Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⚠️ Remove security group rules from status #1957

Merged
merged 1 commit into from
Mar 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 0 additions & 43 deletions api/v1alpha5/conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -687,55 +687,12 @@ func Convert_v1alpha5_Bastion_To_v1beta1_Bastion(in *Bastion, out *infrav1.Basti
func Convert_v1beta1_SecurityGroupStatus_To_v1alpha5_SecurityGroup(in *infrav1.SecurityGroupStatus, out *SecurityGroup, s conversion.Scope) error { //nolint:revive
out.ID = in.ID
out.Name = in.Name
out.Rules = make([]SecurityGroupRule, len(in.Rules))
for i, rule := range in.Rules {
out.Rules[i] = SecurityGroupRule{
ID: rule.ID,
Direction: rule.Direction,
}
if rule.Description != nil {
out.Rules[i].Description = *rule.Description
}
if rule.EtherType != nil {
out.Rules[i].EtherType = *rule.EtherType
}
if rule.PortRangeMin != nil {
out.Rules[i].PortRangeMin = *rule.PortRangeMin
}
if rule.PortRangeMax != nil {
out.Rules[i].PortRangeMax = *rule.PortRangeMax
}
if rule.Protocol != nil {
out.Rules[i].Protocol = *rule.Protocol
}
if rule.RemoteGroupID != nil {
out.Rules[i].RemoteGroupID = *rule.RemoteGroupID
}
if rule.RemoteIPPrefix != nil {
out.Rules[i].RemoteIPPrefix = *rule.RemoteIPPrefix
}
}
return nil
}

func Convert_v1alpha5_SecurityGroup_To_v1beta1_SecurityGroupStatus(in *SecurityGroup, out *infrav1.SecurityGroupStatus, s conversion.Scope) error { //nolint:revive
out.ID = in.ID
out.Name = in.Name
out.Rules = make([]infrav1.SecurityGroupRuleStatus, len(in.Rules))
for i, rule := range in.Rules {
out.Rules[i] = infrav1.SecurityGroupRuleStatus{
ID: rule.ID,
Description: pointer.String(rule.Description),
Direction: rule.Direction,
EtherType: pointer.String(rule.EtherType),
PortRangeMin: pointer.Int(rule.PortRangeMin),
PortRangeMax: pointer.Int(rule.PortRangeMax),
Protocol: pointer.String(rule.Protocol),
RemoteGroupID: pointer.String(rule.RemoteGroupID),
RemoteIPPrefix: pointer.String(rule.RemoteIPPrefix),
}
}

return nil
}

Expand Down
47 changes: 1 addition & 46 deletions api/v1alpha6/types_conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -364,63 +364,18 @@ func restorev1alpha6SecurityGroup(previous *SecurityGroup, dst *SecurityGroup) {
return
}

for i, rule := range previous.Rules {
dst.Rules[i].SecurityGroupID = rule.SecurityGroupID
}
dst.Rules = previous.Rules
}

func Convert_v1beta1_SecurityGroupStatus_To_v1alpha6_SecurityGroup(in *infrav1.SecurityGroupStatus, out *SecurityGroup, _ apiconversion.Scope) error {
out.ID = in.ID
out.Name = in.Name
out.Rules = make([]SecurityGroupRule, len(in.Rules))
for i, rule := range in.Rules {
out.Rules[i] = SecurityGroupRule{
ID: rule.ID,
Direction: rule.Direction,
}
if rule.Description != nil {
out.Rules[i].Description = *rule.Description
}
if rule.EtherType != nil {
out.Rules[i].EtherType = *rule.EtherType
}
if rule.PortRangeMin != nil {
out.Rules[i].PortRangeMin = *rule.PortRangeMin
}
if rule.PortRangeMax != nil {
out.Rules[i].PortRangeMax = *rule.PortRangeMax
}
if rule.Protocol != nil {
out.Rules[i].Protocol = *rule.Protocol
}
if rule.RemoteGroupID != nil {
out.Rules[i].RemoteGroupID = *rule.RemoteGroupID
}
if rule.RemoteIPPrefix != nil {
out.Rules[i].RemoteIPPrefix = *rule.RemoteIPPrefix
}
}
return nil
}

