Skip to content

Commit 53cb306

Browse files
vladcristivladcristi
committed
webhook verifications, reconcilitation for nsgs and service gateway and conversions
1 parent e0f0e2f commit 53cb306

File tree

7 files changed

+88
-226
lines changed

7 files changed

+88
-226
lines changed

api/v1beta1/ocicluster_conversion.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,11 @@ func (src *OCICluster) ConvertTo(dstRaw conversion.Hub) error {
5050
dst.Spec.NetworkSpec.APIServerLB.LoadBalancerType = restored.Spec.NetworkSpec.APIServerLB.LoadBalancerType
5151
dst.Spec.ClientOverrides = restored.Spec.ClientOverrides
5252

53+
dst.Spec.NetworkSpec.Vcn.Skip = restored.Spec.NetworkSpec.Vcn.Skip
54+
for i := range dst.Spec.NetworkSpec.Vcn.Subnets {
55+
dst.Spec.NetworkSpec.Vcn.Subnets[i] = restored.Spec.NetworkSpec.Vcn.Subnets[i]
56+
}
57+
5358
return nil
5459
}
5560

api/v1beta1/ociclustertemplate_conversion.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,12 @@ func (src *OCIClusterTemplate) ConvertTo(dstRaw conversion.Hub) error {
4343
dst.Spec.Template.Spec.AvailabilityDomains = restored.Spec.Template.Spec.AvailabilityDomains
4444
dst.Spec.Template.Spec.NetworkSpec.APIServerLB.LoadBalancerType = restored.Spec.Template.Spec.NetworkSpec.APIServerLB.LoadBalancerType
4545
dst.Spec.Template.Spec.ClientOverrides = restored.Spec.Template.Spec.ClientOverrides
46+
47+
dst.Spec.Template.Spec.NetworkSpec.Vcn.Skip = restored.Spec.Template.Spec.NetworkSpec.Vcn.Skip
48+
for i := range dst.Spec.Template.Spec.NetworkSpec.Vcn.Subnets {
49+
dst.Spec.Template.Spec.NetworkSpec.Vcn.Subnets[i] = restored.Spec.Template.Spec.NetworkSpec.Vcn.Subnets[i]
50+
}
51+
4652
return nil
4753
}
4854

api/v1beta1/ocimanagedcluster_conversion.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,12 @@ func (src *OCIManagedCluster) ConvertTo(dstRaw conversion.Hub) error {
4949
dst.Spec.NetworkSpec.Vcn.RouteTable.Skip = restored.Spec.NetworkSpec.Vcn.RouteTable.Skip
5050
dst.Spec.NetworkSpec.APIServerLB.LoadBalancerType = restored.Spec.NetworkSpec.APIServerLB.LoadBalancerType
5151
dst.Spec.ClientOverrides = restored.Spec.ClientOverrides
52+
53+
dst.Spec.NetworkSpec.Vcn.Skip = restored.Spec.NetworkSpec.Vcn.Skip
54+
for i := range dst.Spec.NetworkSpec.Vcn.Subnets {
55+
dst.Spec.NetworkSpec.Vcn.Subnets[i] = restored.Spec.NetworkSpec.Vcn.Subnets[i]
56+
}
57+
5258
return nil
5359
}
5460

api/v1beta2/ocicluster_webhook.go

Lines changed: 38 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -94,33 +94,36 @@ func (c *OCICluster) ValidateCreate() (admission.Warnings, error) {
9494
}
9595
}
9696

