Matt made a dump in the codebase

Author: mdbooth

api/v1alpha5/conversion.go

@@ -30,6 +30,28 @@ var _ ctrlconversion.Convertible = &OpenStackCluster{}
 
 const trueString = "true"
 
+// legacyCalicoSecurityGroupRules are the legacy security group rules for calico
+// that need to be applied to the control plane and worker security groups when
+// managed security groups are enabled and upgrading from v1alpha7 to v1alpha8.
+var legacyCalicoSecurityGroupRules = []infrav1.SecurityGroupRuleSpec{
+	{
+		Description:         "BGP (calico)",
+		Direction:           "ingress",
+		EtherType:           "IPv4",
+		PortRangeMin:        179,
+		PortRangeMax:        179,
+		Protocol:            "tcp",
+		RemoteManagedGroups: []infrav1.ManagedSecurityGroupName{"controlplane", "worker"},
+	},
+	{
+		Description:         "IP-in-IP (calico)",
+		Direction:           "ingress",
+		EtherType:           "IPv4",
+		Protocol:            "4",
+		RemoteManagedGroups: []infrav1.ManagedSecurityGroupName{"controlplane", "worker"},
+	},
+}
+
 func (r *OpenStackCluster) ConvertTo(dstRaw ctrlconversion.Hub) error {
 	dst := dstRaw.(*infrav1.OpenStackCluster)
 
@@ -196,6 +218,10 @@ func Convert_v1alpha8_OpenStackClusterSpec_To_v1alpha5_OpenStackClusterSpec(in *
 		out.ExternalNetworkID = in.ExternalNetwork.ID
 	}
 
+	if in.ManagedSecurityGroups.Enabled {
+		out.ManagedSecurityGroups = true
+	}
+
 	return nil
 }
 
@@ -211,6 +237,13 @@ func Convert_v1alpha5_OpenStackClusterSpec_To_v1alpha8_OpenStackClusterSpec(in *
 		}
 	}
 
+	if in.ManagedSecurityGroups {
+		out.ManagedSecurityGroups = infrav1.SecurityGroupsSpec{
+			Enabled:                    true,
+			AllNodesSecurityGroupRules: legacyCalicoSecurityGroupRules,
+		}
+	}
+
 	return nil
 }
 
@@ -523,6 +556,43 @@ func Convert_v1alpha5_Bastion_To_v1alpha8_Bastion(in *Bastion, out *infrav1.Bast
 	return nil
 }
 
-func Convert_v1alpha8_SecurityGroupRule_To_v1alpha5_SecurityGroupRule(in *infrav1.SecurityGroupRule, out *SecurityGroupRule, s conversion.Scope) error {
-	return autoConvert_v1alpha8_SecurityGroupRule_To_v1alpha5_SecurityGroupRule(in, out, s)
+func Convert_v1alpha8_SecurityGroupStatus_To_v1alpha5_SecurityGroup(in *infrav1.SecurityGroupStatus, out *SecurityGroup, s conversion.Scope) error { //nolint:revive
+	out.ID = in.ID
+	out.Name = in.Name
+	out.Rules = make([]SecurityGroupRule, len(in.Rules))
+	for i, rule := range in.Rules {
+		out.Rules[i] = SecurityGroupRule{
+			ID:             rule.ID,
+			Description:    rule.Description,
+			Direction:      rule.Direction,
+			EtherType:      rule.EtherType,
+			PortRangeMin:   rule.PortRangeMin,
+			PortRangeMax:   rule.PortRangeMax,
+			Protocol:       rule.Protocol,
+			RemoteGroupID:  rule.RemoteGroupID,
+			RemoteIPPrefix: rule.RemoteIPPrefix,
+		}
+	}
+	return nil
+}
+
+func Convert_v1alpha5_SecurityGroup_To_v1alpha8_SecurityGroupStatus(in *SecurityGroup, out *infrav1.SecurityGroupStatus, s conversion.Scope) error { //nolint:revive
+	out.ID = in.ID
+	out.Name = in.Name
+	out.Rules = make([]infrav1.SecurityGroupRuleStatus, len(in.Rules))
+	for i, rule := range in.Rules {
+		out.Rules[i] = infrav1.SecurityGroupRuleStatus{
+			ID:             rule.ID,
+			Description:    rule.Description,
+			Direction:      rule.Direction,
+			EtherType:      rule.EtherType,
+			PortRangeMin:   rule.PortRangeMin,
+			PortRangeMax:   rule.PortRangeMax,
+			Protocol:       rule.Protocol,
+			RemoteGroupID:  rule.RemoteGroupID,
+			RemoteIPPrefix: rule.RemoteIPPrefix,
+		}
+	}
+
+	return nil
 }

api/v1alpha5/conversion_test.go

@@ -49,7 +49,7 @@ func TestConvertFrom(t *testing.T) {
 				Spec: OpenStackClusterSpec{},
 				ObjectMeta: metav1.ObjectMeta{
 					Annotations: map[string]string{
-						"cluster.x-k8s.io/conversion-data": "{\"spec\":{\"allowAllInClusterTraffic\":false,\"apiServerLoadBalancer\":{},\"cloudName\":\"\",\"controlPlaneEndpoint\":{\"host\":\"\",\"port\":0},\"disableAPIServerFloatingIP\":false,\"disableExternalNetwork\":false,\"externalNetwork\":{},\"network\":{},\"subnet\":{}},\"status\":{\"ready\":false}}",
+						"cluster.x-k8s.io/conversion-data": "{\"spec\":{\"allowAllInClusterTraffic\":false,\"apiServerLoadBalancer\":{},\"cloudName\":\"\",\"controlPlaneEndpoint\":{\"host\":\"\",\"port\":0},\"disableAPIServerFloatingIP\":false,\"disableExternalNetwork\":false,\"externalNetwork\":{},\"managedSecurityGroups\":{},\"network\":{},\"subnet\":{}},\"status\":{\"ready\":false}}",
 					},
 				},
 			},
@@ -64,7 +64,7 @@ func TestConvertFrom(t *testing.T) {
 				Spec: OpenStackClusterTemplateSpec{},
 				ObjectMeta: metav1.ObjectMeta{
 					Annotations: map[string]string{
-						"cluster.x-k8s.io/conversion-data": "{\"spec\":{\"template\":{\"spec\":{\"allowAllInClusterTraffic\":false,\"apiServerLoadBalancer\":{},\"cloudName\":\"\",\"controlPlaneEndpoint\":{\"host\":\"\",\"port\":0},\"disableAPIServerFloatingIP\":false,\"disableExternalNetwork\":false,\"externalNetwork\":{},\"network\":{},\"subnet\":{}}}}}",
+						"cluster.x-k8s.io/conversion-data": "{\"spec\":{\"template\":{\"spec\":{\"allowAllInClusterTraffic\":false,\"apiServerLoadBalancer\":{},\"cloudName\":\"\",\"controlPlaneEndpoint\":{\"host\":\"\",\"port\":0},\"disableAPIServerFloatingIP\":false,\"disableExternalNetwork\":false,\"externalNetwork\":{},\"managedSecurityGroups\":{},\"network\":{},\"subnet\":{}}}}}",
 					},
 				},
 			},