Skip to content

Commit 5e87136

Browse files
bnallapetabnallapeta
committed
handle nil cluster network & SG precedence, add TerminalError
Signed-off-by: Bharath Nallapeta <[email protected]>
1 parent f7f2f14 commit 5e87136

File tree

1 file changed

+20
-13
lines changed

1 file changed

+20
-13
lines changed

controllers/openstackmachine_controller.go

Lines changed: 20 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -522,20 +522,16 @@ func openStackMachineSpecToOpenStackServerSpec(openStackMachineSpec *infrav1.Ope
522522
serverPorts = make([]infrav1.PortOpts, 1)
523523
}
524524
for i := range serverPorts {
525-
if serverPorts[i].Network == nil {
526-
serverPorts[i].Network = &infrav1.NetworkParam{
527-
ID: &defaultNetworkID,
528-
}
529-
}
530-
if len(serverPorts[i].SecurityGroups) == 0 && defaultSecGroup != nil {
531-
serverPorts[i].SecurityGroups = []infrav1.SecurityGroupParam{
532-
{
533-
ID: defaultSecGroup,
534-
},
535-
}
525+
// Only inject the default network when we actually have an ID.
526+
if serverPorts[i].Network == nil && defaultNetworkID != "" {
527+
serverPorts[i].Network = &infrav1.NetworkParam{ID: &defaultNetworkID}
536528
}
537529
if len(openStackMachineSpec.SecurityGroups) > 0 {
538-
serverPorts[i].SecurityGroups = append(serverPorts[i].SecurityGroups, openStackMachineSpec.SecurityGroups...)
530+
// Machine level security groups override any cluster defaults.
531+
serverPorts[i].SecurityGroups = openStackMachineSpec.SecurityGroups
532+
} else if len(serverPorts[i].SecurityGroups) == 0 && defaultSecGroup != nil {
533+
// Fall back to cluster-managed security group when nothing else specified.
534+
serverPorts[i].SecurityGroups = []infrav1.SecurityGroupParam{{ID: defaultSecGroup}}
539535
}
540536
}
541537
openStackServerSpec.Ports = serverPorts
@@ -589,7 +585,18 @@ func (r *OpenStackMachineReconciler) getOrCreateMachineServer(ctx context.Contex
589585
}
590586
return openStackCluster.Spec.IdentityRef
591587
}()
592-
machineServerSpec := openStackMachineSpecToOpenStackServerSpec(&openStackMachine.Spec, identityRef, compute.InstanceTags(&openStackMachine.Spec, openStackCluster), failureDomain, userDataRef, getManagedSecurityGroup(openStackCluster, machine), openStackCluster.Status.Network.ID)
588+
// Determine default network ID if the cluster status exposes one.
589+
var defaultNetworkID string
590+
if openStackCluster.Status.Network != nil {
591+
defaultNetworkID = openStackCluster.Status.Network.ID
592+
}
593+
594+
// If no cluster network is available AND the machine spec did not define any ports with a network, we cannot choose a network.
595+
if defaultNetworkID == "" && len(openStackMachine.Spec.Ports) == 0 {
596+
return nil, capoerrors.Terminal(infrav1.InvalidMachineSpecReason, "no network configured: cluster network is missing and machine spec does not define ports with a network")
597+
}
598+
599+
machineServerSpec := openStackMachineSpecToOpenStackServerSpec(&openStackMachine.Spec, identityRef, compute.InstanceTags(&openStackMachine.Spec, openStackCluster), failureDomain, userDataRef, getManagedSecurityGroup(openStackCluster, machine), defaultNetworkID)
593600
machineServer = &infrav1alpha1.OpenStackServer{
594601
ObjectMeta: metav1.ObjectMeta{
595602
Labels: map[string]string{

0 commit comments

Comments
 (0)