Skip to content

Commit

Permalink
lint
Browse files Browse the repository at this point in the history
  • Loading branch information
AshleyDumaine committed Mar 5, 2024
1 parent 81d22c0 commit ae4438b
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 40 deletions.
81 changes: 52 additions & 29 deletions cloud/services/firewalls.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,14 @@ import (
"encoding/json"
"errors"
"fmt"
"github.com/linode/cluster-api-provider-linode/util"
"net/http"
"slices"

"github.com/go-logr/logr"
"github.com/linode/linodego"

infrav1alpha1 "github.com/linode/cluster-api-provider-linode/api/v1alpha1"
"github.com/linode/cluster-api-provider-linode/util"
)

const (
Expand Down Expand Up @@ -59,38 +59,18 @@ func HandleFirewall(

if len(linodeFWs) == 0 {
logger.Info(fmt.Sprintf("Creating firewall %s", firewall.Name))
linodeFW, err = createFirewall(ctx, linodeClient, fwConfig)
if err != nil {
logger.Info("Failed to create firewall", "error", err.Error())

if linodeFW, err = linodeClient.CreateFirewall(ctx, *fwConfig); err != nil {
logger.Info("Failed to create Linode Firewall", "error", err.Error())
// Already exists is not an error
apiErr := linodego.Error{}
if errors.As(err, &apiErr) && apiErr.Code != http.StatusFound {
return nil, err
}

if linodeFW != nil {
logger.Info(fmt.Sprintf("Linode Firewall %s already exists", firewall.Name))
}
return nil, err
}

} else {
logger.Info(fmt.Sprintf("Updating firewall %s", firewall.Name))

linodeFW = &linodeFWs[0]
if !slices.Contains(linodeFW.Tags, clusterUID) {
err := errors.New("firewall conflict")
logger.Error(err, fmt.Sprintf(
"Firewall %s is not associated with cluster UID %s. Owner cluster is %s",
firewall.Name,
clusterUID,
linodeFW.Tags[0],
))

return nil, err
}

if _, err := linodeClient.UpdateFirewallRules(ctx, linodeFW.ID, fwConfig.Rules); err != nil {
logger.Info("Failed to update Linode Firewall", "error", err.Error())
if err = updateFirewall(ctx, linodeClient, linodeFW, clusterUID, fwConfig); err != nil {
logger.Info("Failed to udpate firewall", "error", err.Error())

return nil, err
}
Expand Down Expand Up @@ -120,6 +100,47 @@ func HandleFirewall(
return linodeFW, nil
}

func createFirewall(
ctx context.Context,
linodeClient *linodego.Client,
fwConfig *linodego.FirewallCreateOptions,
) (linodeFW *linodego.Firewall, err error) {
if linodeFW, err = linodeClient.CreateFirewall(ctx, *fwConfig); err != nil {
// Already exists is not an error
apiErr := linodego.Error{}
if errors.As(err, &apiErr) && apiErr.Code != http.StatusFound {
return nil, err
}
}

return linodeFW, nil
}

func updateFirewall(
ctx context.Context,
linodeClient *linodego.Client,
linodeFW *linodego.Firewall,
clusterUID string,
fwConfig *linodego.FirewallCreateOptions,
) error {
if !slices.Contains(linodeFW.Tags, clusterUID) {
err := fmt.Errorf(
"firewall %s is not associated with cluster UID %s. Owner cluster is %s",
linodeFW.Label,
clusterUID,
linodeFW.Tags[0],
)

return err
}

if _, err := linodeClient.UpdateFirewallRules(ctx, linodeFW.ID, fwConfig.Rules); err != nil {
return err
}

return nil
}

// fetch Firewalls returns all Linode firewalls with a label matching the CAPL Firewall name
func fetchFirewalls(ctx context.Context, name string, linodeClient linodego.Client) (firewalls []linodego.Firewall, err error) {
var linodeFWs []linodego.Firewall
Expand All @@ -132,6 +153,7 @@ func fetchFirewalls(ctx context.Context, name string, linodeClient linodego.Clie
if linodeFWs, err = linodeClient.ListFirewalls(ctx, linodego.NewListOptions(1, string(rawFilter))); err != nil {
return nil, err
}

return linodeFWs, nil
}

Expand Down Expand Up @@ -163,15 +185,15 @@ func chunkIPs(ips []string) [][]string {
return chunks
}

// processACL builds out a Linode firewall configuration for a given CAPL Firewall object which can then
// be used to create or update a Linode firewall
//nolint:gocyclo,cyclop // As simple as possible.
func processACL(firewall *infrav1alpha1.LinodeFirewall, tags []string) (*linodego.FirewallCreateOptions, error) {
createOpts := &linodego.FirewallCreateOptions{
Label: firewall.Name,
Tags: tags,
}

// process inbound rules
//nolint:dupl // Code duplication is simplicity in this case.
for _, rule := range firewall.Spec.InboundRules {
var ruleIPv4s []string
var ruleIPv6s []string
Expand Down Expand Up @@ -228,6 +250,7 @@ func processACL(firewall *infrav1alpha1.LinodeFirewall, tags []string) (*linodeg
}

// process outbound rules
//nolint:dupl // Code duplication is simplicity in this case.
for _, rule := range firewall.Spec.OutboundRules {
var ruleIPv4s []string
var ruleIPv6s []string
Expand Down
21 changes: 10 additions & 11 deletions controller/linodecluster_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,35 +20,33 @@ import (
"context"
"errors"
"fmt"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"net/http"
"time"

apierrors "k8s.io/apimachinery/pkg/api/errors"
utilerrors "k8s.io/apimachinery/pkg/util/errors"

"github.com/go-logr/logr"
"github.com/linode/cluster-api-provider-linode/cloud/scope"
"github.com/linode/cluster-api-provider-linode/cloud/services"
"github.com/linode/cluster-api-provider-linode/util"
"github.com/linode/cluster-api-provider-linode/util/reconciler"
"github.com/linode/linodego"
corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
"k8s.io/client-go/tools/record"
clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
cerrs "sigs.k8s.io/cluster-api/errors"
kutil "sigs.k8s.io/cluster-api/util"
"sigs.k8s.io/cluster-api/util/annotations"
"sigs.k8s.io/cluster-api/util/conditions"
"sigs.k8s.io/cluster-api/util/predicates"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
"sigs.k8s.io/controller-runtime/pkg/handler"
"sigs.k8s.io/controller-runtime/pkg/source"

ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"

infrav1alpha1 "github.com/linode/cluster-api-provider-linode/api/v1alpha1"
"github.com/linode/cluster-api-provider-linode/cloud/scope"
"github.com/linode/cluster-api-provider-linode/cloud/services"
"github.com/linode/cluster-api-provider-linode/util"
"github.com/linode/cluster-api-provider-linode/util/reconciler"
)

// LinodeClusterReconciler reconciles a LinodeCluster object
Expand Down Expand Up @@ -203,6 +201,7 @@ func createControlPlaneFirewallSpec(clusterScope *scope.ClusterScope) *infrav1al
}
controlPlaneRules = append(controlPlaneRules, sshRule)
}

return &infrav1alpha1.LinodeFirewallSpec{
ClusterUID: string(linodeCluster.UID),
FirewallID: linodeCluster.Spec.ControlPlaneFirewall.FirewallID,
Expand Down

0 comments on commit ae4438b

Please sign in to comment.