diff --git a/pkg/cloud/scope/managedcontrolplane.go b/pkg/cloud/scope/managedcontrolplane.go index 2ac37ab3c8..46d6ffe8dd 100644 --- a/pkg/cloud/scope/managedcontrolplane.go +++ b/pkg/cloud/scope/managedcontrolplane.go @@ -193,7 +193,7 @@ func (s *ManagedControlPlaneScope) SecondaryCidrBlock() *string { return s.ControlPlane.Spec.SecondaryCidrBlock } -// SecurityGroupOverrides returns the security groups that are overridden in the ControlPlane spec. +// SecurityGroupOverrides returns the security groups that are overrides in the ControlPlane spec. func (s *ManagedControlPlaneScope) SecurityGroupOverrides() map[infrav1.SecurityGroupRole]string { return s.ControlPlane.Spec.NetworkSpec.SecurityGroupOverrides } diff --git a/pkg/cloud/scope/sg.go b/pkg/cloud/scope/sg.go index 2382ee6c86..2baea38e6b 100644 --- a/pkg/cloud/scope/sg.go +++ b/pkg/cloud/scope/sg.go @@ -31,7 +31,7 @@ type SGScope interface { // SecurityGroups returns the cluster security groups as a map, it creates the map if empty. SecurityGroups() map[infrav1.SecurityGroupRole]infrav1.SecurityGroup - // SecurityGroupOverrides returns the security groups that are overridden in the cluster spec + // SecurityGroupOverrides returns the security groups that are used as overrides in the cluster spec SecurityGroupOverrides() map[infrav1.SecurityGroupRole]string // VPC returns the cluster VPC. diff --git a/pkg/cloud/services/securitygroup/securitygroups.go b/pkg/cloud/services/securitygroup/securitygroups.go index ce3c3a7f4a..36a6a71083 100644 --- a/pkg/cloud/services/securitygroup/securitygroups.go +++ b/pkg/cloud/services/securitygroup/securitygroups.go @@ -119,7 +119,7 @@ func (s *Service) ReconcileSecurityGroups() error { continue } - if !s.securityGroupIsOverridden(existing.ID) { + if !s.securityGroupIsAnOverride(existing.ID) { // Make sure tags are up to date. if err := wait.WaitForWithRetryable(wait.NewBackoff(), func() (bool, error) { buildParams := s.getSecurityGroupTagParams(existing.Name, existing.ID, role) @@ -140,8 +140,8 @@ func (s *Service) ReconcileSecurityGroups() error { sg := s.scope.SecurityGroups()[i] s.scope.Debug("second pass security group reconciliation", "group-id", sg.ID, "name", sg.Name, "role", i) - if s.securityGroupIsOverridden(sg.ID) { - // skip rule/tag reconciliation on security groups that are overridden, assuming they're managed by another process + if s.securityGroupIsAnOverride(sg.ID) { + // skip rule/tag reconciliation on security groups that are overrides, assuming they're managed by another process continue } @@ -188,7 +188,7 @@ func (s *Service) ReconcileSecurityGroups() error { return nil } -func (s *Service) securityGroupIsOverridden(securityGroupID string) bool { +func (s *Service) securityGroupIsAnOverride(securityGroupID string) bool { for _, overrideID := range s.scope.SecurityGroupOverrides() { if overrideID == securityGroupID { return true diff --git a/pkg/cloud/services/securitygroup/securitygroups_test.go b/pkg/cloud/services/securitygroup/securitygroups_test.go index 2faa72cea2..fbd00c5708 100644 --- a/pkg/cloud/services/securitygroup/securitygroups_test.go +++ b/pkg/cloud/services/securitygroup/securitygroups_test.go @@ -247,7 +247,7 @@ func TestReconcileSecurityGroups(t *testing.T) { }, }, { - name: "all overridden, do not tag", + name: "all overrides defined, do not tag", input: &infrav1.NetworkSpec{ VPC: infrav1.VPCSpec{ ID: "vpc-securitygroups", @@ -412,7 +412,7 @@ func TestDeleteSecurityGroups(t *testing.T) { wantErr bool }{ { - name: "do not delete overridden security groups", + name: "do not delete security groups provided as overrides", input: &infrav1.NetworkSpec{ VPC: infrav1.VPCSpec{ ID: "vpc-securitygroups",