Remove security group rules from status

Author: mdbooth

api/v1alpha5/conversion.go

@@ -687,55 +687,12 @@ func Convert_v1alpha5_Bastion_To_v1beta1_Bastion(in *Bastion, out *infrav1.Basti
 func Convert_v1beta1_SecurityGroupStatus_To_v1alpha5_SecurityGroup(in *infrav1.SecurityGroupStatus, out *SecurityGroup, s conversion.Scope) error { //nolint:revive
 	out.ID = in.ID
 	out.Name = in.Name
-	out.Rules = make([]SecurityGroupRule, len(in.Rules))
-	for i, rule := range in.Rules {
-		out.Rules[i] = SecurityGroupRule{
-			ID:        rule.ID,
-			Direction: rule.Direction,
-		}
-		if rule.Description != nil {
-			out.Rules[i].Description = *rule.Description
-		}
-		if rule.EtherType != nil {
-			out.Rules[i].EtherType = *rule.EtherType
-		}
-		if rule.PortRangeMin != nil {
-			out.Rules[i].PortRangeMin = *rule.PortRangeMin
-		}
-		if rule.PortRangeMax != nil {
-			out.Rules[i].PortRangeMax = *rule.PortRangeMax
-		}
-		if rule.Protocol != nil {
-			out.Rules[i].Protocol = *rule.Protocol
-		}
-		if rule.RemoteGroupID != nil {
-			out.Rules[i].RemoteGroupID = *rule.RemoteGroupID
-		}
-		if rule.RemoteIPPrefix != nil {
-			out.Rules[i].RemoteIPPrefix = *rule.RemoteIPPrefix
-		}
-	}
 	return nil
 }
 
 func Convert_v1alpha5_SecurityGroup_To_v1beta1_SecurityGroupStatus(in *SecurityGroup, out *infrav1.SecurityGroupStatus, s conversion.Scope) error { //nolint:revive
 	out.ID = in.ID
 	out.Name = in.Name
-	out.Rules = make([]infrav1.SecurityGroupRuleStatus, len(in.Rules))
-	for i, rule := range in.Rules {
-		out.Rules[i] = infrav1.SecurityGroupRuleStatus{
-			ID:             rule.ID,
-			Description:    pointer.String(rule.Description),
-			Direction:      rule.Direction,
-			EtherType:      pointer.String(rule.EtherType),
-			PortRangeMin:   pointer.Int(rule.PortRangeMin),
-			PortRangeMax:   pointer.Int(rule.PortRangeMax),
-			Protocol:       pointer.String(rule.Protocol),
-			RemoteGroupID:  pointer.String(rule.RemoteGroupID),
-			RemoteIPPrefix: pointer.String(rule.RemoteIPPrefix),
-		}
-	}
-
 	return nil
 }
 

api/v1alpha6/types_conversion.go

@@ -364,63 +364,18 @@ func restorev1alpha6SecurityGroup(previous *SecurityGroup, dst *SecurityGroup) {
 		return
 	}
 
-	for i, rule := range previous.Rules {
-		dst.Rules[i].SecurityGroupID = rule.SecurityGroupID
-	}
+	dst.Rules = previous.Rules
 }
 
 func Convert_v1beta1_SecurityGroupStatus_To_v1alpha6_SecurityGroup(in *infrav1.SecurityGroupStatus, out *SecurityGroup, _ apiconversion.Scope) error {
 	out.ID = in.ID
 	out.Name = in.Name
-	out.Rules = make([]SecurityGroupRule, len(in.Rules))
-	for i, rule := range in.Rules {
-		out.Rules[i] = SecurityGroupRule{
-			ID:        rule.ID,
-			Direction: rule.Direction,
-		}
-		if rule.Description != nil {
-			out.Rules[i].Description = *rule.Description
-		}
-		if rule.EtherType != nil {
-			out.Rules[i].EtherType = *rule.EtherType
-		}
-		if rule.PortRangeMin != nil {
-			out.Rules[i].PortRangeMin = *rule.PortRangeMin
-		}
-		if rule.PortRangeMax != nil {
-			out.Rules[i].PortRangeMax = *rule.PortRangeMax
-		}
-		if rule.Protocol != nil {
-			out.Rules[i].Protocol = *rule.Protocol
-		}
-		if rule.RemoteGroupID != nil {
-			out.Rules[i].RemoteGroupID = *rule.RemoteGroupID
-		}
-		if rule.RemoteIPPrefix != nil {
-			out.Rules[i].RemoteIPPrefix = *rule.RemoteIPPrefix
-		}
-	}
 	return nil
 }
 
