implement multi region support for cpa

[shenmo3]

Description

This PR adds support for multi region configuration in CloudProviderAccount CRD.

Changes

1. Change account config to have multiple service configs based on regions.
2. Modify webhook to validate all regions in the account config. For AWS it checks if region is supported or not, for Azure it only checks if its empty or not. Also added region validation in service config creation, where both AWS and Azure are checked if region is supported.
3. Adding handling to create AWS service config for each region and single Azure service config with multi-region filter.
4. Change account operations to support multiple service configs and run in parallel, such as inventory poll and cloud sync.
5. Add multi error in multi region operations, so success regions will be processed and error regions will be reported separately.
6. Change security group operations to retrieve regions using vpc/vnet IDs instead of from cloud account.
7. Change Azure cloud sync process to use ASG ID internally when syncing to avoid ASGs with the same name in different region being grouped into one.
8. Update unit-tests to work with multi region.

[Anandkumar26]

Check if we need to convert newConfig.regions to lowercase or not?

[shenmo3]

I actually added to lower in aws_account_impl.go and azure_account_impl.go. This converts regions to lower before any processing so we don't need to worry about to lower in actual logics. However regions from the cloud, either in VM, VNET or region list still needs to be converted to lower.

[Anandkumar26]

any specific reason as to why you removed this log message?

[Anandkumar26]

We are not supporting the keyword "all" for now. Please remove.

[shenmo3]

Done

[Anandkumar26]

May be return an error, rather than relying on empty value.

[Anandkumar26]

Do we really need to lock here?
Since we are not modifying the accPoller structure, we are accessing vmStore

[shenmo3]

As we discussed offline, there is a race condition that needs this lock to be avoided. Will move the lock to the top of the func to make sure we are in lock when modifying anything.

[Anandkumar26]

same as above

[shenmo3]

This part actually doesn't need a lock since the poller is already stopped, will remove it.

[Anandkumar26]

Any specific reason for changing the function name?
Seems a bit off while reading it.
If you want to have account, then may be try GetCloudInventoryByAccout()

[shenmo3]

I changed it because service config also has func GetCloudInventory, but thats just for a single service config. Since account config can now have multiple service configs and this func combines all service configs' inventory, I want to change this func name to differentiate the two.

Don't quite like ByAccount also, since we are already got a specific account config, how about GetCloudInventoryForAccount?

[Anandkumar26]

Modifying the retrieved CR here, seems inappropriate.
Going forward, we may consume the region field before calling this function.

[Anandkumar26]

Since you are dereferencing the pointer, check if there id any scenario when region could be empty.

[shenmo3]

I'll add a check, but for AWS clients, the region is a required field.

[Anandkumar26]

nit:

Suggested change

	func (h *awsCloudCommonHelperImpl) GetCloudConfigComparatorFunc() internal.CloudConfigComparatorFunc {
	func (h *awsCloudCommonHelperImpl) GetAccountConfigComparatorFunc() internal.CloudConfigComparatorFunc {

[Anandkumar26]

Can you try/simulae a scenario where this function returns a multi error (i.e. multiple errors) and check how it would look on the CPA status field?

[Anandkumar26]

Suggested change

	// check regions valid and process regions.
	// check valid regions.

[Anandkumar26]

nit: instead of asgs, location

[github-actions]

This PR is stale because it has been open 90 days with no activity. Remove stale label or comment, or this will be closed in 90 days

[shenmo3]

/nephe-test-e2e-all

[reachjainrahul]

/LGTM