Fix worker SG assocation when custom vpc is used

Signed-off-by: Aswin Suryanarayanan <[email protected]>
submariner-io · Sep 26, 2024 · f935ffc · f935ffc
1 parent da4efa4
commit f935ffc
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/pkg/aws/gw-machineset.go b/pkg/aws/gw-machineset.go
@@ -65,7 +65,7 @@ spec:
             - filters:
                 - name: tag:Name
                   values:
-                    - {{.InfraID}}-worker-sg
+                    - {{.NodeSG}}
                     - {{.SecurityGroup}}
           subnet:
             filters:

diff --git a/pkg/aws/ocpgwdeployer.go b/pkg/aws/ocpgwdeployer.go
@@ -228,6 +228,7 @@ type machineSetConfig struct {
 	Region        string
 	SecurityGroup string
 	PublicSubnet  string
+	NodeSG        string
 }
 
 func (d *ocpGatewayDeployer) findAMIID(vpcID string) (string, error) {
@@ -277,6 +278,25 @@ func (d *ocpGatewayDeployer) loadGatewayYAML(gatewaySecurityGroup, amiID string,
 		PublicSubnet:  extractName(publicSubnet.Tags),
 	}
 
+	if id, exists := d.aws.cloudConfig[WorkerSecurityGroupIDKey]; exists {
+		if workerGroupIDStr, ok := id.(string); ok && workerGroupIDStr != "" {
+			workerSecurityGroup, err := d.aws.getSecurityGroupByID(workerGroupIDStr)
+			if err != nil {
+				return nil, errors.Wrapf(err, "error finding the worker security group with ID %s", workerGroupIDStr)
+			}
+
+			if workerSecurityGroup.GroupName == nil {
+				return nil, errors.Errorf("security group with ID %s has no group name", workerGroupIDStr)
+			}
+
+			tplVars.NodeSG = *workerSecurityGroup.GroupName
+		} else {
+			return nil, errors.New("worker Security Group ID must be a valid non-empty string")
+		}
+	} else {
+		tplVars.NodeSG = d.aws.infraID + d.aws.nodeSGSuffix
+	}
+
 	err = tpl.Execute(&buf, tplVars)
 	if err != nil {
 		return nil, errors.Wrap(err, "error executing the template")