[feat aga] Implement endpoint loader with DNS resolution

Author: shraddhabang

go.mod

@@ -104,6 +104,7 @@ require (
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/golang-lru v1.0.2 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/imkira/go-interpol v1.1.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect

go.sum

@@ -228,6 +228,8 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c=
+github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw=
 github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU=
 github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4=

pkg/aga/dns_resolver.go

@@ -0,0 +1,95 @@
+package aga
+
+import (
+	"context"
+	"fmt"
+	awssdk "github.com/aws/aws-sdk-go-v2/aws"
+	"sync"
+	"time"
+
+	elbv2sdk "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2"
+	"github.com/hashicorp/golang-lru"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws/services"
+)
+
+// DNSResolver resolves load balancer DNS names to ARNs
+type DNSResolver struct {
+	elbv2Client services.ELBV2
+	cache       *lru.Cache
+	cacheMutex  sync.RWMutex
+	ttl         time.Duration
+}
+
+type cacheEntry struct {
+	arn      string
+	expireAt time.Time
+}
+
+// NewDNSResolver creates a new DNSResolver
+func NewDNSResolver(elbv2Client services.ELBV2) (*DNSResolver, error) {
+	// AWS Global Accelerator has a quota of 420 endpoints per AWS account (can be increased)
+	// Using 420 provides headroom while efficiently caching DNS-to-ARN resolutions
+	cache, err := lru.New(420)
+	if err != nil {
+		return nil, err
+	}
+
+	return &DNSResolver{
+		elbv2Client: elbv2Client,
+		cache:       cache,
+		ttl:         5 * time.Minute, // Default TTL of 5 minutes
+	}, nil
+}
+
+// ResolveDNSToARN resolves a load balancer DNS name to an ARN
+func (r *DNSResolver) ResolveDNSToARN(ctx context.Context, dnsName string) (string, error) {
+	if dnsName == "" {
+		return "", fmt.Errorf("empty DNS name")
+	}
+
+	// Check cache first
+	r.cacheMutex.RLock()
+	if value, found := r.cache.Get(dnsName); found {
+		entry := value.(cacheEntry)
+		// Check if the cache entry is still valid
+		if time.Now().Before(entry.expireAt) {
+			r.cacheMutex.RUnlock()
+			return entry.arn, nil
+		}
+		// Entry has expired, remove from cache
+		r.cache.Remove(dnsName)
+	}
+	r.cacheMutex.RUnlock()
+
+	req := &elbv2sdk.DescribeLoadBalancersInput{}
+	lbs, err := r.elbv2Client.DescribeLoadBalancersAsList(ctx, req)
+	if err != nil {
+		return "", fmt.Errorf("failed to describe load balancers: %w", err)
+	}
+	if len(lbs) == 0 {
+		return "", fmt.Errorf("no load balancers found")
+	}
+	arn := ""
+	for _, lb := range lbs {
+		if awssdk.ToString(lb.DNSName) == dnsName {
+			arn = awssdk.ToString(lb.LoadBalancerArn)
+			break
+		}
+	}
+	if arn == "" {
+		return "", fmt.Errorf("no load balancer found for dns %s", dnsName)
+	}
+
+	// Cache the result
+	r.cacheMutex.Lock()
+	r.cache.Add(dnsName, cacheEntry{
+		arn:      arn,
+		expireAt: time.Now().Add(r.ttl),
+	})
+	r.cacheMutex.Unlock()
+
+	return arn, nil
+}
+
+// Ensure DNSResolver implements DNSResolverInterface
+var _ DNSResolverInterface = (*DNSResolver)(nil)

