Iteration 3

Author: EmilienM

controllers/openstackmachine_controller.go

@@ -22,6 +22,7 @@ import (
 	"errors"
 	"fmt"
 	"reflect"
+	"slices"
 	"time"
 
 	"github.com/go-logr/logr"
@@ -342,7 +343,7 @@ func (r *OpenStackMachineReconciler) reconcileNormal(ctx context.Context, scope
 		return ctrl.Result{}, err
 	}
 
-	err = r.reconcileSecurityGroupsToInstance(scope.Logger(), openStackCluster, machine, openStackMachine, instanceStatus, computeService, networkingService)
+	err = r.reconcileSecurityGroupsToInstance(scope.Logger(), openStackCluster, machine, openStackMachine, instanceStatus, networkingService)
 	if err != nil {
 		conditions.MarkFalse(openStackMachine, infrav1.InstanceReadyCondition, infrav1.SecurityGroupApplyFailedReason, clusterv1.ConditionSeverityError, "Applying security groups failed: %v", err)
 		return ctrl.Result{}, fmt.Errorf("add security groups to instance: %w", err)
@@ -444,6 +445,7 @@ func (r *OpenStackMachineReconciler) reconcileNormal(ctx context.Context, scope
 	return ctrl.Result{}, nil
 }
 
+// normalize returns a new sorted slice with the unique values of the given slice.
 func normalize(set []string) []string {
 	seen := make(map[string]struct{}, len(set))
 	normalized := make([]string, 0, len(set))
@@ -453,10 +455,11 @@ func normalize(set []string) []string {
 			normalized = append(normalized, s)
 		}
 	}
+	slices.Sort(normalized)
 	return normalized
 }
 
-func (r *OpenStackMachineReconciler) reconcileSecurityGroupsToInstance(logger logr.Logger, openStackCluster *infrav1.OpenStackCluster, machine *clusterv1.Machine, openStackMachine *infrav1.OpenStackMachine, instanceStatus *compute.InstanceStatus, computeService *compute.Service, networkingService *networking.Service) error {
+func (r *OpenStackMachineReconciler) reconcileSecurityGroupsToInstance(logger logr.Logger, openStackCluster *infrav1.OpenStackCluster, machine *clusterv1.Machine, openStackMachine *infrav1.OpenStackMachine, instanceStatus *compute.InstanceStatus, networkingService *networking.Service) error {
 	logger.Info("Reconciling security groups to instance")
 
 	desiredSecurityGroupIDs := []string{}
@@ -471,13 +474,13 @@ func (r *OpenStackMachineReconciler) reconcileSecurityGroupsToInstance(logger lo
 
 	desiredSecurityGroupIDs = normalize(desiredSecurityGroupIDs)
 	appliedSecurityGroupIDs := normalize(openStackMachine.Status.AppliedSecurityGroupIDs)
-	if !reflect.DeepEqual(desiredSecurityGroupIDs, appliedSecurityGroupIDs) {
+	if !slices.Equal(desiredSecurityGroupIDs, appliedSecurityGroupIDs) {
 		instanceID := instanceStatus.ID()
-		attachedInterfaces, err := computeService.GetAttachedInterfaces(instanceID)
+		attachedPorts, err := networkingService.GetPortIDsFromInstanceID(instanceID)
 		if err != nil {
-			return fmt.Errorf("get attached interfaces for instance %q: %w", instanceStatus.Name(), err)
+			return fmt.Errorf("get ports for instance %q: %w", instanceID, err)
 		}
-		err = networkingService.ReconcileSecurityGroupsToInstanceAttachedInterfaces(logger, openStackMachine, attachedInterfaces, desiredSecurityGroupIDs)
+		err = networkingService.ReconcileSecurityGroupsToInstanceAttachedPorts(openStackMachine, attachedPorts, desiredSecurityGroupIDs)
 		if err != nil {
 			return fmt.Errorf("reconcile security groups %q to instance %q: %w", desiredSecurityGroupIDs, instanceStatus.Name(), err)
 		}

controllers/openstackmachine_controller_test.go

@@ -165,7 +165,6 @@ func Test_reconcileSecurityGroupsToInstance(t *testing.T) {
 	instanceStatus := &compute.InstanceStatus{}
 	logger := logr.Logger{}
 
-	computeService := &compute.Service{}
 	networkingService := &networking.Service{}
 
 	tests := []struct {
@@ -186,7 +185,7 @@ func Test_reconcileSecurityGroupsToInstance(t *testing.T) {
 	for _, tt := range tests {
 		r := &OpenStackMachineReconciler{}
 		t.Run(tt.name, func(t *testing.T) {
-			err := r.reconcileSecurityGroupsToInstance(logger, openStackCluster, machine, tt.openStackMachine, instanceStatus, computeService, networkingService)
+			err := r.reconcileSecurityGroupsToInstance(logger, openStackCluster, machine, tt.openStackMachine, instanceStatus, networkingService)
 			if tt.expectedError {
 				Expect(err).To(HaveOccurred())
 			} else {

