Support BYOIP

Author: wweiwei-li

pkg/deploy/aga/accelerator_manager.go

@@ -4,6 +4,8 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"slices"
+
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awssdk "github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/globalaccelerator"
@@ -58,10 +60,10 @@ func (m *defaultAcceleratorManager) buildSDKCreateAcceleratorInput(_ context.Con
 		IdempotencyToken: aws.String(idempotencyToken),
 	}
 
-	//TODO: BYOIP feature
-	//if len(resAccelerator.Spec.IpAddresses) > 0 {
-	//	createInput.IpAddresses = resAccelerator.Spec.IpAddresses
-	//}
+	// BYOIP feature: Set IP addresses if provided
+	if len(resAccelerator.Spec.IpAddresses) > 0 {
+		createInput.IpAddresses = resAccelerator.Spec.IpAddresses
+	}
 
 	// Add tags
 	tags := m.trackingProvider.ResourceTags(resAccelerator.Stack(), resAccelerator, resAccelerator.Spec.Tags)
@@ -102,10 +104,11 @@ func (m *defaultAcceleratorManager) buildSDKUpdateAcceleratorInput(ctx context.C
 		Enabled:        resAccelerator.Spec.Enabled,
 	}
 
-	//TODO: BYOIP feature
-	//if len(resAccelerator.Spec.IpAddresses) > 0 {
-	//	updateInput.IpAddresses = resAccelerator.Spec.IpAddresses
-	//}
+	// BYOIP feature: Include IP addresses for update when specified
+	if len(resAccelerator.Spec.IpAddresses) > 0 {
+		updateInput.IpAddresses = resAccelerator.Spec.IpAddresses
+	}
+
 	return updateInput
 }
 
@@ -240,7 +243,11 @@ func (m *defaultAcceleratorManager) isSDKAcceleratorSettingsDrifted(resAccelerat
 		return true
 	}
 
-	//TODO : BYOIP feature
+	// Check if BYOIP differs, empty desired IPs means "don't update the IPs"
+	if len(resAccelerator.Spec.IpAddresses) > 0 && !m.areIPAddressesEqual(resAccelerator.Spec.IpAddresses, sdkAccelerator.Accelerator.IpSets) {
+		return true
+	}
+
 	return false
 }
 
@@ -272,3 +279,21 @@ func (m *defaultAcceleratorManager) buildAcceleratorStatus(accelerator *agatypes
 
 	return status
 }
+
+func (m *defaultAcceleratorManager) areIPAddressesEqual(desiredIPs []string, actualIPSets []agatypes.IpSet) bool {
+
+	// IPv6 BYOIP is not supported at this time
+	return m.areIPv4AddressesEqual(desiredIPs, actualIPSets)
+}
+
+// areIPv4AddressesEqual compares desired IPv4 addresses with actual IP sets from AWS
+func (m *defaultAcceleratorManager) areIPv4AddressesEqual(desiredIPs []string, actualIPSets []agatypes.IpSet) bool {
+	actualIPv4s := extractIPv4Addresses(actualIPSets)
+	if len(desiredIPs) != len(actualIPv4s) {
+		return false
+	}
+
+	slices.Sort(desiredIPs)
+	slices.Sort(actualIPv4s)
+	return slices.Equal(desiredIPs, actualIPv4s)
+}

pkg/deploy/aga/accelerator_manager_test.go

@@ -3,11 +3,13 @@ package aga
 import (
 	"context"
 	"errors"
-	"k8s.io/apimachinery/pkg/types"
 	"testing"
 
