Update

Signed-off-by: Wenqi Qiu <wenqiq@vmware.com> update
vmware-tanzu · Jun 4, 2024 · f27b714 · f27b714
1 parent f43ea27
commit f27b714
Show file tree

Hide file tree

Showing 18 changed files with 130 additions and 105 deletions.
diff --git a/.golangci-bin/v1.54.0/golangci-lint b/.golangci-bin/v1.54.0/golangci-lint
diff --git a/build/yaml/crd/nsx.vmware.com_vpcnetworkconfigurations.yaml b/build/yaml/crd/nsx.vmware.com_vpcnetworkconfigurations.yaml
@@ -49,6 +49,9 @@ spec:
               When a field is not set in a Namespace's VPCNetworkConfiguration, the
               Namespace will use the value in the default VPCNetworkConfiguration.
             properties:
+              defaultGatewayPath:
+                description: PolicyPath of Tier0 or Tier0 VRF gateway.
+                type: string
               defaultIPv4SubnetSize:
                 default: 26
                 description: Default size of Subnet based upon estimated workload
@@ -61,6 +64,17 @@ spec:
                 - Public
                 - Private
                 type: string
+              edgeClusterPath:
+                description: Edge cluster path on which the networking elements will
+                  be created.
+                type: string
+              externalIPv4Blocks:
+                description: NSX-T IPv4 Block paths used to allocate external Subnets.
+                items:
+                  type: string
+                maxItems: 5
+                minItems: 0
+                type: array
               nsxtProject:
                 description: NSX-T Project the Namespace associated with.
                 type: string

diff --git a/pkg/apis/nsx.vmware.com/v1alpha1/vpcnetworkconfiguration_types.go b/pkg/apis/nsx.vmware.com/v1alpha1/vpcnetworkconfiguration_types.go
@@ -19,8 +19,8 @@ const (
 // in a Namespace's VPCNetworkConfiguration, the Namespace will use the value
 // in the default VPCNetworkConfiguration.
 type VPCNetworkConfigurationSpec struct {
-	// // PolicyPath of Tier0 or Tier0 VRF gateway.
-	// DefaultGatewayPath string `json:"defaultGatewayPath,omitempty"`
+	// PolicyPath of Tier0 or Tier0 VRF gateway.
+	DefaultGatewayPath string `json:"defaultGatewayPath,omitempty"`
 
 	// VPCConnectivityProfile ID. This profile has configuration related to create VPC transit gateway attachment.
 	VPCConnectivityProfile string `json:"vpc_connectivity_profile"`
@@ -30,16 +30,16 @@ type VPCNetworkConfigurationSpec struct {
 	// That will be used as default for all VPCs created under that project.
 	VPCServiceProfile string `json:"vpc_service_profile"`
 
-	// // Edge cluster path on which the networking elements will be created.
-	// EdgeClusterPath string `json:"edgeClusterPath,omitempty"`
+	// Edge cluster path on which the networking elements will be created.
+	EdgeClusterPath string `json:"edgeClusterPath,omitempty"`
 
 	// NSX-T Project the Namespace associated with.
 	NSXTProject string `json:"nsxtProject,omitempty"`
 
-	// // NSX-T IPv4 Block paths used to allocate external Subnets.
-	// // +kubebuilder:validation:MinItems=0
-	// // +kubebuilder:validation:MaxItems=5
-	// ExternalIPv4Blocks []string `json:"externalIPv4Blocks,omitempty"`
+	// NSX-T IPv4 Block paths used to allocate external Subnets.
+	// +kubebuilder:validation:MinItems=0
+	// +kubebuilder:validation:MaxItems=5
+	ExternalIPv4Blocks []string `json:"externalIPv4Blocks,omitempty"`
 
 	// Private IPv4 CIDRs used to allocate Private Subnets.
 	// +kubebuilder:validation:MinItems=0

diff --git a/pkg/apis/nsx.vmware.com/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/nsx.vmware.com/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/apis/v1alpha1/vpcnetworkconfiguration_types.go b/pkg/apis/v1alpha1/vpcnetworkconfiguration_types.go
@@ -19,8 +19,8 @@ const (
 // in a Namespace's VPCNetworkConfiguration, the Namespace will use the value
 // in the default VPCNetworkConfiguration.
 type VPCNetworkConfigurationSpec struct {
-	// // PolicyPath of Tier0 or Tier0 VRF gateway.
-	// DefaultGatewayPath string `json:"defaultGatewayPath,omitempty"`
+	// PolicyPath of Tier0 or Tier0 VRF gateway.
+	DefaultGatewayPath string `json:"defaultGatewayPath,omitempty"`
 
