add nlb annotation support

csauoss · csauoss · commit e528ab29c35b · 2024-11-02T21:25:10.000-07:00
Signed-off-by: Saurabh Choudhary &lt;csauoss@gmail.com&gt;
diff --git a/pkg/annotations/constants.go b/pkg/annotations/constants.go
@@ -61,6 +61,7 @@ const (
 	// NLB annotation suffixes
 	// prefixes service.beta.kubernetes.io, service.kubernetes.io
 	SvcLBSuffixSourceRanges                              = "load-balancer-source-ranges"
+	SvcLBSuffixShieldAdvancedProtection                  = "aws-load-balancer-nlb-shield-advanced-protection"
 	SvcLBSuffixLoadBalancerType                          = "aws-load-balancer-type"
 	SvcLBSuffixTargetType                                = "aws-load-balancer-nlb-target-type"
 	SvcLBSuffixLoadBalancerName                          = "aws-load-balancer-name"
diff --git a/pkg/service/model_build_load_balancer_addons.go b/pkg/service/model_build_load_balancer_addons.go
@@ -0,0 +1,41 @@
+package service
+
+import (
+	"context"
+
+	"github.com/pkg/errors"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/annotations"
+	shieldmodel "sigs.k8s.io/aws-load-balancer-controller/pkg/model/shield"
+)
+
+func (t *defaultModelBuildTask) buildLoadBalancerAddOns(ctx context.Context) error {
+	if _, err := t.buildShieldProtection(ctx); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (t *defaultModelBuildTask) buildShieldProtection(_ context.Context) (*shieldmodel.Protection, error) {
+	explicitEnableProtections := make(map[bool]struct{})
+	rawEnableProtection := false
+	exists, err := t.annotationParser.ParseBoolAnnotation(annotations.SvcLBSuffixShieldAdvancedProtection, &rawEnableProtection, t.service.Annotations)
+	if err != nil {
+		return nil, err
+	}
+	if exists {
+		explicitEnableProtections[rawEnableProtection] = struct{}{}
+	}
+	if len(explicitEnableProtections) == 0 {
+		return nil, nil
+	}
+	if len(explicitEnableProtections) > 1 {
+		return nil, errors.New("conflicting enable shield advanced protection")
+	}
+	if _, enableProtection := explicitEnableProtections[true]; enableProtection {
+		protection := shieldmodel.NewProtection(t.stack, resourceIDLoadBalancer, shieldmodel.ProtectionSpec{
+			ResourceARN: t.loadBalancer.LoadBalancerARN(),
+		})
+		return protection, nil
+	}
+	return nil, nil
+}
diff --git a/pkg/service/model_builder.go b/pkg/service/model_builder.go
@@ -249,6 +249,9 @@ func (t *defaultModelBuildTask) buildModel(ctx context.Context) error {
 	if err != nil {
 		return err
 	}
+	if err := t.buildLoadBalancerAddOns(ctx); err != nil {
+		return err
+	}
 	return nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -249,6 +249,9 @@ func (t *defaultModelBuildTask) buildModel(ctx context.Context) error {`
`249`	`249`	`if err != nil {`
`250`	`250`	`return err`
`251`	`251`	`}`
	`252`	`+ if err := t.buildLoadBalancerAddOns(ctx); err != nil {`
	`253`	`+ return err`
	`254`	`+ }`
`252`	`255`	`return nil`
`253`	`256`	`}`
`254`	`257`