func()

in pkg/deploy/lattice/access_log_subscription_manager.go [39:113]


func (m *defaultAccessLogSubscriptionManager) Create(
	ctx context.Context,
	accessLogSubscription *lattice.AccessLogSubscription,
) (*lattice.AccessLogSubscriptionStatus, error) {
	vpcLatticeSess := m.cloud.Lattice()

	sourceArn, err := m.getSourceArn(ctx, accessLogSubscription.Spec.SourceType, accessLogSubscription.Spec.SourceName)
	if err != nil {
		return nil, err
	}

	tags := m.cloud.DefaultTagsMergedWith(services.Tags{
		lattice.AccessLogPolicyTagKey: aws.String(accessLogSubscription.Spec.ALPNamespacedName.String()),
	})

	createALSInput := &vpclattice.CreateAccessLogSubscriptionInput{
		ResourceIdentifier: sourceArn,
		DestinationArn:     &accessLogSubscription.Spec.DestinationArn,
		Tags:               tags,
	}

	createALSOutput, err := vpcLatticeSess.CreateAccessLogSubscriptionWithContext(ctx, createALSInput)
	if err == nil {
		return &lattice.AccessLogSubscriptionStatus{
			Arn: *createALSOutput.Arn,
		}, nil
	}

	switch e := err.(type) {
	case *vpclattice.AccessDeniedException:
		return nil, services.NewInvalidError(e.Message())
	case *vpclattice.ResourceNotFoundException:
		if *e.ResourceType == "SERVICE_NETWORK" || *e.ResourceType == "SERVICE" {
			return nil, services.NewNotFoundError(string(accessLogSubscription.Spec.SourceType), accessLogSubscription.Spec.SourceName)
		}
		return nil, services.NewInvalidError(e.Message())
	case *vpclattice.ConflictException:
		/*
		 * Conflict may arise if we retry creation due to a failure elsewhere in the controller,
		 * so we check if the conflicting ALS was created for the same ALP via its tags.
		 * If it is the same ALP, return success. Else, return ConflictError.
		 */
		listALSInput := &vpclattice.ListAccessLogSubscriptionsInput{
			ResourceIdentifier: sourceArn,
		}
		listALSOutput, err := vpcLatticeSess.ListAccessLogSubscriptionsWithContext(ctx, listALSInput)
		if err != nil {
			return nil, err
		}
		for _, als := range listALSOutput.Items {
			if *als.DestinationArn == accessLogSubscription.Spec.DestinationArn {
				listTagsInput := &vpclattice.ListTagsForResourceInput{
					ResourceArn: als.Arn,
				}
				listTagsOutput, err := vpcLatticeSess.ListTagsForResourceWithContext(ctx, listTagsInput)
				if err != nil {
					return nil, err
				}
				value, exists := listTagsOutput.Tags[lattice.AccessLogPolicyTagKey]
				if exists && *value == accessLogSubscription.Spec.ALPNamespacedName.String() {
					return &lattice.AccessLogSubscriptionStatus{
						Arn: *als.Arn,
					}, nil
				}
			}
		}
		return nil, services.NewConflictError(
			string(accessLogSubscription.Spec.SourceType),
			accessLogSubscription.Spec.SourceName,
			e.Message(),
		)
	default:
		return nil, err
	}
}