+	"k8s.io/apimachinery/pkg/types"
+
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/globalaccelerator"
+	agatypes "github.com/aws/aws-sdk-go-v2/service/globalaccelerator/types"
 	gatypes "github.com/aws/aws-sdk-go-v2/service/globalaccelerator/types"
 	"github.com/go-logr/logr"
 	"github.com/golang/mock/gomock"
@@ -721,3 +723,86 @@ func Test_defaultAcceleratorManager_disableAccelerator(t *testing.T) {
 		})
 	}
 }
+
+func Test_defaultAcceleratorManager_areIPv4AddressesEqual(t *testing.T) {
+	tests := []struct {
+		name           string
+		desiredIPs     []string
+		actualIPSets   []agatypes.IpSet
+		expectedResult bool
+		description    string
+	}{
+		{
+			name:           "Two BYOIPs match current - no drift",
+			desiredIPs:     []string{"169.254.8.13", "169.254.8.14"},
+			actualIPSets:   makeIPSets([]string{"169.254.8.13", "169.254.8.14"}),
+			expectedResult: true,
+			description:    "Both BYOIPs match exactly",
+		},
+		{
+			name:           "One BYOIP matches current - drift",
+			desiredIPs:     []string{"169.254.8.13, 169.254.9.13"},
+			actualIPSets:   makeIPSets([]string{"169.254.8.13", "99.82.158.217"}),
+			expectedResult: false,
+			description:    "BYOIP present, Amazon auto-assigned the other",
+		},
+		{
+			name:           "One BYOIP missing from current - drift detected",
+			desiredIPs:     []string{"169.254.9.13"},
+			actualIPSets:   makeIPSets([]string{"169.254.8.13", "99.82.158.217"}),
+			expectedResult: false,
+			description:    "Desired BYOIP not in current",
+		},
+		{
+			name:           "Changing from one BYOIP to another - drift detected",
+			desiredIPs:     []string{"169.254.8.16"},
+			actualIPSets:   makeIPSets([]string{"169.254.9.13", "99.82.158.217"}),
+			expectedResult: false,
+			description:    "Different BYOIP, count matches but IP doesn't",
+		},
+		{
+			name:           "Two BYOIPs in different order - no drift",
+			desiredIPs:     []string{"169.254.8.14", "169.254.8.13"},
+			actualIPSets:   makeIPSets([]string{"169.254.8.13", "169.254.8.14"}),
+			expectedResult: true,
+			description:    "Order doesn't matter for exact match",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			m := &defaultAcceleratorManager{
+				logger: logr.Discard(),
+			}
+			result := m.areIPv4AddressesEqual(tt.desiredIPs, tt.actualIPSets)
+			assert.Equal(t, tt.expectedResult, result, tt.description)
+		})
+	}
+}
+
+// Helper function to create IPSets from IP strings
+func makeIPSets(ips []string) []agatypes.IpSet {
+	if len(ips) == 0 {
+		return []agatypes.IpSet{}
+	}
+	return []agatypes.IpSet{
+		{
+			IpAddressFamily: "IPv4",
+			IpAddresses:     ips,
+		},
+	}
+}
+
+// Helper function to create dualstack IPSets with both IPv4 and IPv6
+func makeDualStackIPSets(ipv4s []string, ipv6s []string) []agatypes.IpSet {
+	return []agatypes.IpSet{
+		{
+			IpAddressFamily: "IPv4",
+			IpAddresses:     ipv4s,
+		},
+		{
+			IpAddressFamily: "IPv6",
+			IpAddresses:     ipv6s,
+		},
+	}
+}

pkg/deploy/aga/accelerator_synthesizer.go

@@ -2,6 +2,8 @@ package aga
 
 import (
 	"context"
+	"net"
+
 	awssdk "github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/globalaccelerator"
 	agatypes "github.com/aws/aws-sdk-go-v2/service/globalaccelerator/types"
@@ -72,8 +74,21 @@ func (s *acceleratorSynthesizer) Synthesize(ctx context.Context) error {
 
 	// Accelerator exists, determine if it needs replacement or update
 	if isSDKAcceleratorRequiresReplacement(sdkAccelerator, resAccelerator) {
+		currentIPv4s := extractIPv4Addresses(sdkAccelerator.Accelerator.IpSets)
+		desiredBYOIPs := resAccelerator.Spec.IpAddresses
+		if len(desiredBYOIPs) == 1 {
+			s.logger.Info("Accelerator requires replacement: BYOIP CIDR change",
+				"acceleratorARN", *sdkAccelerator.Accelerator.AcceleratorArn,
+				"currentIPv4s", currentIPv4s,
+				"desiredBYOIPv4s", desiredBYOIPs[0],
+				"note", "Amazon will auto-assign 1 additional IPv4 address")
+		} else {
+			s.logger.Info("Accelerator requires replacement: BYOIP CIDR change",
+				"acceleratorARN", *sdkAccelerator.Accelerator.AcceleratorArn,
+				"currentIPv4s", currentIPv4s,
+				"desiredBYOIPv4s", desiredBYOIPs)
+		}
 		// Store for deletion in PostSynthesize, then recreate
-		// TODO: We will test this for BYOIP feature
 		s.unmatchedSDKAccelerators = []AcceleratorWithTags{sdkAccelerator}
 		return s.handleCreateAccelerator(ctx, resAccelerator)
 	} else {
@@ -183,7 +198,48 @@ func (s *acceleratorSynthesizer) isAcceleratorNotFound(err error) bool {
 
