def build_desired_state_vpc_mesh(clusters, ocm_map, settings): """ Fetch state for VPC peerings between a cluster and all VPCs in an account """ desired_state = [] error = False for cluster_info in clusters: cluster = cluster_info['name'] ocm = ocm_map.get(cluster) peering_info = cluster_info['peering'] peer_connections = peering_info['connections'] for peer_connection in peer_connections: # We only care about account-vpc-mesh peering providers peer_connection_provider = peer_connection['provider'] if not peer_connection_provider == 'account-vpc-mesh': continue # requester is the cluster's AWS account requester = { 'cidr_block': cluster_info['network']['vpc'], 'region': cluster_info['spec']['region'] } account = peer_connection['account'] # assume_role is the role to assume to provision the # peering connection request, through the accepter AWS account. account['assume_role'] = \ ocm.get_aws_infrastructure_access_terraform_assume_role( cluster, account['uid'], account['terraformUsername'] ) account['assume_region'] = requester['region'] account['assume_cidr'] = requester['cidr_block'] aws_api = AWSApi(1, [account], settings=settings) requester_vpc_id, requester_route_table_ids, _ = \ aws_api.get_cluster_vpc_details( account, route_tables=peer_connection.get('manageRoutes') ) if requester_vpc_id is None: logging.error(f'[{cluster} could not find VPC ID for cluster') error = True continue requester['vpc_id'] = requester_vpc_id requester['route_table_ids'] = requester_route_table_ids requester['account'] = account account_vpcs = \ aws_api.get_vpcs_details( account, tags=json.loads(peer_connection.get('tags') or {}), route_tables=peer_connection.get('manageRoutes'), ) for vpc in account_vpcs: vpc_id = vpc['vpc_id'] connection_name = \ f"{peer_connection['name']}_" + \ f"{account['name']}-{vpc_id}" accepter = { 'vpc_id': vpc_id, 'region': vpc['region'], 'cidr_block': vpc['cidr_block'], 'route_table_ids': vpc['route_table_ids'], 'account': account, } item = { 'connection_provider': peer_connection_provider, 'connection_name': connection_name, 'requester': requester, 'accepter': accepter, 'deleted': peer_connection.get('delete', False) } desired_state.append(item) return desired_state, error
def build_desired_state_vpc_mesh_single_cluster(cluster_info, ocm: OCM, awsapi: AWSApi): desired_state = [] cluster = cluster_info['name'] peering_info = cluster_info['peering'] peer_connections = peering_info['connections'] for peer_connection in peer_connections: # We only care about account-vpc-mesh peering providers peer_connection_provider = peer_connection['provider'] if not peer_connection_provider == 'account-vpc-mesh': continue # requester is the cluster's AWS account requester = { 'cidr_block': cluster_info['network']['vpc'], 'region': cluster_info['spec']['region'] } account = peer_connection['account'] # assume_role is the role to assume to provision the peering # connection request, through the accepter AWS account. account['assume_role'] = \ ocm.get_aws_infrastructure_access_terraform_assume_role( cluster, account['uid'], account['terraformUsername'] ) account['assume_region'] = requester['region'] account['assume_cidr'] = requester['cidr_block'] requester_vpc_id, requester_route_table_ids, _ = \ awsapi.get_cluster_vpc_details( account, route_tables=peer_connection.get('manageRoutes') ) if requester_vpc_id is None: raise BadTerraformPeeringState( f'{cluster} could not find VPC ID for cluster and ' f'peer account {account}' ) requester['vpc_id'] = requester_vpc_id requester['route_table_ids'] = requester_route_table_ids requester['account'] = account account_vpcs = \ awsapi.get_vpcs_details( account, tags=json.loads(peer_connection.get('tags') or '{}'), route_tables=peer_connection.get('manageRoutes'), ) for vpc in account_vpcs: vpc_id = vpc['vpc_id'] connection_name = \ f"{peer_connection['name']}_" + \ f"{account['name']}-{vpc_id}" accepter = { 'vpc_id': vpc_id, 'region': vpc['region'], 'cidr_block': vpc['cidr_block'], 'route_table_ids': vpc['route_table_ids'], 'account': account, } item = { 'connection_provider': peer_connection_provider, 'connection_name': connection_name, 'requester': requester, 'accepter': accepter, 'deleted': peer_connection.get('delete', False) } desired_state.append(item) return desired_state