 	// VPCConnectivityProfile ID. This profile has configuration related to create VPC transit gateway attachment.
 	VPCConnectivityProfile string `json:"vpc_connectivity_profile"`
@@ -30,16 +30,16 @@ type VPCNetworkConfigurationSpec struct {
 	// That will be used as default for all VPCs created under that project.
 	VPCServiceProfile string `json:"vpc_service_profile"`
 
-	// // Edge cluster path on which the networking elements will be created.
-	// EdgeClusterPath string `json:"edgeClusterPath,omitempty"`
+	// Edge cluster path on which the networking elements will be created.
+	EdgeClusterPath string `json:"edgeClusterPath,omitempty"`
 
 	// NSX-T Project the Namespace associated with.
 	NSXTProject string `json:"nsxtProject,omitempty"`
 
-	// // NSX-T IPv4 Block paths used to allocate external Subnets.
-	// // +kubebuilder:validation:MinItems=0
-	// // +kubebuilder:validation:MaxItems=5
-	// ExternalIPv4Blocks []string `json:"externalIPv4Blocks,omitempty"`
+	// NSX-T IPv4 Block paths used to allocate external Subnets.
+	// +kubebuilder:validation:MinItems=0
+	// +kubebuilder:validation:MaxItems=5
+	ExternalIPv4Blocks []string `json:"externalIPv4Blocks,omitempty"`
 
 	// Private IPv4 CIDRs used to allocate Private Subnets.
 	// +kubebuilder:validation:MinItems=0
@@ -83,6 +83,7 @@ type VPCInfo struct {
 // VPCNetworkConfiguration is the Schema for the vpcnetworkconfigurations API.
 // +kubebuilder:resource:scope="Cluster"
 // +kubebuilder:printcolumn:name="NSXTProject",type=string,JSONPath=`.spec.nsxtProject`,description="NSXTProject the Namespace associated with"
+// +kubebuilder:printcolumn:name="ExternalIPv4Blocks",type=string,JSONPath=`.spec.externalIPv4Blocks`,description="ExternalIPv4Blocks assigned to the Namespace"
 // +kubebuilder:printcolumn:name="PrivateIPv4CIDRs",type=string,JSONPath=`.spec.privateIPv4CIDRs`,description="PrivateIPv4CIDRs assigned to the Namespace"
 type VPCNetworkConfiguration struct {
 	metav1.TypeMeta   `json:",inline"`

diff --git a/pkg/apis/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -99,24 +99,24 @@ type CoeConfig struct {
 }
 
 type NsxConfig struct {
-	NsxApiUser           string   `ini:"nsx_api_user"`
-	NsxApiPassword       string   `ini:"nsx_api_password"`
-	NsxApiCertFile       string   `ini:"nsx_api_cert_file"`
-	NsxApiPrivateKeyFile string   `ini:"nsx_api_private_key_file"`
-	NsxApiManagers       []string `ini:"nsx_api_managers"`
-	CaFile               []string `ini:"ca_file"`
-	LeafCertFile         []string `ini:"nsx_leaf_cert_file"`
-	Thumbprint           []string `ini:"thumbprint"`
-	Insecure             bool     `ini:"insecure"`
-	SingleTierSrTopology bool     `ini:"single_tier_sr_topology"`
-	EnforcementPoint     string   `ini:"enforcement_point"`
-	DefaultProject       string   `ini:"default_project"`
-	// ExternalIPv4Blocks        []string `ini:"external_ipv4_blocks"`
-	DefaultSubnetSize         int    `ini:"default_subnet_size"`
-	DefaultTimeout            int    `ini:"default_timeout"`
-	EnvoyHost                 string `ini:"envoy_host"`
-	EnvoyPort                 int    `ini:"envoy_port"`
-	LicenseValidationInterval int    `ini:"license_validation_interval"`
+	NsxApiUser                string   `ini:"nsx_api_user"`
+	NsxApiPassword            string   `ini:"nsx_api_password"`
+	NsxApiCertFile            string   `ini:"nsx_api_cert_file"`
+	NsxApiPrivateKeyFile      string   `ini:"nsx_api_private_key_file"`
+	NsxApiManagers            []string `ini:"nsx_api_managers"`
+	CaFile                    []string `ini:"ca_file"`
+	LeafCertFile              []string `ini:"nsx_leaf_cert_file"`
+	Thumbprint                []string `ini:"thumbprint"`
+	Insecure                  bool     `ini:"insecure"`
+	SingleTierSrTopology      bool     `ini:"single_tier_sr_topology"`
+	EnforcementPoint          string   `ini:"enforcement_point"`
+	DefaultProject            string   `ini:"default_project"`
+	ExternalIPv4Blocks        []string `ini:"external_ipv4_blocks"`
+	DefaultSubnetSize         int      `ini:"default_subnet_size"`
+	DefaultTimeout            int      `ini:"default_timeout"`
+	EnvoyHost                 string   `ini:"envoy_host"`
+	EnvoyPort                 int      `ini:"envoy_port"`
+	LicenseValidationInterval int      `ini:"license_validation_interval"`
 }
 
