Skip to content

Commit

Permalink
🚀 compare then update sec group rule
Browse files Browse the repository at this point in the history
  • Loading branch information
anngdinh committed Apr 11, 2024
1 parent d68d108 commit e4d55ab
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 23 deletions.
20 changes: 11 additions & 9 deletions pkg/ingress/controller/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -1428,19 +1428,21 @@ func (c *Controller) ensureSecurityGroups(oldInspect, inspect *Expander) error {
klog.Errorln("error when list security group rules", err)
return err
}
for _, rule := range secgroupRules {
if rule.Direction == string(secgroup_rule.CreateOptsDirectionOptIngress) {
err := vngcloudutil.DeleteSecurityGroupRule(c.vServerSC, c.getProjectID(), defaultSecgroup.UUID, rule.UUID)
if err != nil {
klog.Errorln("error when delete security group rule", err)
return err
}
}
}

for _, rule := range inspect.SecGroupRuleExpander {
rule.CreateOpts.SecurityGroupID = defaultSecgroup.UUID
rule.CreateOpts.RemoteIPPrefix = inspect.AllowCIDR
}

needDelete, needCreate := vngcloudutil.CompareSecgroupRule(secgroupRules, inspect.SecGroupRuleExpander)
for _, ruleID := range needDelete {
err := vngcloudutil.DeleteSecurityGroupRule(c.vServerSC, c.getProjectID(), defaultSecgroup.UUID, ruleID)
if err != nil {
klog.Errorln("error when delete security group rule", err)
return err
}
}
for _, rule := range needCreate {
_, err := vngcloudutil.CreateSecurityGroupRule(c.vServerSC, c.getProjectID(), defaultSecgroup.UUID, &rule.CreateOpts)
if err != nil {
klog.Errorln("error when create security group rule", err)
Expand Down
6 changes: 2 additions & 4 deletions pkg/utils/vngcloud/loadbalancer_listener.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
)

func CreateListener(client *client.ServiceClient, projectID string, lbID string, opt *listener.CreateOpts) (*lObjects.Listener, error) {
klog.V(5).Infoln("[API] CreateListener: ", "lbID: ", lbID)
klog.V(5).Infoln("[API] CreateListener: ", "lbID: ", lbID, opt.ListenerName, opt.DefaultPoolId, opt.ListenerProtocol, opt.AllowedCidrs, opt.ListenerProtocolPort, opt.TimeoutClient, opt.TimeoutConnection, opt.TimeoutMember, opt.CertificateAuthorities, opt.ClientCertificate, opt.DefaultCertificateAuthority)
opt.ProjectID = projectID
opt.LoadBalancerID = lbID

Expand All @@ -25,17 +25,15 @@ func CreateListener(client *client.ServiceClient, projectID string, lbID string,
break
}
}
klog.V(5).Infoln("[API] CreateListener: ", "resp: ", resp, "err: ", err)
return resp, err
}

func ListListenerOfLB(client *client.ServiceClient, projectID string, lbID string) ([]*lObjects.Listener, error) {
// klog.V(5).Infoln("[API] ListListenerOfLB: ", "lbID: ", lbID)
klog.V(5).Infoln("[API] ListListenerOfLB: ", "lbID: ", lbID)
opt := &listener.GetBasedLoadBalancerOpts{}
opt.ProjectID = projectID
opt.LoadBalancerID = lbID
resp, err := listener.GetBasedLoadBalancer(client, opt)
// klog.V(5).Infoln("[API] ListListenerOfLB: ", "resp: ", resp, "err: ", err)
return resp, err
}

Expand Down
45 changes: 45 additions & 0 deletions pkg/utils/vngcloud/security_group_rule.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
package vngcloud

import (
"strings"

