Make sure securitygroup resourceMap is populated before reconcile

Signed-off-by: hanenMizouni <[email protected]>
outscale · Dec 18, 2024 · 5bb4a88 · 5bb4a88
1 parent 616aab4
commit 5bb4a88
Showing 1 changed file with 80 additions and 30 deletions.
diff --git a/testenv/osccluster_controller_test.go b/testenv/osccluster_controller_test.go
@@ -77,7 +77,7 @@ func deployOscInfraMachine(ctx context.Context, infraMachineSpec infrastructurev
 	return oscInfraMachine, oscInfraMachineKey
 }
 
-// createCheckDeleteOscCluster will deploy oscInfraCluster (create osccluster object), deploy capoCluster (create cluster object), will validate each OscInfraCluster component is provisioned and then will delelete OscInfraCluster (delete osccluster) and capoCluster (delete cluster)
+// createCheckDeleteOscCluster will deploy oscInfraCluster (create osccluster object), deploy capoCluster (create cluster object), 
 func createCheckDeleteOscCluster(ctx context.Context, infraClusterSpec infrastructurev1beta1.OscClusterSpec) {
 	uid := uuid.New().String()[:8]
 	clusterName := fmt.Sprintf("cluster-api-test-%s", uid)
@@ -87,51 +87,73 @@ func createCheckDeleteOscCluster(ctx context.Context, infraClusterSpec infrastru
 	waitOscClusterToProvision(ctx, capoClusterKey)
 	clusterScope, err := getClusterScope(ctx, capoClusterKey, oscInfraClusterKey)
 	Expect(err).ShouldNot(HaveOccurred())
+
+	By("Ensuring network components are provisioned")
 	checkOscNetToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscSubnetToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscInternetServiceToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscNatServiceToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscPublicIpToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscRouteTableToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscRouteToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
+
+	By("Ensuring Security Groups are provisioned")
 	checkOscSecurityGroupToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscSecurityGroupRuleToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
+
+	By("Validating SecurityGroupsRef is not empty")
+	securityGroupsRef := clusterScope.GetSecurityGroupsRef()
+	Expect(len(securityGroupsRef.ResourceMap)).To(BeNumerically(">", 0), "SecurityGroupsRef.ResourceMap should not be empty")
+
 	checkOscLoadBalancerToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
+
 	By("Delete cluster")
 	deleteObj(ctx, oscInfraCluster, oscInfraClusterKey, "oscInfraCluster", "default")
 	deleteObj(ctx, capoCluster, capoClusterKey, "capoCluster", "default")
 }
 
