diff --git a/controllers/osccluster_net_controller_unit_test.go b/controllers/osccluster_net_controller_unit_test.go index 9ee120b9a..b6e784791 100644 --- a/controllers/osccluster_net_controller_unit_test.go +++ b/controllers/osccluster_net_controller_unit_test.go @@ -58,8 +58,6 @@ var ( // Setup set osccluster and clusterScope func Setup(t *testing.T, name string, spec infrastructurev1beta1.OscClusterSpec) (clusterScope *scope.ClusterScope) { - t.Logf("Validate to %s", name) - oscCluster := infrastructurev1beta1.OscCluster{ Spec: spec, ObjectMeta: metav1.ObjectMeta{ diff --git a/testenv/osccluster_controller_test.go b/testenv/osccluster_controller_test.go index 5de116424..ed64f24fe 100644 --- a/testenv/osccluster_controller_test.go +++ b/testenv/osccluster_controller_test.go @@ -606,38 +606,70 @@ func checkOscSecurityGroupToBeProvisioned(ctx context.Context, oscInfraClusterKe }, 5*time.Minute, 1*time.Second).Should(BeNil()) } -// checkOscSecurityGroupRuleToBeProvisioned will validate that OscSecurityGroupRule is provisionned +// checkOscSecurityGroupRuleToBeProvisioned will validate that OscSecurityGroupRule is provisioned func checkOscSecurityGroupRuleToBeProvisioned(ctx context.Context, oscInfraClusterKey client.ObjectKey, clusterScope *scope.ClusterScope) { - By("Check OscSecurityGroupRule is provisioned") + By("Checking if OscSecurityGroupRule is provisioned") Eventually(func() error { - securitysvc := security.NewService(ctx, clusterScope) + securityService := security.NewService(ctx, clusterScope) securityGroupsSpec := clusterScope.GetSecurityGroups() + + // Mapping between rule names and IDs + ruleNameToID := make(map[string]string) + for _, securityGroupSpec := range securityGroupsSpec { securityGroupId := securityGroupSpec.ResourceId - fmt.Fprintf(GinkgoWriter, "Check SecurityGroupId %s\n", securityGroupId) + fmt.Fprintf(GinkgoWriter, "Verifying SecurityGroupId: %s\n", securityGroupId) + securityGroupRulesSpec := clusterScope.GetSecurityGroupRule(securityGroupSpec.Name) for _, securityGroupRuleSpec := range *securityGroupRulesSpec { - securityGroupRuleName := securityGroupRuleSpec.Name + "-" + clusterScope.GetUID() - fmt.Fprintf(GinkgoWriter, "Check SecurityGroupRule %s does exist \n", securityGroupRuleName) - Flow := securityGroupRuleSpec.Flow - IpProtocol := securityGroupRuleSpec.IpProtocol - IpRange := securityGroupRuleSpec.IpRange - FromPortRange := securityGroupRuleSpec.FromPortRange - ToPortRange := securityGroupRuleSpec.ToPortRange - securityGroupFromSecurityGroupRule, err := securitysvc.GetSecurityGroupFromSecurityGroupRule(securityGroupId, Flow, IpProtocol, IpRange, "", FromPortRange, ToPortRange) + securityGroupRuleName := fmt.Sprintf("%s-%s", securityGroupRuleSpec.Name, clusterScope.GetUID()) + + // Populate ResourceId if nil, using rule name to ID mapping + if securityGroupRuleSpec.ResourceId == "" { + if ref, exists := ruleNameToID[securityGroupRuleSpec.Name]; exists { + securityGroupRuleSpec.ResourceId = ref + } else { + // If the map does not contain the rule, add an entry based on security group ID + ref := fmt.Sprintf("%s-%s", securityGroupId, securityGroupRuleSpec.Name) + ruleNameToID[securityGroupRuleSpec.Name] = ref + securityGroupRuleSpec.ResourceId = ref + } + fmt.Fprintf(GinkgoWriter, "Populated empty ResourceId for rule %s with value: %s\n", securityGroupRuleName, securityGroupRuleSpec.ResourceId) + } + + // Retrieve the populated ResourceId + securityRef := securityGroupRuleSpec.ResourceId + fmt.Fprintf(GinkgoWriter, "Checking if SecurityGroupRule %s (ResourceId: %s) exists\n", securityGroupRuleName, securityRef) + + // Rule specifications + flow := securityGroupRuleSpec.Flow + ipProtocol := securityGroupRuleSpec.IpProtocol + ipRange := securityGroupRuleSpec.IpRange + fromPortRange := securityGroupRuleSpec.FromPortRange + toPortRange := securityGroupRuleSpec.ToPortRange + + // Fetch the existing security group rule based on provided specifications + securityGroupFromRule, err := securityService.GetSecurityGroupFromSecurityGroupRule( + securityGroupId, flow, ipProtocol, ipRange, "", fromPortRange, toPortRange, + ) + if err != nil { + fmt.Fprintf(GinkgoWriter, "Error retrieving SecurityGroupRule %s (ResourceId: %s): %v\n", securityGroupRuleName, securityRef, err) return err } - fmt.Fprintf(GinkgoWriter, "Check SecurityGroupId received %s\n", securityGroupFromSecurityGroupRule.GetSecurityGroupId()) - if securityGroupId != securityGroupFromSecurityGroupRule.GetSecurityGroupId() { - return fmt.Errorf("SecurityGroupRule %s does not exist", securityGroupRuleName) - } + // Check if the rule exists with the expected security group ID + if securityGroupFromRule == nil || securityGroupId != securityGroupFromRule.GetSecurityGroupId() { + errMsg := fmt.Sprintf("Expected SecurityGroupRule %s (ResourceId: %s) does not exist or has mismatched SecurityGroupId", securityGroupRuleName, securityRef) + fmt.Fprintf(GinkgoWriter, "%s\n", errMsg) + return fmt.Errorf(errMsg) + } } } - fmt.Fprintf(GinkgoWriter, "Found OscSecurityGroupRule \n") + + fmt.Fprintf(GinkgoWriter, "All specified OscSecurityGroupRules are provisioned successfully\n") return nil - }, 5*time.Minute, 1*time.Second).Should(BeNil()) + }, 5*time.Minute, 1*time.Second).Should(BeNil(), "Expected all OscSecurityGroupRules to be provisioned within the timeout period") } // checkOscLoadBalancerToBeProvisioned will validate that OscLoadBalancer is provisionned @@ -874,6 +906,7 @@ var _ = Describe("Outscale Cluster Reconciler", func() { IpRange: "0.0.0.0/0", FromPortRange: 80, ToPortRange: 80, + TargetSecurityGroupName: "another-security-group-name", }, }, },