Call openFirewallRules in CreateIsolatedNetwork to create an egress rule

Make openFirewallRules a private function

Author: wongni

pkg/cloud/network.go

@@ -30,7 +30,6 @@ type NetworkIface interface {
 	ResolveNetworkStatuses(*capcv1.CloudStackCluster) error
 	ResolveNetwork(*capcv1.CloudStackCluster, *capcv1.Network) error
 	CreateIsolatedNetwork(*capcv1.CloudStackCluster) error
-	OpenFirewallRules(*capcv1.CloudStackCluster) error
 	FetchPublicIP(*capcv1.CloudStackCluster) (*cloudstack.PublicIpAddress, error)
 	ResolveLoadBalancerRuleDetails(*capcv1.CloudStackCluster) error
 	GetOrCreateLoadBalancerRule(*capcv1.CloudStackCluster) error
@@ -146,6 +145,10 @@ func (c *client) CreateIsolatedNetwork(csCluster *capcv1.CloudStackCluster) (ret
 		return err
 	}
 
+	if err := c.openFirewallRules(zoneStatus.Network.ID); err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -268,8 +271,8 @@ func (c *client) AssociatePublicIPAddress(csCluster *capcv1.CloudStackCluster) (
 	return nil
 }
 
-func (c *client) OpenFirewallRules(csCluster *capcv1.CloudStackCluster) (retErr error) {
-	p := c.cs.Firewall.NewCreateEgressFirewallRuleParams(csCluster.Status.PublicIPNetworkID, NetworkProtocolTCP)
+func (c *client) openFirewallRules(networkID string) (retErr error) {
+	p := c.cs.Firewall.NewCreateEgressFirewallRuleParams(networkID, NetworkProtocolTCP)
 	_, retErr = c.cs.Firewall.CreateEgressFirewallRule(p)
 	if retErr != nil && strings.Contains(strings.ToLower(retErr.Error()), "there is already") { // Already a firewall rule here.
 		retErr = nil

pkg/cloud/network_test.go

@@ -149,35 +149,6 @@ var _ = Describe("Network", func() {
 		Ω(client.GetOrCreateIsolatedNetwork(dummies.CSCluster)).Should(Succeed())
 	})
 
-	Context("for a closed firewall", func() {
-		It("OpenFirewallRule asks CloudStack to open the firewall", func() {
-			dummies.Zone1.Network = dummies.ISONet1
-			dummies.CSCluster.Status.Zones = capcv1.ZoneStatusMap{dummies.Zone1.ID: dummies.Zone1}
-			dummies.CSCluster.Status.PublicIPNetworkID = dummies.ISONet1.ID
-			fs.EXPECT().NewCreateEgressFirewallRuleParams(dummies.ISONet1.ID, cloud.NetworkProtocolTCP).
-				Return(&csapi.CreateEgressFirewallRuleParams{})
-			fs.EXPECT().CreateEgressFirewallRule(&csapi.CreateEgressFirewallRuleParams{}).
-				Return(&csapi.CreateEgressFirewallRuleResponse{}, nil)
-
-			Ω(client.OpenFirewallRules(dummies.CSCluster)).Should(Succeed())
-		})
-	})
-
-	Context("for an open firewall", func() {
-		It("OpenFirewallRule asks CloudStack to open the firewall anyway, but doesn't fail", func() {
-			dummies.Zone1.Network = dummies.ISONet1
-			dummies.CSCluster.Status.Zones = capcv1.ZoneStatusMap{dummies.Zone1.ID: dummies.Zone1}
-			dummies.CSCluster.Status.PublicIPNetworkID = dummies.ISONet1.ID
-
-			fs.EXPECT().NewCreateEgressFirewallRuleParams(dummies.ISONet1.ID, "tcp").
-				Return(&csapi.CreateEgressFirewallRuleParams{})
-			fs.EXPECT().CreateEgressFirewallRule(&csapi.CreateEgressFirewallRuleParams{}).
-				Return(&csapi.CreateEgressFirewallRuleResponse{}, errors.New("there is already a rule like this"))
-
-			Ω(client.OpenFirewallRules(dummies.CSCluster)).Should(Succeed())
-		})
-	})
-
 	Context("in an isolated network with public IPs available", func() {
 		It("will resolve public IP details given an endpoint spec", func() {
 			ipAddress := "192.168.1.14"