Merge pull request #1516 from Nordix/lentzi90/remove-security-groups

⚠️ Remove PortOpts.SecurityGroups

Author: k8s-ci-robot

api/v1alpha5/conversion.go

@@ -224,3 +224,8 @@ func Convert_v1alpha7_APIServerLoadBalancer_To_v1alpha5_APIServerLoadBalancer(in
 	// Provider was originally added in v1alpha7, but was backported to v1alpha6, but has no equivalent in v1alpha5
 	return autoConvert_v1alpha7_APIServerLoadBalancer_To_v1alpha5_APIServerLoadBalancer(in, out, s)
 }
+
+func Convert_v1alpha5_PortOpts_To_v1alpha7_PortOpts(in *PortOpts, out *infrav1.PortOpts, s conversion.Scope) error {
+	// SecurityGroups have been removed in v1alpha7.
+	return autoConvert_v1alpha5_PortOpts_To_v1alpha7_PortOpts(in, out, s)
+}

api/v1alpha5/zz_generated.conversion.go

@@ -94,6 +94,20 @@ func restorev1alpha6MachineSpec(previous *OpenStackMachineSpec, dst *OpenStackMa
 	dst.Ports = previous.Ports
 }
 
+func restorev1alpha6ClusterStatus(previous *OpenStackClusterStatus, dst *OpenStackClusterStatus) {
+	// PortOpts.SecurityGroups have been removed in v1alpha7
+	// We restore the whole PortOpts/Networks since they are anyway immutable.
+	if previous.ExternalNetwork != nil {
+		dst.ExternalNetwork.PortOpts = previous.ExternalNetwork.PortOpts
+	}
+	if previous.Network != nil {
+		dst.Network = previous.Network
+	}
+	if previous.Bastion != nil && previous.Bastion.Networks != nil {
+		dst.Bastion.Networks = previous.Bastion.Networks
+	}
+}
+
 func restorev1alpha7MachineSpec(previous *infrav1.OpenStackMachineSpec, dst *infrav1.OpenStackMachineSpec) {
 	// PropagateUplinkStatus has been added in v1alpha7.
 	// We restore the whole Ports since they are anyway immutable.
@@ -157,6 +171,7 @@ func (r *OpenStackCluster) ConvertFrom(srcRaw ctrlconversion.Hub) error {
 		if prevBastion != nil {
 			restorev1alpha6MachineSpec(&prevBastion.Instance, &r.Spec.Bastion.Instance)
 		}
+		restorev1alpha6ClusterStatus(&previous.Status, &r.Status)
 	}
 
 	return nil
@@ -374,6 +389,18 @@ func Convert_v1alpha7_OpenStackClusterSpec_To_v1alpha6_OpenStackClusterSpec(in *
 	return autoConvert_v1alpha7_OpenStackClusterSpec_To_v1alpha6_OpenStackClusterSpec(in, out, s)
 }
 
+func Convert_v1alpha6_PortOpts_To_v1alpha7_PortOpts(in *PortOpts, out *infrav1.PortOpts, s conversion.Scope) error {
+	err := autoConvert_v1alpha6_PortOpts_To_v1alpha7_PortOpts(in, out, s)
+	if err != nil {
+		return err
+	}
+	// SecurityGroups are removed in v1alpha7 without replacement. SecurityGroupFilters can be used instead.
+	for i := range in.SecurityGroups {
+		out.SecurityGroupFilters = append(out.SecurityGroupFilters, infrav1.SecurityGroupParam{UUID: in.SecurityGroups[i]})
+	}
+	return nil
+}
+
 func Convert_Slice_v1alpha6_Network_To_Slice_v1alpha7_Network(in *[]Network, out *[]infrav1.Network, s conversion.Scope) error {
 	*out = make([]infrav1.Network, len(*in))
 	for i := range *in {

api/v1alpha6/conversion.go

@@ -21,6 +21,7 @@ import (
 
 	"github.com/onsi/gomega"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
 	utilconversion "sigs.k8s.io/cluster-api/util/conversion"
 	ctrlconversion "sigs.k8s.io/controller-runtime/pkg/conversion"
 
