Skip to content

Fix: validator validateEgressSecurityRuleForNSG #458

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 13, 2025
Merged

Fix: validator validateEgressSecurityRuleForNSG #458

merged 2 commits into from
Oct 13, 2025
+438 −1

Conversation

joekr
Copy link
Member

@joekr joekr commented Oct 9, 2025
edited
Loading

What this PR does / why we need it:
The API documentation points out both Destination and Protocol are required https://docs.oracle.com/en-us/iaas/api/#/en/iaas/20160918/datatypes/EgressSecurityRule but our validator doesn't catch those. This also handles the IngressSecurityRule https://docs.oracle.com/en-us/iaas/api/#/en/iaas/20160918/datatypes/IngressSecurityRule Source and Protocol that is required.

This does also add a few new unit tests to make sure we cover nil checks.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #457

@joekr joekr self-assigned this Oct 9, 2025
@joekr joekr added the bug Something isn't working label Oct 9, 2025
@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Oct 9, 2025
@joekr
Copy link
Member Author

joekr commented Oct 9, 2025
edited
Loading

unit tests

        github.com/oracle/cluster-api-provider-oci              coverage: 0.0% of statements
ok      github.com/oracle/cluster-api-provider-oci/api/v1beta1  26.316s coverage: 23.3% of statements
ok      github.com/oracle/cluster-api-provider-oci/api/v1beta2  1.147s  coverage: 15.1% of statements
        github.com/oracle/cluster-api-provider-oci/cloud/config         coverage: 0.0% of statements
        github.com/oracle/cluster-api-provider-oci/cloud/metrics                coverage: 0.0% of statements
ok      github.com/oracle/cluster-api-provider-oci/cloud/ociutil        0.829s  coverage: 15.9% of statements
ok      github.com/oracle/cluster-api-provider-oci/cloud/ociutil/ptr    0.848s  coverage: 100.0% of statements
ok      github.com/oracle/cluster-api-provider-oci/cloud/scope  20.901s coverage: 74.4% of statements
        github.com/oracle/cluster-api-provider-oci/cloud/scope/mocks            coverage: 0.0% of statements
        github.com/oracle/cluster-api-provider-oci/cloud/services/base          coverage: 0.0% of statements
        github.com/oracle/cluster-api-provider-oci/cloud/services/base/mock_base                coverage: 0.0% of statements
?       github.com/oracle/cluster-api-provider-oci/cloud/services/compute       [no test files]
        github.com/oracle/cluster-api-provider-oci/cloud/services/compute/mock_compute          coverage: 0.0% of statements
?       github.com/oracle/cluster-api-provider-oci/cloud/services/computemanagement     [no test files]
        github.com/oracle/cluster-api-provider-oci/cloud/services/computemanagement/mock_computemanagement              coverage: 0.0% of statements
?       github.com/oracle/cluster-api-provider-oci/cloud/services/containerengine       [no test files]
        github.com/oracle/cluster-api-provider-oci/cloud/services/containerengine/mock_containerengine          coverage: 0.0% of statements
?       github.com/oracle/cluster-api-provider-oci/cloud/services/identity      [no test files]
        github.com/oracle/cluster-api-provider-oci/cloud/services/identity/mock_identity                coverage: 0.0% of statements
?       github.com/oracle/cluster-api-provider-oci/cloud/services/loadbalancer  [no test files]
        github.com/oracle/cluster-api-provider-oci/cloud/services/loadbalancer/mock_lb          coverage: 0.0% of statements
?       github.com/oracle/cluster-api-provider-oci/cloud/services/networkloadbalancer   [no test files]
        github.com/oracle/cluster-api-provider-oci/cloud/services/networkloadbalancer/mock_nlb          coverage: 0.0% of statements
?       github.com/oracle/cluster-api-provider-oci/cloud/services/vcn   [no test files]
        github.com/oracle/cluster-api-provider-oci/cloud/services/vcn/mock_vcn          coverage: 0.0% of statements
?       github.com/oracle/cluster-api-provider-oci/cloud/services/workrequests  [no test files]
        github.com/oracle/cluster-api-provider-oci/cloud/services/workrequests/mock_workrequests                coverage: 0.0% of statements
ok      github.com/oracle/cluster-api-provider-oci/cloud/util   1.332s  coverage: 60.5% of statements
ok      github.com/oracle/cluster-api-provider-oci/controllers  2.895s  coverage: 59.2% of statements
ok      github.com/oracle/cluster-api-provider-oci/exp/api/v1beta1      7.419s  coverage: 15.3% of statements
ok      github.com/oracle/cluster-api-provider-oci/exp/api/v1beta2      1.786s  coverage: 5.8% of statements
ok      github.com/oracle/cluster-api-provider-oci/exp/controllers      2.484s  coverage: 56.3% of statements
        github.com/oracle/cluster-api-provider-oci/feature              coverage: 0.0% of statements
?       github.com/oracle/cluster-api-provider-oci/version      [no test files]

e2e tests

Summarizing 2 Failures:
  [FAIL] Managed Workload cluster creation [It] Managed Cluster - Virtual Node Pool [PRBlocking]
  /home/ubuntu/go/pkg/mod/sigs.k8s.io/cluster-api/test@v1.10.6/framework/clusterctl/clusterctl_helpers.go:431
  [FAIL] Managed Workload cluster creation [It] Managed Cluster - Simple [PRBlocking]
  /home/ubuntu/go/pkg/mod/sigs.k8s.io/cluster-api/test@v1.10.6/framework/clusterctl/clusterctl_helpers.go:431

Ran 9 of 31 Specs in 2087.279 seconds
FAIL! -- 7 Passed | 2 Failed | 0 Pending | 22 Skipped
  • Look into why the managed clusters are failing with egressrules

Tests after editing the managed webhook

Ran 9 of 31 Specs in 3853.702 seconds
SUCCESS! -- 9 Passed | 0 Failed | 0 Pending | 22 Skipped

@joekr joekr force-pushed the fix-nil-pointers branch from 24fa8f0 to 5804a15 Compare October 9, 2025 20:09
joekr
joekr commented Oct 9, 2025
View reviewed changes
joekr
joekr commented Oct 9, 2025
View reviewed changes
joekr
joekr commented Oct 9, 2025
View reviewed changes
@joekr
Copy link
Member Author

joekr commented Oct 10, 2025

After last code update all tests still passing.

@joekr
Fix: validator validateEgressSecurityRuleForNSG
7b70224 
The API documentation points out both Destination and Protocol are
required https://docs.oracle.com/en-us/iaas/api/#/en/iaas/20160918/datatypes/EgressSecurityRule
but our validator doesn't catch those.
vladcristi
vladcristi approved these changes Oct 13, 2025
View reviewed changes
Copy link
Member

@vladcristi vladcristi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good from my point of view

@joekr joekr merged commit 1cdd003 into oracle:main Oct 13, 2025
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vladcristi vladcristi vladcristi approved these changes

@chetan79 chetan79 Awaiting requested review from chetan79

@dranicu dranicu Awaiting requested review from dranicu

@davidcv5 davidcv5 Awaiting requested review from davidcv5

Assignees

@joekr joekr

Labels

bug Something isn't working OCA Verified All contributors have signed the Oracle Contributor Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

NSG EgressSecurityRule shouldn't allow missing required parameters

2 participants

@joekr @vladcristi