Rename VPC security group types

Remove VPC and resource group field from VPC security group since it is causing confusion by providing an option to pass a different resource than the one used in cluster
kubernetes-sigs · May 20, 2024 · 7815402 · 7815402
1 parent bfb33f1
commit 7815402
Show file tree

Hide file tree

Showing 2 changed files with 185 additions and 203 deletions.
diff --git a/api/v1beta2/types.go b/api/v1beta2/types.go
@@ -190,62 +190,62 @@ var (
 	ResourceTypeResourceGroup = ResourceType("resourceGroup")
 )
 
-// SecurityGroupRuleAction represents the actions for a Security Group Rule.
+// VPCSecurityGroupRuleAction represents the actions for a Security Group Rule.
 // +kubebuilder:validation:Enum=allow;deny
-type SecurityGroupRuleAction string
+type VPCSecurityGroupRuleAction string
 
 const (
 	// SecurityGroupRuleActionAllow defines that the Rule should allow traffic.
-	SecurityGroupRuleActionAllow SecurityGroupRuleAction = vpcv1.NetworkACLRuleActionAllowConst
+	SecurityGroupRuleActionAllow VPCSecurityGroupRuleAction = vpcv1.NetworkACLRuleActionAllowConst
 	// SecurityGroupRuleActionDeny defines that the Rule should deny traffic.
-	SecurityGroupRuleActionDeny SecurityGroupRuleAction = vpcv1.NetworkACLRuleActionDenyConst
+	SecurityGroupRuleActionDeny VPCSecurityGroupRuleAction = vpcv1.NetworkACLRuleActionDenyConst
 )
 
-// SecurityGroupRuleDirection represents the directions for a Security Group Rule.
+// VPCSecurityGroupRuleDirection represents the directions for a Security Group Rule.
 // +kubebuilder:validation:Enum=inbound;outbound
-type SecurityGroupRuleDirection string
+type VPCSecurityGroupRuleDirection string
 
 const (
 	// SecurityGroupRuleDirectionInbound defines the Rule is for inbound traffic.
-	SecurityGroupRuleDirectionInbound SecurityGroupRuleDirection = vpcv1.NetworkACLRuleDirectionInboundConst
+	SecurityGroupRuleDirectionInbound VPCSecurityGroupRuleDirection = vpcv1.NetworkACLRuleDirectionInboundConst
 	// SecurityGroupRuleDirectionOutbound defines the Rule is for outbound traffic.
-	SecurityGroupRuleDirectionOutbound SecurityGroupRuleDirection = vpcv1.NetworkACLRuleDirectionOutboundConst
+	SecurityGroupRuleDirectionOutbound VPCSecurityGroupRuleDirection = vpcv1.NetworkACLRuleDirectionOutboundConst
 )
 
-// SecurityGroupRuleProtocol represents the protocols for a Security Group Rule.
+// VPCSecurityGroupRuleProtocol represents the protocols for a Security Group Rule.
 // +kubebuilder:validation:Enum=all;icmp;tcp;udp
-type SecurityGroupRuleProtocol string
+type VPCSecurityGroupRuleProtocol string
 
 const (
 	// SecurityGroupRuleProtocolAll defines the Rule is for all network protocols.
-	SecurityGroupRuleProtocolAll SecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolAllConst
+	SecurityGroupRuleProtocolAll VPCSecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolAllConst
 	// SecurityGroupRuleProtocolIcmp defiens the Rule is for ICMP network protocol.
-	SecurityGroupRuleProtocolIcmp SecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolIcmpConst
+	SecurityGroupRuleProtocolIcmp VPCSecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolIcmpConst
 	// SecurityGroupRuleProtocolTCP defines the Rule is for TCP network protocol.
-	SecurityGroupRuleProtocolTCP SecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolTCPConst
+	SecurityGroupRuleProtocolTCP VPCSecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolTCPConst
 	// SecurityGroupRuleProtocolUDP defines the Rule is for UDP network protocol.
-	SecurityGroupRuleProtocolUDP SecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolUDPConst
+	SecurityGroupRuleProtocolUDP VPCSecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolUDPConst
 )
 
