Skip to content

Commit

Permalink
Remove security group rules from status
Browse files Browse the repository at this point in the history
  • Loading branch information
mdbooth committed Mar 19, 2024
1 parent 67fa7b7 commit c4e5c2a
Show file tree
Hide file tree
Showing 11 changed files with 311 additions and 839 deletions.
43 changes: 0 additions & 43 deletions api/v1alpha5/conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -687,55 +687,12 @@ func Convert_v1alpha5_Bastion_To_v1beta1_Bastion(in *Bastion, out *infrav1.Basti
func Convert_v1beta1_SecurityGroupStatus_To_v1alpha5_SecurityGroup(in *infrav1.SecurityGroupStatus, out *SecurityGroup, s conversion.Scope) error { //nolint:revive
out.ID = in.ID
out.Name = in.Name
out.Rules = make([]SecurityGroupRule, len(in.Rules))
for i, rule := range in.Rules {
out.Rules[i] = SecurityGroupRule{
ID: rule.ID,
Direction: rule.Direction,
}
if rule.Description != nil {
out.Rules[i].Description = *rule.Description
}
if rule.EtherType != nil {
out.Rules[i].EtherType = *rule.EtherType
}
if rule.PortRangeMin != nil {
out.Rules[i].PortRangeMin = *rule.PortRangeMin
}
if rule.PortRangeMax != nil {
out.Rules[i].PortRangeMax = *rule.PortRangeMax
}
if rule.Protocol != nil {
out.Rules[i].Protocol = *rule.Protocol
}
if rule.RemoteGroupID != nil {
out.Rules[i].RemoteGroupID = *rule.RemoteGroupID
}
if rule.RemoteIPPrefix != nil {
out.Rules[i].RemoteIPPrefix = *rule.RemoteIPPrefix
}
}
return nil
}

func Convert_v1alpha5_SecurityGroup_To_v1beta1_SecurityGroupStatus(in *SecurityGroup, out *infrav1.SecurityGroupStatus, s conversion.Scope) error { //nolint:revive
out.ID = in.ID
out.Name = in.Name
out.Rules = make([]infrav1.SecurityGroupRuleStatus, len(in.Rules))
for i, rule := range in.Rules {
out.Rules[i] = infrav1.SecurityGroupRuleStatus{
ID: rule.ID,
Description: pointer.String(rule.Description),
Direction: rule.Direction,
EtherType: pointer.String(rule.EtherType),
PortRangeMin: pointer.Int(rule.PortRangeMin),
PortRangeMax: pointer.Int(rule.PortRangeMax),
Protocol: pointer.String(rule.Protocol),
RemoteGroupID: pointer.String(rule.RemoteGroupID),
RemoteIPPrefix: pointer.String(rule.RemoteIPPrefix),
}
}

return nil
}

Expand Down
47 changes: 1 addition & 46 deletions api/v1alpha6/types_conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -364,63 +364,18 @@ func restorev1alpha6SecurityGroup(previous *SecurityGroup, dst *SecurityGroup) {
return
}

for i, rule := range previous.Rules {
dst.Rules[i].SecurityGroupID = rule.SecurityGroupID
}
dst.Rules = previous.Rules
}

func Convert_v1beta1_SecurityGroupStatus_To_v1alpha6_SecurityGroup(in *infrav1.SecurityGroupStatus, out *SecurityGroup, _ apiconversion.Scope) error {
out.ID = in.ID
out.Name = in.Name
out.Rules = make([]SecurityGroupRule, len(in.Rules))
for i, rule := range in.Rules {
out.Rules[i] = SecurityGroupRule{
ID: rule.ID,
Direction: rule.Direction,
}
if rule.Description != nil {
out.Rules[i].Description = *rule.Description
}
if rule.EtherType != nil {
out.Rules[i].EtherType = *rule.EtherType
}
if rule.PortRangeMin != nil {
out.Rules[i].PortRangeMin = *rule.PortRangeMin
}
if rule.PortRangeMax != nil {
out.Rules[i].PortRangeMax = *rule.PortRangeMax
}
if rule.Protocol != nil {
out.Rules[i].Protocol = *rule.Protocol
}
if rule.RemoteGroupID != nil {
out.Rules[i].RemoteGroupID = *rule.RemoteGroupID
}
if rule.RemoteIPPrefix != nil {
out.Rules[i].RemoteIPPrefix = *rule.RemoteIPPrefix
}
}
return nil
}

