def build_desired_state_tgw_attachments(clusters, ocm_map: OCMMap, awsapi: AWSApi): """ Fetch state for TGW attachments between a cluster and all TGWs in an account in the same region as the cluster """ desired_state = [] error = False for cluster_info in clusters: cluster = cluster_info["name"] ocm = ocm_map.get(cluster) peering_info = cluster_info["peering"] peer_connections = peering_info["connections"] for peer_connection in peer_connections: # We only care about account-tgw peering providers peer_connection_provider = peer_connection["provider"] if not peer_connection_provider == "account-tgw": continue # accepter is the cluster's AWS account cluster_region = cluster_info["spec"]["region"] cluster_cidr_block = cluster_info["network"]["vpc"] accepter = { "cidr_block": cluster_cidr_block, "region": cluster_region } account = peer_connection["account"] # assume_role is the role to assume to provision the # peering connection request, through the accepter AWS account. provided_assume_role = peer_connection.get("assumeRole") # if an assume_role is provided, it means we don't need # to get the information from OCM. it likely means that # there is no OCM at all. if provided_assume_role: account["assume_role"] = provided_assume_role else: account[ "assume_role"] = ocm.get_aws_infrastructure_access_terraform_assume_role( cluster, account["uid"], account["terraformUsername"]) account["assume_region"] = accepter["region"] account["assume_cidr"] = accepter["cidr_block"] ( accepter_vpc_id, accepter_route_table_ids, accepter_subnets_id_az, ) = awsapi.get_cluster_vpc_details( account, route_tables=peer_connection.get("manageRoutes"), subnets=True, ) if accepter_vpc_id is None: logging.error(f"[{cluster} could not find VPC ID for cluster") error = True continue accepter["vpc_id"] = accepter_vpc_id accepter["route_table_ids"] = accepter_route_table_ids accepter["subnets_id_az"] = accepter_subnets_id_az accepter["account"] = account account_tgws = awsapi.get_tgws_details( account, cluster_region, cluster_cidr_block, tags=json.loads(peer_connection.get("tags") or "{}"), route_tables=peer_connection.get("manageRoutes"), security_groups=peer_connection.get("manageSecurityGroups"), ) for tgw in account_tgws: tgw_id = tgw["tgw_id"] connection_name = (f"{peer_connection['name']}_" + f"{account['name']}-{tgw_id}") requester = { "tgw_id": tgw_id, "tgw_arn": tgw["tgw_arn"], "region": tgw["region"], "routes": tgw.get("routes"), "rules": tgw.get("rules"), "cidr_block": peer_connection.get("cidrBlock"), "account": account, } item = { "connection_provider": peer_connection_provider, "connection_name": connection_name, "requester": requester, "accepter": accepter, "deleted": peer_connection.get("delete", False), } desired_state.append(item) return desired_state, error
def build_desired_state_tgw_attachments(clusters, ocm_map, settings): """ Fetch state for TGW attachments between a cluster and all TGWs in an account in the same region as the cluster """ desired_state = [] error = False for cluster_info in clusters: cluster = cluster_info['name'] ocm = ocm_map.get(cluster) peering_info = cluster_info['peering'] peer_connections = peering_info['connections'] for peer_connection in peer_connections: # We only care about account-tgw peering providers peer_connection_provider = peer_connection['provider'] if not peer_connection_provider == 'account-tgw': continue # accepter is the cluster's AWS account cluster_region = cluster_info['spec']['region'] cluster_cidr_block = cluster_info['network']['vpc'] accepter = { 'cidr_block': cluster_cidr_block, 'region': cluster_region } account = peer_connection['account'] # assume_role is the role to assume to provision the # peering connection request, through the accepter AWS account. account['assume_role'] = \ ocm.get_aws_infrastructure_access_terraform_assume_role( cluster, account['uid'], account['terraformUsername'] ) account['assume_region'] = accepter['region'] account['assume_cidr'] = accepter['cidr_block'] aws_api = AWSApi(1, [account], settings=settings) accepter_vpc_id, accepter_route_table_ids, \ accepter_subnets_id_az = \ aws_api.get_cluster_vpc_details( account, route_tables=peer_connection.get('manageRoutes'), subnets=True, ) if accepter_vpc_id is None: logging.error(f'[{cluster} could not find VPC ID for cluster') error = True continue accepter['vpc_id'] = accepter_vpc_id accepter['route_table_ids'] = accepter_route_table_ids accepter['subnets_id_az'] = accepter_subnets_id_az accepter['account'] = account account_tgws = \ aws_api.get_tgws_details( account, cluster_region, cluster_cidr_block, tags=json.loads(peer_connection.get('tags') or {}), route_tables=peer_connection.get('manageRoutes'), security_groups=peer_connection.get( 'manageSecurityGroups'), ) for tgw in account_tgws: tgw_id = tgw['tgw_id'] connection_name = \ f"{peer_connection['name']}_" + \ f"{account['name']}-{tgw_id}" requester = { 'tgw_id': tgw_id, 'tgw_arn': tgw['tgw_arn'], 'region': tgw['region'], 'routes': tgw.get('routes'), 'rules': tgw.get('rules'), 'cidr_block': peer_connection.get('cidrBlock'), 'account': account, } item = { 'connection_provider': peer_connection_provider, 'connection_name': connection_name, 'requester': requester, 'accepter': accepter, 'deleted': peer_connection.get('delete', False) } desired_state.append(item) return desired_state, error