-// SecurityGroupRuleRemoteType represents the type of Security Group Rule's destination or source is
-// intended. This is intended to define the SecurityGroupRulePrototype subtype.
+// VPCSecurityGroupRuleRemoteType represents the type of Security Group Rule's destination or source is
+// intended. This is intended to define the VPCSecurityGroupRulePrototype subtype.
 // For example:
 // - any - Any source or destination (0.0.0.0/0)
 // - cidr - A CIDR representing a set of IP's (10.0.0.0/28)
 // - ip - A specific IP address (192.168.0.1)
 // - sg - A Security Group.
 // +kubebuilder:validation:Enum=any;cidr;ip;sg
-type SecurityGroupRuleRemoteType string
+type VPCSecurityGroupRuleRemoteType string
 
 const (
 	// SecurityGroupRuleRemoteTypeAny defines the destination or source for the Rule is anything/anywhere.
-	SecurityGroupRuleRemoteTypeAny SecurityGroupRuleRemoteType = SecurityGroupRuleRemoteType("any")
+	SecurityGroupRuleRemoteTypeAny VPCSecurityGroupRuleRemoteType = VPCSecurityGroupRuleRemoteType("any")
 	// SecurityGroupRuleRemoteTypeCIDR defines the destination or source for the Rule is a CIDR block.
-	SecurityGroupRuleRemoteTypeCIDR SecurityGroupRuleRemoteType = SecurityGroupRuleRemoteType("cidr")
+	SecurityGroupRuleRemoteTypeCIDR VPCSecurityGroupRuleRemoteType = VPCSecurityGroupRuleRemoteType("cidr")
 	// SecurityGroupRuleRemoteTypeIP defines the destination or source for the Rule is an IP address.
-	SecurityGroupRuleRemoteTypeIP SecurityGroupRuleRemoteType = SecurityGroupRuleRemoteType("ip")
+	SecurityGroupRuleRemoteTypeIP VPCSecurityGroupRuleRemoteType = VPCSecurityGroupRuleRemoteType("ip")
 	// SecurityGroupRuleRemoteTypeSG defines the destination or source for the Rule is a VPC Security Group.
-	SecurityGroupRuleRemoteTypeSG SecurityGroupRuleRemoteType = SecurityGroupRuleRemoteType("sg")
+	SecurityGroupRuleRemoteTypeSG VPCSecurityGroupRuleRemoteType = VPCSecurityGroupRuleRemoteType("sg")
 )
 
 // NetworkInterface holds the network interface information like subnet id.
@@ -268,9 +268,9 @@ type PortRange struct {
 	MinimumPort int64 `json:"minimumPort,omitempty"`
 }
 
-// SecurityGroup defines a VPC Security Group that should exist or be created within the specified VPC, with the specified Security Group Rules.
+// VPCSecurityGroup defines a VPC Security Group that should exist or be created within the specified VPC, with the specified Security Group Rules.
 // +kubebuilder:validation:XValidation:rule="has(self.id) || has(self.name)",message="either an id or name must be specified"
-type SecurityGroup struct {
+type VPCSecurityGroup struct {
 	// id of the Security Group.
 	// +optional
 	ID *string `json:"id,omitempty"`
@@ -279,60 +279,52 @@ type SecurityGroup struct {
 	// +optional
 	Name *string `json:"name,omitempty"`
 
-	// resourceGroup of the Security Group.
-	// +optional
-	ResourceGroup *string `json:"resourceGroup,omitempty"`
-
 	// rules are the Security Group Rules for the Security Group.
 	// +optional
-	Rules []*SecurityGroupRule `json:"rules,omitempty"`
+	Rules []*VPCSecurityGroupRule `json:"rules,omitempty"`
 