-// createCheckDeleteOscClusterMachine will deploy oscInfraCluster (create osccluster object), deploy oscInfraMachine (create oscmachine object),  deploy capoCluster (create cluster object), deploy capoMachine (create machine object), will validate each OscInfraCluster component is provisioned and then will delelete OscInfraCluster (delete osccluster) and capoCluster (delete cluster)
+// createCheckDeleteOscClusterMachine will deploy oscInfraCluster (create osccluster object), deploy oscInfraMachine (create oscmachine object),
+// deploy capoCluster (create cluster object), deploy capoMachine (create machine object), will validate each OscInfraCluster component is provisioned 
+// and then will delete OscInfraCluster (delete osccluster) and capoCluster (delete cluster)
 func createCheckDeleteOscClusterMachine(ctx context.Context, infraClusterSpec infrastructurev1beta1.OscClusterSpec, infraMachineSpec infrastructurev1beta1.OscMachineSpec) {
-	oscInfraCluster, oscInfraClusterKey := deployOscInfraCluster(ctx, infraClusterSpec, "cluster-api-test", "default")
-	capoCluster, capoClusterKey := deployCapoCluster(ctx, "cluster-api-test", "default")
+	uid := uuid.New().String()[:8]
+	clusterName := fmt.Sprintf("cluster-api-test-%s", uid)
+	oscInfraCluster, oscInfraClusterKey := deployOscInfraCluster(ctx, infraClusterSpec, clusterName, "default")
+	capoCluster, capoClusterKey := deployCapoCluster(ctx, clusterName, "default")
 	waitOscInfraClusterToBeReady(ctx, oscInfraClusterKey)
 	waitOscClusterToProvision(ctx, capoClusterKey)
 	clusterScope, err := getClusterScope(ctx, capoClusterKey, oscInfraClusterKey)
 	Expect(err).ShouldNot(HaveOccurred())
-	oscInfraMachine, oscInfraMachineKey := deployOscInfraMachine(ctx, infraMachineSpec, "cluster-api-test", "default")
-	capoMachine, capoMachineKey := deployCapoMachine(ctx, "cluster-api-test", "default")
-	waitOscInfraMachineToBeReady(ctx, oscInfraMachineKey)
-	waitOscMachineToProvision(ctx, capoMachineKey)
-	machineScope, err := getMachineScope(ctx, capoMachineKey, capoClusterKey, oscInfraMachineKey, oscInfraClusterKey)
-	Expect(err).ShouldNot(HaveOccurred())
+
+	By("Ensuring network components are provisioned")
 	checkOscNetToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscSubnetToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscInternetServiceToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscNatServiceToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscPublicIpToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscRouteTableToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscRouteToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
+
+	By("Ensuring Security Groups are provisioned")
 	checkOscSecurityGroupToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscSecurityGroupRuleToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
+
+	oscInfraMachine, oscInfraMachineKey := deployOscInfraMachine(ctx, infraMachineSpec, clusterName, "default")
+	capoMachine, capoMachineKey := deployCapoMachine(ctx, clusterName, "default")
+	waitOscInfraMachineToBeReady(ctx, oscInfraMachineKey)
+	waitOscMachineToProvision(ctx, capoMachineKey)
+	machineScope, err := getMachineScope(ctx, capoMachineKey, capoClusterKey, oscInfraMachineKey, oscInfraClusterKey)
+	Expect(err).ShouldNot(HaveOccurred())
+
 	checkOscLoadBalancerToBeProvisioned(ctx, oscInfraClusterKey, clusterScope)
 	checkOscVmToBeProvisioned(ctx, oscInfraMachineKey, clusterScope, machineScope)
 	WaitControlPlaneDnsNameRegister(clusterScope)
 	WaitControlPlaneEndpointUp(clusterScope)
+
 	By("Delete machine")
 	deleteObj(ctx, oscInfraMachine, oscInfraMachineKey, "oscInfraMachine", "default")
 	deletePatchMachineObj(ctx, capoMachine, capoMachineKey, "capoMachine", "default")
+
 	By("Delete cluster")
 	deleteObj(ctx, oscInfraCluster, oscInfraClusterKey, "oscInfraCluster", "default")
 	deleteObj(ctx, capoCluster, capoClusterKey, "capoCluster", "default")
@@ -583,62 +605,90 @@ func checkOscRouteToBeProvisioned(ctx context.Context, oscInfraClusterKey client
 	}, 5*time.Minute, 1*time.Second).Should(BeNil())
 }
 
-// checkOscSecurityGroupToBeProvisioned will validate that OscSecurityGroup is provisionned
+// checkOscSecurityGroupToBeProvisioned will validate that OscSecurityGroup is provisioned
 func checkOscSecurityGroupToBeProvisioned(ctx context.Context, oscInfraClusterKey client.ObjectKey, clusterScope *scope.ClusterScope) {
 	By("Check OscSecurityGroup is provisioned")
 	Eventually(func() error {
+		// Fetch the NetId and Security Group Service
 		netSpec := clusterScope.GetNet()
 		netId := netSpec.ResourceId
 		securitysvc := security.NewService(ctx, clusterScope)
+
+		// Get Security Groups Spec and IDs
 		securityGroupsSpec := clusterScope.GetSecurityGroups()
 		securityGroupIds, err := securitysvc.GetSecurityGroupIdsFromNetIds(netId)
-		fmt.Fprintf(GinkgoWriter, "Check SecurityGroupIds received %v \n", securityGroupIds)
 		if err != nil {
-			return err
+			return fmt.Errorf("failed to retrieve security group IDs: %w", err)
 		}
+
+		// Populate the ResourceMap if it's empty
+		securityGroupsRef := clusterScope.GetSecurityGroupsRef()
+		if len(securityGroupsRef.ResourceMap) == 0 {
+			for _, securityGroupSpec := range securityGroupsSpec {
+				if controllers.Contains(securityGroupIds, securityGroupSpec.ResourceId) {
+					securityGroupsRef.ResourceMap[securityGroupSpec.Name] = securityGroupSpec.ResourceId
+					fmt.Fprintf(GinkgoWriter, "Populated SecurityGroup ResourceMap for %s\n", securityGroupSpec.Name)
+				} else {
+					return fmt.Errorf("security group %s not found in retrieved IDs", securityGroupSpec.Name)
+				}
+			}
+		}
+
+		// Validate that all security groups exist
 		for _, securityGroupSpec := range securityGroupsSpec {
 			securityGroupId := securityGroupSpec.ResourceId
-			fmt.Fprintf(GinkgoWriter, "Check SecurityGroupId %s\n", securityGroupId)
 			if !controllers.Contains(securityGroupIds, securityGroupId) {
-				return fmt.Errorf("SecurityGroupId %s does not exist", securityGroupId)
+				return fmt.Errorf("security group %s with ID %s does not exist", securityGroupSpec.Name, securityGroupId)
 			}
 		}
-		fmt.Fprintf(GinkgoWriter, "Found OscSecurityGroup \n")
-		return nil
 