 // isSDKAcceleratorRequiresReplacement checks whether a sdk Accelerator requires replacement to fulfill an Accelerator resource.
 func isSDKAcceleratorRequiresReplacement(sdkAccelerator AcceleratorWithTags, resAccelerator *agamodel.Accelerator) bool {
-	// The accelerator will only need replacement in BYOIP scenarios. I will implement this later as a separate PR
-	// TODO : BYOIP feature
+	if len(resAccelerator.Spec.IpAddresses) == 0 {
+		return false
+	}
+
+	hasSharedCIDR := HasSharedIPv4CIDR(sdkAccelerator.Accelerator.IpSets, resAccelerator.Spec.IpAddresses)
+
+	// If no BYOIP CIDR is shared between current and desired. require replacement.
+	return !hasSharedCIDR
+}
+
+// extractIPv4Addresses extracts IPv4 addresses from IPSets
+func extractIPv4Addresses(ipSets []agatypes.IpSet) []string {
+	ips := make([]string, 0)
+	for _, ipSet := range ipSets {
+		if ipSet.IpAddressFamily == "IPv4" {
+			ips = append(ips, ipSet.IpAddresses...)
+		}
+	}
+	return ips
+}
+
+// HasSharedIPv4CIDR checks if current and desired IPs share any IPv4 CIDR block.
+func HasSharedIPv4CIDR(currentIPSets []agatypes.IpSet, desiredIPs []string) bool {
+	if len(desiredIPs) == 0 {
+		return true
+	}
+
+	currentIPs := extractIPv4Addresses(currentIPSets)
+
+	for _, currentIP := range currentIPs {
+		currentIPv4 := net.ParseIP(currentIP).To4()
+
+		for _, desiredIP := range desiredIPs {
+			desiredIPv4 := net.ParseIP(desiredIP).To4()
+
+			// Compare first 3 octets (same /24 CIDR)
+			if currentIPv4[0] == desiredIPv4[0] &&
+				currentIPv4[1] == desiredIPv4[1] &&
+				currentIPv4[2] == desiredIPv4[2] {
+				return true
+			}
+		}
+	}
 	return false
 }