@@ -337,6 +338,7 @@ func TestNetworksToPorts(t *testing.T) {
 			},
 		},
 	}
+
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			before := &OpenStackMachine{
@@ -349,3 +351,91 @@ func TestNetworksToPorts(t *testing.T) {
 		})
 	}
 }
+
+// TestPortOptsConvertTo checks conversion TO the hub version.
+// This is useful to ensure that the SecurityGroups are properly
+// converted to SecurityGroupFilters, and merged with any existing
+// SecurityGroupFilters.
+func TestPortOptsConvertTo(t *testing.T) {
+	g := gomega.NewWithT(t)
+	scheme := runtime.NewScheme()
+	g.Expect(AddToScheme(scheme)).To(gomega.Succeed())
+	g.Expect(infrav1.AddToScheme(scheme)).To(gomega.Succeed())
+
+	// Variables used in the tests
+	uuids := []string{"abc123", "123abc"}
+	securityGroupsUuids := []infrav1.SecurityGroupParam{
+		{UUID: uuids[0]},
+		{UUID: uuids[1]},
+	}
+	securityGroupFilter := []SecurityGroupParam{
+		{Name: "one"},
+		{UUID: "654cba"},
+	}
+	securityGroupFilterMerged := []infrav1.SecurityGroupParam{
+		{Name: "one"},
+		{UUID: "654cba"},
+		{UUID: uuids[0]},
+		{UUID: uuids[1]},
+	}
+
+	tests := []struct {
+		name string
+		// spokePortOpts are the PortOpts in the spoke version
+		spokePortOpts []PortOpts
+		// hubPortOpts are the PortOpts in the hub version that should be expected after conversion
+		hubPortOpts []infrav1.PortOpts
+	}{
+		{
+			// The list of security group UUIDs should be translated to proper SecurityGroupParams
+			name: "SecurityGroups to SecurityGroupFilters",
+			spokePortOpts: []PortOpts{{
+				SecurityGroups: uuids,
+			}},
+			hubPortOpts: []infrav1.PortOpts{{
+				SecurityGroupFilters: securityGroupsUuids,
+			}},
+		},
+		{
+			name: "Merge SecurityGroups and SecurityGroupFilters",
+			spokePortOpts: []PortOpts{{
+				SecurityGroups:       uuids,
+				SecurityGroupFilters: securityGroupFilter,
+			}},
+			hubPortOpts: []infrav1.PortOpts{{
+				SecurityGroupFilters: securityGroupFilterMerged,
+			}},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// The spoke machine template with added PortOpts
+			spokeMachineTemplate := OpenStackMachineTemplate{
+				Spec: OpenStackMachineTemplateSpec{
+					Template: OpenStackMachineTemplateResource{
+						Spec: OpenStackMachineSpec{
+							Ports: tt.spokePortOpts,
+						},
+					},
+				},
+			}
+			// The hub machine template with added PortOpts
+			hubMachineTemplate := infrav1.OpenStackMachineTemplate{
+				Spec: infrav1.OpenStackMachineTemplateSpec{
+					Template: infrav1.OpenStackMachineTemplateResource{
+						Spec: infrav1.OpenStackMachineSpec{
+							Ports: tt.hubPortOpts,
+						},
+					},
+				},
+			}
+			convertedHub := infrav1.OpenStackMachineTemplate{}
+
+			err := spokeMachineTemplate.ConvertTo(&convertedHub)
+			g.Expect(err).NotTo(gomega.HaveOccurred())
+			// Comparing spec only here since the conversion will also add annotations that we don't care about for the test
+			g.Expect(convertedHub.Spec).To(gomega.Equal(hubMachineTemplate.Spec))
+		})
+	}
+}

api/v1alpha6/conversion_test.go

@@ -115,9 +115,6 @@ type PortOpts struct {
 	FixedIPs  []FixedIP `json:"fixedIPs,omitempty"`
 	TenantID  string    `json:"tenantId,omitempty"`
 	ProjectID string    `json:"projectId,omitempty"`
-	// The uuids of the security groups to assign to the instance
-	// +listType=set
-	SecurityGroups []string `json:"securityGroups,omitempty"`
 	// The names, uuids, filters or any combination these of the security groups to assign to the instance
 	SecurityGroupFilters []SecurityGroupParam `json:"securityGroupFilters,omitempty"`
 	AllowedAddressPairs  []AddressPair        `json:"allowedAddressPairs,omitempty"`

api/v1alpha6/zz_generated.conversion.go

@@ -3981,13 +3981,6 @@ spec:
                                     type: string
                                 type: object
                               type: array
-                            securityGroups:
-                              description: The uuids of the security groups to assign
-                                to the instance
-                              items:
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
                             tags:
                               description: Tags applied to the port (and corresponding
                                 trunk, if a trunk is configured.) These tags are applied
@@ -4570,13 +4563,6 @@ spec:
                                     type: string
                                 type: object
                               type: array
-                            securityGroups:
-                              description: The uuids of the security groups to assign
-                                to the instance
-                              items:
-                                type: string
-                              type: array
-                              x-kubernetes-list-type: set
                             tags:
                               description: Tags applied to the port (and corresponding
                                 trunk, if a trunk is configured.) These tags are applied
@@ -4998,13 +4984,6 @@ spec:
                               type: string
                           type: object
                         type: array
-                      securityGroups:
-                        description: The uuids of the security groups to assign to
-                          the instance
-                        items:
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
                       tags:
                         description: Tags applied to the port (and corresponding trunk,
                           if a trunk is configured.) These tags are applied in addition
@@ -5339,13 +5318,6 @@ spec:
                               type: string
                           type: object
                         type: array
-                      securityGroups:
-                        description: The uuids of the security groups to assign to
-                          the instance
-                        items:
-                          type: string
-                        type: array
-                        x-kubernetes-list-type: set
                       tags:
                         description: Tags applied to the port (and corresponding trunk,
                           if a trunk is configured.) These tags are applied in addition

api/v1alpha7/types.go

@@ -1824,13 +1824,6 @@ spec:
                                             type: string
                                         type: object
                                       type: array
-                                    securityGroups:
-                                      description: The uuids of the security groups
-                                        to assign to the instance
-                                      items:
-                                        type: string
-                                      type: array
-                                      x-kubernetes-list-type: set
                                     tags:
                                       description: Tags applied to the port (and corresponding
                                         trunk, if a trunk is configured.) These tags

api/v1alpha7/zz_generated.deepcopy.go

@@ -1357,13 +1357,6 @@ spec:
                             type: string
                         type: object
                       type: array
-                    securityGroups:
-                      description: The uuids of the security groups to assign to the
-                        instance
-                      items:
-                        type: string
-                      type: array
-                      x-kubernetes-list-type: set
                     tags:
                       description: Tags applied to the port (and corresponding trunk,
                         if a trunk is configured.) These tags are applied in addition