pkg/aga/dns_resolver_test.go

@@ -0,0 +1,273 @@
+package aga
+
+import (
+	"context"
+	awssdk "github.com/aws/aws-sdk-go-v2/aws"
+	elbv2sdk "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2"
+	"github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types"
+	"github.com/golang/mock/gomock"
+	"github.com/pkg/errors"
+	"github.com/stretchr/testify/assert"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws/services"
+	"testing"
+	"time"
+)
+
+func TestDNSResolver_ResolveDNSToARN(t *testing.T) {
+	type describeLoadBalancersAsListCall struct {
+		req  *elbv2sdk.DescribeLoadBalancersInput
+		resp []types.LoadBalancer
+		err  error
+	}
+
+	type fields struct {
+		elbv2Client                *services.MockELBV2
+		describeLoadBalancersCalls []describeLoadBalancersAsListCall
+	}
+
+	tests := []struct {
+		name        string
+		fields      fields
+		dnsName     string
+		wantARN     string
+		wantErr     bool
+		setupFields func(fields fields)
+	}{
+		{
+			name: "successfully resolves DNS to ARN",
+			fields: fields{
+				elbv2Client: services.NewMockELBV2(gomock.NewController(t)),
+				describeLoadBalancersCalls: []describeLoadBalancersAsListCall{
+					{
+						req: &elbv2sdk.DescribeLoadBalancersInput{},
+						resp: []types.LoadBalancer{
+							{
+								DNSName:         awssdk.String("test-lb.us-west-2.elb.amazonaws.com"),
+								LoadBalancerArn: awssdk.String("arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/test-lb/1234567890abcdef"),
+							},
+							{
+								DNSName:         awssdk.String("another-lb.us-west-2.elb.amazonaws.com"),
+								LoadBalancerArn: awssdk.String("arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/another-lb/0987654321fedcba"),
+							},
+						},
+						err: nil,
+					},
+				},
+			},
+			dnsName: "test-lb.us-west-2.elb.amazonaws.com",
+			wantARN: "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/test-lb/1234567890abcdef",
+			wantErr: false,
+			setupFields: func(fields fields) {
+				gomock.InOrder(
+					fields.elbv2Client.EXPECT().
+						DescribeLoadBalancersAsList(gomock.Any(), fields.describeLoadBalancersCalls[0].req).
+						Return(fields.describeLoadBalancersCalls[0].resp, fields.describeLoadBalancersCalls[0].err),
+				)
+			},
+		},
+		{
+			name: "uses cached ARN on second call",
+			fields: fields{
+				elbv2Client: services.NewMockELBV2(gomock.NewController(t)),
+				describeLoadBalancersCalls: []describeLoadBalancersAsListCall{
+					{
+						req: &elbv2sdk.DescribeLoadBalancersInput{},
+						resp: []types.LoadBalancer{
+							{
+								DNSName:         awssdk.String("test-lb.us-west-2.elb.amazonaws.com"),
+								LoadBalancerArn: awssdk.String("arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/test-lb/1234567890abcdef"),
+							},
+						},
+						err: nil,
+					},
+				},
+			},
+			dnsName: "test-lb.us-west-2.elb.amazonaws.com",
+			wantARN: "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/test-lb/1234567890abcdef",
+			wantErr: false,
+			setupFields: func(fields fields) {
+				gomock.InOrder(
+					fields.elbv2Client.EXPECT().
+						DescribeLoadBalancersAsList(gomock.Any(), fields.describeLoadBalancersCalls[0].req).
+						Return(fields.describeLoadBalancersCalls[0].resp, fields.describeLoadBalancersCalls[0].err).
+						Times(1),
+				)
+			},
+		},
+		{
+			name: "returns error for empty DNS name",
+			fields: fields{
+				elbv2Client:                services.NewMockELBV2(gomock.NewController(t)),
+				describeLoadBalancersCalls: []describeLoadBalancersAsListCall{},
+			},
+			dnsName: "",
+			wantARN: "",
+			wantErr: true,
+			setupFields: func(fields fields) {
+				// No calls expected for empty DNS name
+			},
+		},
+		{
+			name: "returns error when no load balancers found",
+			fields: fields{
+				elbv2Client: services.NewMockELBV2(gomock.NewController(t)),
+				describeLoadBalancersCalls: []describeLoadBalancersAsListCall{
+					{
+						req:  &elbv2sdk.DescribeLoadBalancersInput{},
+						resp: []types.LoadBalancer{},
+						err:  nil,
+					},
+				},
+			},
+			dnsName: "test-lb.us-west-2.elb.amazonaws.com",
+			wantARN: "",
+			wantErr: true,
+			setupFields: func(fields fields) {
+				gomock.InOrder(
+					fields.elbv2Client.EXPECT().
+						DescribeLoadBalancersAsList(gomock.Any(), fields.describeLoadBalancersCalls[0].req).
+						Return(fields.describeLoadBalancersCalls[0].resp, fields.describeLoadBalancersCalls[0].err),
+				)
+			},
+		},
+		{
+			name: "returns error when no matching load balancer found",