func Convert_v1alpha6_SecurityGroup_To_v1beta1_SecurityGroupStatus(in *SecurityGroup, out *infrav1.SecurityGroupStatus, _ apiconversion.Scope) error {
out.ID = in.ID
out.Name = in.Name
out.Rules = make([]infrav1.SecurityGroupRuleStatus, len(in.Rules))
for i, rule := range in.Rules {
out.Rules[i] = infrav1.SecurityGroupRuleStatus{
ID: rule.ID,
Description: pointer.String(rule.Description),
Direction: rule.Direction,
EtherType: pointer.String(rule.EtherType),
PortRangeMin: pointer.Int(rule.PortRangeMin),
PortRangeMax: pointer.Int(rule.PortRangeMax),
Protocol: pointer.String(rule.Protocol),
RemoteGroupID: pointer.String(rule.RemoteGroupID),
RemoteIPPrefix: pointer.String(rule.RemoteIPPrefix),
}
}

return nil
}

Expand Down
4 changes: 0 additions & 4 deletions api/v1alpha7/openstackcluster_conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -346,10 +346,6 @@ func restorev1alpha7ClusterStatus(previous *OpenStackClusterStatus, dst *OpenSta
}

func restorev1beta1ClusterStatus(previous *infrav1.OpenStackClusterStatus, dst *infrav1.OpenStackClusterStatus) {
restorev1beta1SecurityGroupStatus(previous.ControlPlaneSecurityGroup, dst.ControlPlaneSecurityGroup)
restorev1beta1SecurityGroupStatus(previous.WorkerSecurityGroup, dst.WorkerSecurityGroup)
restorev1beta1SecurityGroupStatus(previous.BastionSecurityGroup, dst.BastionSecurityGroup)

// ReferencedResources have no equivalent in v1alpha7
if previous.Bastion != nil {
dst.Bastion.ReferencedResources = previous.Bastion.ReferencedResources
Expand Down
80 changes: 1 addition & 79 deletions api/v1alpha7/types_conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ package v1alpha7

import (
apiconversion "k8s.io/apimachinery/pkg/conversion"
"k8s.io/utils/pointer"

infrav1 "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta1"
"sigs.k8s.io/cluster-api-provider-openstack/pkg/utils/optional"
Expand All @@ -40,9 +39,7 @@ func restorev1alpha7SecurityGroup(previous *SecurityGroup, dst *SecurityGroup) {
return
}

for i, rule := range previous.Rules {
dst.Rules[i].SecurityGroupID = rule.SecurityGroupID
}
dst.Rules = previous.Rules
}

func Convert_v1alpha7_SecurityGroupFilter_To_v1beta1_SecurityGroupFilter(in *SecurityGroupFilter, out *infrav1.SecurityGroupFilter, s apiconversion.Scope) error {
Expand Down Expand Up @@ -142,39 +139,6 @@ func Convert_v1beta1_RouterFilter_To_v1alpha7_RouterFilter(in *infrav1.RouterFil
return nil
}

func restorev1beta1SecurityGroupStatus(previous *infrav1.SecurityGroupStatus, dst *infrav1.SecurityGroupStatus) {
if previous == nil || dst == nil {
return
}

for i := range dst.Rules {
dstRule := &dst.Rules[i]

// Conversion from scalar to *scalar is lossy for zero values. We need to restore only nil values.
if dstRule.Description != nil && *dstRule.Description == "" {
dstRule.Description = previous.Rules[i].Description
}
if dstRule.EtherType != nil && *dstRule.EtherType == "" {
dstRule.EtherType = previous.Rules[i].EtherType
}
if dstRule.PortRangeMin != nil && *dstRule.PortRangeMin == 0 {
dstRule.PortRangeMin = previous.Rules[i].PortRangeMin
}
if dstRule.PortRangeMax != nil && *dstRule.PortRangeMax == 0 {
dstRule.PortRangeMax = previous.Rules[i].PortRangeMax
}
if dstRule.Protocol != nil && *dstRule.Protocol == "" {
dstRule.Protocol = previous.Rules[i].Protocol
}
if dstRule.RemoteGroupID != nil && *dstRule.RemoteGroupID == "" {
dstRule.RemoteGroupID = previous.Rules[i].RemoteGroupID
}
if dstRule.RemoteIPPrefix != nil && *dstRule.RemoteIPPrefix == "" {
dstRule.RemoteIPPrefix = previous.Rules[i].RemoteIPPrefix
}
}
}

