in pkg/deploy/lattice/access_log_subscription_manager.go [39:113]
func (m *defaultAccessLogSubscriptionManager) Create(
ctx context.Context,
accessLogSubscription *lattice.AccessLogSubscription,
) (*lattice.AccessLogSubscriptionStatus, error) {
vpcLatticeSess := m.cloud.Lattice()
sourceArn, err := m.getSourceArn(ctx, accessLogSubscription.Spec.SourceType, accessLogSubscription.Spec.SourceName)
if err != nil {
return nil, err
}
tags := m.cloud.DefaultTagsMergedWith(services.Tags{
lattice.AccessLogPolicyTagKey: aws.String(accessLogSubscription.Spec.ALPNamespacedName.String()),
})
createALSInput := &vpclattice.CreateAccessLogSubscriptionInput{
ResourceIdentifier: sourceArn,
DestinationArn: &accessLogSubscription.Spec.DestinationArn,
Tags: tags,
}
createALSOutput, err := vpcLatticeSess.CreateAccessLogSubscriptionWithContext(ctx, createALSInput)
if err == nil {
return &lattice.AccessLogSubscriptionStatus{
Arn: *createALSOutput.Arn,
}, nil
}
switch e := err.(type) {
case *vpclattice.AccessDeniedException:
return nil, services.NewInvalidError(e.Message())
case *vpclattice.ResourceNotFoundException:
if *e.ResourceType == "SERVICE_NETWORK" || *e.ResourceType == "SERVICE" {
return nil, services.NewNotFoundError(string(accessLogSubscription.Spec.SourceType), accessLogSubscription.Spec.SourceName)
}
return nil, services.NewInvalidError(e.Message())
case *vpclattice.ConflictException:
/*
* Conflict may arise if we retry creation due to a failure elsewhere in the controller,
* so we check if the conflicting ALS was created for the same ALP via its tags.
* If it is the same ALP, return success. Else, return ConflictError.
*/
listALSInput := &vpclattice.ListAccessLogSubscriptionsInput{
ResourceIdentifier: sourceArn,
}
listALSOutput, err := vpcLatticeSess.ListAccessLogSubscriptionsWithContext(ctx, listALSInput)
if err != nil {
return nil, err
}
for _, als := range listALSOutput.Items {
if *als.DestinationArn == accessLogSubscription.Spec.DestinationArn {
listTagsInput := &vpclattice.ListTagsForResourceInput{
ResourceArn: als.Arn,
}
listTagsOutput, err := vpcLatticeSess.ListTagsForResourceWithContext(ctx, listTagsInput)
if err != nil {
return nil, err
}
value, exists := listTagsOutput.Tags[lattice.AccessLogPolicyTagKey]
if exists && *value == accessLogSubscription.Spec.ALPNamespacedName.String() {
return &lattice.AccessLogSubscriptionStatus{
Arn: *als.Arn,
}, nil
}
}
}
return nil, services.NewConflictError(
string(accessLogSubscription.Spec.SourceType),
accessLogSubscription.Spec.SourceName,
e.Message(),
)
default:
return nil, err
}
}