func Convert_v1alpha6_SecurityGroup_To_v1beta1_SecurityGroupStatus(in *SecurityGroup, out *infrav1.SecurityGroupStatus, _ apiconversion.Scope) error {
out.ID = in.ID
out.Name = in.Name
out.Rules = make([]infrav1.SecurityGroupRuleStatus, len(in.Rules))
for i, rule := range in.Rules {
out.Rules[i] = infrav1.SecurityGroupRuleStatus{
ID: rule.ID,
Description: pointer.String(rule.Description),
Direction: rule.Direction,
EtherType: pointer.String(rule.EtherType),
PortRangeMin: pointer.Int(rule.PortRangeMin),
PortRangeMax: pointer.Int(rule.PortRangeMax),
Protocol: pointer.String(rule.Protocol),
RemoteGroupID: pointer.String(rule.RemoteGroupID),
RemoteIPPrefix: pointer.String(rule.RemoteIPPrefix),
}
}

return nil
}

Expand Down
4 changes: 0 additions & 4 deletions api/v1alpha7/openstackcluster_conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -346,10 +346,6 @@ func restorev1alpha7ClusterStatus(previous *OpenStackClusterStatus, dst *OpenSta
}

func restorev1beta1ClusterStatus(previous *infrav1.OpenStackClusterStatus, dst *infrav1.OpenStackClusterStatus) {
restorev1beta1SecurityGroupStatus(previous.ControlPlaneSecurityGroup, dst.ControlPlaneSecurityGroup)
restorev1beta1SecurityGroupStatus(previous.WorkerSecurityGroup, dst.WorkerSecurityGroup)
restorev1beta1SecurityGroupStatus(previous.BastionSecurityGroup, dst.BastionSecurityGroup)

// ReferencedResources have no equivalent in v1alpha7
if previous.Bastion != nil {
dst.Bastion.ReferencedResources = previous.Bastion.ReferencedResources
Expand Down
80 changes: 1 addition & 79 deletions api/v1alpha7/types_conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ package v1alpha7

import (
apiconversion "k8s.io/apimachinery/pkg/conversion"
"k8s.io/utils/pointer"

infrav1 "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta1"
"sigs.k8s.io/cluster-api-provider-openstack/pkg/utils/optional"
Expand All @@ -40,9 +39,7 @@ func restorev1alpha7SecurityGroup(previous *SecurityGroup, dst *SecurityGroup) {
return
}

for i, rule := range previous.Rules {
dst.Rules[i].SecurityGroupID = rule.SecurityGroupID
}
dst.Rules = previous.Rules
}

func Convert_v1alpha7_SecurityGroupFilter_To_v1beta1_SecurityGroupFilter(in *SecurityGroupFilter, out *infrav1.SecurityGroupFilter, s apiconversion.Scope) error {
Expand Down Expand Up @@ -142,39 +139,6 @@ func Convert_v1beta1_RouterFilter_To_v1alpha7_RouterFilter(in *infrav1.RouterFil
return nil
}

func restorev1beta1SecurityGroupStatus(previous *infrav1.SecurityGroupStatus, dst *infrav1.SecurityGroupStatus) {
if previous == nil || dst == nil {
return
}

for i := range dst.Rules {
dstRule := &dst.Rules[i]

// Conversion from scalar to *scalar is lossy for zero values. We need to restore only nil values.
if dstRule.Description != nil && *dstRule.Description == "" {
dstRule.Description = previous.Rules[i].Description
}
if dstRule.EtherType != nil && *dstRule.EtherType == "" {
dstRule.EtherType = previous.Rules[i].EtherType
}
if dstRule.PortRangeMin != nil && *dstRule.PortRangeMin == 0 {
dstRule.PortRangeMin = previous.Rules[i].PortRangeMin
}
if dstRule.PortRangeMax != nil && *dstRule.PortRangeMax == 0 {
dstRule.PortRangeMax = previous.Rules[i].PortRangeMax
}
if dstRule.Protocol != nil && *dstRule.Protocol == "" {
dstRule.Protocol = previous.Rules[i].Protocol
}
if dstRule.RemoteGroupID != nil && *dstRule.RemoteGroupID == "" {
dstRule.RemoteGroupID = previous.Rules[i].RemoteGroupID
}
if dstRule.RemoteIPPrefix != nil && *dstRule.RemoteIPPrefix == "" {
dstRule.RemoteIPPrefix = previous.Rules[i].RemoteIPPrefix
}
}
}

