From 9f41732f3486ea6b980360af2cb5f58ab1b2240f Mon Sep 17 00:00:00 2001
From: eromanova <eromanova@mirantis.com>
Date: Wed, 13 Feb 2019 16:04:23 +0400
Subject: [PATCH] Provide SecurityGroups attachment to machines

Automatically attach created security groups
to machines if managedSecurityGroups is true
in clusterSpec.providerSpec.

Change-Id: I634c0d7a461874c5cb164cd19792885ccfc95770
---
 pkg/cloud/openstack/clients/machineservice.go | 48 +++++++++++++++----
 pkg/cloud/openstack/machine/actuator.go       |  3 +-
 2 files changed, 39 insertions(+), 12 deletions(-)

diff --git a/pkg/cloud/openstack/clients/machineservice.go b/pkg/cloud/openstack/clients/machineservice.go
index 8f414be163..2ea19e57f6 100644
--- a/pkg/cloud/openstack/clients/machineservice.go
+++ b/pkg/cloud/openstack/clients/machineservice.go
@@ -357,7 +357,35 @@ func isDuplicate(list []string, name string) bool {
 	return false
 }
 
-func GetSecurityGroups(is *InstanceService, sg_param []openstackconfigv1.SecurityGroupParam) ([]string, error) {
+func GetSecurityGroups(is *InstanceService, sg_param []openstackconfigv1.SecurityGroupParam, cluster *clusterv1.Cluster, machine *clusterv1.Machine) ([]string, error) {
+	clusterName := fmt.Sprintf("%s-%s", cluster.Namespace, cluster.Name)
+	secGroupService, err := NewSecGroupService(is.networkClient)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create security group service: %v", err)
+	}
+
+	clusterStatus, err := openstackconfigv1.ClusterStatusFromProviderStatus(cluster.Status.ProviderStatus)
+	if err != nil {
+		return nil, fmt.Errorf("failed to load cluster provider status: %v", err)
+	}
+
+	clusterSpec, err := openstackconfigv1.ClusterSpecFromProviderSpec(cluster.Spec.ProviderSpec)
+	if err != nil {
+		return nil, fmt.Errorf("failed to load cluster provider spec: %v", err)
+	}
+
+	err = secGroupService.Reconcile(clusterName, *clusterSpec, clusterStatus)
+	if err != nil {
+		return nil, fmt.Errorf("failed to reconcile security groups: %v", err)
+	}
+
+	if clusterSpec.ManagedSecurityGroups {
+		if util.IsControlPlaneMachine(machine) {
+			return []string{clusterStatus.ControlPlaneSecurityGroup.ID, clusterStatus.GlobalSecurityGroup.ID}, nil
+		}
+		return []string{clusterStatus.GlobalSecurityGroup.ID}, nil
+	}
+
 	var sgIDs []string
 	for _, sg := range sg_param {
 		listOpts := groups.ListOpts(sg.Filter)
@@ -414,7 +442,7 @@ func getImageID(is *InstanceService, imageName string) (string, error) {
 }
 
 // InstanceCreate creates a compute instance
-func (is *InstanceService) InstanceCreate(clusterName string, name string, clusterSpec *openstackconfigv1.OpenstackClusterProviderSpec, config *openstackconfigv1.OpenstackProviderSpec, cmd string, keyName string) (instance *Instance, err error) {
+func (is *InstanceService) InstanceCreate(cluster *clusterv1.Cluster, machine *clusterv1.Machine, clusterSpec *openstackconfigv1.OpenstackClusterProviderSpec, config *openstackconfigv1.OpenstackProviderSpec, cmd string, keyName string) (instance *Instance, err error) {
 	var createOpts servers.CreateOptsBuilder
 	if config == nil {
 		return nil, fmt.Errorf("create Options need be specified to create instace")
@@ -432,7 +460,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust
 	// Set default Tags
 	machineTags := []string{
 		"cluster-api-provider-openstack",
-		clusterName,
+		fmt.Sprintf("%s-%s", cluster.ObjectMeta.Namespace, cluster.Name),
 	}
 
 	// Append machine specific tags
@@ -442,7 +470,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust
 	machineTags = append(machineTags, clusterSpec.Tags...)
 
 	// Get security groups
-	securityGroups, err := GetSecurityGroups(is, config.SecurityGroups)
+	securityGroups, err := GetSecurityGroups(is, config.SecurityGroups, cluster, machine)
 	if err != nil {
 		return nil, err
 	}
@@ -486,7 +514,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust
 			return nil, fmt.Errorf("No network was found or provided. Please check your machine configuration and try again")
 		}
 		allPages, err := ports.List(is.networkClient, ports.ListOpts{
-			Name:      name,
+			Name:      machine.Name,
 			NetworkID: net.networkID,
 		}).AllPages()
 		if err != nil {
@@ -499,7 +527,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust
 		var port ports.Port
 		if len(portList) == 0 {
 			// create server port
-			port, err = CreatePort(is, name, net, &securityGroups)
+			port, err = CreatePort(is, machine.Name, net, &securityGroups)
 			if err != nil {
 				return nil, fmt.Errorf("Failed to create port err: %v", err)
 			}
@@ -518,7 +546,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust
 
 		if config.Trunk == true {
 			allPages, err := trunks.List(is.networkClient, trunks.ListOpts{
-				Name:   name,
+				Name:   machine.Name,
 				PortID: port.ID,
 			}).AllPages()
 			if err != nil {
@@ -532,7 +560,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust
 			if len(trunkList) == 0 {
 				// create trunk with the previous port as parent
 				trunkCreateOpts := trunks.CreateOpts{
-					Name:   name,
+					Name:   machine.Name,
 					PortID: port.ID,
 				}
 				newTrunk, err := trunks.Create(is.networkClient, trunkCreateOpts).Extract()
@@ -567,8 +595,8 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust
 	}
 
 	serverCreateOpts := servers.CreateOpts{
-		Name:             name,
-		ImageRef:         imageID,
+		Name:             machine.Name,
+		ImageName:        imageID,
 		FlavorName:       config.Flavor,
 		AvailabilityZone: config.AvailabilityZone,
 		Networks:         ports_list,
diff --git a/pkg/cloud/openstack/machine/actuator.go b/pkg/cloud/openstack/machine/actuator.go
index 4a8a27d0a9..9674d7d8d1 100644
--- a/pkg/cloud/openstack/machine/actuator.go
+++ b/pkg/cloud/openstack/machine/actuator.go
@@ -198,9 +198,8 @@ func (oc *OpenstackClient) Create(ctx context.Context, cluster *clusterv1.Cluste
 		return oc.handleMachineError(machine, apierrors.CreateMachine(
 			"error creating Openstack instance: %v", err))
 	}
-	clusterName := fmt.Sprintf("%s-%s", cluster.ObjectMeta.Namespace, cluster.Name)
-	instance, err = machineService.InstanceCreate(clusterName, machine.Name, clusterSpec, providerSpec, userDataRendered, providerSpec.KeyName)
 
+	instance, err = machineService.InstanceCreate(cluster, machine, clusterSpec, providerSpec, userDataRendered, providerSpec.KeyName)
 	if err != nil {
 		return oc.handleMachineError(machine, apierrors.CreateMachine(
 			"error creating Openstack instance: %v", err))