Skip to content

Commit

Permalink
add checks in securitygroup controller to avoid panic
Browse files Browse the repository at this point in the history
Signed-off-by: hanenMizouni <[email protected]>
  • Loading branch information
outscale-hmi committed Dec 11, 2024
1 parent 948f1c4 commit 5d61a4f
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 12 deletions.
22 changes: 17 additions & 5 deletions controllers/osccluster_securitygroup_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -368,11 +368,18 @@ func reconcileDeleteSecurityGroupsRule(ctx context.Context, clusterScope *scope.
IpRange := securityGroupRuleSpec.IpRange
FromPortRange := securityGroupRuleSpec.FromPortRange
ToPortRange := securityGroupRuleSpec.ToPortRange
associateSecurityGroupId := securityGroupsRef.ResourceMap[securityGroupName]
targetSecurityGroupName := securityGroupRuleSpec.TargetSecurityGroupName
associateSecurityGroupId, exists := securityGroupsRef.ResourceMap[securityGroupName]
if !exists || associateSecurityGroupId == "" {
return reconcile.Result{}, fmt.Errorf("associateSecurityGroupId not found in ResourceMap for securityGroupName %s", securityGroupName)
}
targetSecurityGroupId := ""
if targetSecurityGroupName != "" {
targetSecurityGroupId = securityGroupsRef.ResourceMap[targetSecurityGroupName]
if targetSecurityGroupName := securityGroupRuleSpec.TargetSecurityGroupName; targetSecurityGroupName != "" {
if targetId, ok := securityGroupsRef.ResourceMap[targetSecurityGroupName]; ok && targetId != "" {
targetSecurityGroupId = targetId
} else {
clusterScope.V(2).Info("Target security group not found", "targetSecurityGroupName", targetSecurityGroupName)
return reconcile.Result{}, fmt.Errorf("target security group %s does not exist", targetSecurityGroupName)
}
}

clusterScope.V(4).Info("Check if the desired securityGroupRule exist", "securityGroupRuleName", securityGroupRuleName)
Expand All @@ -396,7 +403,9 @@ func reconcileDeleteSecurityGroupsRule(ctx context.Context, clusterScope *scope.
// ReconcileRoute reconcile the RouteTable and the Route of the cluster.
func reconcileDeleteSecurityGroup(ctx context.Context, clusterScope *scope.ClusterScope, securityGroupId string, securityGroupSvc security.OscSecurityGroupInterface) (reconcile.Result, error) {
securityGroupsRef := clusterScope.GetSecurityGroupsRef()

if securityGroupsRef == nil || securityGroupsRef.ResourceMap == nil {
return reconcile.Result{}, fmt.Errorf("securityGroupsRef or its ResourceMap is nil; ensure security groups are reconciled first")
}
clusterScope.V(4).Info("Check if the securityGroup exists", "securityGroupId", securityGroupId)
securityGroup, err := securityGroupSvc.GetSecurityGroup(securityGroupId)
if err != nil {
Expand Down Expand Up @@ -428,6 +437,9 @@ func reconcileDeleteSecurityGroups(ctx context.Context, clusterScope *scope.Clus
securityGroupsSpec = clusterScope.GetSecurityGroups()
}
securityGroupsRef := clusterScope.GetSecurityGroupsRef()
if securityGroupsRef == nil || securityGroupsRef.ResourceMap == nil {
return reconcile.Result{}, fmt.Errorf("securityGroupsRef or its ResourceMap is nil; ensure security groups are reconciled first")
}

netSpec := clusterScope.GetNet()
netSpec.SetDefaultValue()
Expand Down
6 changes: 6 additions & 0 deletions controllers/osccluster_securitygroup_controller_unit_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,12 @@ func defaultSecurityGroupSpec() infrastructurev1beta1.OscClusterSpec {
}
}

func missingTargetSecurityGroupSpec() infrastructurev1beta1.OscClusterSpec {
spec := defaultSecurityGroupSpec()
spec.Network.SecurityGroups[0].SecurityGroupRules[0].TargetSecurityGroupName = "test-securitygroup-target"
return spec
}

// SetupWithSecurityGroupMock set securityGroupMock with clusterScope and osccluster
func SetupWithSecurityGroupMock(t *testing.T, name string, spec infrastructurev1beta1.OscClusterSpec) (clusterScope *scope.ClusterScope, ctx context.Context, mockOscSecurityGroupInterface *mock_security.MockOscSecurityGroupInterface, mockOscTagInterface *mock_tag.MockOscTagInterface) {
clusterScope = Setup(t, name, spec)
Expand Down
14 changes: 7 additions & 7 deletions testenv/osccluster_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -869,12 +869,12 @@ var _ = Describe("Outscale Cluster Reconciler", func() {
ToPortRange: 6443,
},
{
Name: "cluster-api-securitygrouprule-http",
Flow: "Inbound",
IpProtocol: "tcp",
IpRange: "0.0.0.0/0",
FromPortRange: 80,
ToPortRange: 80,
Name: "cluster-api-securitygrouprule-http",
Flow: "Inbound",
IpProtocol: "tcp",
IpRange: "0.0.0.0/0",
FromPortRange: 80,
ToPortRange: 80,
TargetSecurityGroupName: "cluster-api-securitygroups",
},
{
Expand Down Expand Up @@ -1156,4 +1156,4 @@ var _ = Describe("Outscale Cluster Reconciler", func() {
createCheckDeleteOscClusterMachine(ctx, infraClusterSpec, infraMachineSpec)
})
})
})
})

0 comments on commit 5d61a4f

Please sign in to comment.