From e4228600ca53f165d8e327aca3d44d646ee84908 Mon Sep 17 00:00:00 2001 From: Anwar Hassen Date: Tue, 17 May 2022 05:17:05 +0000 Subject: [PATCH] Passing security groups by filter instead of ID on ports --- api/v1alpha5/types.go | 13 +- api/v1alpha5/zz_generated.deepcopy.go | 5 + ...re.cluster.x-k8s.io_openstackclusters.yaml | 184 ++++++++++++++++++ ...er.x-k8s.io_openstackclustertemplates.yaml | 47 +++++ ...re.cluster.x-k8s.io_openstackmachines.yaml | 46 +++++ ...er.x-k8s.io_openstackmachinetemplates.yaml | 46 +++++ pkg/cloud/services/networking/port.go | 15 +- test/e2e/suites/e2e/e2e_test.go | 8 + 8 files changed, 358 insertions(+), 6 deletions(-) diff --git a/api/v1alpha5/types.go b/api/v1alpha5/types.go index bf0c839226..3988dd5581 100644 --- a/api/v1alpha5/types.go +++ b/api/v1alpha5/types.go @@ -114,11 +114,14 @@ type PortOpts struct { AdminStateUp *bool `json:"adminStateUp,omitempty"` MACAddress string `json:"macAddress,omitempty"` // Specify pairs of subnet and/or IP address. These should be subnets of the network with the given NetworkID. - FixedIPs []FixedIP `json:"fixedIPs,omitempty"` - TenantID string `json:"tenantId,omitempty"` - ProjectID string `json:"projectId,omitempty"` - SecurityGroups *[]string `json:"securityGroups,omitempty"` - AllowedAddressPairs []AddressPair `json:"allowedAddressPairs,omitempty"` + FixedIPs []FixedIP `json:"fixedIPs,omitempty"` + TenantID string `json:"tenantId,omitempty"` + ProjectID string `json:"projectId,omitempty"` + // The uuids of the security groups to assign to the instance + SecurityGroups *[]string `json:"securityGroups,omitempty"` + // The names, uuids, filters or any combination these of the security groups to assign to the instance + SecurityGroupFilters []SecurityGroupParam `json:"securityGroupFilters,omitempty"` + AllowedAddressPairs []AddressPair `json:"allowedAddressPairs,omitempty"` // Enables and disables trunk at port level. If not provided, openStackMachine.Spec.Trunk is inherited. Trunk *bool `json:"trunk,omitempty"` diff --git a/api/v1alpha5/zz_generated.deepcopy.go b/api/v1alpha5/zz_generated.deepcopy.go index e5c4d44e25..ff943dc2ef 100644 --- a/api/v1alpha5/zz_generated.deepcopy.go +++ b/api/v1alpha5/zz_generated.deepcopy.go @@ -822,6 +822,11 @@ func (in *PortOpts) DeepCopyInto(out *PortOpts) { copy(*out, *in) } } + if in.SecurityGroupFilters != nil { + in, out := &in.SecurityGroupFilters, &out.SecurityGroupFilters + *out = make([]SecurityGroupParam, len(*in)) + copy(*out, *in) + } if in.AllowedAddressPairs != nil { in, out := &in.AllowedAddressPairs, &out.AllowedAddressPairs *out = make([]AddressPair, len(*in)) diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml index d91a51ae5a..85c47240d3 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml @@ -2779,7 +2779,53 @@ spec: type: object projectId: type: string + securityGroupFilters: + description: The names, uuids, filters or any combination + these of the security groups to assign to the instance + items: + properties: + filter: + description: Filters used to query security groups + in openstack + properties: + description: + type: string + id: + type: string + limit: + type: integer + marker: + type: string + name: + type: string + notTags: + type: string + notTagsAny: + type: string + projectId: + type: string + sortDir: + type: string + sortKey: + type: string + tags: + type: string + tagsAny: + type: string + tenantId: + type: string + type: object + name: + description: Security Group name + type: string + uuid: + description: Security Group UID + type: string + type: object + type: array securityGroups: + description: The uuids of the security groups to assign + to the instance items: type: string type: array @@ -3252,7 +3298,53 @@ spec: type: object projectId: type: string + securityGroupFilters: + description: The names, uuids, filters or any combination + these of the security groups to assign to the instance + items: + properties: + filter: + description: Filters used to query security groups + in openstack + properties: + description: + type: string + id: + type: string + limit: + type: integer + marker: + type: string + name: + type: string + notTags: + type: string + notTagsAny: + type: string + projectId: + type: string + sortDir: + type: string + sortKey: + type: string + tags: + type: string + tagsAny: + type: string + tenantId: + type: string + type: object + name: + description: Security Group name + type: string + uuid: + description: Security Group UID + type: string + type: object + type: array securityGroups: + description: The uuids of the security groups to assign + to the instance items: type: string type: array @@ -3586,7 +3678,53 @@ spec: type: object projectId: type: string + securityGroupFilters: + description: The names, uuids, filters or any combination + these of the security groups to assign to the instance + items: + properties: + filter: + description: Filters used to query security groups in + openstack + properties: + description: + type: string + id: + type: string + limit: + type: integer + marker: + type: string + name: + type: string + notTags: + type: string + notTagsAny: + type: string + projectId: + type: string + sortDir: + type: string + sortKey: + type: string + tags: + type: string + tagsAny: + type: string + tenantId: + type: string + type: object + name: + description: Security Group name + type: string + uuid: + description: Security Group UID + type: string + type: object + type: array securityGroups: + description: The uuids of the security groups to assign to + the instance items: type: string type: array @@ -3834,7 +3972,53 @@ spec: type: object projectId: type: string + securityGroupFilters: + description: The names, uuids, filters or any combination + these of the security groups to assign to the instance + items: + properties: + filter: + description: Filters used to query security groups in + openstack + properties: + description: + type: string + id: + type: string + limit: + type: integer + marker: + type: string + name: + type: string + notTags: + type: string + notTagsAny: + type: string + projectId: + type: string + sortDir: + type: string + sortKey: + type: string + tags: + type: string + tagsAny: + type: string + tenantId: + type: string + type: object + name: + description: Security Group name + type: string + uuid: + description: Security Group UID + type: string + type: object + type: array securityGroups: + description: The uuids of the security groups to assign to + the instance items: type: string type: array diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml index 8c78894e3f..65226a1deb 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml @@ -1049,7 +1049,54 @@ spec: type: object projectId: type: string + securityGroupFilters: + description: The names, uuids, filters or any + combination these of the security groups to + assign to the instance + items: + properties: + filter: + description: Filters used to query security + groups in openstack + properties: + description: + type: string + id: + type: string + limit: + type: integer + marker: + type: string + name: + type: string + notTags: + type: string + notTagsAny: + type: string + projectId: + type: string + sortDir: + type: string + sortKey: + type: string + tags: + type: string + tagsAny: + type: string + tenantId: + type: string + type: object + name: + description: Security Group name + type: string + uuid: + description: Security Group UID + type: string + type: object + type: array securityGroups: + description: The uuids of the security groups + to assign to the instance items: type: string type: array diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachines.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachines.yaml index d7e9ac5230..202937302d 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachines.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachines.yaml @@ -1044,7 +1044,53 @@ spec: type: object projectId: type: string + securityGroupFilters: + description: The names, uuids, filters or any combination these + of the security groups to assign to the instance + items: + properties: + filter: + description: Filters used to query security groups in + openstack + properties: + description: + type: string + id: + type: string + limit: + type: integer + marker: + type: string + name: + type: string + notTags: + type: string + notTagsAny: + type: string + projectId: + type: string + sortDir: + type: string + sortKey: + type: string + tags: + type: string + tagsAny: + type: string + tenantId: + type: string + type: object + name: + description: Security Group name + type: string + uuid: + description: Security Group UID + type: string + type: object + type: array securityGroups: + description: The uuids of the security groups to assign to the + instance items: type: string type: array diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachinetemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachinetemplates.yaml index b0f83cb481..a2807d39fc 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachinetemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackmachinetemplates.yaml @@ -951,7 +951,53 @@ spec: type: object projectId: type: string + securityGroupFilters: + description: The names, uuids, filters or any combination + these of the security groups to assign to the instance + items: + properties: + filter: + description: Filters used to query security groups + in openstack + properties: + description: + type: string + id: + type: string + limit: + type: integer + marker: + type: string + name: + type: string + notTags: + type: string + notTagsAny: + type: string + projectId: + type: string + sortDir: + type: string + sortKey: + type: string + tags: + type: string + tagsAny: + type: string + tenantId: + type: string + type: object + name: + description: Security Group name + type: string + uuid: + description: Security Group UID + type: string + type: object + type: array securityGroups: + description: The uuids of the security groups to assign + to the instance items: type: string type: array diff --git a/pkg/cloud/services/networking/port.go b/pkg/cloud/services/networking/port.go index ceb37080dc..99e7a1669d 100644 --- a/pkg/cloud/services/networking/port.go +++ b/pkg/cloud/services/networking/port.go @@ -91,9 +91,22 @@ func (s *Service) GetOrCreatePort(eventObject runtime.Object, clusterName string } securityGroups = portOpts.SecurityGroups + securityGroupFilters := portOpts.SecurityGroupFilters + if securityGroupFilters != nil { + securityGroupFiltersByID, err := s.GetSecurityGroups(securityGroupFilters) + if err != nil { + return nil, fmt.Errorf("error getting security groups: %v", err) + } + for _, sg := range securityGroupFiltersByID { + if sg == "" { + continue + } + *securityGroups = append(*securityGroups, sg) + } + } // inherit port security groups from the instance if not explicitly specified - if securityGroups == nil { + if securityGroups == nil || len(*securityGroups) == 0 { securityGroups = instanceSecurityGroups } } diff --git a/test/e2e/suites/e2e/e2e_test.go b/test/e2e/suites/e2e/e2e_test.go index 2551295606..df986dcf1e 100644 --- a/test/e2e/suites/e2e/e2e_test.go +++ b/test/e2e/suites/e2e/e2e_test.go @@ -209,6 +209,7 @@ var _ = Describe("e2e tests", func() { shared.Byf("Creating MachineDeployment with custom port options") md3Name := clusterName + "-md-3" + testSecurityGroupName := fmt.Sprintf("k8s-cluster-%s-%s-secgroup-controlplane", namespace.Name, "capo-e2e") customPortOptions := &[]infrav1.PortOpts{ { @@ -218,6 +219,9 @@ var _ = Describe("e2e tests", func() { Description: "trunked", Trunk: pointer.Bool(true), }, + { + SecurityGroupFilters: []infrav1.SecurityGroupParam{{Name: testSecurityGroupName}}, + }, } testTag := utilrand.String(6) @@ -264,6 +268,10 @@ var _ = Describe("e2e tests", func() { return 1 }, e2eCtx.E2EConfig.GetIntervals(specName, "wait-worker-nodes")...).Should(Equal(1)) Expect(trunk.PortID).To(Equal(port.ID)) + // assert port level security group is found by name using SecurityGroupFilters and attached to port. + securityGroupsList, err := shared.DumpOpenStackSecurityGroups(e2eCtx, groups.ListOpts{Name: testSecurityGroupName}) + Expect(err).NotTo(HaveOccurred()) + Expect(securityGroupsList).To(HaveLen(1)) }) })