pkg/cloud/services/networking/port.go

@@ -330,3 +330,19 @@ func GetPortName(instanceName string, opts *infrav1.PortOpts, netIndex int) stri
 	}
 	return fmt.Sprintf("%s-%d", instanceName, netIndex)
 }
+
+func (s *Service) GetPortIDsFromInstanceID(instanceID string) ([]string, error) {
+	portList, err := s.client.ListPort(ports.ListOpts{
+		DeviceID: instanceID,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	portIDs := make([]string, len(portList))
+	for i, port := range portList {
+		portIDs[i] = port.ID
+	}
+
+	return portIDs, nil
+}

pkg/cloud/services/networking/port_test.go

@@ -618,3 +618,38 @@ func Test_GarbageCollectErrorInstancesPort(t *testing.T) {
 func pointerTo(b bool) *bool {
 	return &b
 }
+func Test_GetPortIDsFromInstanceID(t *testing.T) {
+	mockCtrl := gomock.NewController(t)
+	defer mockCtrl.Finish()
+
+	instanceID := "12345"
+	expectedPortIDs := []string{"port1", "port2", "port3"}
+
+	mockClient := mock.NewMockNetworkClient(mockCtrl)
+	mockClient.EXPECT().ListPort(ports.ListOpts{
+		DeviceID: instanceID,
+	}).Return([]ports.Port{
+		{ID: "port1"},
+		{ID: "port2"},
+		{ID: "port3"},
+	}, nil)
+
+	service := &Service{
+		client: mockClient,
+	}
+
+	portIDs, err := service.GetPortIDsFromInstanceID(instanceID)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if len(portIDs) != len(expectedPortIDs) {
+		t.Fatalf("unexpected number of port IDs, got: %d, want: %d", len(portIDs), len(expectedPortIDs))
+	}
+
+	for i, portID := range portIDs {
+		if portID != expectedPortIDs[i] {
+			t.Errorf("unexpected port ID at index %d, got: %s, want: %s", i, portID, expectedPortIDs[i])
+		}
+	}
+}

pkg/cloud/services/networking/securitygroups.go

@@ -18,9 +18,8 @@ package networking
 
 import (
 	"fmt"
+	"slices"
 
-	"github.com/go-logr/logr"
-	"github.com/gophercloud/gophercloud/openstack/compute/v2/extensions/attachinterfaces"
 	"github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/attributestags"
 	"github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/security/groups"
 	"github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/security/rules"
@@ -402,41 +401,23 @@ func (s *Service) createRule(r infrav1.SecurityGroupRule) (infrav1.SecurityGroup
 	return convertOSSecGroupRuleToConfigSecGroupRule(*rule), nil
 }
 
-func contains(list []string, element string) bool {
-	for _, e := range list {
-		if e == element {
-			return true
-		}
-	}
-	return false
-}
-
-func (s *Service) ReconcileSecurityGroupsToInstanceAttachedInterfaces(logger logr.Logger, openStackMachine *infrav1.OpenStackMachine, attachedInterfaces []attachinterfaces.Interface, desiredSecurityGroupIDs []string) error {
-	for _, iface := range attachedInterfaces {
+func (s *Service) ReconcileSecurityGroupsToInstanceAttachedPorts(openStackMachine *infrav1.OpenStackMachine, attachedPorts []string, desiredSecurityGroupIDs []string) error {
+	for _, portID := range attachedPorts {
 		portUpdateNeeded := false
-		portID := iface.PortID
 		port, err := s.client.GetPort(portID)
 		if err != nil {
 			return fmt.Errorf("error getting port %s: %v", portID, err)
 		}
 
-		// check if port already has desired security groups
-		for _, securityGroupID := range desiredSecurityGroupIDs {
-			if !contains(port.SecurityGroups, securityGroupID) {
-				logger.Info("Port doesn't have desired security group", "portID", portID, "securityGroupID", securityGroupID)
-				portUpdateNeeded = true
-			}
-		}
-		// check if port has security groups that are not desired
-		for _, securityGroupID := range port.SecurityGroups {
-			if !contains(desiredSecurityGroupIDs, securityGroupID) {
-				logger.Info("Port has security group that is not desired", "portID", portID, "securityGroupID", securityGroupID)
-				portUpdateNeeded = true
-			}
+		portSecurityGroupIDs := port.SecurityGroups
+		slices.Sort(portSecurityGroupIDs)
+		if !slices.Equal(portSecurityGroupIDs, desiredSecurityGroupIDs) {
+			s.scope.Logger().V(5).Info("Port has different security groups than desired", "portID", portID, "securityGroups", portSecurityGroupIDs)
+			portUpdateNeeded = true
 		}
 
 		if portUpdateNeeded {
-			logger.Info("Updating port", "portID", portID, "securityGroups", desiredSecurityGroupIDs)
+			s.scope.Logger().V(3).Info("Updating port", "portID", portID, "securityGroups", desiredSecurityGroupIDs)
 			portOpts := ports.UpdateOpts{
 				SecurityGroups: &desiredSecurityGroupIDs,
 			}