/* PortOpts */

func restorev1alpha7Port(previous *PortOpts, dst *PortOpts) {
Expand Down Expand Up @@ -300,55 +264,13 @@ func Convert_v1beta1_PortOpts_To_v1alpha7_PortOpts(in *infrav1.PortOpts, out *Po
func Convert_v1alpha7_SecurityGroup_To_v1beta1_SecurityGroupStatus(in *SecurityGroup, out *infrav1.SecurityGroupStatus, _ apiconversion.Scope) error {
out.ID = in.ID
out.Name = in.Name
out.Rules = make([]infrav1.SecurityGroupRuleStatus, len(in.Rules))
for i, rule := range in.Rules {
out.Rules[i] = infrav1.SecurityGroupRuleStatus{
ID: rule.ID,
Description: pointer.String(rule.Description),
Direction: rule.Direction,
EtherType: pointer.String(rule.EtherType),
PortRangeMin: pointer.Int(rule.PortRangeMin),
PortRangeMax: pointer.Int(rule.PortRangeMax),
Protocol: pointer.String(rule.Protocol),
RemoteGroupID: pointer.String(rule.RemoteGroupID),
RemoteIPPrefix: pointer.String(rule.RemoteIPPrefix),
}
}

return nil
}

func Convert_v1beta1_SecurityGroupStatus_To_v1alpha7_SecurityGroup(in *infrav1.SecurityGroupStatus, out *SecurityGroup, _ apiconversion.Scope) error {
out.ID = in.ID
out.Name = in.Name
out.Rules = make([]SecurityGroupRule, len(in.Rules))
for i, rule := range in.Rules {
out.Rules[i] = SecurityGroupRule{
ID: rule.ID,
Direction: rule.Direction,
}
if rule.Description != nil {
out.Rules[i].Description = *rule.Description
}
if rule.EtherType != nil {
out.Rules[i].EtherType = *rule.EtherType
}
if rule.PortRangeMin != nil {
out.Rules[i].PortRangeMin = *rule.PortRangeMin
}
if rule.PortRangeMax != nil {
out.Rules[i].PortRangeMax = *rule.PortRangeMax
}
if rule.Protocol != nil {
out.Rules[i].Protocol = *rule.Protocol
}
if rule.RemoteGroupID != nil {
out.Rules[i].RemoteGroupID = *rule.RemoteGroupID
}
if rule.RemoteIPPrefix != nil {
out.Rules[i].RemoteIPPrefix = *rule.RemoteIPPrefix
}
}
return nil
}

Expand Down
53 changes: 0 additions & 53 deletions api/v1beta1/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -448,10 +448,6 @@ type SecurityGroupStatus struct {
// id of the security group
// +kubebuilder:validation:Required
ID string `json:"id"`

// list of security group rules
// +optional
Rules []SecurityGroupRuleStatus `json:"rules,omitempty"`
}

// SecurityGroupRuleSpec represent the basic information of the associated OpenStack
Expand Down Expand Up @@ -514,55 +510,6 @@ type SecurityGroupRuleSpec struct {
RemoteManagedGroups []ManagedSecurityGroupName `json:"remoteManagedGroups,omitempty"`
}

type SecurityGroupRuleStatus struct {
// id of the security group rule
// +kubebuilder:validation:Required
ID string `json:"id"`

// description of the security group rule.
// +optional
Description *string `json:"description,omitempty"`

// direction in which the security group rule is applied. The only values
// allowed are "ingress" or "egress". For a compute instance, an ingress
// security group rule is applied to incoming (ingress) traffic for that
// instance. An egress rule is applied to traffic leaving the instance.
// +kubebuilder:validation:Required
// +kubebuilder:validation:enum=ingress;egress
Direction string `json:"direction"`

// etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
// ingress or egress rules.
// +kubebuilder:validation:enum=IPv4;IPv6
// +optional
EtherType *string `json:"etherType,omitempty"`

// portRangeMin is a number in the range that is matched by the security group
// rule. If the protocol is TCP or UDP, this value must be less than or equal
// to the value of the portRangeMax attribute.
// +optional
PortRangeMin *int `json:"portRangeMin,omitempty"`

// portRangeMax is a number in the range that is matched by the security group
// rule. The portRangeMin attribute constrains the portRangeMax attribute.
// +optional
PortRangeMax *int `json:"portRangeMax,omitempty"`

// protocol is the protocol that is matched by the security group rule.
// +optional
Protocol *string `json:"protocol,omitempty"`

// remoteGroupID is the remote group ID to be associated with this security group rule.
// You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
// +optional
RemoteGroupID *string `json:"remoteGroupID,omitempty"`

// remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
// You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
// +optional
RemoteIPPrefix *string `json:"remoteIPPrefix,omitempty"`
}

// +kubebuilder:validation:Enum=bastion;controlplane;worker
type ManagedSecurityGroupName string

Expand Down
Loading

0 comments on commit c4e5c2a

Please sign in to comment.