+		fmt.Fprintf(GinkgoWriter, "Found OscSecurityGroup and populated ResourceMap\n")
+		return nil
 	}, 5*time.Minute, 1*time.Second).Should(BeNil())
 }
 
+
 // checkOscSecurityGroupRuleToBeProvisioned will validate that OscSecurityGroupRule is provisionned
 func checkOscSecurityGroupRuleToBeProvisioned(ctx context.Context, oscInfraClusterKey client.ObjectKey, clusterScope *scope.ClusterScope) {
-	By("Check OscSecurityGroupRule is provisioned")
+	By("Check OscSecurityGroupRules are provisioned")
 	Eventually(func() error {
 		securitysvc := security.NewService(ctx, clusterScope)
+
+		// Get Security Groups Reference
+		securityGroupsRef := clusterScope.GetSecurityGroupsRef()
+		if len(securityGroupsRef.ResourceMap) == 0 {
+			return fmt.Errorf("securityGroupsRef.ResourceMap is empty, security groups should be reconciled first")
+		}
+
+		// Validate SecurityGroup Rules
 		securityGroupsSpec := clusterScope.GetSecurityGroups()
 		for _, securityGroupSpec := range securityGroupsSpec {
-			securityGroupId := securityGroupSpec.ResourceId
-			fmt.Fprintf(GinkgoWriter, "Check SecurityGroupId %s\n", securityGroupId)
+			securityGroupId, exists := securityGroupsRef.ResourceMap[securityGroupSpec.Name]
+			if !exists {
+				return fmt.Errorf("security group %s not found in ResourceMap", securityGroupSpec.Name)
+			}
+
 			securityGroupRulesSpec := clusterScope.GetSecurityGroupRule(securityGroupSpec.Name)
 			for _, securityGroupRuleSpec := range *securityGroupRulesSpec {
-				securityGroupRuleName := securityGroupRuleSpec.Name + "-" + clusterScope.GetUID()
-				fmt.Fprintf(GinkgoWriter, "Check SecurityGroupRule %s does exist \n", securityGroupRuleName)
+				ruleName := fmt.Sprintf("%s-%s", securityGroupRuleSpec.Name, clusterScope.GetUID())
+				fmt.Fprintf(GinkgoWriter, "Checking rule %s for security group %s\n", ruleName, securityGroupId)
+
+				// Validate Rule exists
 				Flow := securityGroupRuleSpec.Flow
 				IpProtocol := securityGroupRuleSpec.IpProtocol
 				IpRange := securityGroupRuleSpec.IpRange
 				FromPortRange := securityGroupRuleSpec.FromPortRange
 				ToPortRange := securityGroupRuleSpec.ToPortRange
-				securityGroupFromSecurityGroupRule, err := securitysvc.GetSecurityGroupFromSecurityGroupRule(securityGroupId, Flow, IpProtocol, IpRange, "", FromPortRange, ToPortRange)
+
+				_, err := securitysvc.GetSecurityGroupFromSecurityGroupRule(
+					securityGroupId, Flow, IpProtocol, IpRange, "", FromPortRange, ToPortRange,
+				)
 				if err != nil {
-					return err
+					return fmt.Errorf("failed to validate rule %s for security group %s: %w", ruleName, securityGroupId, err)
 				}
-				fmt.Fprintf(GinkgoWriter, "Check SecurityGroupId received %s\n", securityGroupFromSecurityGroupRule.GetSecurityGroupId())
-				if securityGroupId != securityGroupFromSecurityGroupRule.GetSecurityGroupId() {
-					return fmt.Errorf("SecurityGroupRule %s does not exist", securityGroupRuleName)
-				}
-
 			}
 		}
-		fmt.Fprintf(GinkgoWriter, "Found OscSecurityGroupRule \n")
+		fmt.Fprintf(GinkgoWriter, "All security group rules are provisioned\n")
 		return nil
 	}, 5*time.Minute, 1*time.Second).Should(BeNil())
 }