Skip to content

Commit d944bbb

Browse files
bnallapetabnallapeta
committed
handle nil cluster network & SG precedence, add TerminalError
Signed-off-by: Bharath Nallapeta <[email protected]>
1 parent 57ae27e commit d944bbb

File tree

1 file changed

+20
-13
lines changed

1 file changed

+20
-13
lines changed

controllers/openstackmachine_controller.go

Lines changed: 20 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -521,20 +521,16 @@ func openStackMachineSpecToOpenStackServerSpec(openStackMachineSpec *infrav1.Ope
521521
serverPorts = make([]infrav1.PortOpts, 1)
522522
}
523523
for i := range serverPorts {
524-
if serverPorts[i].Network == nil {
525-
serverPorts[i].Network = &infrav1.NetworkParam{
526-
ID: &defaultNetworkID,
527-
}
528-
}
529-
if len(serverPorts[i].SecurityGroups) == 0 && defaultSecGroup != nil {
530-
serverPorts[i].SecurityGroups = []infrav1.SecurityGroupParam{
531-
{
532-
ID: defaultSecGroup,
533-
},
534-
}
524+
// Only inject the default network when we actually have an ID.
525+
if serverPorts[i].Network == nil && defaultNetworkID != "" {
526+
serverPorts[i].Network = &infrav1.NetworkParam{ID: &defaultNetworkID}
535527
}
536528
if len(openStackMachineSpec.SecurityGroups) > 0 {
537-
serverPorts[i].SecurityGroups = append(serverPorts[i].SecurityGroups, openStackMachineSpec.SecurityGroups...)
529+
// Machine level security groups override any cluster defaults.
530+
serverPorts[i].SecurityGroups = openStackMachineSpec.SecurityGroups
531+
} else if len(serverPorts[i].SecurityGroups) == 0 && defaultSecGroup != nil {
532+
// Fall back to cluster-managed security group when nothing else specified.
533+
serverPorts[i].SecurityGroups = []infrav1.SecurityGroupParam{{ID: defaultSecGroup}}
538534
}
539535
}
540536
openStackServerSpec.Ports = serverPorts
@@ -588,7 +584,18 @@ func (r *OpenStackMachineReconciler) getOrCreateMachineServer(ctx context.Contex
588584
}
589585
return openStackCluster.Spec.IdentityRef
590586
}()
591-
machineServerSpec := openStackMachineSpecToOpenStackServerSpec(&openStackMachine.Spec, identityRef, compute.InstanceTags(&openStackMachine.Spec, openStackCluster), failureDomain, userDataRef, getManagedSecurityGroup(openStackCluster, machine), openStackCluster.Status.Network.ID)
587+
// Determine default network ID if the cluster status exposes one.
588+
var defaultNetworkID string
589+
if openStackCluster.Status.Network != nil {
590+
defaultNetworkID = openStackCluster.Status.Network.ID
591+
}
592+
593+
// If no cluster network is available AND the machine spec did not define any ports with a network, we cannot choose a network.
594+
if defaultNetworkID == "" && len(openStackMachine.Spec.Ports) == 0 {
595+
return nil, capoerrors.Terminal(infrav1.InvalidMachineSpecReason, "no network configured: cluster network is missing and machine spec does not define ports with a network")
596+
}
597+
598+
machineServerSpec := openStackMachineSpecToOpenStackServerSpec(&openStackMachine.Spec, identityRef, compute.InstanceTags(&openStackMachine.Spec, openStackCluster), failureDomain, userDataRef, getManagedSecurityGroup(openStackCluster, machine), defaultNetworkID)
592599
machineServer = &infrav1alpha1.OpenStackServer{
593600
ObjectMeta: metav1.ObjectMeta{
594601
Labels: map[string]string{

0 commit comments

Comments
 (0)