Add a flag to enable/disable support for vpc peering

Signed-off-by: Anand Kumar <[email protected]>

pkg/cloudprovider/plugins/aws/aws_ec2.go

@@ -237,9 +237,13 @@ func (ec2Cfg *ec2ServiceConfig) DoResourceInventory() error {
 	awsPluginLogger().V(1).Info("Vpcs from cloud", "account", ec2Cfg.accountNamespacedName,
 		"vpcs", len(vpcs))
 	vpcNameToId := ec2Cfg.buildMapVpcNameToId(vpcs)
-	vpcPeers, _ := ec2Cfg.buildMapVpcPeers()
-	allInstances := make(map[types.NamespacedName][]*ec2.Instance)
 
+	var vpcPeers map[string][]string
+	if internal.VpcPeeringEnabled {
+		vpcPeers, _ = ec2Cfg.buildMapVpcPeers()
+	}
+
+	allInstances := make(map[types.NamespacedName][]*ec2.Instance)
 	// Call cloud APIs for the configured CloudEntitySelectors CRs.
 	if len(ec2Cfg.selectors) == 0 {
 		awsPluginLogger().V(1).Info("Fetching vm resources from cloud skipped",

pkg/cloudprovider/plugins/aws/aws_security_impl.go

@@ -68,8 +68,10 @@ func (c *awsCloud) UpdateSecurityGroupRules(appliedToGroupIdentifier *cloudresou
 	// make sure all required security groups pre-exist
 	ec2Service := accCfg.GetServiceConfig().(*ec2ServiceConfig)
 	vpcIDs := []string{vpcID}
-	vpcPeerIDs := ec2Service.getVpcPeers(vpcID)
-	vpcIDs = append(vpcIDs, vpcPeerIDs...)
+	if internal.VpcPeeringEnabled {
+		vpcPeerIDs := ec2Service.getVpcPeers(vpcID)
+		vpcIDs = append(vpcIDs, vpcPeerIDs...)
+	}
 	cloudSGNameToCloudSGObj, err := ec2Service.getCloudSecurityGroupsWithNameFromCloud(vpcIDs, cloudSgNames)
 	if err != nil {
 		return err

pkg/cloudprovider/plugins/aws/aws_security_test.go

@@ -34,6 +34,7 @@ import (
 	crdv1alpha1 "antrea.io/nephe/apis/crd/v1alpha1"
 	runtimev1alpha1 "antrea.io/nephe/apis/runtime/v1alpha1"
 	"antrea.io/nephe/pkg/cloudprovider/cloudresource"
+	"antrea.io/nephe/pkg/cloudprovider/plugins/internal"
 	"antrea.io/nephe/pkg/cloudprovider/utils"
 	"antrea.io/nephe/pkg/config"
 )
@@ -120,8 +121,9 @@ var _ = Describe("AWS Cloud Security", func() {
 		mockawsEC2.EXPECT().pagedDescribeInstancesWrapper(gomock.Any()).Return(getEc2InstanceObject(instanceIds), nil).AnyTimes()
 		mockawsEC2.EXPECT().pagedDescribeNetworkInterfaces(gomock.Any()).Return([]*ec2.NetworkInterface{}, nil).AnyTimes()
 		mockawsEC2.EXPECT().describeVpcsWrapper(gomock.Any()).Return(&ec2.DescribeVpcsOutput{}, nil).AnyTimes()
-		mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{}, nil).AnyTimes()
-
+		if internal.VpcPeeringEnabled {
+			mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{}, nil).AnyTimes()
+		}
 		fakeClient := fake.NewClientBuilder().Build()
 		_ = fakeClient.Create(context.Background(), secret)
 		cloudInterface = newAWSCloud(mockawsCloudHelper)

pkg/cloudprovider/plugins/aws/aws_test.go

@@ -35,6 +35,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 
 	"antrea.io/nephe/apis/crd/v1alpha1"
+	"antrea.io/nephe/pkg/cloudprovider/plugins/internal"
 )
 