 type K8sConfig struct {

diff --git a/pkg/controllers/networkinfo/vpcnetworkconfig_handler.go b/pkg/controllers/networkinfo/vpcnetworkconfig_handler.go
@@ -52,14 +52,14 @@ func (h *VPCNetworkConfigurationHandler) Generic(_ context.Context, _ event.Gene
 
 func (h *VPCNetworkConfigurationHandler) Update(ctx context.Context, e event.UpdateEvent, q workqueue.RateLimitingInterface) {
 	log.V(1).Info("start processing VPC network config update event")
-	// oldNc := e.ObjectOld.(*v1alpha1.VPCNetworkConfiguration)
+	oldNc := e.ObjectOld.(*v1alpha1.VPCNetworkConfiguration)
 	newNc := e.ObjectNew.(*v1alpha1.VPCNetworkConfiguration)
 
-	// if getListSize(oldNc.Spec.ExternalIPv4Blocks) == getListSize(newNc.Spec.ExternalIPv4Blocks) &&
-	// 	getListSize(oldNc.Spec.PrivateIPv4CIDRs) == getListSize(newNc.Spec.PrivateIPv4CIDRs) {
-	// 	log.V(1).Info("only support updating external/private ipv4 cidr, no change")
-	// 	return
-	// }
+	if getListSize(oldNc.Spec.ExternalIPv4Blocks) == getListSize(newNc.Spec.ExternalIPv4Blocks) &&
+		getListSize(oldNc.Spec.PrivateIPv4CIDRs) == getListSize(newNc.Spec.PrivateIPv4CIDRs) {
+		log.V(1).Info("only support updating external/private ipv4 cidr, no change")
+		return
+	}
 
 	// update network config info in store
 	info, err := buildNetworkConfigInfo(*newNc)
@@ -105,13 +105,13 @@ var VPCNetworkConfigurationPredicate = predicate.Funcs{
 	},
 }
 
-// func getListSize(s []string) int {
-// 	if s == nil {
-// 		return 0
-// 	} else {
-// 		return len(s)
-// 	}
-// }
+func getListSize(s []string) int {
+	if s == nil {
+		return 0
+	} else {
+		return len(s)
+	}
+}
 
 func buildNetworkConfigInfo(vpcConfigCR v1alpha1.VPCNetworkConfiguration) (*commontypes.VPCNetworkConfigInfo, error) {
 	org, project, err := nsxtProjectPathToId(vpcConfigCR.Spec.NSXTProject)
@@ -121,15 +121,15 @@ func buildNetworkConfigInfo(vpcConfigCR v1alpha1.VPCNetworkConfiguration) (*comm
 	}
 
 	ninfo := &commontypes.VPCNetworkConfigInfo{
-		IsDefault: isDefaultNetworkConfigCR(vpcConfigCR),
-		Org:       org,
-		Name:      vpcConfigCR.Name,
-		// DefaultGatewayPath:      vpcConfigCR.Spec.DefaultGatewayPath,
-		// EdgeClusterPath:        vpcConfigCR.Spec.EdgeClusterPath,
-		VPCConnectivityProfile: vpcConfigCR.Spec.VPCConnectivityProfile,
-		VPCServiceProfile:      vpcConfigCR.Spec.VpcServiceProfile,
-		NsxtProject:            project,
-		// ExternalIPv4Blocks:      vpcConfigCR.Spec.ExternalIPv4Blocks,
+		IsDefault:               isDefaultNetworkConfigCR(vpcConfigCR),
+		Org:                     org,
+		Name:                    vpcConfigCR.Name,
+		DefaultGatewayPath:      vpcConfigCR.Spec.DefaultGatewayPath,
+		EdgeClusterPath:         vpcConfigCR.Spec.EdgeClusterPath,
+		VPCConnectivityProfile:  vpcConfigCR.Spec.VPCConnectivityProfile,
+		VPCServiceProfile:       vpcConfigCR.Spec.VPCServiceProfile,
+		NsxtProject:             project,
+		ExternalIPv4Blocks:      vpcConfigCR.Spec.ExternalIPv4Blocks,
 		PrivateIPv4CIDRs:        vpcConfigCR.Spec.PrivateIPv4CIDRs,
 		DefaultIPv4SubnetSize:   vpcConfigCR.Spec.DefaultIPv4SubnetSize,
 		DefaultSubnetAccessMode: vpcConfigCR.Spec.DefaultSubnetAccessMode,