pkg/deploy/aga/accelerator_synthesizer_test.go

@@ -648,3 +648,106 @@ func Test_acceleratorSynthesizer_handleUpdateAccelerator(t *testing.T) {
 		})
 	}
 }
+
+func Test_HasSharedIPv4CIDR(t *testing.T) {
+	tests := []struct {
+		name           string
+		currentIPSets  []agatypes.IpSet
+		desiredIPs     []string
+		expectedResult bool
+		description    string
+	}{
+		{
+			name:           "No desired IPs - has shared CIDR",
+			currentIPSets:  makeIPSets([]string{"1.1.1.1", "2.2.2.2"}),
+			desiredIPs:     []string{},
+			expectedResult: true,
+			description:    "Empty desired IPs means no change",
+		},
+
+		{
+			name:           "Same IPs - has shared CIDR",
+			currentIPSets:  makeIPSets([]string{"1.1.1.1", "2.2.2.2"}),
+			desiredIPs:     []string{"1.1.1.1", "2.2.2.2"},
+			expectedResult: true,
+			description:    "Shared IPv4 CIDRs: 1.1.1.0/24, 2.2.2.0/24",
+		},
+		{
+			name:           "Different IPs same CIDR - has shared CIDR",
+			currentIPSets:  makeIPSets([]string{"1.1.1.1", "2.2.2.2"}),
+			desiredIPs:     []string{"1.1.1.3", "2.2.2.4"},
+			expectedResult: true,
+			description:    "Shared IPv4 CIDRs: 1.1.1.0/24, 2.2.2.0/24",
+		},
+		{
+			name:           "Different CIDRs - no shared CIDR",
+			currentIPSets:  makeIPSets([]string{"1.1.1.1", "2.2.2.2"}),
+			desiredIPs:     []string{"3.3.3.1", "4.4.4.2"},
+			expectedResult: false,
+			description:    "No shared IPv4 CIDR (1.1.1.0/24, 2.2.2.0/24 vs 3.3.3.0/24, 4.4.4.0/24)",
+		},
+		{
+			name:           "Partial IP change same CIDR - has shared CIDR",
+			currentIPSets:  makeIPSets([]string{"1.1.1.1", "2.2.2.2"}),
+			desiredIPs:     []string{"1.1.1.3", "2.2.2.4"},
+			expectedResult: true,
+			description:    "Shared IPv4 CIDRs: 1.1.1.0/24, 2.2.2.0/24",
+		},
+		{
+			name:           "Add new CIDR - has shared CIDR",
+			currentIPSets:  makeIPSets([]string{"1.1.1.1", "2.2.2.2"}),
+			desiredIPs:     []string{"1.1.1.3", "3.3.3.3"},
+			expectedResult: true,
+			description:    "Shared IPv4 CIDR: 1.1.1.0/24",
+		},
+		{
+			name:           "Replace all with new CIDRs - no shared CIDR",
+			currentIPSets:  makeIPSets([]string{"1.1.1.1", "2.2.2.2"}),
+			desiredIPs:     []string{"3.3.3.1", "4.4.4.2"},
+			expectedResult: false,
+			description:    "No shared IPv4 CIDR (1.1.1.0/24, 2.2.2.0/24 vs 3.3.3.0/24, 4.4.4.0/24)",
+		},
+		{
+			name:           "Multiple CIDRs no overlap - no shared CIDR",
+			currentIPSets:  makeIPSets([]string{"1.1.1.1", "2.2.2.2"}),
+			desiredIPs:     []string{"3.3.3.3", "4.4.4.4"},
+			expectedResult: false,
+			description:    "No shared IPv4 CIDR",
+		},
+		{
+			name:           "Both have two IPs from different CIDRs with overlap",
+			currentIPSets:  makeIPSets([]string{"1.1.1.1", "2.2.2.2"}),
+			desiredIPs:     []string{"1.1.1.3", "3.3.3.3"},
+			expectedResult: true,
+			description:    "Shared IPv4 CIDR: 1.1.1.0/24",
+		},
+		{
+			name:           "Partial CIDR overlap - has shared CIDR",
+			currentIPSets:  makeIPSets([]string{"1.1.1.1", "2.2.2.2"}),
+			desiredIPs:     []string{"1.1.1.2", "3.3.3.3"},
+			expectedResult: true,
+			description:    "Shared IPv4 CIDR: 1.1.1.0/24",
+		},
+		{
+			name:           "Dualstack with IPv6 - has shared CIDR",
+			currentIPSets:  makeDualStackIPSets([]string{"1.1.1.1", "2.2.2.2"}, []string{"2600:9000::1", "2600:9000::2"}),
+			desiredIPs:     []string{"1.1.1.3", "3.3.3.3"},
+			expectedResult: true,
+			description:    "IPv6 ignored, shared IPv4 CIDR: 1.1.1.0/24",
+		},
+		{
+			name:           "Dualstack different CIDR - no shared CIDR",
+			currentIPSets:  makeDualStackIPSets([]string{"1.1.1.1", "2.2.2.2"}, []string{"2600:9000::1", "2600:9000::2"}),
+			desiredIPs:     []string{"3.3.3.1", "4.4.4.2"},
+			expectedResult: false,
+			description:    "IPv6 ignored, no shared IPv4 CIDR",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := HasSharedIPv4CIDR(tt.currentIPSets, tt.desiredIPs)
+			assert.Equal(t, tt.expectedResult, result, tt.description)
+		})
+	}
+}