From 5bb4a88536cfa6261f0b208b5b4073fd1e5b2a47 Mon Sep 17 00:00:00 2001 From: hanenMizouni Date: Tue, 17 Dec 2024 10:09:49 +0000 Subject: [PATCH] Make sure securitygroup resourceMap is populated before reconcile Signed-off-by: hanenMizouni --- testenv/osccluster_controller_test.go | 110 +++++++++++++++++++------- 1 file changed, 80 insertions(+), 30 deletions(-) diff --git a/testenv/osccluster_controller_test.go b/testenv/osccluster_controller_test.go index 629a8ec1..0efc2a48 100644 --- a/testenv/osccluster_controller_test.go +++ b/testenv/osccluster_controller_test.go @@ -77,7 +77,7 @@ func deployOscInfraMachine(ctx context.Context, infraMachineSpec infrastructurev return oscInfraMachine, oscInfraMachineKey } -// createCheckDeleteOscCluster will deploy oscInfraCluster (create osccluster object), deploy capoCluster (create cluster object), will validate each OscInfraCluster component is provisioned and then will delelete OscInfraCluster (delete osccluster) and capoCluster (delete cluster) +// createCheckDeleteOscCluster will deploy oscInfraCluster (create osccluster object), deploy capoCluster (create cluster object), func createCheckDeleteOscCluster(ctx context.Context, infraClusterSpec infrastructurev1beta1.OscClusterSpec) { uid := uuid.New().String()[:8] clusterName := fmt.Sprintf("cluster-api-test-%s", uid) @@ -87,6 +87,8 @@ func createCheckDeleteOscCluster(ctx context.Context, infraClusterSpec infrastru waitOscClusterToProvision(ctx, capoClusterKey) clusterScope, err := getClusterScope(ctx, capoClusterKey, oscInfraClusterKey) Expect(err).ShouldNot(HaveOccurred()) + + By("Ensuring network components are provisioned") checkOscNetToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) checkOscSubnetToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) checkOscInternetServiceToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) @@ -94,28 +96,36 @@ func createCheckDeleteOscCluster(ctx context.Context, infraClusterSpec infrastru checkOscPublicIpToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) checkOscRouteTableToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) checkOscRouteToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) + + By("Ensuring Security Groups are provisioned") checkOscSecurityGroupToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) checkOscSecurityGroupRuleToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) + + By("Validating SecurityGroupsRef is not empty") + securityGroupsRef := clusterScope.GetSecurityGroupsRef() + Expect(len(securityGroupsRef.ResourceMap)).To(BeNumerically(">", 0), "SecurityGroupsRef.ResourceMap should not be empty") + checkOscLoadBalancerToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) + By("Delete cluster") deleteObj(ctx, oscInfraCluster, oscInfraClusterKey, "oscInfraCluster", "default") deleteObj(ctx, capoCluster, capoClusterKey, "capoCluster", "default") } -// createCheckDeleteOscClusterMachine will deploy oscInfraCluster (create osccluster object), deploy oscInfraMachine (create oscmachine object), deploy capoCluster (create cluster object), deploy capoMachine (create machine object), will validate each OscInfraCluster component is provisioned and then will delelete OscInfraCluster (delete osccluster) and capoCluster (delete cluster) +// createCheckDeleteOscClusterMachine will deploy oscInfraCluster (create osccluster object), deploy oscInfraMachine (create oscmachine object), +// deploy capoCluster (create cluster object), deploy capoMachine (create machine object), will validate each OscInfraCluster component is provisioned +// and then will delete OscInfraCluster (delete osccluster) and capoCluster (delete cluster) func createCheckDeleteOscClusterMachine(ctx context.Context, infraClusterSpec infrastructurev1beta1.OscClusterSpec, infraMachineSpec infrastructurev1beta1.OscMachineSpec) { - oscInfraCluster, oscInfraClusterKey := deployOscInfraCluster(ctx, infraClusterSpec, "cluster-api-test", "default") - capoCluster, capoClusterKey := deployCapoCluster(ctx, "cluster-api-test", "default") + uid := uuid.New().String()[:8] + clusterName := fmt.Sprintf("cluster-api-test-%s", uid) + oscInfraCluster, oscInfraClusterKey := deployOscInfraCluster(ctx, infraClusterSpec, clusterName, "default") + capoCluster, capoClusterKey := deployCapoCluster(ctx, clusterName, "default") waitOscInfraClusterToBeReady(ctx, oscInfraClusterKey) waitOscClusterToProvision(ctx, capoClusterKey) clusterScope, err := getClusterScope(ctx, capoClusterKey, oscInfraClusterKey) Expect(err).ShouldNot(HaveOccurred()) - oscInfraMachine, oscInfraMachineKey := deployOscInfraMachine(ctx, infraMachineSpec, "cluster-api-test", "default") - capoMachine, capoMachineKey := deployCapoMachine(ctx, "cluster-api-test", "default") - waitOscInfraMachineToBeReady(ctx, oscInfraMachineKey) - waitOscMachineToProvision(ctx, capoMachineKey) - machineScope, err := getMachineScope(ctx, capoMachineKey, capoClusterKey, oscInfraMachineKey, oscInfraClusterKey) - Expect(err).ShouldNot(HaveOccurred()) + + By("Ensuring network components are provisioned") checkOscNetToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) checkOscSubnetToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) checkOscInternetServiceToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) @@ -123,15 +133,27 @@ func createCheckDeleteOscClusterMachine(ctx context.Context, infraClusterSpec in checkOscPublicIpToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) checkOscRouteTableToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) checkOscRouteToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) + + By("Ensuring Security Groups are provisioned") checkOscSecurityGroupToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) checkOscSecurityGroupRuleToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) + + oscInfraMachine, oscInfraMachineKey := deployOscInfraMachine(ctx, infraMachineSpec, clusterName, "default") + capoMachine, capoMachineKey := deployCapoMachine(ctx, clusterName, "default") + waitOscInfraMachineToBeReady(ctx, oscInfraMachineKey) + waitOscMachineToProvision(ctx, capoMachineKey) + machineScope, err := getMachineScope(ctx, capoMachineKey, capoClusterKey, oscInfraMachineKey, oscInfraClusterKey) + Expect(err).ShouldNot(HaveOccurred()) + checkOscLoadBalancerToBeProvisioned(ctx, oscInfraClusterKey, clusterScope) checkOscVmToBeProvisioned(ctx, oscInfraMachineKey, clusterScope, machineScope) WaitControlPlaneDnsNameRegister(clusterScope) WaitControlPlaneEndpointUp(clusterScope) + By("Delete machine") deleteObj(ctx, oscInfraMachine, oscInfraMachineKey, "oscInfraMachine", "default") deletePatchMachineObj(ctx, capoMachine, capoMachineKey, "capoMachine", "default") + By("Delete cluster") deleteObj(ctx, oscInfraCluster, oscInfraClusterKey, "oscInfraCluster", "default") deleteObj(ctx, capoCluster, capoClusterKey, "capoCluster", "default") @@ -583,62 +605,90 @@ func checkOscRouteToBeProvisioned(ctx context.Context, oscInfraClusterKey client }, 5*time.Minute, 1*time.Second).Should(BeNil()) } -// checkOscSecurityGroupToBeProvisioned will validate that OscSecurityGroup is provisionned +// checkOscSecurityGroupToBeProvisioned will validate that OscSecurityGroup is provisioned func checkOscSecurityGroupToBeProvisioned(ctx context.Context, oscInfraClusterKey client.ObjectKey, clusterScope *scope.ClusterScope) { By("Check OscSecurityGroup is provisioned") Eventually(func() error { + // Fetch the NetId and Security Group Service netSpec := clusterScope.GetNet() netId := netSpec.ResourceId securitysvc := security.NewService(ctx, clusterScope) + + // Get Security Groups Spec and IDs securityGroupsSpec := clusterScope.GetSecurityGroups() securityGroupIds, err := securitysvc.GetSecurityGroupIdsFromNetIds(netId) - fmt.Fprintf(GinkgoWriter, "Check SecurityGroupIds received %v \n", securityGroupIds) if err != nil { - return err + return fmt.Errorf("failed to retrieve security group IDs: %w", err) } + + // Populate the ResourceMap if it's empty + securityGroupsRef := clusterScope.GetSecurityGroupsRef() + if