details(
account,
cluster_region,
cluster_cidr_block,
tags=json.loads(peer_connection.get('tags') or {}),
route_tables=peer_connection.get('manageRoutes'),
security_groups=peer_connection.get(
'manageSecurityGroups'),
)
for tgw in account_tgws:
tgw_id = tgw['tgw_id']
connection_name = \
f"{peer_connection['name']}_" + \
f"{account['name']}-{tgw_id}"
requester = {
'tgw_id': tgw_id,
'tgw_arn': tgw['tgw_arn'],
'region': tgw['region'],
'routes': tgw.get('routes'),
'rules': tgw.get('rules'),
'cidr_block': peer_connection.get('cidrBlock'),
'account': account,
}
item = {
'connection_provider': peer_connection_provider,
'connection_name': connection_name,
'requester': requester,
'accepter': accepter,
'deleted': peer_connection.get('delete', False)
}
desired_state.append(item)
return desired_state, error