 var (
@@ -145,8 +146,10 @@ var _ = Describe("AWS cloud", func() {
 				mockawsEC2.EXPECT().pagedDescribeInstancesWrapper(gomock.Any()).Return(getEc2InstanceObject(instanceIds), nil).AnyTimes()
 				mockawsEC2.EXPECT().pagedDescribeNetworkInterfaces(gomock.Any()).Return([]*ec2.NetworkInterface{}, nil).Times(0)
 				mockawsEC2.EXPECT().describeVpcsWrapper(gomock.Any()).Return(createVpcObject(vpcIDs), nil).AnyTimes()
-				mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{},
-					nil).AnyTimes()
+				if internal.VpcPeeringEnabled {
+					mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{},
+						nil).AnyTimes()
+				}
 
 				_ = fakeClient.Create(context.Background(), secret)
 				c := newAWSCloud(mockawsCloudHelper)
@@ -180,8 +183,10 @@ var _ = Describe("AWS cloud", func() {
 				mockawsEC2.EXPECT().pagedDescribeInstancesWrapper(gomock.Any()).Return(getEc2InstanceObject(instanceIds), nil).AnyTimes()
 				mockawsEC2.EXPECT().pagedDescribeNetworkInterfaces(gomock.Any()).Return([]*ec2.NetworkInterface{}, nil).Times(0)
 				mockawsEC2.EXPECT().describeVpcsWrapper(gomock.Any()).Return(createVpcObject(vpcIDs), nil).AnyTimes()
-				mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{},
-					nil).AnyTimes()
+				if internal.VpcPeeringEnabled {
+					mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{},
+						nil).AnyTimes()
+				}
 
 				_ = fakeClient.Create(context.Background(), secret)
 				c := newAWSCloud(mockawsCloudHelper)
@@ -216,8 +221,10 @@ var _ = Describe("AWS cloud", func() {
 				mockawsEC2.EXPECT().pagedDescribeInstancesWrapper(gomock.Any()).Return(getEc2InstanceObject(instanceIds), nil).AnyTimes()
 				mockawsEC2.EXPECT().pagedDescribeNetworkInterfaces(gomock.Any()).Return([]*ec2.NetworkInterface{}, nil).Times(0)
 				mockawsEC2.EXPECT().describeVpcsWrapper(gomock.Any()).Return(createVpcObject(vpcIDs), nil).AnyTimes()
-				mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{},
-					nil).AnyTimes()
+				if internal.VpcPeeringEnabled {
+					mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{},
+						nil).AnyTimes()
+				}
 
 				_ = fakeClient.Create(context.Background(), secret)
 				c := newAWSCloud(mockawsCloudHelper)
@@ -237,7 +244,9 @@ var _ = Describe("AWS cloud", func() {
 				mockawsEC2.EXPECT().pagedDescribeInstancesWrapper(gomock.Any()).Return(getEc2InstanceObject(instanceIds), nil).Times(0)
 				mockawsEC2.EXPECT().pagedDescribeNetworkInterfaces(gomock.Any()).Return([]*ec2.NetworkInterface{}, nil).Times(0)
 				mockawsEC2.EXPECT().describeVpcsWrapper(gomock.Any()).Return(&ec2.DescribeVpcsOutput{}, nil).Times(0)
-				mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{}, nil).Times(0)
+				if internal.VpcPeeringEnabled {
+					mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{}, nil).Times(0)
+				}
 			})
 			It("Should discover instances when selector is in different namespace from account", func() {
 				instanceIds := []string{"i-01", "i-02"}
@@ -274,8 +283,10 @@ var _ = Describe("AWS cloud", func() {
 				mockawsEC2.EXPECT().pagedDescribeInstancesWrapper(gomock.Any()).Return(getEc2InstanceObject(instanceIds), nil).AnyTimes()
 				mockawsEC2.EXPECT().pagedDescribeNetworkInterfaces(gomock.Any()).Return([]*ec2.NetworkInterface{}, nil).AnyTimes()
 				mockawsEC2.EXPECT().describeVpcsWrapper(gomock.Any()).Return(&ec2.DescribeVpcsOutput{}, nil).AnyTimes()
-				mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{},
-					nil).AnyTimes()
+				if internal.VpcPeeringEnabled {
+					mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{},
+						nil).AnyTimes()
+				}
 