 	// tags are tags to add to the Security Group.
 	// +optional
 	Tags []*string `json:"tags,omitempty"`
-
-	// vpc is the IBM Cloud VPC for the Security Group.
-	// +optional
-	VPC *VPCResourceReference `json:"vpc,omitempty"`
 }
 
-// SecurityGroupRule defines a VPC Security Group Rule for a specified Security Group.
+// VPCSecurityGroupRule defines a VPC Security Group Rule for a specified Security Group.
 // +kubebuilder:validation:XValidation:rule="(has(self.destination) && !has(self.source)) || (!has(self.destination) && has(self.source))",message="both destination and source cannot be provided"
 // +kubebuilder:validation:XValidation:rule="self.direction == 'inbound' ? has(self.source) : true",message="source must be set for SecurityGroupRuleDirectionInbound direction"
 // +kubebuilder:validation:XValidation:rule="self.direction == 'inbound' ? !has(self.destination) : true",message="destination is not valid for SecurityGroupRuleDirectionInbound direction"
 // +kubebuilder:validation:XValidation:rule="self.direction == 'outbound' ? has(self.destination) : true",message="destination must be set for SecurityGroupRuleDirectionOutbound direction"
 // +kubebuilder:validation:XValidation:rule="self.direction == 'outbound' ? !has(self.source) : true",message="source is not valid for SecurityGroupRuleDirectionOutbound direction"
-type SecurityGroupRule struct {
+type VPCSecurityGroupRule struct {
 	// action defines whether to allow or deny traffic defined by the Security Group Rule.
 	// +required
-	Action SecurityGroupRuleAction `json:"action"`
+	Action VPCSecurityGroupRuleAction `json:"action"`
 
-	// destination is a SecurityGroupRulePrototype which defines the destination of outbound traffic for the Security Group Rule.
+	// destination is a VPCSecurityGroupRulePrototype which defines the destination of outbound traffic for the Security Group Rule.
 	// Only used when direction is SecurityGroupRuleDirectionOutbound.
 	// +optional
-	Destination *SecurityGroupRulePrototype `json:"destination,omitempty"`
+	Destination *VPCSecurityGroupRulePrototype `json:"destination,omitempty"`
 
 	// direction defines whether the traffic is inbound or outbound for the Security Group Rule.
 	// +required
-	Direction SecurityGroupRuleDirection `json:"direction"`
+	Direction VPCSecurityGroupRuleDirection `json:"direction"`
 
 	// securityGroupID is the ID of the Security Group for the Security Group Rule.
 	// +optional
 	SecurityGroupID *string `json:"securityGroupID,omitempty"`
 
-	// source is a SecurityGroupRulePrototype which defines the source of inbound traffic for the Security Group Rule.
+	// source is a VPCSecurityGroupRulePrototype which defines the source of inbound traffic for the Security Group Rule.
 	// Only used when direction is SecurityGroupRuleDirectionInbound.
 	// +optional
-	Source *SecurityGroupRulePrototype `json:"source,omitempty"`
+	Source *VPCSecurityGroupRulePrototype `json:"source,omitempty"`
 }
 
