func()

in pkg/aws/ec2/api/helper.go [100:171]

• 56 lines of code
• 14 McCabe index (conditional complexity)

func (h *ec2APIHelper) CreateNetworkInterface(description *string, subnetId *string, securityGroups []string, tags []*ec2.Tag,
	secondaryPrivateIPCount int, interfaceType *string) (*ec2.NetworkInterface, error) {
	eniDescription := CreateENIDescriptionPrefix + *description

	var ec2SecurityGroups []*string
	if securityGroups != nil && len(securityGroups) != 0 {
		// Only add security groups if there are one or more security group provided, otherwise API call will fail instead
		// of creating the interface with default security groups
		ec2SecurityGroups = aws.StringSlice(securityGroups)
	}

	if tags == nil {
		tags = []*ec2.Tag{}
	}

	// Append the default controller tag to scope down the permissions on network interfaces using IAM roles and add the
	// k8s cluster name tag which will be used by the controller to clean up dangling ENIs
	tags = append(tags, defaultControllerTag, clusterNameTag)
	tagSpecifications := []*ec2.TagSpecification{
		{
			ResourceType: aws.String(ec2.ResourceTypeNetworkInterface),
			Tags:         tags,
		},
	}

	createInput := &ec2.CreateNetworkInterfaceInput{
		Description:       aws.String(eniDescription),
		Groups:            ec2SecurityGroups,
		SubnetId:          subnetId,
		TagSpecifications: tagSpecifications,
	}

	if secondaryPrivateIPCount != 0 {
		createInput.SecondaryPrivateIpAddressCount = aws.Int64(int64(secondaryPrivateIPCount))
	}

	if interfaceType != nil {
		createInput.InterfaceType = interfaceType
	}

	createOutput, err := h.ec2Wrapper.CreateNetworkInterface(createInput)
	if err != nil {
		return nil, err
	}
	if createOutput == nil ||
		createOutput.NetworkInterface == nil ||
		createOutput.NetworkInterface.NetworkInterfaceId == nil {

		return nil, fmt.Errorf("network interface details not returned in response for requet %v", *createInput)
	}

	nwInterface := createOutput.NetworkInterface
	// If the interface type is trunk then attach interface permissions
	if interfaceType != nil && *interfaceType == "trunk" {
		// Get attach permission from User's Service Linked Role. Account ID will be added by the EC2 API Wrapper
		input := &ec2.CreateNetworkInterfacePermissionInput{
			NetworkInterfaceId: nwInterface.NetworkInterfaceId,
			Permission:         aws.String(ec2.InterfacePermissionTypeInstanceAttach),
		}

		_, err = h.ec2Wrapper.CreateNetworkInterfacePermission(input)
		if err != nil {
			errDelete := h.DeleteNetworkInterface(nwInterface.NetworkInterfaceId)
			if errDelete != nil {
				return nwInterface, fmt.Errorf("failed to attach the network interface %v: failed to delete the nw interfac %v",
					err, errDelete)
			}
			return nil, fmt.Errorf("failed to get attach network interface permissions for trunk %v", err)
		}
	}
	return nwInterface, nil
}