Revert "Add infrastructure ConfigValidator for checking VPC IDs (#395)…

…" (#401)

This reverts commit 7514078.

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/coreos/go-systemd/v22 v22.1.0
 	github.com/frankban/quicktest v1.9.0 // indirect
 	github.com/gardener/etcd-druid v0.5.0
-	github.com/gardener/gardener v1.30.1-0.20210827103926-aa88e5700bb0
+	github.com/gardener/gardener v1.29.0
 	github.com/gardener/machine-controller-manager v0.36.0
 	github.com/go-logr/logr v0.4.0
 	github.com/golang/mock v1.6.0

go.sum

@@ -205,8 +205,8 @@ github.com/gardener/gardener v1.6.5/go.mod h1:w5IHIQDccvSxZJFOtBa8YConyyFgt07DBH
 github.com/gardener/gardener v1.11.3/go.mod h1:5DzqfOm+G8UftKu5zUbYJ+9Cnfd4XrvRNDabkM9AIp4=
 github.com/gardener/gardener v1.17.1/go.mod h1:uucRHq0xV46xd9MpJJjRswx/Slq3+ipbbJg09FVUtvM=
 github.com/gardener/gardener v1.27.1/go.mod h1:g+3Vx1Q8HSwcSkRwxn4G54WealBh4pcZSNOSkE6ygdQ=
-github.com/gardener/gardener v1.30.1-0.20210827103926-aa88e5700bb0 h1:99ImzW2fLvg8tQCSxAwdpsmkn+TGeSS1wREpu4vDeKI=
-github.com/gardener/gardener v1.30.1-0.20210827103926-aa88e5700bb0/go.mod h1:3VK2HoMK33jZmS4+PeVfHSBXI06t9ybvM+rj1QvYtc0=
+github.com/gardener/gardener v1.29.0 h1:5mEMC9iL1fGPvG+mO+YOssGTAc5UQOy0djbFxnciln8=
+github.com/gardener/gardener v1.29.0/go.mod h1:3VK2HoMK33jZmS4+PeVfHSBXI06t9ybvM+rj1QvYtc0=
 github.com/gardener/gardener-resource-manager v0.10.0/go.mod h1:0pKTHOhvU91eQB0EYr/6Ymd7lXc/5Hi8P8tF/gpV0VQ=
 github.com/gardener/gardener-resource-manager v0.13.1/go.mod h1:0No/XttYRUwDn5lSppq9EqlKdo/XJQ44aCZz5BVu3Vw=
 github.com/gardener/gardener-resource-manager v0.18.0/go.mod h1:k53Yw2iDAIpTxnChQY9qFHrRtuPQWJDNnCP9eE6TnWQ=

pkg/aws/client/client.go

@@ -97,9 +97,9 @@ func (c *Client) GetAccountID(ctx context.Context) (string, error) {
 	return *getCallerIdentityOutput.Account, nil
 }
 
-// GetVPCInternetGateway returns the ID of the internet gateway attached to the given VPC <vpcID>.
+// GetInternetGateway returns the ID of the internet gateway attached to the given VPC <vpcID>.
 // If there is no internet gateway attached, the returned string will be empty.
-func (c *Client) GetVPCInternetGateway(ctx context.Context, vpcID string) (string, error) {
+func (c *Client) GetInternetGateway(ctx context.Context, vpcID string) (string, error) {
 	describeInternetGatewaysInput := &ec2.DescribeInternetGatewaysInput{
 		Filters: []*ec2.Filter{
 			{
@@ -115,27 +115,34 @@ func (c *Client) GetVPCInternetGateway(ctx context.Context, vpcID string) (strin
 		return "", err
 	}
 
-	if len(describeInternetGatewaysOutput.InternetGateways) > 0 {
-		return aws.StringValue(describeInternetGatewaysOutput.InternetGateways[0].InternetGatewayId), nil
+	if describeInternetGatewaysOutput.InternetGateways != nil {
+		if *describeInternetGatewaysOutput.InternetGateways[0].InternetGatewayId == "" {
+			return "", fmt.Errorf("no attached internet gateway found for vpc %s", vpcID)
+		}
+		return *describeInternetGatewaysOutput.InternetGateways[0].InternetGatewayId, nil
 	}
-	return "", nil
+	return "", fmt.Errorf("no attached internet gateway found for vpc %s", vpcID)
 }
 
-// GetVPCAttribute returns the value of the specified VPC attribute.
-func (c *Client) GetVPCAttribute(ctx context.Context, vpcID string, attribute string) (bool, error) {
-	vpcAttribute, err := c.EC2.DescribeVpcAttributeWithContext(ctx, &ec2.DescribeVpcAttributeInput{VpcId: &vpcID, Attribute: aws.String(attribute)})
+// VerifyVPCAttributes checks whether the VPC attributes are correct.
+func (c *Client) VerifyVPCAttributes(ctx context.Context, vpcID string) error {
+	vpcAttribute, err := c.EC2.DescribeVpcAttributeWithContext(ctx, &ec2.DescribeVpcAttributeInput{VpcId: &vpcID, Attribute: aws.String("enableDnsSupport")})
 	if err != nil {
-		return false, err
+		return err
+	}
+	if vpcAttribute.EnableDnsSupport == nil || vpcAttribute.EnableDnsSupport.Value == nil || !*vpcAttribute.EnableDnsSupport.Value {
+		return fmt.Errorf("invalid VPC attributes: `enableDnsSupport` must be set to `true`")
 	}
 
