Add support for multiple NSGs in machine spec (#356)

shyamradhakrishnan · shyamradhakrishnan · commit b4f68de0004a · 2024-03-22T09:41:09.000+05:30
diff --git a/api/v1beta1/types.go b/api/v1beta1/types.go
@@ -44,8 +44,12 @@ type NetworkDetails struct {
 	SubnetName string `json:"subnetName,omitempty"`
 
 	// NSGId defines the ID of the NSG to use. This parameter takes priority over NsgNames.
+	// Deprecated, please use NetworkDetails.NSGIds
 	NSGId *string `json:"nsgId,omitempty"`
 
+	// NSGIds defines the list of NSG IDs to use. This parameter takes priority over NsgNames.
+	NSGIds []string `json:"nsgIds,omitempty"`
+
 	// SkipSourceDestCheck defines whether the source/destination check is disabled on the VNIC.
 	SkipSourceDestCheck *bool `json:"skipSourceDestCheck,omitempty"`
 
diff --git a/api/v1beta1/zz_generated.conversion.go b/api/v1beta1/zz_generated.conversion.go
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/api/v1beta2/types.go b/api/v1beta2/types.go
@@ -47,8 +47,12 @@ type NetworkDetails struct {
 	SkipSourceDestCheck *bool `json:"skipSourceDestCheck,omitempty"`
 
 	// NSGId defines the ID of the NSG to use. This parameter takes priority over NsgNames.
+	// Deprecated, please use NetworkDetails.NSGIds
 	NSGId *string `json:"nsgId,omitempty"`
 
+	// NSGIds defines the list of NSG IDs to use. This parameter takes priority over NsgNames.
+	NSGIds []string `json:"nsgIds,omitempty"`
+
 	// NsgNames defines a list of the nsg names of the network security groups (NSGs) to add the VNIC to.
 	NsgNames []string `json:"nsgNames,omitempty"`
 
diff --git a/api/v1beta2/zz_generated.deepcopy.go b/api/v1beta2/zz_generated.deepcopy.go
diff --git a/cloud/scope/machine.go b/cloud/scope/machine.go
@@ -188,8 +188,11 @@ func (m *MachineScope) GetOrCreateMachine(ctx context.Context) (*core.Instance,
 	}
 
