SecurityGroups: recognize shared tag

2018-03-24 20:34:46 -04:00 · 2018-03-24 20:34:46 -04:00 · 32ec8d8253
parent d1fd74a30c
commit 32ec8d8253
2 changed files with 21 additions and 13 deletions
--- a/pkg/resources/aws/securitygroup.go
+++ b/pkg/resources/aws/securitygroup.go
@ -93,21 +93,22 @@ func DumpSecurityGroup(op *resources.DumpOperation, r *resources.Resource) error
 }

 func ListSecurityGroups(cloud fi.Cloud, clusterName string) ([]*resources.Resource, error) {
-	groups, err := DescribeSecurityGroups(cloud)
+	groups, err := DescribeSecurityGroups(cloud, clusterName)
 	if err != nil {
 		return nil, err
 	}

 	var resourceTrackers []*resources.Resource

-	for _, sg := range groups {
+	for id, sg := range groups {
 		resourceTracker := &resources.Resource{
 			Name:    FindName(sg.Tags),
-			ID:      aws.StringValue(sg.GroupId),
-			Type:    "security-group",
+			ID:      id,
+			Type:    ec2.ResourceTypeSecurityGroup,
 			Deleter: DeleteSecurityGroup,
 			Dumper:  DumpSecurityGroup,
 			Obj:     sg,
+			Shared:  !HasOwnedTag(ec2.ResourceTypeSecurityGroup+":"+id, sg.Tags, clusterName),
 		}

 		var blocks []string
@ -121,17 +122,24 @@ func ListSecurityGroups(cloud fi.Cloud, clusterName string) ([]*resources.Resour
 	return resourceTrackers, nil
 }

-func DescribeSecurityGroups(cloud fi.Cloud) ([]*ec2.SecurityGroup, error) {
+func DescribeSecurityGroups(cloud fi.Cloud, clusterName string) (map[string]*ec2.SecurityGroup, error) {
 	c := cloud.(awsup.AWSCloud)

+	groups := make(map[string]*ec2.SecurityGroup)
 	glog.V(2).Infof("Listing EC2 SecurityGroups")
-	request := &ec2.DescribeSecurityGroupsInput{
-		Filters: BuildEC2Filters(cloud),
-	}
-	response, err := c.EC2().DescribeSecurityGroups(request)
-	if err != nil {
-		return nil, fmt.Errorf("error listing SecurityGroups: %v", err)
+	for _, filters := range buildEC2FiltersForCluster(clusterName) {
+		request := &ec2.DescribeSecurityGroupsInput{
+			Filters: filters,
+		}
+		response, err := c.EC2().DescribeSecurityGroups(request)
+		if err != nil {
+			return nil, fmt.Errorf("error listing VPCs: %v", err)
+		}
+
+		for _, group := range response.SecurityGroups {
+			groups[aws.StringValue(group.GroupId)] = group
+		}
 	}

-	return response.SecurityGroups, nil
+	return groups, nil
 }
--- a/upup/pkg/kutil/convert_kubeup_cluster.go
+++ b/upup/pkg/kutil/convert_kubeup_cluster.go
@ -123,7 +123,7 @@ func (x *ConvertKubeupCluster) Upgrade() error {
 		return fmt.Errorf("error finding subnets: %v", err)
 	}

-	securityGroups, err := awsresources.DescribeSecurityGroups(x.Cloud)
+	securityGroups, err := awsresources.DescribeSecurityGroups(x.Cloud, x.OldClusterName)
 	if err != nil {
 		return fmt.Errorf("error finding security groups: %v", err)
 	}