Fix bugs when launching in new AWS accounts (#76)

* Fix bugs when launching in new AWS accounts * Refactor AWS RAM logic for improved readability * Remove redundant code in TGW check
uc-cdis · Feb 7, 2024 · ccc7680 · ccc7680
1 parent b9ac428
commit ccc7680
Show file tree

Hide file tree

Showing 5 changed files with 64 additions and 24 deletions.
diff --git a/go.mod b/go.mod
@@ -5,6 +5,7 @@ go 1.17
 require (
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/aws/aws-sdk-go v1.45.16
+	github.com/stretchr/testify v1.7.0
 	gopkg.in/DataDog/dd-trace-go.v1 v1.33.0
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.22.3
@@ -37,11 +38,13 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/philhofer/fwd v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.11.0 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.26.0 // indirect
 	github.com/prometheus/procfs v0.6.0 // indirect
 	github.com/sirupsen/logrus v1.8.1 // indirect
+	github.com/stretchr/objx v0.1.1 // indirect
 	github.com/tinylib/msgp v1.1.6 // indirect
 	golang.org/x/net v0.2.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect

diff --git a/go.sum b/go.sum
@@ -69,7 +69,6 @@ github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hC
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/aws/aws-sdk-go v1.43.28 h1:HrBUf2pYEMRB3GDkSa/bZ2lkZIe8gSUOz/IEupG1Te0=
 github.com/aws/aws-sdk-go v1.43.28/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go v1.45.16 h1:spca2z7UJgoQ5V2fX6XiHDCj2E65kOJAfbUPozSkE24=
 github.com/aws/aws-sdk-go v1.45.16/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
@@ -518,10 +517,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
@@ -596,20 +593,16 @@ golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
@@ -620,7 +613,6 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=

diff --git a/hatchery/cloudwatch.go b/hatchery/cloudwatch.go
@@ -7,7 +7,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
 )
 
-//Create CloudWatch LogGroup for hatchery containers
+// Create CloudWatch LogGroup for hatchery containers
 func (sess *CREDS) CreateLogGroup(LogGroupName string, creds *credentials.Credentials) (string, error) {
 	c := cloudwatchlogs.New(session.Must(session.NewSession(&aws.Config{
 		Credentials: creds,
@@ -24,6 +24,7 @@ func (sess *CREDS) CreateLogGroup(LogGroupName string, creds *credentials.Creden
 		return "", err
 	}
 	if len(logGroup.LogGroups) == 0 {
+		Config.Logger.Printf("Creating LogGroup: %s", LogGroupName)
 		createLogGroupIn := &cloudwatchlogs.CreateLogGroupInput{
 			LogGroupName: aws.String(LogGroupName),
 		}
@@ -32,7 +33,9 @@ func (sess *CREDS) CreateLogGroup(LogGroupName string, creds *credentials.Creden
 			Config.Logger.Printf("Error in  CreateLogGroup: %s, %s", err, newLogGroup)
 			return "", err
 		}
-		return newLogGroup.String(), nil
+		return LogGroupName, nil
+	} else {
+		Config.Logger.Printf("LogGroup already exists: %s", LogGroupName)
 	}
 	return *logGroup.LogGroups[0].LogGroupName, nil
 }
diff --git a/hatchery/ram.go b/hatchery/ram.go
@@ -4,21 +4,40 @@ import (
 	"fmt"
 	"os"
 	"strings"
+	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/ram"
 )
 
 func acceptTransitGatewayShare(pm *PayModel, userName string, sess *session.Session, ramArn *string) error {
-	roleARN := "arn:aws:iam::" + pm.AWSAccountId + ":role/csoc_adminvm"
-	svc := NewSVC(sess, roleARN)
-	err := svc.acceptTGWShare(ramArn)
+	ramSvc := ram.New(sess)
+	// Check if the resource share is already accepted.
+	// If not, accept the resource share
+	ramName := strings.ReplaceAll(os.Getenv("GEN3_ENDPOINT"), ".", "-") + "-ram"
+	exResourceShares, err := ramSvc.GetResourceShares(&ram.GetResourceSharesInput{
+		Name:          aws.String(ramName),
+		ResourceOwner: aws.String("OTHER-ACCOUNTS"),
+	})
 	if err != nil {
 		// Log error
 		Config.Logger.Printf(err.Error())
 		return err
 	}
+	if len(exResourceShares.ResourceShares) == 0 {
+		roleARN := "arn:aws:iam::" + pm.AWSAccountId + ":role/csoc_adminvm"
+		svc := NewSVC(sess, roleARN)
+		err := svc.acceptTGWShare(ramArn)
+		if err != nil {
+			// Log error
+			Config.Logger.Printf(err.Error())
+			return err
+		}
+	} else {
+		// Log that resource share is already accepted
+		Config.Logger.Printf("Resource share already accepted")
+	}
 	return nil
 }
 
