diff --git a/apis/ec2/manualv1alpha1/securitygrouprule_types.go b/apis/ec2/manualv1alpha1/securitygrouprule_types.go index 252fdeb9b9..b38a150557 100755 --- a/apis/ec2/manualv1alpha1/securitygrouprule_types.go +++ b/apis/ec2/manualv1alpha1/securitygrouprule_types.go @@ -58,14 +58,17 @@ type SecurityGroupRuleParameters struct { // +kubebuilder:validation:Required Region *string `json:"region"` + // If using a SecurityGroup managed by crossplane as reference, + // enable ignoreIngress or ignoreEgress on the sg to prevent the + // rules to be constantly created and deleted // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-aws/apis/ec2/v1beta1.SecurityGroup // +kubebuilder:validation:Optional // +immutable SecurityGroupID *string `json:"securityGroupId,omitempty"` - // If using a SecurittyGroup managed by crossplane as reference, + // If using a SecurityGroup managed by crossplane as reference, // enable ignoreIngress or ignoreEgress on the sg to prevent the - // roules to be constantly created and deleted + // rules to be constantly created and deleted // +kubebuilder:validation:Optional // +immutable SecurityGroupIDRef *xpv1.Reference `json:"securityGroupIdRef,omitempty"` diff --git a/apis/ec2/v1beta1/securitygroup_types.go b/apis/ec2/v1beta1/securitygroup_types.go index 2ce295bc72..cfc741debb 100644 --- a/apis/ec2/v1beta1/securitygroup_types.go +++ b/apis/ec2/v1beta1/securitygroup_types.go @@ -69,10 +69,10 @@ type SecurityGroupParameters struct { VPCIDSelector *xpv1.Selector `json:"vpcIdSelector,omitempty"` // Dont manage the ingress settings for the created resource - IgnorIngress *bool `json:"ignoreIngress,omitempty"` + IgnoreIngress *bool `json:"ignoreIngress,omitempty"` // Dont manage the egress settings for the created resource - IgnorEgress *bool `json:"ignoreEgress,omitempty"` + IgnoreEgress *bool `json:"ignoreEgress,omitempty"` } // IPRange describes an IPv4 range. diff --git a/apis/ec2/v1beta1/zz_generated.deepcopy.go b/apis/ec2/v1beta1/zz_generated.deepcopy.go index 4c565d9cb4..56847ba795 100644 --- a/apis/ec2/v1beta1/zz_generated.deepcopy.go +++ b/apis/ec2/v1beta1/zz_generated.deepcopy.go @@ -1086,13 +1086,13 @@ func (in *SecurityGroupParameters) DeepCopyInto(out *SecurityGroupParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } - if in.IgnorIngress != nil { - in, out := &in.IgnorIngress, &out.IgnorIngress + if in.IgnoreIngress != nil { + in, out := &in.IgnoreIngress, &out.IgnoreIngress *out = new(bool) **out = **in } - if in.IgnorEgress != nil { - in, out := &in.IgnorEgress, &out.IgnorEgress + if in.IgnoreEgress != nil { + in, out := &in.IgnoreEgress, &out.IgnoreEgress *out = new(bool) **out = **in } diff --git a/package/crds/ec2.aws.crossplane.io_securitygrouprules.yaml b/package/crds/ec2.aws.crossplane.io_securitygrouprules.yaml index 611c441980..48306af41e 100644 --- a/package/crds/ec2.aws.crossplane.io_securitygrouprules.yaml +++ b/package/crds/ec2.aws.crossplane.io_securitygrouprules.yaml @@ -84,11 +84,14 @@ spec: be created in. type: string securityGroupId: + description: If using a SecurityGroup managed by crossplane as + reference, enable ignoreIngress or ignoreEgress on the sg to + prevent the rules to be constantly created and deleted type: string securityGroupIdRef: - description: If using a SecurittyGroup managed by crossplane as + description: If using a SecurityGroup managed by crossplane as reference, enable ignoreIngress or ignoreEgress on the sg to - prevent the roules to be constantly created and deleted + prevent the rules to be constantly created and deleted properties: name: description: Name of the referenced object. diff --git a/pkg/clients/ec2/securitygroup.go b/pkg/clients/ec2/securitygroup.go index a574b460f7..b9e66fcc58 100644 --- a/pkg/clients/ec2/securitygroup.go +++ b/pkg/clients/ec2/securitygroup.go @@ -130,13 +130,13 @@ func IsSGUpToDate(sg v1beta1.SecurityGroupParameters, observed ec2types.Security return false } - if !awsclients.BoolValue(sg.IgnorIngress) { + if !awsclients.BoolValue(sg.IgnoreIngress) { add, remove := DiffPermissions(GenerateEC2Permissions(sg.Ingress), observed.IpPermissions) if len(add) > 0 || len(remove) > 0 { return false } } - if !awsclients.BoolValue(sg.IgnorEgress) { + if !awsclients.BoolValue(sg.IgnoreEgress) { add, remove := DiffPermissions(GenerateEC2Permissions(sg.Egress), observed.IpPermissionsEgress) if len(add) > 0 || len(remove) > 0 { return false diff --git a/pkg/controller/ec2/securitygroup/controller.go b/pkg/controller/ec2/securitygroup/controller.go index 1ac3b44dcd..399e8b169c 100644 --- a/pkg/controller/ec2/securitygroup/controller.go +++ b/pkg/controller/ec2/securitygroup/controller.go @@ -241,7 +241,7 @@ func (e *external) Update(ctx context.Context, mgd resource.Managed) (managed.Ex } } - if !awsclient.BoolValue(cr.Spec.ForProvider.IgnorIngress) { + if !awsclient.BoolValue(cr.Spec.ForProvider.IgnoreIngress) { add, remove := ec2.DiffPermissions(ec2.GenerateEC2Permissions(cr.Spec.ForProvider.Ingress), response.SecurityGroups[0].IpPermissions) if len(remove) > 0 { if _, err := e.sg.RevokeSecurityGroupIngress(ctx, &awsec2.RevokeSecurityGroupIngressInput{ @@ -261,7 +261,7 @@ func (e *external) Update(ctx context.Context, mgd resource.Managed) (managed.Ex } } - if !awsclient.BoolValue(cr.Spec.ForProvider.IgnorEgress) { + if !awsclient.BoolValue(cr.Spec.ForProvider.IgnoreEgress) { add, remove := ec2.DiffPermissions(ec2.GenerateEC2Permissions(cr.Spec.ForProvider.Egress), response.SecurityGroups[0].IpPermissionsEgress) if len(remove) > 0 { if _, err = e.sg.RevokeSecurityGroupEgress(ctx, &awsec2.RevokeSecurityGroupEgressInput{