/* PortOpts */

func restorev1alpha7Port(previous *PortOpts, dst *PortOpts) {
Expand Down Expand Up @@ -300,55 +264,13 @@ func Convert_v1beta1_PortOpts_To_v1alpha7_PortOpts(in *infrav1.PortOpts, out *Po
func Convert_v1alpha7_SecurityGroup_To_v1beta1_SecurityGroupStatus(in *SecurityGroup, out *infrav1.SecurityGroupStatus, _ apiconversion.Scope) error {
out.ID = in.ID
out.Name = in.Name
out.Rules = make([]infrav1.SecurityGroupRuleStatus, len(in.Rules))
for i, rule := range in.Rules {
out.Rules[i] = infrav1.SecurityGroupRuleStatus{
ID: rule.ID,
Description: pointer.String(rule.Description),
Direction: rule.Direction,
EtherType: pointer.String(rule.EtherType),
PortRangeMin: pointer.Int(rule.PortRangeMin),
PortRangeMax: pointer.Int(rule.PortRangeMax),
Protocol: pointer.String(rule.Protocol),
RemoteGroupID: pointer.String(rule.RemoteGroupID),
RemoteIPPrefix: pointer.String(rule.RemoteIPPrefix),
}
}

return nil
}

func Convert_v1beta1_SecurityGroupStatus_To_v1alpha7_SecurityGroup(in *infrav1.SecurityGroupStatus, out *SecurityGroup, _ apiconversion.Scope) error {
out.ID = in.ID
out.Name = in.Name
out.Rules = make([]SecurityGroupRule, len(in.Rules))
for i, rule := range in.Rules {
out.Rules[i] = SecurityGroupRule{
ID: rule.ID,
Direction: rule.Direction,
}
if rule.Description != nil {
out.Rules[i].Description = *rule.Description
}
if rule.EtherType != nil {
out.Rules[i].EtherType = *rule.EtherType
}
if rule.PortRangeMin != nil {
out.Rules[i].PortRangeMin = *rule.PortRangeMin
}
if rule.PortRangeMax != nil {
out.Rules[i].PortRangeMax = *rule.PortRangeMax
}
if rule.Protocol != nil {
out.Rules[i].Protocol = *rule.Protocol
}
if rule.RemoteGroupID != nil {
out.Rules[i].RemoteGroupID = *rule.RemoteGroupID
}
if rule.RemoteIPPrefix != nil {
out.Rules[i].RemoteIPPrefix = *rule.RemoteIPPrefix
}
}
return nil
}

Expand Down
53 changes: 0 additions & 53 deletions api/v1beta1/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -448,10 +448,6 @@ type SecurityGroupStatus struct {
// id of the security group
// +kubebuilder:validation:Required
ID string `json:"id"`

// list of security group rules
// +optional
Rules []SecurityGroupRuleStatus `json:"rules,omitempty"`
}

// SecurityGroupRuleSpec represent the basic information of the associated OpenStack
Expand Down Expand Up @@ -514,55 +510,6 @@ type SecurityGroupRuleSpec struct {
RemoteManagedGroups []ManagedSecurityGroupName `json:"remoteManagedGroups,omitempty"`
}

type SecurityGroupRuleStatus struct {
// id of the security group rule
// +kubebuilder:validation:Required
ID string `json:"id"`

// description of the security group rule.
// +optional
Description *string `json:"description,omitempty"`

// direction in which the security group rule is applied. The only values
// allowed are "ingress" or "egress". For a compute instance, an ingress
// security group rule is applied to incoming (ingress) traffic for that
// instance. An egress rule is applied to traffic leaving the instance.
// +kubebuilder:validation:Required
// +kubebuilder:validation:enum=ingress;egress
Direction string `json:"direction"`

// etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
// ingress or egress rules.
// +kubebuilder:validation:enum=IPv4;IPv6
// +optional
EtherType *string `json:"etherType,omitempty"`

// portRangeMin is a number in the range that is matched by the security group
// rule. If the protocol is TCP or UDP, this value must be less than or equal
// to the value of the portRangeMax attribute.
// +optional
PortRangeMin *int `json:"portRangeMin,omitempty"`

// portRangeMax is a number in the range that is matched by the security group
// rule. The portRangeMin attribute constrains the portRangeMax attribute.
// +optional
PortRangeMax *int `json:"portRangeMax,omitempty"`

// protocol is the protocol that is matched by the security group rule.
// +optional
Protocol *string `json:"protocol,omitempty"`

// remoteGroupID is the remote group ID to be associated with this security group rule.
// You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
// +optional
RemoteGroupID *string `json:"remoteGroupID,omitempty"`

// remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
// You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
// +optional
RemoteIPPrefix *string `json:"remoteIPPrefix,omitempty"`
}

// +kubebuilder:validation:Enum=bastion;controlplane;worker
type ManagedSecurityGroupName string

Expand Down
Loading