@@ -37,7 +37,6 @@ import (
3737 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/security/rules"
3838 neutronports "github.com/gophercloud/gophercloud/openstack/networking/v2/ports"
3939 "github.com/gophercloud/gophercloud/openstack/networking/v2/subnets"
40- "github.com/gophercloud/gophercloud/pagination"
4140 secgroups "github.com/gophercloud/utils/openstack/networking/v2/extensions/security/groups"
4241 "gopkg.in/godo.v2/glob"
4342 corev1 "k8s.io/api/core/v1"
@@ -423,28 +422,6 @@ func getSecurityGroupName(service *corev1.Service) string {
423422 return securityGroupName
424423}
425424
426- func getSecurityGroupRules (client * gophercloud.ServiceClient , opts rules.ListOpts ) ([]rules.SecGroupRule , error ) {
427- var securityRules []rules.SecGroupRule
428-
429- mc := metrics .NewMetricContext ("security_group_rule" , "list" )
430- pager := rules .List (client , opts )
431-
432- err := pager .EachPage (func (page pagination.Page ) (bool , error ) {
433- ruleList , err := rules .ExtractRules (page )
434- if err != nil {
435- return false , err
436- }
437- securityRules = append (securityRules , ruleList ... )
438- return true , nil
439- })
440-
441- if mc .ObserveRequest (err ) != nil {
442- return nil , err
443- }
444-
445- return securityRules , nil
446- }
447-
448425func getListenerProtocol (protocol corev1.Protocol , svcConf * serviceConfig ) listeners.Protocol {
449426 // Make neutron-lbaas code work
450427 if svcConf != nil {
@@ -2517,51 +2494,9 @@ func (lbaas *LbaasV2) EnsureSecurityGroupDeleted(_ string, service *corev1.Servi
25172494 }
25182495 _ = mc .ObserveRequest (nil )
25192496
2520- if len (lbaas .opts .NodeSecurityGroupIDs ) == 0 {
2521- // Just happen when nodes have not Security Group, or should not happen
2522- // UpdateLoadBalancer and EnsureLoadBalancer can set lbaas.opts.NodeSecurityGroupIDs when it is empty
2523- // And service controller call UpdateLoadBalancer to set lbaas.opts.NodeSecurityGroupIDs when controller manager service is restarted.
2524- klog .Warningf ("Can not find node-security-group from all the nodes of this cluster when delete loadbalancer service %s/%s" ,
2525- service .Namespace , service .Name )
2526- } else {
2527- // Delete the rules in the Node Security Group
2528- for _ , nodeSecurityGroupID := range lbaas .opts .NodeSecurityGroupIDs {
2529- opts := rules.ListOpts {
2530- SecGroupID : nodeSecurityGroupID ,
2531- RemoteGroupID : lbSecGroupID ,
2532- }
2533- secGroupRules , err := getSecurityGroupRules (lbaas .network , opts )
2534-
2535- if err != nil && ! cpoerrors .IsNotFound (err ) {
2536- msg := fmt .Sprintf ("error finding rules for remote group id %s in security group id %s: %v" , lbSecGroupID , nodeSecurityGroupID , err )
2537- return fmt .Errorf (msg )
2538- }
2539-
2540- for _ , rule := range secGroupRules {
2541- mc := metrics .NewMetricContext ("security_group_rule" , "delete" )
2542- res := rules .Delete (lbaas .network , rule .ID )
2543- if res .Err != nil && ! cpoerrors .IsNotFound (res .Err ) {
2544- _ = mc .ObserveRequest (res .Err )
2545- return fmt .Errorf ("error occurred deleting security group rule: %s: %v" , rule .ID , res .Err )
2546- }
2547- _ = mc .ObserveRequest (nil )
2548- }
2549- }
2550- }
2551-
25522497 return nil
25532498}
25542499
2555- // IsAllowAll checks whether the netsets.IPNet allows traffic from 0.0.0.0/0
2556- func IsAllowAll (ipnets netsets.IPNet ) bool {
2557- for _ , s := range ipnets .StringSlice () {
2558- if s == "0.0.0.0/0" {
2559- return true
2560- }
2561- }
2562- return false
2563- }
2564-
25652500// GetLoadBalancerSourceRanges first try to parse and verify LoadBalancerSourceRanges field from a service.
25662501// If the field is not specified, turn to parse and verify the AnnotationLoadBalancerSourceRangesKey annotation from a service,
25672502// extracting the source ranges to allow, and if not present returns a default (allow-all) value.
0 commit comments