diff --git a/test/e2e/service/nlb_instance_target_test.go b/test/e2e/service/nlb_instance_target_test.go index 8dfd74a40f..89c1b10514 100644 --- a/test/e2e/service/nlb_instance_target_test.go +++ b/test/e2e/service/nlb_instance_target_test.go @@ -3,10 +3,11 @@ package service import ( "context" "fmt" + "strings" + awssdk "github.com/aws/aws-sdk-go-v2/aws" "k8s.io/apimachinery/pkg/util/intstr" "sigs.k8s.io/aws-load-balancer-controller/test/framework/verifier" - "strings" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -81,10 +82,11 @@ var _ = Describe("test k8s service using instance target reconciled by the aws l } err = verifier.VerifyAWSLoadBalancerResources(ctx, tf, lbARN, verifier.LoadBalancerExpectation{ - Type: "network", - Scheme: "internet-facing", - Listeners: stack.resourceStack.getListenersPortMap(), - TargetGroups: expectedTargetGroups, + Type: "network", + Scheme: "internet-facing", + NumSecurityGroups: 2, // One shared backend security group, one managed security group + Listeners: stack.resourceStack.getListenersPortMap(), + TargetGroups: expectedTargetGroups, }) Expect(err).NotTo(HaveOccurred()) }) diff --git a/test/e2e/service/nlb_ip_target_test.go b/test/e2e/service/nlb_ip_target_test.go index f9040022a7..b24eba806e 100644 --- a/test/e2e/service/nlb_ip_target_test.go +++ b/test/e2e/service/nlb_ip_target_test.go @@ -3,11 +3,12 @@ package service import ( "context" "fmt" - elbv2types "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types" - "sigs.k8s.io/aws-load-balancer-controller/test/framework/verifier" "strings" "time" + elbv2types "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types" + "sigs.k8s.io/aws-load-balancer-controller/test/framework/verifier" + awssdk "github.com/aws/aws-sdk-go-v2/aws" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -143,8 +144,9 @@ var _ = Describe("k8s service using ip target reconciled by the aws load balance } err := verifier.VerifyAWSLoadBalancerResources(ctx, tf, lbARN, verifier.LoadBalancerExpectation{ - Type: "network", - Scheme: "internet-facing", + Type: "network", + Scheme: "internet-facing", + NumSecurityGroups: 2, Listeners: map[string]string{ "80": "TCP", }, diff --git a/test/framework/verifier/aws_resource_verifier.go b/test/framework/verifier/aws_resource_verifier.go index a7ca857521..dbe071af95 100644 --- a/test/framework/verifier/aws_resource_verifier.go +++ b/test/framework/verifier/aws_resource_verifier.go @@ -38,11 +38,12 @@ type ExpectedTargetGroup struct { } type LoadBalancerExpectation struct { - Name string - Type string - Scheme string - Listeners map[string]string // listener port, protocol - TargetGroups []ExpectedTargetGroup + Name string + Type string + Scheme string + NumSecurityGroups int + Listeners map[string]string // listener port, protocol + TargetGroups []ExpectedTargetGroup } // ListenerExpectation contains the expected configuration for an ALB/NLB listener @@ -79,6 +80,8 @@ func VerifyAWSLoadBalancerResources(ctx context.Context, f *framework.Framework, Expect(err).NotTo(HaveOccurred()) err = VerifyLoadBalancerType(ctx, f, lb, expected.Type, expected.Scheme) Expect(err).NotTo(HaveOccurred()) + err = VerifyLoadBalancerSecurityGroups(lb, expected.NumSecurityGroups) + Expect(err).NotTo(HaveOccurred()) err = VerifyLoadBalancerListeners(ctx, f, lbARN, expected.Listeners) Expect(err).NotTo(HaveOccurred()) err = VerifyLoadBalancerTargetGroups(ctx, f, lbARN, expected) @@ -99,6 +102,13 @@ func VerifyLoadBalancerType(_ context.Context, f *framework.Framework, lb *elbv2 return nil } +func VerifyLoadBalancerSecurityGroups(lb *elbv2types.LoadBalancer, numExpectedSgs int) error { + if numExpectedSgs > 0 { + Expect(lb.SecurityGroups).To(HaveLen(numExpectedSgs)) + } + return nil +} + func VerifyLoadBalancerAttributes(ctx context.Context, f *framework.Framework, lbARN string, expectedAttrs map[string]string) error { lbAttrs, err := f.LBManager.GetLoadBalancerAttributes(ctx, lbARN) Expect(err).NotTo(HaveOccurred())