Skip to content

Commit 4ee5579

Browse files
authored
Subnets availability validation should use AZs resolved by EC2::DescribeSubnets call (#7816)
Subnets availability validation should use AZs resolved by EC2::DescribeSubnets call
1 parent 5e5419f commit 4ee5579

File tree

2 files changed

+34
-4
lines changed

2 files changed

+34
-4
lines changed

pkg/actions/nodegroup/create.go

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -410,6 +410,16 @@ func validateSecurityGroup(ctx context.Context, ec2API awsapi.EC2, securityGroup
410410
}
411411

412412
func validateSubnetsAvailability(spec *api.ClusterConfig) error {
413+
getAZs := func(subnetMapping api.AZSubnetMapping) map[string]struct{} {
414+
azs := make(map[string]struct{})
415+
for _, subnet := range subnetMapping {
416+
azs[subnet.AZ] = struct{}{}
417+
}
418+
return azs
419+
}
420+
privateAZs := getAZs(spec.VPC.Subnets.Private)
421+
publicAZs := getAZs(spec.VPC.Subnets.Public)
422+
413423
validateSubnetsAvailabilityForNg := func(np api.NodePool) error {
414424
ng := np.BaseNodeGroup()
415425
subnetTypeForPrivateNetworking := map[bool]string{
@@ -433,27 +443,29 @@ func validateSubnetsAvailability(spec *api.ClusterConfig) error {
433443
shouldCheckAcrossAllAZs := true
434444
for _, az := range ng.AvailabilityZones {
435445
shouldCheckAcrossAllAZs = false
436-
if _, ok := spec.VPC.Subnets.Private[az]; !ok && ng.PrivateNetworking {
446+
if _, ok := privateAZs[az]; !ok && ng.PrivateNetworking {
437447
return unavailableSubnetsErr(az)
438448
}
439-
if _, ok := spec.VPC.Subnets.Public[az]; !ok && !ng.PrivateNetworking {
449+
if _, ok := publicAZs[az]; !ok && !ng.PrivateNetworking {
440450
return unavailableSubnetsErr(az)
441451
}
442452
}
443453
if shouldCheckAcrossAllAZs {
444-
if ng.PrivateNetworking && len(spec.VPC.Subnets.Private) == 0 {
454+
if ng.PrivateNetworking && len(privateAZs) == 0 {
445455
return unavailableSubnetsErr(spec.VPC.ID)
446456
}
447-
if !ng.PrivateNetworking && len(spec.VPC.Subnets.Public) == 0 {
457+
if !ng.PrivateNetworking && len(publicAZs) == 0 {
448458
return unavailableSubnetsErr(spec.VPC.ID)
449459
}
450460
}
451461
return nil
452462
}
463+
453464
for _, np := range nodes.ToNodePools(spec) {
454465
if err := validateSubnetsAvailabilityForNg(np); err != nil {
455466
return err
456467
}
457468
}
469+
458470
return nil
459471
}

pkg/actions/nodegroup/create_test.go

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -269,6 +269,7 @@ var _ = DescribeTable("Create", func(t ngEntry) {
269269
},
270270
expectedErr: fmt.Errorf("all private subnets from vpc-1, that the cluster was originally created on, have been deleted; to create private nodegroups within vpc-1 please manually set valid private subnets via nodeGroup.SubnetIDs"),
271271
}),
272+
272273
Entry("fails when nodegroup uses privateNetworking:false and there's no public subnet within vpc", ngEntry{
273274
mockCalls: func(m mockCalls) {
274275
mockProviderWithVPCSubnets(m.mockProvider, &vpcSubnets{
@@ -277,6 +278,7 @@ var _ = DescribeTable("Create", func(t ngEntry) {
277278
},
278279
expectedErr: fmt.Errorf("all public subnets from vpc-1, that the cluster was originally created on, have been deleted; to create public nodegroups within vpc-1 please manually set valid public subnets via nodeGroup.SubnetIDs"),
279280
}),
281+
280282
Entry("fails when nodegroup uses privateNetworking:true and there's no private subnet within az", ngEntry{
281283
updateClusterConfig: func(c *api.ClusterConfig) {
282284
c.NodeGroups[0].PrivateNetworking = true
@@ -290,9 +292,25 @@ var _ = DescribeTable("Create", func(t ngEntry) {
290292
},
291293
expectedErr: fmt.Errorf("all private subnets from us-west-2b, that the cluster was originally created on, have been deleted; to create private nodegroups within us-west-2b please manually set valid private subnets via nodeGroup.SubnetIDs"),
292294
}),
295+
293296
Entry("fails when nodegroup uses privateNetworking:false and there's no private subnet within az", ngEntry{
294297
updateClusterConfig: func(c *api.ClusterConfig) {
295298
c.NodeGroups[0].AvailabilityZones = []string{"us-west-2a", "us-west-2b"}
299+
c.VPC.Subnets = &api.ClusterSubnets{
300+
Private: api.AZSubnetMapping{
301+
"private-1": api.AZSubnetSpec{
302+
ID: "subnet-private-1",
303+
},
304+
"private-2": api.AZSubnetSpec{
305+
ID: "subnet-private-2",
306+
},
307+
},
308+
Public: api.AZSubnetMapping{
309+
"public-1": api.AZSubnetSpec{
310+
ID: "subnet-public-2",
311+
},
312+
},
313+
}
296314
},
297315
mockCalls: func(m mockCalls) {
298316
mockProviderWithVPCSubnets(m.mockProvider, &vpcSubnets{

0 commit comments

Comments
 (0)