@@ -41,9 +60,16 @@ func (creds *CREDS) acceptTGWShare(ramArn *string) error {
 		return err
 	}
 
+	// Check if we have an invitation to accept
 	if len(resourceShareInvitation.ResourceShareInvitations) == 0 {
-		// Log that there are no invitations
-		Config.Logger.Printf("No invitations found something fishy is going on")
+		// No invitation found, possible that we have to wait a bit for the invitation to show up.
+		Config.Logger.Printf("No resource share invitation found, waiting 10 seconds")
+		time.Sleep(10 * time.Second)
+
+		err := creds.acceptTGWShare(ramArn)
+		if err != nil {
+			return err
+		}
 		return nil
 	} else {
 		if *resourceShareInvitation.ResourceShareInvitations[0].Status != "ACCEPTED" {
@@ -126,6 +152,7 @@ func shareTransitGateway(session *session.Session, tgwArn string, accountid stri
 			return nil, fmt.Errorf("failed to ListPrincipals: %s", err)
 		}
 		if len(listPrincipals.Principals) == 0 || len(listResources.Resources) == 0 {
+			Config.Logger.Printf("TransitGateway is not shared with AWS account %s, associating resource share with account", accountid)
 			associateResourceShareInput := &ram.AssociateResourceShareInput{
 				Principals:       []*string{aws.String(accountid)},
 				ResourceArns:     []*string{&tgwArn},

diff --git a/hatchery/transitgateway.go b/hatchery/transitgateway.go
@@ -240,23 +240,38 @@ func createTransitGatewayAttachments(svc *ec2.EC2, vpcid string, tgwid string, l
 			},
 		},
 	}
-	exTg, err := svc.DescribeTransitGateways(tgInput)
-	if err != nil {
+	var exTg *ec2.DescribeTransitGatewaysOutput
+	var err error
+	maxRetries := 10
+	retryInterval := 10 * time.Second
+
+	for i := 0; i < maxRetries; i++ {
+		exTg, err = svc.DescribeTransitGateways(tgInput)
+		if err == nil {
+			// Successfully described the Transit Gateway
+			break
+		}
+
 		if aerr, ok := err.(awserr.Error); ok {
 			switch aerr.Code() {
 			case "InvalidTransitGatewayID.NotFound":
-				// Sleep for 10 seconds before trying again..
-				time.Sleep(10 * time.Second)
-				_, err = svc.DescribeTransitGateways(tgInput)
-				if err != nil {
-					return nil, fmt.Errorf("cannot DescribeTransitGateways again: %s", err.Error())
-				}
+				// Sleep for the retry interval before trying again
+				Config.Logger.Printf("TransitGateway not found, retrying in %s", retryInterval.String())
+				time.Sleep(retryInterval)
 			default:
 				return nil, fmt.Errorf("cannot DescribeTransitGateways: %s", err.Error())
 			}
+		} else {
+			// Some other error occurred, return it immediately
+			return nil, fmt.Errorf("cannot DescribeTransitGateways: %s", err.Error())
+		}
+
+		// If we've reached the maximum number of retries, return an error
+		if i == maxRetries-1 {
+			return nil, fmt.Errorf("maximum number of retries reached")
 		}
-		return nil, err
 	}
+
 	for *exTg.TransitGateways[0].State != "available" {
 		Config.Logger.Printf("TransitGateway is in state: %s ...  Waiting for 10 seconds", *exTg.TransitGateways[0].State)
 		// sleep for 10 sec