@@ -38,7 +38,6 @@ import (
3838 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/security/rules"
3939 neutronports "github.com/gophercloud/gophercloud/openstack/networking/v2/ports"
4040 "github.com/gophercloud/gophercloud/openstack/networking/v2/subnets"
41- "github.com/gophercloud/gophercloud/pagination"
4241 secgroups "github.com/gophercloud/utils/openstack/networking/v2/extensions/security/groups"
4342 "gopkg.in/godo.v2/glob"
4443 corev1 "k8s.io/api/core/v1"
@@ -432,28 +431,6 @@ func getSecurityGroupName(service *corev1.Service) string {
432431 return securityGroupName
433432}
434433
435- func getSecurityGroupRules (client * gophercloud.ServiceClient , opts rules.ListOpts ) ([]rules.SecGroupRule , error ) {
436- var securityRules []rules.SecGroupRule
437-
438- mc := metrics .NewMetricContext ("security_group_rule" , "list" )
439- pager := rules .List (client , opts )
440-
441- err := pager .EachPage (func (page pagination.Page ) (bool , error ) {
442- ruleList , err := rules .ExtractRules (page )
443- if err != nil {
444- return false , err
445- }
446- securityRules = append (securityRules , ruleList ... )
447- return true , nil
448- })
449-
450- if mc .ObserveRequest (err ) != nil {
451- return nil , err
452- }
453-
454- return securityRules , nil
455- }
456-
457434func getListenerProtocol (protocol corev1.Protocol , svcConf * serviceConfig ) listeners.Protocol {
458435 // Make neutron-lbaas code work
459436 if svcConf != nil {
@@ -2553,51 +2530,9 @@ func (lbaas *LbaasV2) EnsureSecurityGroupDeleted(_ string, service *corev1.Servi
25532530 }
25542531 _ = mc .ObserveRequest (nil )
25552532
2556- if len (lbaas .opts .NodeSecurityGroupIDs ) == 0 {
2557- // Just happen when nodes have not Security Group, or should not happen
2558- // UpdateLoadBalancer and EnsureLoadBalancer can set lbaas.opts.NodeSecurityGroupIDs when it is empty
2559- // And service controller call UpdateLoadBalancer to set lbaas.opts.NodeSecurityGroupIDs when controller manager service is restarted.
2560- klog .Warningf ("Can not find node-security-group from all the nodes of this cluster when delete loadbalancer service %s/%s" ,
2561- service .Namespace , service .Name )
2562- } else {
2563- // Delete the rules in the Node Security Group
2564- for _ , nodeSecurityGroupID := range lbaas .opts .NodeSecurityGroupIDs {
2565- opts := rules.ListOpts {
2566- SecGroupID : nodeSecurityGroupID ,
2567- RemoteGroupID : lbSecGroupID ,
2568- }
2569- secGroupRules , err := getSecurityGroupRules (lbaas .network , opts )
2570-
2571- if err != nil && ! cpoerrors .IsNotFound (err ) {
2572- msg := fmt .Sprintf ("error finding rules for remote group id %s in security group id %s: %v" , lbSecGroupID , nodeSecurityGroupID , err )
2573- return fmt .Errorf (msg )
2574- }
2575-
2576- for _ , rule := range secGroupRules {
2577- mc := metrics .NewMetricContext ("security_group_rule" , "delete" )
2578- res := rules .Delete (lbaas .network , rule .ID )
2579- if res .Err != nil && ! cpoerrors .IsNotFound (res .Err ) {
2580- _ = mc .ObserveRequest (res .Err )
2581- return fmt .Errorf ("error occurred deleting security group rule: %s: %v" , rule .ID , res .Err )
2582- }
2583- _ = mc .ObserveRequest (nil )
2584- }
2585- }
2586- }
2587-
25882533 return nil
25892534}
25902535
2591- // IsAllowAll checks whether the netsets.IPNet allows traffic from 0.0.0.0/0
2592- func IsAllowAll (ipnets netsets.IPNet ) bool {
2593- for _ , s := range ipnets .StringSlice () {
2594- if s == "0.0.0.0/0" {
2595- return true
2596- }
2597- }
2598- return false
2599- }
2600-
26012536// GetLoadBalancerSourceRanges first try to parse and verify LoadBalancerSourceRanges field from a service.
26022537// If the field is not specified, turn to parse and verify the AnnotationLoadBalancerSourceRangesKey annotation from a service,
26032538// extracting the source ranges to allow, and if not present returns a default (allow-all) value.
0 commit comments