 func Convert_v1alpha6_SecurityGroup_To_v1beta1_SecurityGroupStatus(in *SecurityGroup, out *infrav1.SecurityGroupStatus, _ apiconversion.Scope) error {
 	out.ID = in.ID
 	out.Name = in.Name
-	out.Rules = make([]infrav1.SecurityGroupRuleStatus, len(in.Rules))
-	for i, rule := range in.Rules {
-		out.Rules[i] = infrav1.SecurityGroupRuleStatus{
-			ID:             rule.ID,
-			Description:    pointer.String(rule.Description),
-			Direction:      rule.Direction,
-			EtherType:      pointer.String(rule.EtherType),
-			PortRangeMin:   pointer.Int(rule.PortRangeMin),
-			PortRangeMax:   pointer.Int(rule.PortRangeMax),
-			Protocol:       pointer.String(rule.Protocol),
-			RemoteGroupID:  pointer.String(rule.RemoteGroupID),
-			RemoteIPPrefix: pointer.String(rule.RemoteIPPrefix),
-		}
-	}
-
 	return nil
 }
 

api/v1alpha7/openstackcluster_conversion.go

@@ -346,10 +346,6 @@ func restorev1alpha7ClusterStatus(previous *OpenStackClusterStatus, dst *OpenSta
 }
 
 func restorev1beta1ClusterStatus(previous *infrav1.OpenStackClusterStatus, dst *infrav1.OpenStackClusterStatus) {
-	restorev1beta1SecurityGroupStatus(previous.ControlPlaneSecurityGroup, dst.ControlPlaneSecurityGroup)
-	restorev1beta1SecurityGroupStatus(previous.WorkerSecurityGroup, dst.WorkerSecurityGroup)
-	restorev1beta1SecurityGroupStatus(previous.BastionSecurityGroup, dst.BastionSecurityGroup)
-
 	// ReferencedResources have no equivalent in v1alpha7
 	if previous.Bastion != nil {
 		dst.Bastion.ReferencedResources = previous.Bastion.ReferencedResources

api/v1alpha7/types_conversion.go

@@ -18,7 +18,6 @@ package v1alpha7
 
 import (
 	apiconversion "k8s.io/apimachinery/pkg/conversion"
-	"k8s.io/utils/pointer"
 
 	infrav1 "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta1"
 	"sigs.k8s.io/cluster-api-provider-openstack/pkg/utils/optional"
@@ -40,9 +39,7 @@ func restorev1alpha7SecurityGroup(previous *SecurityGroup, dst *SecurityGroup) {
 		return
 	}
 
-	for i, rule := range previous.Rules {
-		dst.Rules[i].SecurityGroupID = rule.SecurityGroupID
-	}
+	dst.Rules = previous.Rules
 }
 
 func Convert_v1alpha7_SecurityGroupFilter_To_v1beta1_SecurityGroupFilter(in *SecurityGroupFilter, out *infrav1.SecurityGroupFilter, s apiconversion.Scope) error {
@@ -142,39 +139,6 @@ func Convert_v1beta1_RouterFilter_To_v1alpha7_RouterFilter(in *infrav1.RouterFil
 	return nil
 }
 
-func restorev1beta1SecurityGroupStatus(previous *infrav1.SecurityGroupStatus, dst *infrav1.SecurityGroupStatus) {
-	if previous == nil || dst == nil {
-		return
-	}
-
-	for i := range dst.Rules {
-		dstRule := &dst.Rules[i]
-
-		// Conversion from scalar to *scalar is lossy for zero values. We need to restore only nil values.
-		if dstRule.Description != nil && *dstRule.Description == "" {
-			dstRule.Description = previous.Rules[i].Description
-		}
-		if dstRule.EtherType != nil && *dstRule.EtherType == "" {
-			dstRule.EtherType = previous.Rules[i].EtherType
-		}
-		if dstRule.PortRangeMin != nil && *dstRule.PortRangeMin == 0 {
-			dstRule.PortRangeMin = previous.Rules[i].PortRangeMin
-		}
-		if dstRule.PortRangeMax != nil && *dstRule.PortRangeMax == 0 {
-			dstRule.PortRangeMax = previous.Rules[i].PortRangeMax
-		}
-		if dstRule.Protocol != nil && *dstRule.Protocol == "" {
-			dstRule.Protocol = previous.Rules[i].Protocol
-		}
-		if dstRule.RemoteGroupID != nil && *dstRule.RemoteGroupID == "" {
-			dstRule.RemoteGroupID = previous.Rules[i].RemoteGroupID
-		}
-		if dstRule.RemoteIPPrefix != nil && *dstRule.RemoteIPPrefix == "" {
-			dstRule.RemoteIPPrefix = previous.Rules[i].RemoteIPPrefix
-		}
-	}
-}
-
 /* PortOpts */
 
