model service network #896
Conversation
Signed-off-by: Ola Saadi <[email protected]>
|
you can review before fixing test |
There was a problem hiding this comment.
- Need dedicated tests:
- SGs/NACLs block connectivity to all/part-of service network
- Connectivity to service network is allowed, but not to public internet (and vice versa)
- Need to generate a Drawio SquareTreeNode for the service network, like we have for public internet (consult with @haim-kermany )
@haim-kermany |
Signed-off-by: Ziv Nevo <[email protected]>
its not trivial, can we consider doing it in a different PR? |
pkg/vpcmodel/subnetsConnectivity.go
Outdated
| @@ -241,7 +241,7 @@ func updateSubnetsConnectivityByTransitGateway(src, dst VPCResourceIntf, | |||
| c *VPCConfig) ( | |||
| *netset.TransportSet, error) { | |||
| // assuming a single router representing the tgw for a "MultipleVPCsConfig" | |||
| if len(c.RoutingResources) != 1 { | |||
| if len(c.RoutingResources) != 2 { // expecting tgw and sgw (virtual gateway) | |||
There was a problem hiding this comment.
Will this hold for AWS as well?
There was a problem hiding this comment.
aws does not get here
There was a problem hiding this comment.
@adisos , I need your help here. Is the change to the check valid?
There was a problem hiding this comment.
I would change this check.. and also the the next line in which it assumes that tgw is at index 0 of this slice. Instead, I think it is better to check here that c.RoutingResources contains exactly one router of kind TGW for MultipleVPCsConfig.
pkg/vpcmodel/textOutput.go
Outdated
| @@ -15,7 +15,8 @@ type TextOutputFormatter struct { | |||
| } | |||
|
|
|||
| func multipleVPCsConfigHeader(c *VPCConfig) (string, error) { | |||
| if len(c.RoutingResources) != 1 { | |||
| if len(c.RoutingResources) != 2 { // expecting tgw and sgw (virtual gateway) | |||
There was a problem hiding this comment.
aws does not support multi-vpc
There was a problem hiding this comment.
We may want to support multi-vpc in AWS in the future.
@adisos , any insight here?
There was a problem hiding this comment.
I would change this check here as well, to check here that c.RoutingResources contains exactly one router of kind TGW for MultipleVPCsConfig.
If we support multiple VPCs for AWS as well, this is a more consistent check, and does not depend on whether or not service network gateway is present.
Let's just replace |
|
@zivnevo pushed a solution that looks like that: |
pkg/vpcmodel/textOutput.go
Outdated
| var tgw RoutingResource | ||
| tgwRouterFound := false | ||
| for _, router := range c.RoutingResources { | ||
| if router.Kind() == resourceTypeTGW { | ||
| if tgwRouterFound { | ||
| return "", errors.New("unexpected number of RoutingResources for MultipleVPCsConfig, expecting only one TGW") | ||
| } | ||
| tgw = router | ||
| tgwRouterFound = true | ||
| } | ||
| } | ||
| if !tgwRouterFound { | ||
| return "", errors.New("unexpected number of RoutingResources for MultipleVPCsConfig, expecting TGW") |
There was a problem hiding this comment.
Since this code is duplicated in pkg/vpcmodel/subnetsConnectivity.go, I think it deserves a function. Can be a method of VPCConfig
pkg/vpcmodel/textOutput.go
Outdated
| var tgw RoutingResource | ||
| tgwRouterFound := false |
There was a problem hiding this comment.
No need for the Boolean variable. You can simple check if tgw != nil
No description provided.