+			fields: fields{
+				elbv2Client: services.NewMockELBV2(gomock.NewController(t)),
+				describeLoadBalancersCalls: []describeLoadBalancersAsListCall{
+					{
+						req: &elbv2sdk.DescribeLoadBalancersInput{},
+						resp: []types.LoadBalancer{
+							{
+								DNSName:         awssdk.String("another-lb.us-west-2.elb.amazonaws.com"),
+								LoadBalancerArn: awssdk.String("arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/another-lb/0987654321fedcba"),
+							},
+						},
+						err: nil,
+					},
+				},
+			},
+			dnsName: "test-lb.us-west-2.elb.amazonaws.com",
+			wantARN: "",
+			wantErr: true,
+			setupFields: func(fields fields) {
+				gomock.InOrder(
+					fields.elbv2Client.EXPECT().
+						DescribeLoadBalancersAsList(gomock.Any(), fields.describeLoadBalancersCalls[0].req).
+						Return(fields.describeLoadBalancersCalls[0].resp, fields.describeLoadBalancersCalls[0].err),
+				)
+			},
+		},
+		{
+			name: "returns error when API call fails",
+			fields: fields{
+				elbv2Client: services.NewMockELBV2(gomock.NewController(t)),
+				describeLoadBalancersCalls: []describeLoadBalancersAsListCall{
+					{
+						req:  &elbv2sdk.DescribeLoadBalancersInput{},
+						resp: nil,
+						err:  errors.New("API error"),
+					},
+				},
+			},
+			dnsName: "test-lb.us-west-2.elb.amazonaws.com",
+			wantARN: "",
+			wantErr: true,
+			setupFields: func(fields fields) {
+				gomock.InOrder(
+					fields.elbv2Client.EXPECT().
+						DescribeLoadBalancersAsList(gomock.Any(), fields.describeLoadBalancersCalls[0].req).
+						Return(fields.describeLoadBalancersCalls[0].resp, fields.describeLoadBalancersCalls[0].err),
+				)
+			},
+		},
+	}
+
+	// Add a test case for cache expiration
+	t.Run("cache expiration", func(t *testing.T) {
+		ctrl := gomock.NewController(t)
+		elbv2Client := services.NewMockELBV2(ctrl)
+		dnsName := "expired-lb.us-west-2.elb.amazonaws.com"
+		originalARN := "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/expired-lb/original"
+		updatedARN := "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/expired-lb/updated"
+
+		// Create resolver with a small TTL for testing
+		resolver, err := NewDNSResolver(elbv2Client)
+		assert.NoError(t, err)
+
+		// Override the TTL for testing
+		resolver.ttl = 10 * time.Millisecond
+
+		// First call, should resolve through API
+		elbv2Client.EXPECT().
+			DescribeLoadBalancersAsList(gomock.Any(), &elbv2sdk.DescribeLoadBalancersInput{}).
+			Return([]types.LoadBalancer{
+				{
+					DNSName:         awssdk.String(dnsName),
+					LoadBalancerArn: awssdk.String(originalARN),
+				},
+			}, nil).
+			Times(1)
+
+		gotARN1, err := resolver.ResolveDNSToARN(context.Background(), dnsName)
+		assert.NoError(t, err)
+		assert.Equal(t, originalARN, gotARN1)
+
+		// Wait for cache to expire
+		time.Sleep(15 * time.Millisecond)
+
+		// Second call after cache expiry, should resolve through API again
+		elbv2Client.EXPECT().
+			DescribeLoadBalancersAsList(gomock.Any(), &elbv2sdk.DescribeLoadBalancersInput{}).
+			Return([]types.LoadBalancer{
+				{
+					DNSName:         awssdk.String(dnsName),
+					LoadBalancerArn: awssdk.String(updatedARN), // Different ARN to verify re-resolution
+				},
+			}, nil).
+			Times(1)
+
+		gotARN2, err := resolver.ResolveDNSToARN(context.Background(), dnsName)
+		assert.NoError(t, err)
+		assert.Equal(t, updatedARN, gotARN2, "ARN should be updated after cache expiry")
+	})
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tt.setupFields(tt.fields)
+
+			resolver, err := NewDNSResolver(tt.fields.elbv2Client)
+			assert.NoError(t, err)
+
+			// For cache test, we need to call it twice
+			if tt.name == "uses cached ARN on second call" {
+				// First call
+				gotARN, err := resolver.ResolveDNSToARN(context.Background(), tt.dnsName)
+				if tt.wantErr {
+					assert.Error(t, err)
+				} else {
+					assert.NoError(t, err)
+					assert.Equal(t, tt.wantARN, gotARN)
+				}
+
+				// Second call - should use cache
+				gotARN, err = resolver.ResolveDNSToARN(context.Background(), tt.dnsName)
+				if tt.wantErr {
+					assert.Error(t, err)
+				} else {
+					assert.NoError(t, err)
+					assert.Equal(t, tt.wantARN, gotARN)
+				}
+			} else {
+				// Regular test
+				gotARN, err := resolver.ResolveDNSToARN(context.Background(), tt.dnsName)
+				if tt.wantErr {
+					assert.Error(t, err)
+				} else {
+					assert.NoError(t, err)
+					assert.Equal(t, tt.wantARN, gotARN)
+				}
+			}
+		})
+	}
+}