 func restorev1alpha7Port(previous *PortOpts, dst *PortOpts) {
@@ -300,55 +264,13 @@ func Convert_v1beta1_PortOpts_To_v1alpha7_PortOpts(in *infrav1.PortOpts, out *Po
 func Convert_v1alpha7_SecurityGroup_To_v1beta1_SecurityGroupStatus(in *SecurityGroup, out *infrav1.SecurityGroupStatus, _ apiconversion.Scope) error {
 	out.ID = in.ID
 	out.Name = in.Name
-	out.Rules = make([]infrav1.SecurityGroupRuleStatus, len(in.Rules))
-	for i, rule := range in.Rules {
-		out.Rules[i] = infrav1.SecurityGroupRuleStatus{
-			ID:             rule.ID,
-			Description:    pointer.String(rule.Description),
-			Direction:      rule.Direction,
-			EtherType:      pointer.String(rule.EtherType),
-			PortRangeMin:   pointer.Int(rule.PortRangeMin),
-			PortRangeMax:   pointer.Int(rule.PortRangeMax),
-			Protocol:       pointer.String(rule.Protocol),
-			RemoteGroupID:  pointer.String(rule.RemoteGroupID),
-			RemoteIPPrefix: pointer.String(rule.RemoteIPPrefix),
-		}
-	}
 
 	return nil
 }
 
 func Convert_v1beta1_SecurityGroupStatus_To_v1alpha7_SecurityGroup(in *infrav1.SecurityGroupStatus, out *SecurityGroup, _ apiconversion.Scope) error {
 	out.ID = in.ID
 	out.Name = in.Name
-	out.Rules = make([]SecurityGroupRule, len(in.Rules))
-	for i, rule := range in.Rules {
-		out.Rules[i] = SecurityGroupRule{
-			ID:        rule.ID,
-			Direction: rule.Direction,
-		}
-		if rule.Description != nil {
-			out.Rules[i].Description = *rule.Description
-		}
-		if rule.EtherType != nil {
-			out.Rules[i].EtherType = *rule.EtherType
-		}
-		if rule.PortRangeMin != nil {
-			out.Rules[i].PortRangeMin = *rule.PortRangeMin
-		}
-		if rule.PortRangeMax != nil {
-			out.Rules[i].PortRangeMax = *rule.PortRangeMax
-		}
-		if rule.Protocol != nil {
-			out.Rules[i].Protocol = *rule.Protocol
-		}
-		if rule.RemoteGroupID != nil {
-			out.Rules[i].RemoteGroupID = *rule.RemoteGroupID
-		}
-		if rule.RemoteIPPrefix != nil {
-			out.Rules[i].RemoteIPPrefix = *rule.RemoteIPPrefix
-		}
-	}
 	return nil
 }
 

api/v1beta1/types.go

@@ -448,10 +448,6 @@ type SecurityGroupStatus struct {
 	// id of the security group
 	// +kubebuilder:validation:Required
 	ID string `json:"id"`
-
-	// list of security group rules
-	// +optional
-	Rules []SecurityGroupRuleStatus `json:"rules,omitempty"`
 }
 
 // SecurityGroupRuleSpec represent the basic information of the associated OpenStack
@@ -514,55 +510,6 @@ type SecurityGroupRuleSpec struct {
 	RemoteManagedGroups []ManagedSecurityGroupName `json:"remoteManagedGroups,omitempty"`
 }
 
-type SecurityGroupRuleStatus struct {
-	// id of the security group rule
-	// +kubebuilder:validation:Required
-	ID string `json:"id"`
-
-	// description of the security group rule.
-	// +optional
-	Description *string `json:"description,omitempty"`
-
-	// direction in which the security group rule is applied. The only values
-	// allowed are "ingress" or "egress". For a compute instance, an ingress
-	// security group rule is applied to incoming (ingress) traffic for that
-	// instance. An egress rule is applied to traffic leaving the instance.
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:enum=ingress;egress
-	Direction string `json:"direction"`
-
-	// etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
-	// ingress or egress rules.
-	// +kubebuilder:validation:enum=IPv4;IPv6
-	// +optional
-	EtherType *string `json:"etherType,omitempty"`
-
-	// portRangeMin is a number in the range that is matched by the security group
-	// rule. If the protocol is TCP or UDP, this value must be less than or equal
-	// to the value of the portRangeMax attribute.
-	// +optional
-	PortRangeMin *int `json:"portRangeMin,omitempty"`
-
-	// portRangeMax is a number in the range that is matched by the security group
-	// rule. The portRangeMin attribute constrains the portRangeMax attribute.
-	// +optional
-	PortRangeMax *int `json:"portRangeMax,omitempty"`
-
-	// protocol is the protocol that is matched by the security group rule.
-	// +optional
-	Protocol *string `json:"protocol,omitempty"`
-
-	// remoteGroupID is the remote group ID to be associated with this security group rule.
-	// You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-	// +optional
-	RemoteGroupID *string `json:"remoteGroupID,omitempty"`
-
-	// remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
-	// You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
-	// +optional
-	RemoteIPPrefix *string `json:"remoteIPPrefix,omitempty"`
-}
-
 // +kubebuilder:validation:Enum=bastion;controlplane;worker
 type ManagedSecurityGroupName string