Provide SecurityGroups attachment to machines

Automatically attach created security groups
to machines if managedSecurityGroups is true
in clusterSpec.providerSpec.

Change-Id: I634c0d7a461874c5cb164cd19792885ccfc95770

pkg/cloud/openstack/clients/machineservice.go

@@ -275,7 +275,7 @@ func CreatePort(is *InstanceService, name string, net ServerNetwork, securityGro
 	return *newPort, nil
 }
 
-func (is *InstanceService) InstanceCreate(clusterName string, name string, config *openstackconfigv1.OpenstackProviderSpec, cmd string, keyName string) (instance *Instance, err error) {
+func (is *InstanceService) InstanceCreate(cluster *clusterv1.Cluster, machine *clusterv1.Machine, config *openstackconfigv1.OpenstackProviderSpec, cmd string, keyName string) (instance *Instance, err error) {
 	if config == nil {
 		return nil, fmt.Errorf("create Options need be specified to create instace")
 	}
@@ -290,7 +290,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, confi
 	}
 	clusterTags := []string{
 		"cluster-api-provider-openstack",
-		clusterName,
+		fmt.Sprintf("%s/%s", cluster.ObjectMeta.Namespace, cluster.Name),
 	}
 	// Get all network UUIDs
 	var nets []ServerNetwork
@@ -327,12 +327,18 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, confi
 	}
 	userData := base64.StdEncoding.EncodeToString([]byte(cmd))
 	var ports_list []servers.Network
+
+	securityGroups, err := getSecurityGroups(is, cluster, machine, config)
+	if err != nil {
+		return nil, fmt.Errorf("failed to load securityGroups from cluster status: %v", err)
+	}
+
 	for _, net := range nets {
 		if net.networkID == "" {
 			return nil, fmt.Errorf("No network was found or provided. Please check your machine configuration and try again")
 		}
 		allPages, err := ports.List(is.networkClient, ports.ListOpts{
-			Name:      name,
+			Name:      machine.Name,
 			NetworkID: net.networkID,
 		}).AllPages()
 		if err != nil {
@@ -345,7 +351,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, confi
 		var port ports.Port
 		if len(portList) == 0 {
 			// create server port
-			port, err = CreatePort(is, name, net, &config.SecurityGroups)
+			port, err = CreatePort(is, machine.Name, net, &securityGroups)
 			if err != nil {
 				return nil, fmt.Errorf("Failed to create port err: %v", err)
 			}
@@ -364,7 +370,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, confi
 
 		if config.Trunk == true {
 			allPages, err := trunks.List(is.networkClient, trunks.ListOpts{
-				Name:   name,
+				Name:   machine.Name,
 				PortID: port.ID,
 			}).AllPages()
 			if err != nil {
@@ -378,7 +384,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, confi
 			if len(trunkList) == 0 {
 				// create trunk with the previous port as parent
 				trunkCreateOpts := trunks.CreateOpts{
-					Name:   name,
+					Name:   machine.Name,
 					PortID: port.ID,
 				}
 				newTrunk, err := trunks.Create(is.networkClient, trunkCreateOpts).Extract()
@@ -399,13 +405,13 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, confi
 	}
 
 	serverCreateOpts := servers.CreateOpts{
-		Name:             name,
+		Name:             machine.Name,
 		ImageName:        config.Image,
 		FlavorName:       config.Flavor,
 		AvailabilityZone: config.AvailabilityZone,
 		Networks:         ports_list,
 		UserData:         []byte(userData),
-		SecurityGroups:   config.SecurityGroups,
+		SecurityGroups:   securityGroups,
 		ServiceClient:    is.computeClient,
 	}
 	server, err := servers.Create(is.computeClient, keypairs.CreateOptsExt{
@@ -418,6 +424,37 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, confi
 	return serverToInstance(server), nil
 }
 
+func getSecurityGroups(is *InstanceService, cluster *clusterv1.Cluster, machine *clusterv1.Machine, config *openstackconfigv1.OpenstackProviderSpec) ([]string, error) {
+	clusterName := fmt.Sprintf("%s/%s", cluster.ObjectMeta.Namespace, cluster.Name)
+
+	secGroupService, err := NewSecGroupService(is.networkClient)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create security group service: %v", err)
+	}
+	clusterStatus, err := openstackconfigv1.ClusterStatusFromProviderStatus(cluster.Status.ProviderStatus)
+	if err != nil {
+		return nil, fmt.Errorf("failed to load cluster provider status: %v", err)
+	}
+
+	clusterSpec, err := openstackconfigv1.ClusterSpecFromProviderSpec(cluster.Spec.ProviderSpec)
+	if err != nil {
+		return nil, fmt.Errorf("failed to load cluster provider spec: %v", err)
+	}
+
+	err = secGroupService.Reconcile(clusterName, *clusterSpec, clusterStatus)
+	if err != nil {
+		return nil, fmt.Errorf("failed to reconcile security groups: %v", err)
+	}
+
+	if clusterSpec.ManagedSecurityGroups {
+		if util.IsControlPlaneMachine(machine) {
+			return []string{clusterStatus.ControlPlaneSecurityGroup.ID, clusterStatus.GlobalSecurityGroup.ID}, nil
+		}
+		return []string{clusterStatus.GlobalSecurityGroup.ID}, nil
+	}
+	return config.SecurityGroups, nil
+}
+
 func (is *InstanceService) InstanceDelete(id string) error {
 	// get instance port id
 	allInterfaces, err := attachinterfaces.List(is.computeClient, id).AllPages()

pkg/cloud/openstack/machine/actuator.go

@@ -141,7 +141,7 @@ func (oc *OpenstackClient) Create(ctx context.Context, cluster *clusterv1.Cluste
 		}
 	}
 
-	instance, err = machineService.InstanceCreate(fmt.Sprintf("%s/%s", cluster.ObjectMeta.Namespace, cluster.Name), machine.Name, providerSpec, userDataRendered, providerSpec.KeyName)
+	instance, err = machineService.InstanceCreate(cluster, machine, providerSpec, userDataRendered, providerSpec.KeyName)
 	if err != nil {
 		return oc.handleMachineError(machine, apierrors.CreateMachine(
 			"error creating Openstack instance: %v", err))