 				_ = fakeClient.Create(context.Background(), secret)
 				c := newAWSCloud(mockawsCloudHelper)
@@ -300,8 +311,10 @@ var _ = Describe("AWS cloud", func() {
 				mockawsEC2.EXPECT().pagedDescribeInstancesWrapper(gomock.Any()).Return(getEc2InstanceObject(instanceIds), nil).AnyTimes()
 				mockawsEC2.EXPECT().pagedDescribeNetworkInterfaces(gomock.Any()).Return([]*ec2.NetworkInterface{}, nil).AnyTimes()
 				mockawsEC2.EXPECT().describeVpcsWrapper(gomock.Any()).Return(&ec2.DescribeVpcsOutput{}, nil).AnyTimes()
-				mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{},
-					nil).AnyTimes()
+				if internal.VpcPeeringEnabled {
+					mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{},
+						nil).AnyTimes()
+				}
 				_ = fakeClient.Create(context.Background(), secret)
 				c := newAWSCloud(mockawsCloudHelper)
 				err := c.AddProviderAccount(fakeClient, account)
@@ -408,7 +421,9 @@ var _ = Describe("AWS cloud", func() {
 			mockawsEC2.EXPECT().pagedDescribeInstancesWrapper(gomock.Any()).Return(getEc2InstanceObject(instanceIds), nil).AnyTimes()
 			mockawsEC2.EXPECT().pagedDescribeNetworkInterfaces(gomock.Any()).Return([]*ec2.NetworkInterface{}, nil).AnyTimes()
 			mockawsEC2.EXPECT().describeVpcsWrapper(gomock.Any()).Return(&ec2.DescribeVpcsOutput{}, nil).AnyTimes()
-			mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{}, nil).AnyTimes()
+			if internal.VpcPeeringEnabled {
+				mockawsEC2.EXPECT().describeVpcPeeringConnectionsWrapper(gomock.Any()).Return(&ec2.DescribeVpcPeeringConnectionsOutput{}, nil).AnyTimes()
+			}
 		})
 
 		AfterEach(func() {

pkg/cloudprovider/plugins/azure/azure_compute.go

@@ -240,7 +240,12 @@ func (computeCfg *computeServiceConfig) DoResourceInventory() error {
 	}
 	azurePluginLogger().V(1).Info("Vpcs from cloud", "account", computeCfg.accountNamespacedName,
 		"vpcs", len(vnets))
-	vnetPeers := computeCfg.buildMapVpcPeers(vnets)
+
+	var vnetPeers map[string][][]string
+	if internal.VpcPeeringEnabled {
+		vnetPeers = computeCfg.buildMapVpcPeers(vnets)
+	}
+
 	allVirtualMachines := make(map[types.NamespacedName][]*virtualMachineTable)
 
 	// Make cloud API calls for fetching vm inventory for each configured CES.

pkg/cloudprovider/plugins/azure/azure_security_impl.go

@@ -102,7 +102,6 @@ func (c *azureCloud) UpdateSecurityGroupRules(appliedToGroupIdentifier *cloudres
 		return err
 	}
 