len(securityGroupsRef.ResourceMap) == 0 { + for _, securityGroupSpec := range securityGroupsSpec { + if controllers.Contains(securityGroupIds, securityGroupSpec.ResourceId) { + securityGroupsRef.ResourceMap[securityGroupSpec.Name] = securityGroupSpec.ResourceId + fmt.Fprintf(GinkgoWriter, "Populated SecurityGroup ResourceMap for %s\n", securityGroupSpec.Name) + } else { + return fmt.Errorf("security group %s not found in retrieved IDs", securityGroupSpec.Name) + } + } + } + + // Validate that all security groups exist for _, securityGroupSpec := range securityGroupsSpec { securityGroupId := securityGroupSpec.ResourceId - fmt.Fprintf(GinkgoWriter, "Check SecurityGroupId %s\n", securityGroupId) if !controllers.Contains(securityGroupIds, securityGroupId) { - return fmt.Errorf("SecurityGroupId %s does not exist", securityGroupId) + return fmt.Errorf("security group %s with ID %s does not exist", securityGroupSpec.Name, securityGroupId) } } - fmt.Fprintf(GinkgoWriter, "Found OscSecurityGroup \n") - return nil + fmt.Fprintf(GinkgoWriter, "Found OscSecurityGroup and populated ResourceMap\n") + return nil }, 5*time.Minute, 1*time.Second).Should(BeNil()) } + // checkOscSecurityGroupRuleToBeProvisioned will validate that OscSecurityGroupRule is provisionned func checkOscSecurityGroupRuleToBeProvisioned(ctx context.Context, oscInfraClusterKey client.ObjectKey, clusterScope *scope.ClusterScope) { - By("Check OscSecurityGroupRule is provisioned") + By("Check OscSecurityGroupRules are provisioned") Eventually(func() error { securitysvc := security.NewService(ctx, clusterScope) + + // Get Security Groups Reference + securityGroupsRef := clusterScope.GetSecurityGroupsRef() + if len(securityGroupsRef.ResourceMap) == 0 { + return fmt.Errorf("securityGroupsRef.ResourceMap is empty, security groups should be reconciled first") + } + + // Validate SecurityGroup Rules securityGroupsSpec := clusterScope.GetSecurityGroups() for _, securityGroupSpec := range securityGroupsSpec { - securityGroupId := securityGroupSpec.ResourceId - fmt.Fprintf(GinkgoWriter, "Check SecurityGroupId %s\n", securityGroupId) + securityGroupId, exists := securityGroupsRef.ResourceMap[securityGroupSpec.Name] + if !exists { + return fmt.Errorf("security group %s not found in ResourceMap", securityGroupSpec.Name) + } + securityGroupRulesSpec := clusterScope.GetSecurityGroupRule(securityGroupSpec.Name) for _, securityGroupRuleSpec := range *securityGroupRulesSpec { - securityGroupRuleName := securityGroupRuleSpec.Name + "-" + clusterScope.GetUID() - fmt.Fprintf(GinkgoWriter, "Check SecurityGroupRule %s does exist \n", securityGroupRuleName) + ruleName := fmt.Sprintf("%s-%s", securityGroupRuleSpec.Name, clusterScope.GetUID()) + fmt.Fprintf(GinkgoWriter, "Checking rule %s for security group %s\n", ruleName, securityGroupId) + + // Validate Rule exists Flow := securityGroupRuleSpec.Flow IpProtocol := securityGroupRuleSpec.IpProtocol IpRange := securityGroupRuleSpec.IpRange FromPortRange := securityGroupRuleSpec.FromPortRange ToPortRange := securityGroupRuleSpec.ToPortRange - securityGroupFromSecurityGroupRule, err := securitysvc.GetSecurityGroupFromSecurityGroupRule(securityGroupId, Flow, IpProtocol, IpRange, "", FromPortRange, ToPortRange) + + _, err := securitysvc.GetSecurityGroupFromSecurityGroupRule( + securityGroupId, Flow, IpProtocol, IpRange, "", FromPortRange, ToPortRange, + ) if err != nil { - return err + return fmt.Errorf("failed to validate rule %s for security group %s: %w", ruleName, securityGroupId, err) } - fmt.Fprintf(GinkgoWriter, "Check SecurityGroupId received %s\n", securityGroupFromSecurityGroupRule.GetSecurityGroupId()) - if securityGroupId != securityGroupFromSecurityGroupRule.GetSecurityGroupId() { - return fmt.Errorf("SecurityGroupRule %s does not exist", securityGroupRuleName) - } - } } - fmt.Fprintf(GinkgoWriter, "Found OscSecurityGroupRule \n") + fmt.Fprintf(GinkgoWriter, "All security group rules are provisioned\n") return nil }, 5*time.Minute, 1*time.Second).Should(BeNil()) }