97-
if c.Spec.NetworkSpec.Vcn.Skip != *common.Bool(true) {
97+
if c.Spec.NetworkSpec.Vcn.Skip == *common.Bool(true) {
98+
if c.Spec.NetworkSpec.Vcn.ID == common.String("") || c.Spec.NetworkSpec.Vcn.ID == nil {
99+
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "NetworkSpec.Vcn.ID"), c.Spec.NetworkSpec.Vcn.ID, "field is required"))
100+
}
101+
98102
for _, subnet := range c.Spec.NetworkSpec.Vcn.Subnets {
99103
if subnet.Skip == *common.Bool(true) {
100-
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "subnet.Skip"), subnet.Skip, "field cannot be true when VCN is not skipped"))
104+
if subnet.ID == common.String("") || subnet.ID == nil {
105+
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "subnet.ID"), subnet.ID, "field is required"))
106+
}
107+
}
108+
if subnet.ID != common.String("") {
109+
if subnet.Skip != *common.Bool(true) {
110+
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "subnet.Skip"), subnet.Skip, "field requires to be true if Subnet ID is specified"))
111+
}
101112
}
102113
}
103114
} else {
104115
for _, subnet := range c.Spec.NetworkSpec.Vcn.Subnets {
105116
if subnet.Skip == *common.Bool(true) {
106-
if subnet.ID == nil {
107-
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "subnet.ID"), subnet.ID, "field is required"))
108-
}
117+
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "subnet.Skip"), subnet.Skip, "field cannot be true when VCN is not skipped"))
109118
}
110119
}
111120
}
112121

113-
// if c.Spec.NetworkSpec.Vcn.NetworkSecurityGroup.List != nil {
114-
// if c.Spec.NetworkSpec.Vcn.Skip != *common.Bool(true) {
115-
// if c.Spec.NetworkSpec.Vcn.CIDR == "" {
116-
// allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "NetworkSpec.Vcn.CIDR"), c.Spec.NetworkSpec.Vcn.CIDR, "field is required"))
117-
// }
118-
// } else {
119-
// if c.Spec.NetworkSpec.Vcn.ID == nil {
120-
// allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "NetworkSpec.Vcn.ID"), c.Spec.NetworkSpec.Vcn.ID, "field is required"))
121-
// }
122-
// }
123-
// }
122+
if c.Spec.NetworkSpec.Vcn.ID != common.String("") {
123+
if c.Spec.NetworkSpec.Vcn.Skip != *common.Bool(true) {
124+
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "NetworkSpec.Vcn.Skip"), c.Spec.NetworkSpec.Vcn.Skip, "field requires to be true if VCN ID is specified"))
125+
}
126+
}
124127

125128
allErrs = append(allErrs, c.validate(nil)...)
126129

@@ -161,33 +164,36 @@ func (c *OCICluster) ValidateUpdate(old runtime.Object) (admission.Warnings, err
161164
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "compartmentId"), c.Spec.CompartmentId, "field is immutable"))
162165
}
163166

164-
if c.Spec.NetworkSpec.Vcn.Skip != *common.Bool(true) {
167+
if c.Spec.NetworkSpec.Vcn.Skip == *common.Bool(true) {
168+
if c.Spec.NetworkSpec.Vcn.ID == common.String("") || c.Spec.NetworkSpec.Vcn.ID == nil {
169+
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "NetworkSpec.Vcn.ID"), c.Spec.NetworkSpec.Vcn.ID, "field is required"))
170+
}
171+
165172
for _, subnet := range c.Spec.NetworkSpec.Vcn.Subnets {
166173
if subnet.Skip == *common.Bool(true) {
167-
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "subnet.Skip"), subnet.Skip, "field cannot be true when VCN is not skipped"))
174+
if subnet.ID == common.String("") || subnet.ID == nil {
175+
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "subnet.ID"), subnet.ID, "field is required"))
176+
}
177+
}
178+
if subnet.ID != common.String("") {
179+
if subnet.Skip != *common.Bool(true) {
180+
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "subnet.Skip"), subnet.Skip, "field requires to be true if Subnet ID is specified"))
181+
}
168182
}
169183
}
170184
} else {
171185
for _, subnet := range c.Spec.NetworkSpec.Vcn.Subnets {
172186
if subnet.Skip == *common.Bool(true) {
173-
if subnet.ID == nil {
174-
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "subnet.ID"), subnet.ID, "field is required"))
175-
}
187+
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "subnet.Skip"), subnet.Skip, "field cannot be true when VCN is not skipped"))
176188
}
177189
}
178190
}
179191