-	vnetPeerPairs := computeService.getVnetPeers(vnetID)
 	vnetCachedIDs := computeService.getManagedVnetIds()
 	vnetVMs := computeService.getAllCachedVirtualMachines()
 	// ruleIP := vnetVMs[len(vnetVMs)-1].NetworkInterfaces[0].PrivateIps[0]
@@ -113,26 +112,29 @@ func (c *azureCloud) UpdateSecurityGroupRules(appliedToGroupIdentifier *cloudres
 	// convert to azure security rules and build effective rules to be applied to AT sg azure NSG
 	var rules []*armnetwork.SecurityRule
 	flag := 0
-	for _, vnetPeerPair := range vnetPeerPairs {
-		vnetPeerID, _, _ := vnetPeerPair[0], vnetPeerPair[1], vnetPeerPair[2]
-
-		if _, ok := vnetCachedIDs[vnetPeerID]; ok {
-			var ruleIP *string
-			for _, vnetVM := range vnetVMs {
-				azurePluginLogger().Info("Accessing VM network interfaces", "VM", vnetVM.Name)
-				if *vnetVM.VnetID == vnetID {
-					ruleIP = vnetVM.NetworkInterfaces[0].PrivateIps[0]
+	if internal.VpcPeeringEnabled {
+		vnetPeerPairs := computeService.getVnetPeers(vnetID)
+		for _, vnetPeerPair := range vnetPeerPairs {
+			vnetPeerID, _, _ := vnetPeerPair[0], vnetPeerPair[1], vnetPeerPair[2]
+
+			if _, ok := vnetCachedIDs[vnetPeerID]; ok {
+				var ruleIP *string
+				for _, vnetVM := range vnetVMs {
+					azurePluginLogger().Info("Accessing VM network interfaces", "VM", vnetVM.Name)
+					if *vnetVM.VnetID == vnetID {
+						ruleIP = vnetVM.NetworkInterfaces[0].PrivateIps[0]
+					}
+					flag = 1
+					break
+				}
+				rules, err = computeService.buildEffectivePeerNSGSecurityRulesToApply(&appliedToGroupIdentifier.CloudResourceID, addRules,
+					rmRules, appliedToGroupPerVnetNsgName, rgName, ruleIP)
+				if err != nil {
+					azurePluginLogger().Error(err, "fail to build effective rules to be applied")
+					return err
 				}
-				flag = 1
 				break
 			}
-			rules, err = computeService.buildEffectivePeerNSGSecurityRulesToApply(&appliedToGroupIdentifier.CloudResourceID, addRules,
-				rmRules, appliedToGroupPerVnetNsgName, rgName, ruleIP)
-			if err != nil {
-				azurePluginLogger().Error(err, "fail to build effective rules to be applied")
-				return err
-			}
-			break
 		}
 	}
 	if flag == 0 {

pkg/cloudprovider/plugins/azure/azure_security_test.go

@@ -36,6 +36,7 @@ import (
 	crdv1alpha1 "antrea.io/nephe/apis/crd/v1alpha1"
 	"antrea.io/nephe/apis/runtime/v1alpha1"
 	"antrea.io/nephe/pkg/cloudprovider/cloudresource"
+	"antrea.io/nephe/pkg/cloudprovider/plugins/internal"
 	"antrea.io/nephe/pkg/cloudprovider/utils"
 	"antrea.io/nephe/pkg/config"
 )
@@ -783,6 +784,9 @@ var _ = Describe("Azure Cloud Security", func() {
 			})
 
 			It("Should update Security rules for Peerings", func() {
+				if !internal.VpcPeeringEnabled {
+					Skip("Peering feature is disabled")
+				}
 				webAddressGroupIdentifier03 := &cloudresource.CloudResource{
 					Type: cloudresource.CloudResourceTypeVM,
 					CloudResourceID: cloudresource.CloudResourceID{
@@ -829,6 +833,9 @@ var _ = Describe("Azure Cloud Security", func() {
 
 			//  Creating cloud security rules without a description field is not allowed.
 			It("Should fail to update Security rules for Peerings -- invalid namespacedname", func() {
+				if !internal.VpcPeeringEnabled {
+					Skip("Peering feature is disabled")
+				}
 				webAddressGroupIdentifier03 := &cloudresource.CloudResource{
 					Type: cloudresource.CloudResourceTypeVM,
 					CloudResourceID: cloudresource.CloudResourceID{

pkg/cloudprovider/plugins/internal/cloud_common.go

@@ -37,6 +37,7 @@ var (
 	MaxCloudResourceResponse  int64 = 100
 	InventoryInitWaitDuration       = time.Second * 30
 	AccountCredentialsDefault       = "default"
+	VpcPeeringEnabled               = false
 )
 
 type InstanceID string