"github.com/vngcloud/cloud-provider-vngcloud/pkg/utils"
"github.com/vngcloud/vngcloud-go-sdk/client"
"github.com/vngcloud/vngcloud-go-sdk/vngcloud/objects"
"github.com/vngcloud/vngcloud-go-sdk/vngcloud/services/network/v2/extensions/secgroup_rule"
Expand Down Expand Up @@ -29,3 +32,45 @@ func ListSecurityGroupRules(client *client.ServiceClient, projectID, secgroupID
resp, err := secgroup_rule.ListRulesBySecgroupID(client, opt)
return resp, err
}

func CompareSecgroupRule(current []*objects.SecgroupRule, secgroupRules []*utils.SecGroupRuleExpander) ([]string, []*utils.SecGroupRuleExpander) {
currentIngress := make([]*objects.SecgroupRule, 0)
for _, rule := range current {
if strings.EqualFold(string(rule.Direction), string(secgroup_rule.CreateOptsDirectionOptIngress)) {
currentIngress = append(currentIngress, rule)
}
}

needDelete := make([]string, 0)
needCreate := make([]*utils.SecGroupRuleExpander, 0)

isInUse := make(map[string]bool)
for _, rule := range currentIngress {
isInUse[rule.UUID] = false
}
for _, rule := range secgroupRules {
found := false
for _, secgroup := range currentIngress {
if rule.Description == secgroup.Description &&
strings.EqualFold(string(rule.Direction), secgroup.Direction) &&
strings.EqualFold(string(rule.EtherType), secgroup.EtherType) &&
rule.PortRangeMax == secgroup.PortRangeMax &&
rule.PortRangeMin == secgroup.PortRangeMin &&
strings.EqualFold(string(rule.Protocol), secgroup.Protocol) &&
rule.RemoteIPPrefix == secgroup.RemoteIPPrefix {
found = true
isInUse[secgroup.UUID] = true
break
}
}
if !found {
needCreate = append(needCreate, rule)
}
}
for _, rule := range currentIngress {
if !isInUse[rule.UUID] {
needDelete = append(needDelete, rule.UUID)
}
}
return needDelete, needCreate
}
21 changes: 11 additions & 10 deletions pkg/vngcloud/vlb.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import (
"github.com/vngcloud/vngcloud-go-sdk/vngcloud/services/loadbalancer/v2/listener"
"github.com/vngcloud/vngcloud-go-sdk/vngcloud/services/loadbalancer/v2/loadbalancer"
"github.com/vngcloud/vngcloud-go-sdk/vngcloud/services/loadbalancer/v2/pool"
"github.com/vngcloud/vngcloud-go-sdk/vngcloud/services/network/v2/extensions/secgroup_rule"
lCoreV1 "k8s.io/api/core/v1"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/apimachinery/pkg/util/wait"
Expand Down Expand Up @@ -856,19 +855,21 @@ func (s *vLB) ensureSecurityGroups(oldInspect, inspect *Expander) error {
klog.Errorln("error when list security group rules", err)
return err
}
for _, rule := range secgroupRules {
if rule.Direction == string(secgroup_rule.CreateOptsDirectionOptIngress) {
err := vngcloudutil.DeleteSecurityGroupRule(s.vServerSC, s.getProjectID(), defaultSecgroup.UUID, rule.UUID)
if err != nil {
klog.Errorln("error when delete security group rule", err)
return err
}
}
}

for _, rule := range inspect.SecGroupRuleExpander {
rule.CreateOpts.SecurityGroupID = defaultSecgroup.UUID
rule.CreateOpts.RemoteIPPrefix = inspect.AllowCIDR
}

needDelete, needCreate := vngcloudutil.CompareSecgroupRule(secgroupRules, inspect.SecGroupRuleExpander)
for _, ruleID := range needDelete {
err := vngcloudutil.DeleteSecurityGroupRule(s.vServerSC, s.getProjectID(), defaultSecgroup.UUID, ruleID)
if err != nil {
klog.Errorln("error when delete security group rule", err)
return err
}
}
for _, rule := range needCreate {
_, err := vngcloudutil.CreateSecurityGroupRule(s.vServerSC, s.getProjectID(), defaultSecgroup.UUID, &rule.CreateOpts)
if err != nil {
klog.Errorln("error when create security group rule", err)
Expand Down

0 comments on commit e4d55ab

Please sign in to comment.