 	var nsgIds []string
+	machineNsgIds := m.OCIMachine.Spec.NetworkDetails.NSGIds
 	nsgId := m.OCIMachine.Spec.NetworkDetails.NSGId
-	if nsgId != nil {
+	if machineNsgIds != nil && len(machineNsgIds) > 0 {
+		nsgIds = machineNsgIds
+	} else if nsgId != nil {
 		nsgIds = []string{*nsgId}
 	} else {
 		if m.IsControlPlane() {
diff --git a/cloud/scope/machine_test.go b/cloud/scope/machine_test.go
@@ -453,6 +453,76 @@ func TestInstanceReconciliation(t *testing.T) {
 					OpcRetryToken:         ociutil.GetOPCRetryToken("machineuid")})).Return(core.LaunchInstanceResponse{}, nil)
 			},
 		},
+		{
+			name:          "check all params together, with subnet id set, nsg id list",
+			errorExpected: false,
+			testSpecificSetup: func(machineScope *MachineScope, computeClient *mock_compute.MockComputeClient) {
+				setupAllParams(ms)
+				ms.OCIMachine.Spec.CapacityReservationId = common.String("cap-id")
+				ms.OCIMachine.Spec.DedicatedVmHostId = common.String("dedicated-host-id")
+				ms.OCIMachine.Spec.NetworkDetails.HostnameLabel = common.String("hostname-label")
+				ms.OCIMachine.Spec.NetworkDetails.SubnetId = common.String("subnet-machine-id")
+				ms.OCIMachine.Spec.NetworkDetails.NSGIds = []string{"nsg-machine-id-1", "nsg-machine-id-2"}
+				// above array should take precedence
+				ms.OCIMachine.Spec.NetworkDetails.NSGId = common.String("nsg-machine-id")
+				ms.OCIMachine.Spec.NetworkDetails.SkipSourceDestCheck = common.Bool(true)
+				ms.OCIMachine.Spec.NetworkDetails.AssignPrivateDnsRecord = common.Bool(true)
+				ms.OCIMachine.Spec.NetworkDetails.DisplayName = common.String("display-name")
+				ms.OCIMachine.Spec.InstanceSourceViaImageDetails = &infrastructurev1beta2.InstanceSourceViaImageConfig{
+					KmsKeyId:            common.String("kms-key-id"),
+					BootVolumeVpusPerGB: common.Int64(32),
+				}
+				computeClient.EXPECT().ListInstances(gomock.Any(), gomock.Eq(core.ListInstancesRequest{
+					DisplayName:   common.String("name"),
+					CompartmentId: common.String("test"),
+				})).Return(core.ListInstancesResponse{}, nil)
+
+				launchDetails := core.LaunchInstanceDetails{DisplayName: common.String("name"),
+					CapacityReservationId: common.String("cap-id"),
+					DedicatedVmHostId:     common.String("dedicated-host-id"),
+					SourceDetails: core.InstanceSourceViaImageDetails{
+						ImageId:             common.String("image"),
+						BootVolumeSizeInGBs: common.Int64(120),
+						KmsKeyId:            common.String("kms-key-id"),
+						BootVolumeVpusPerGB: common.Int64(32),
+					},
+					CreateVnicDetails: &core.CreateVnicDetails{
+						SubnetId:       common.String("subnet-machine-id"),
+						AssignPublicIp: common.Bool(false),
+						DefinedTags:    map[string]map[string]interface{}{},
+						FreeformTags: map[string]string{
+							ociutil.CreatedBy:                 ociutil.OCIClusterAPIProvider,
+							ociutil.ClusterResourceIdentifier: "resource_uid",
+						},
+						NsgIds:                 []string{"nsg-machine-id-1", "nsg-machine-id-2"},
+						HostnameLabel:          common.String("hostname-label"),
+						SkipSourceDestCheck:    common.Bool(true),
+						AssignPrivateDnsRecord: common.Bool(true),
+						DisplayName:            common.String("display-name"),
+					},
+					Metadata: map[string]string{
+						"user_data": base64.StdEncoding.EncodeToString([]byte("test")),
+					},
+					Shape: common.String("shape"),
+					ShapeConfig: &core.LaunchInstanceShapeConfigDetails{
+						Ocpus:                   common.Float32(2),
+						MemoryInGBs:             common.Float32(100),
+						BaselineOcpuUtilization: core.LaunchInstanceShapeConfigDetailsBaselineOcpuUtilization8,
+					},
+					AvailabilityDomain:             common.String("ad2"),
+					CompartmentId:                  common.String("test"),
+					IsPvEncryptionInTransitEnabled: common.Bool(true),
+					DefinedTags:                    map[string]map[string]interface{}{},
+					FreeformTags: map[string]string{
+						ociutil.CreatedBy:                 ociutil.OCIClusterAPIProvider,
+						ociutil.ClusterResourceIdentifier: "resource_uid",
+					},
+				}
+				computeClient.EXPECT().LaunchInstance(gomock.Any(), gomock.Eq(core.LaunchInstanceRequest{
+					LaunchInstanceDetails: launchDetails,
+					OpcRetryToken:         ociutil.GetOPCRetryToken("machineuid")})).Return(core.LaunchInstanceResponse{}, nil)
+			},
+		},
 		{
 			name:          "shape config is empty",
 			errorExpected: false,
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_ocimachinepools.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_ocimachinepools.yaml
@@ -205,8 +205,15 @@ spec:
                         type: string
                       nsgId:
                         description: NSGId defines the ID of the NSG to use. This
-                          parameter takes priority over NsgNames.
+                          parameter takes priority over NsgNames. Deprecated, please
+                          use NetworkDetails.NSGIds
                         type: string
+                      nsgIds:
+                        description: NSGIds defines the list of NSG IDs to use. This
+                          parameter takes priority over NsgNames.
+                        items:
+                          type: string
+                        type: array
                       nsgNames:
                         description: NsgNames defines a list of the nsg names of the
                           network security groups (NSGs) to add the VNIC to.
@@ -922,8 +929,15 @@ spec:
                         type: string
                       nsgId:
                         description: NSGId defines the ID of the NSG to use. This
-                          parameter takes priority over NsgNames.
+                          parameter takes priority over NsgNames. Deprecated, please
+                          use NetworkDetails.NSGIds
                         type: string
+                      nsgIds:
+                        description: NSGIds defines the list of NSG IDs to use. This
+                          parameter takes priority over NsgNames.
+                        items:
+                          type: string
+                        type: array
                       nsgNames:
                         description: NsgNames defines a list of the nsg names of the
                           network security groups (NSGs) to add the VNIC to.
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_ocimachines.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_ocimachines.yaml
@@ -271,8 +271,14 @@ spec:
                     type: string
                   nsgId:
                     description: NSGId defines the ID of the NSG to use. This parameter
-                      takes priority over NsgNames.
+                      takes priority over NsgNames. Deprecated, please use NetworkDetails.NSGIds
                     type: string
+                  nsgIds:
+                    description: NSGIds defines the list of NSG IDs to use. This parameter
+                      takes priority over NsgNames.
+                    items:
+                      type: string
+                    type: array
                   nsgNames:
                     description: NsgNames defines a list of the nsg names of the network
                       security groups (NSGs) to add the VNIC to.
@@ -1032,8 +1038,14 @@ spec:
                     type: string
                   nsgId:
                     description: NSGId defines the ID of the NSG to use. This parameter
-                      takes priority over NsgNames.
+                      takes priority over NsgNames. Deprecated, please use NetworkDetails.NSGIds
                     type: string
+                  nsgIds:
+                    description: NSGIds defines the list of NSG IDs to use. This parameter
+                      takes priority over NsgNames.
+                    items:
+                      type: string
+                    type: array
                   nsgNames:
                     description: NsgNames defines a list of the nsg names of the network
                       security groups (NSGs) to add the VNIC to.
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_ocimachinetemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_ocimachinetemplates.yaml
@@ -296,8 +296,15 @@ spec:
                             type: string
                           nsgId:
                             description: NSGId defines the ID of the NSG to use. This
-                              parameter takes priority over NsgNames.
+                              parameter takes priority over NsgNames. Deprecated,
+                              please use NetworkDetails.NSGIds
                             type: string
+                          nsgIds:
+                            description: NSGIds defines the list of NSG IDs to use.
+                              This parameter takes priority over NsgNames.
+                            items:
+                              type: string
+                            type: array
                           nsgNames:
                             description: NsgNames defines a list of the nsg names
                               of the network security groups (NSGs) to add the VNIC
@@ -1036,8 +1043,15 @@ spec:
                             type: string
                           nsgId:
                             description: NSGId defines the ID of the NSG to use. This
-                              parameter takes priority over NsgNames.
+                              parameter takes priority over NsgNames. Deprecated,
+                              please use NetworkDetails.NSGIds
                             type: string
+                          nsgIds:
+                            description: NSGIds defines the list of NSG IDs to use.
+                              This parameter takes priority over NsgNames.
+                            items:
+                              type: string
+                            type: array
                           nsgNames:
                             description: NsgNames defines a list of the nsg names
                               of the network security groups (NSGs) to add the VNIC
