OCPBUGS-1765: Apply noAllowedAddressPairs on intended subnets only

Before this change, setting `noAllowedAddressPairs` on a machine-pool network could have effect on a different network. Given this example configuration: ```yaml networks: - filter: {} noAllowedAddressPairs: false subnets: - filter: {} uuid: primary-subnet-uuid - filter: {} noAllowedAddressPairs: true subnets: - filter: {} uuid: other-subnet-uuid primarySubnet: primary-subnet-uuid ``` The filter of the second network the array is empty. This means that its `subnet` filter has to be applied without restrictions as to which network it's sitting on. However, the absence of a network filter also meant that the setting `noAllowedAddressPairs` would apply to all networks. With this change, `noAllowedAddressPairs` is applied on a subnet basis, meaning that only ports created in the subnets resulting from the further `subnet` filter actually have their allowed address pairs removed.
openshift · Sep 29, 2022 · 855a22c · 855a22c
1 parent c9e85d4
commit 855a22c
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/pkg/cloud/openstack/clients/machineservice.go b/pkg/cloud/openstack/clients/machineservice.go
@@ -569,7 +569,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust
 	}
 	// Get all network UUIDs
 	var nets []openstackconfigv1.PortOpts
-	netsWithoutAllowedAddressPairs := map[string]struct{}{}
+	subnetsWithoutAllowedAddressPairs := map[string]struct{}{}
 	for _, net := range config.Networks {
 		opts := networks.ListOpts(net.Filter)
 		opts.ID = net.UUID
@@ -578,9 +578,6 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust
 			return nil, err
 		}
 		for _, netID := range ids {
-			if net.NoAllowedAddressPairs {
-				netsWithoutAllowedAddressPairs[netID] = struct{}{}
-			}
 			if net.Subnets == nil {
 				nets = append(nets, openstackconfigv1.PortOpts{
 					NetworkID:    netID,
@@ -613,6 +610,9 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust
 					if snet.NetworkID != netID {
 						continue
 					}
+					if net.NoAllowedAddressPairs {
+						subnetsWithoutAllowedAddressPairs[snet.ID] = struct{}{}
+					}
 					nets = append(nets, openstackconfigv1.PortOpts{
 						NetworkID:    snet.NetworkID,
 						NameSuffix:   snet.ID,
@@ -655,7 +655,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust
 		}
 		portOpt.SecurityGroups = &securityGroups
 		portOpt.AllowedAddressPairs = allowedAddressPairs
-		if _, ok := netsWithoutAllowedAddressPairs[portOpt.NetworkID]; ok {
+		if _, ok := subnetsWithoutAllowedAddressPairs[portOpt.NameSuffix]; ok {
 			portOpt.AllowedAddressPairs = []openstackconfigv1.AddressPair{}
 		}