Merge pull request #1971 from MisterMX/fix/rds-dbinstance-cluster-vpc-sg

crossplane-contrib · Dec 13, 2023 · 2064940 · 2064940
2 parents ef95745 + 01a0c6f
commit 2064940
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 8 deletions.
diff --git a/apis/rds/generator-config.yaml b/apis/rds/generator-config.yaml
@@ -13,6 +13,11 @@ resources:
         from:
           operation: ModifyDBInstance
           path: AllowMajorVersionUpgrade
+      DBClusterIdentifier:
+        is_read_only: true
+        from:
+          operation: DescribeDBInstances
+          path: DBInstances.DBClusterIdentifier
   DBCluster:
     fields:
       AllowMajorVersionUpgrade:

diff --git a/apis/rds/v1alpha1/zz_db_instance.go b/apis/rds/v1alpha1/zz_db_instance.go
diff --git a/apis/rds/v1alpha1/zz_generated.deepcopy.go b/apis/rds/v1alpha1/zz_generated.deepcopy.go
diff --git a/package/crds/rds.aws.crossplane.io_dbinstances.yaml b/package/crds/rds.aws.crossplane.io_dbinstances.yaml
@@ -1665,6 +1665,11 @@ spec:
                       CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing)
                       in the Amazon Web Services Outposts User Guide."
                     type: boolean
+                  dbClusterIdentifier:
+                    description: If the DB instance is a member of a DB cluster, indicates
+                      the name of the DB cluster that the DB instance is a member
+                      of.
+                    type: string
                   dbInstanceARN:
                     description: The Amazon Resource Name (ARN) for the DB instance.
                     type: string

diff --git a/pkg/controller/rds/dbinstance/setup.go b/pkg/controller/rds/dbinstance/setup.go
@@ -147,12 +147,20 @@ func (e *custom) preCreate(ctx context.Context, cr *svcapitypes.DBInstance, obj
 
 	obj.MasterUserPassword = pointer.ToOrNilIfZeroValue(pw)
 	obj.DBInstanceIdentifier = pointer.ToOrNilIfZeroValue(meta.GetExternalName(cr))
-	if len(cr.Spec.ForProvider.VPCSecurityGroupIDs) > 0 {
-		obj.VpcSecurityGroupIds = make([]*string, len(cr.Spec.ForProvider.VPCSecurityGroupIDs))
-		for i, v := range cr.Spec.ForProvider.VPCSecurityGroupIDs {
-			obj.VpcSecurityGroupIds[i] = pointer.ToOrNilIfZeroValue(v)
+
+	// VpcSecurityGroupIds cannot be set on an instance that belongs to a DBCluster
+	// NOTE: Unlike in preUpdate we are using spec here because status is not yet available.
+	if cr.Spec.ForProvider.DBClusterIdentifier == nil {
+		if len(cr.Spec.ForProvider.VPCSecurityGroupIDs) > 0 {
+			obj.VpcSecurityGroupIds = make([]*string, len(cr.Spec.ForProvider.VPCSecurityGroupIDs))
+			for i, v := range cr.Spec.ForProvider.VPCSecurityGroupIDs {
+				obj.VpcSecurityGroupIds[i] = pointer.ToOrNilIfZeroValue(v)
+			}
 		}
+	} else {
+		obj.VpcSecurityGroupIds = nil
 	}
+
 	if len(cr.Spec.ForProvider.DBSecurityGroups) > 0 {
 		obj.DBSecurityGroups = make([]*string, len(cr.Spec.ForProvider.DBSecurityGroups))
 		for i, v := range cr.Spec.ForProvider.DBSecurityGroups {
@@ -233,11 +241,16 @@ func (e *custom) preUpdate(ctx context.Context, cr *svcapitypes.DBInstance, obj
 	}
 	obj.MasterUserPassword = pointer.ToOrNilIfZeroValue(desiredPassword)
 
-	if cr.Spec.ForProvider.VPCSecurityGroupIDs != nil {
-		obj.VpcSecurityGroupIds = make([]*string, len(cr.Spec.ForProvider.VPCSecurityGroupIDs))
-		for i, v := range cr.Spec.ForProvider.VPCSecurityGroupIDs {
-			obj.VpcSecurityGroupIds[i] = pointer.ToOrNilIfZeroValue(v)
+	// VpcSecurityGroupIds cannot be set on an instance that belongs to a DBCluster
+	if cr.Status.AtProvider.DBClusterIdentifier == nil {
+		if cr.Spec.ForProvider.VPCSecurityGroupIDs != nil {
+			obj.VpcSecurityGroupIds = make([]*string, len(cr.Spec.ForProvider.VPCSecurityGroupIDs))
+			for i, v := range cr.Spec.ForProvider.VPCSecurityGroupIDs {
+				obj.VpcSecurityGroupIds[i] = pointer.ToOrNilIfZeroValue(v)
+			}
 		}
+	} else {
+		obj.VpcSecurityGroupIds = nil
 	}
 
 	return nil
@@ -318,6 +331,8 @@ func (e *custom) postObserve(ctx context.Context, cr *svcapitypes.DBInstance, re
 		return obs, err
 	}
 
+	cr.Spec.ForProvider.DBClusterIdentifier = resp.DBInstances[0].DBClusterIdentifier
+
 	switch pointer.StringValue(resp.DBInstances[0].DBInstanceStatus) {
 	case "available", "configuring-enhanced-monitoring", "storage-optimization", "backing-up":
 		cr.SetConditions(xpv1.Available())
@@ -607,6 +622,11 @@ func compareTimeRanges(format string, expectedWindow *string, actualWindow *stri
 }
 
 func areVPCSecurityGroupIDsUpToDate(cr *svcapitypes.DBInstance, out *svcsdk.DBInstance) bool {
+	// VPCSecurityGroupIDs is ignored for instances that belong to a cluster.
+	if out.DBClusterIdentifier != nil {
+		return true
+	}
+
 	desiredIDs := cr.Spec.ForProvider.VPCSecurityGroupIDs
 
 	// if user is fine with default SG or lets DBCluster manage it