-	switch attribute {
-	case "enableDnsSupport":
-		return vpcAttribute.EnableDnsSupport != nil && vpcAttribute.EnableDnsSupport.Value != nil && *vpcAttribute.EnableDnsSupport.Value, nil
-	case "enableDnsHostnames":
-		return vpcAttribute.EnableDnsHostnames != nil && vpcAttribute.EnableDnsHostnames.Value != nil && *vpcAttribute.EnableDnsHostnames.Value, nil
-	default:
-		return false, nil
+	vpcAttribute, err = c.EC2.DescribeVpcAttributeWithContext(ctx, &ec2.DescribeVpcAttributeInput{VpcId: &vpcID, Attribute: aws.String("enableDnsHostnames")})
+	if err != nil {
+		return err
+	}
+	if vpcAttribute.EnableDnsHostnames == nil || vpcAttribute.EnableDnsHostnames.Value == nil || !*vpcAttribute.EnableDnsHostnames.Value {
+		return fmt.Errorf("invalid VPC attributes: `enableDnsHostnames` must be set to `true`")
 	}
+
+	return nil
 }
 
 // DeleteObjectsWithPrefix deletes the s3 objects with the specific <prefix> from <bucket>. If it does not exist,
@@ -420,15 +427,11 @@ func (c *Client) DeleteSecurityGroup(ctx context.Context, id string) error {
 	return ignoreNotFound(err)
 }
 
-func IsNotFoundError(err error) bool {
-	if aerr, ok := err.(awserr.Error); ok && (aerr.Code() == elb.ErrCodeAccessPointNotFoundException || aerr.Code() == "InvalidGroup.NotFound" || aerr.Code() == "InvalidVpcID.NotFound") {
-		return true
-	}
-	return false
-}
-
 func ignoreNotFound(err error) error {
-	if err == nil || IsNotFoundError(err) {
+	if err == nil {
+		return nil
+	}
+	if aerr, ok := err.(awserr.Error); ok && (aerr.Code() == elb.ErrCodeAccessPointNotFoundException || aerr.Code() == "InvalidGroup.NotFound") {
 		return nil
 	}
 	return err

pkg/aws/client/types.go

@@ -32,8 +32,8 @@ const (
 // Interface is an interface which must be implemented by AWS clients.
 type Interface interface {
 	GetAccountID(ctx context.Context) (string, error)
-	GetVPCInternetGateway(ctx context.Context, vpcID string) (string, error)
-	GetVPCAttribute(ctx context.Context, vpcID string, attribute string) (bool, error)
+	GetInternetGateway(ctx context.Context, vpcID string) (string, error)
+	VerifyVPCAttributes(ctx context.Context, vpcID string) error
 
 	// S3 wrappers
 	DeleteObjectsWithPrefix(ctx context.Context, bucket, prefix string) error

pkg/controller/infrastructure/actuator_reconcile.go

@@ -125,7 +125,10 @@ func generateTerraformInfraConfig(ctx context.Context, infrastructure *extension
 	case infrastructureConfig.Networks.VPC.ID != nil:
 		createVPC = false
 		existingVpcID := *infrastructureConfig.Networks.VPC.ID
-		existingInternetGatewayID, err := awsClient.GetVPCInternetGateway(ctx, existingVpcID)
+		if err := awsClient.VerifyVPCAttributes(ctx, existingVpcID); err != nil {
+			return nil, err
+		}
+		existingInternetGatewayID, err := awsClient.GetInternetGateway(ctx, existingVpcID)
 		if err != nil {
 			return nil, err
 		}

pkg/controller/infrastructure/add.go

@@ -16,9 +16,7 @@ package infrastructure
 
 import (
 	"github.com/gardener/gardener-extension-provider-aws/pkg/aws"
-	awsclient "github.com/gardener/gardener-extension-provider-aws/pkg/aws/client"
 	"github.com/gardener/gardener/extensions/pkg/controller/infrastructure"
-	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	"sigs.k8s.io/controller-runtime/pkg/controller"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
@@ -42,7 +40,6 @@ type AddOptions struct {
 func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) error {
 	return infrastructure.Add(mgr, infrastructure.AddArgs{
 		Actuator:          NewActuator(),
-		ConfigValidator:   NewConfigValidator(awsclient.FactoryFunc(awsclient.NewInterface), log.Log),
 		ControllerOptions: opts.Controller,
 		Predicates:        infrastructure.DefaultPredicates(opts.IgnoreOperationAnnotation),
 		Type:              aws.Type,