-// SecurityGroupRuleRemote defines a VPC Security Group Rule's remote details.
+// VPCSecurityGroupRuleRemote defines a VPC Security Group Rule's remote details.
 // The type of remote defines the additional remote details where are used for defining the remote.
 // +kubebuilder:validation:XValidation:rule="self.remoteType == 'any' ? (!has(self.cidrSubnetName) && !has(self.ip) && !has(self.securityGroupName)) : true",message="cidrSubnetName, ip, and securityGroupName are not valid for SecurityGroupRuleRemoteTypeAny remoteType"
 // +kubebuilder:validation:XValidation:rule="self.remoteType == 'cidr' ? (has(self.cidrSubnetName) && !has(self.ip) && !has(self.securityGroupName)) : true",message="only cidrSubnetName is valid for SecurityGroupRuleRemoteTypeCIDR remoteType"
 // +kubebuilder:validation:XValidation:rule="self.remoteType == 'ip' ? (has(self.ip) && !has(self.cidrSubnetName) && !has(self.securityGroupName)) : true",message="only ip is valid for SecurityGroupRuleRemoteTypeIP remoteType"
 // +kubebuilder:validation:XValidation:rule="self.remoteType == 'sg' ? (has(self.securityGroupName) && !has(self.cidrSubnetName) && !has(self.ip)) : true",message="only securityGroupName is valid for SecurityGroupRuleRemoteTypeSG remoteType"
-type SecurityGroupRuleRemote struct {
+type VPCSecurityGroupRuleRemote struct {
 	// cidrSubnetName is the name of the VPC Subnet to retrieve the CIDR from, to use for the remote's destination/source.
 	// Only used when remoteType is SecurityGroupRuleRemoteTypeCIDR.
 	// +optional
@@ -345,19 +337,19 @@ type SecurityGroupRuleRemote struct {
 
 	// remoteType defines the type of filter to define for the remote's destination/source.
 	// +required
-	RemoteType SecurityGroupRuleRemoteType `json:"remoteType"`
+	RemoteType VPCSecurityGroupRuleRemoteType `json:"remoteType"`
 
 	// securityGroupName is the name of the VPC Security Group to use for the remote's destination/source.
 	// Only used when remoteType is SecurityGroupRuleRemoteTypeSG
 	// +optional
 	SecurityGroupName *string `json:"securityGroupName,omitempty"`
 }
 
-// SecurityGroupRulePrototype defines a VPC Security Group Rule's traffic specifics for a series of remotes (destinations or sources).
+// VPCSecurityGroupRulePrototype defines a VPC Security Group Rule's traffic specifics for a series of remotes (destinations or sources).
 // +kubebuilder:validation:XValidation:rule="self.protocol != 'icmp' ? (!has(self.icmpCode) && !has(self.icmpType)) : true",message="icmpCode and icmpType are only supported for SecurityGroupRuleProtocolIcmp protocol"
 // +kubebuilder:validation:XValidation:rule="self.protocol == 'all' ? !has(self.portRange) : true",message="portRange is not valid for SecurityGroupRuleProtocolAll protocol"
 // +kubebuilder:validation:XValidation:rule="self.protocol == 'icmp' ? !has(self.portRange) : true",message="portRange is not valid for SecurityGroupRuleProtocolIcmp protocol"
-type SecurityGroupRulePrototype struct {
+type VPCSecurityGroupRulePrototype struct {
 	// icmpCode is the ICMP code for the Rule.
 	// Only used when Protocol is SecurityGroupProtocolICMP.
 	// +optional
@@ -374,12 +366,12 @@ type SecurityGroupRulePrototype struct {
 
 	// protocol defines the traffic protocol used for the Security Group Rule.
 	// +required
-	Protocol SecurityGroupRuleProtocol `json:"protocol"`
+	Protocol VPCSecurityGroupRuleProtocol `json:"protocol"`
 
-	// remotes is a set of SecurityGroupRuleRemote's that define the traffic allowed by the Rule's remote.
-	// Specifying multiple SecurityGroupRuleRemote's creates a unique Security Group Rule with the shared Protocol, PortRange, etc.
+	// remotes is a set of VPCSecurityGroupRuleRemote's that define the traffic allowed by the Rule's remote.
+	// Specifying multiple VPCSecurityGroupRuleRemote's creates a unique Security Group Rule with the shared Protocol, PortRange, etc.
 	// This allows for easier management of Security Group Rule's for sets of CIDR's, IP's, etc.
-	Remotes []SecurityGroupRuleRemote `json:"remotes"`
+	Remotes []VPCSecurityGroupRuleRemote `json:"remotes"`
 }
 
 // Subnet describes a subnet.