180-
// if c.Spec.NetworkSpec.Vcn.NetworkSecurityGroup.List != nil {
181-
// if c.Spec.NetworkSpec.Vcn.Skip != *common.Bool(true) {
182-
// if c.Spec.NetworkSpec.Vcn.CIDR == "" {
183-
// allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "NetworkSpec.Vcn.CIDR"), c.Spec.NetworkSpec.Vcn.CIDR, "field is required"))
184-
// }
185-
// } else {
186-
// if c.Spec.NetworkSpec.Vcn.ID == nil {
187-
// allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "NetworkSpec.Vcn.ID"), c.Spec.NetworkSpec.Vcn.ID, "field is required"))
188-
// }
189-
// }
190-
// }
192+
if c.Spec.NetworkSpec.Vcn.ID != common.String("") {
193+
if c.Spec.NetworkSpec.Vcn.Skip != *common.Bool(true) {
194+
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "NetworkSpec.Vcn.Skip"), c.Spec.NetworkSpec.Vcn.Skip, "field requires to be true if VCN ID is specified"))
195+
}
196+
}
191197

192198
allErrs = append(allErrs, c.validate(oldCluster)...)
193199

cloud/scope/nsg_reconciler.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,10 @@ import (
3030
)
3131

3232
func (s *ClusterScope) ReconcileNSG(ctx context.Context) error {
33+
if s.OCIClusterAccessor.GetNetworkSpec().Vcn.NetworkSecurityGroup.Skip {
34+
s.Logger.Info("Skipping Network Secuirty Group reconciliation as per spec")
35+
return nil
36+
}
3337
desiredNSGs := s.OCIClusterAccessor.GetNetworkSpec().Vcn.NetworkSecurityGroup
3438
for _, desiredNSG := range desiredNSGs.List {
3539
nsg, err := s.GetNSG(ctx, *desiredNSG)
@@ -124,6 +128,10 @@ func (s *ClusterScope) GetNSG(ctx context.Context, spec infrastructurev1beta2.NS
124128
}
125129

126130
func (s *ClusterScope) DeleteNSGs(ctx context.Context) error {
131+
if s.OCIClusterAccessor.GetNetworkSpec().Vcn.NetworkSecurityGroup.Skip {
132+
s.Logger.Info("Skipping Network Secuirty Group reconciliation as per spec")
133+
return nil
134+
}
127135
desiredNSGs := s.OCIClusterAccessor.GetNetworkSpec().Vcn.NetworkSecurityGroup
128136
for _, desiredNSG := range desiredNSGs.List {
129137
nsg, err := s.GetNSG(ctx, *desiredNSG)

cloud/scope/service_gateway_reconciler.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,10 @@ import (
2727
)
2828

2929
func (s *ClusterScope) ReconcileServiceGateway(ctx context.Context) error {
30+
if s.OCIClusterAccessor.GetNetworkSpec().Vcn.ServiceGateway.Skip {
31+
s.Logger.Info("Skipping Service Gateway reconciliation as per spec")
32+
return nil
33+
}
3034
if s.IsAllSubnetsPublic() {
3135
s.Logger.Info("All subnets are public, we don't need service gateway")
3236
return nil
@@ -86,6 +90,10 @@ func (s *ClusterScope) CreateServiceGateway(ctx context.Context) (*string, error
8690
}
8791

8892
func (s *ClusterScope) DeleteServiceGateway(ctx context.Context) error {
93+
if s.OCIClusterAccessor.GetNetworkSpec().Vcn.ServiceGateway.Skip {
94+
s.Logger.Info("Skipping Service Gateway reconciliation as per spec")
95+
return nil
96+
}
8997
sgw, err := s.GetServiceGateway(ctx)
9098
if err != nil && !ociutil.IsNotFound(err) {
9199
return err

0 commit comments

Comments
 (0)