diff --git a/pkg/nsx/services/common/builder_test.go b/pkg/nsx/services/common/builder_test.go
@@ -135,13 +135,13 @@ func TestParseVPCResourcePath(t *testing.T) {
 				nsxResourcePath: "/orgs/org1/projects/proj1/vpcs/vpc1/subnets/subnet1/ports/port1",
 			},
 			want: VPCResourceInfo{
-				OrgID:             "org1",
-				ProjectID:         "proj1",
-				VPCID:             "vpc1",
-				ParentID:          "subnet1",
-				ID:                "port1",
-				PrivateIpv4Blocks: nil,
-				// ExternalIPv4Blocks: nil,
+				OrgID:              "org1",
+				ProjectID:          "proj1",
+				VPCID:              "vpc1",
+				ParentID:           "subnet1",
+				ID:                 "port1",
+				PrivateIpv4Blocks:  nil,
+				ExternalIPv4Blocks: nil,
 			},
 			wantErr: false,
 		},
@@ -151,13 +151,13 @@ func TestParseVPCResourcePath(t *testing.T) {
 				nsxResourcePath: "/orgs/org1/projects/proj1/vpcs/vpc1",
 			},
 			want: VPCResourceInfo{
-				OrgID:             "org1",
-				ProjectID:         "proj1",
-				VPCID:             "vpc1",
-				ParentID:          "proj1",
-				ID:                "vpc1",
-				PrivateIpv4Blocks: nil,
-				// ExternalIPv4Blocks: nil,
+				OrgID:              "org1",
+				ProjectID:          "proj1",
+				VPCID:              "vpc1",
+				ParentID:           "proj1",
+				ID:                 "vpc1",
+				PrivateIpv4Blocks:  nil,
+				ExternalIPv4Blocks: nil,
 			},
 			wantErr: false,
 		},

diff --git a/pkg/nsx/services/common/types.go b/pkg/nsx/services/common/types.go
@@ -188,22 +188,22 @@ type VPCResourceInfo struct {
 	//    ID=port1, ParentID=s1;
 	// 2. For the subnet with path /orgs/o1/projects/p1/vpcs/v1/subnets/s1,
 	//    ID=s1, ParentID=v1 (ParentID==VPCID).
-	ID                string
-	ParentID          string
-	PrivateIpv4Blocks []string
-	// ExternalIPv4Blocks []string
+	ID                 string
+	ParentID           string
+	PrivateIpv4Blocks  []string
+	ExternalIPv4Blocks []string // deprecated, existing field
 }
 
 type VPCNetworkConfigInfo struct {
-	IsDefault bool
-	Org       string
-	Name      string
-	// DefaultGatewayPath      string
-	VPCServiceProfile      string
-	VPCConnectivityProfile string
-	EdgeClusterPath        string
-	NsxtProject            string
-	// ExternalIPv4Blocks      []string
+	IsDefault               bool
+	Org                     string
+	Name                    string
+	DefaultGatewayPath      string // deprecated, existing field
+	VPCServiceProfile       string
+	VPCConnectivityProfile  string
+	EdgeClusterPath         string // deprecated, existing field
+	NsxtProject             string
+	ExternalIPv4Blocks      []string // deprecated, existing field
 	PrivateIPv4CIDRs        []string
 	DefaultIPv4SubnetSize   int
 	DefaultSubnetAccessMode string

diff --git a/pkg/nsx/services/ippool/builder.go b/pkg/nsx/services/ippool/builder.go
@@ -98,7 +98,7 @@ func (service *IPPoolService) buildIPSubnet(IPPool *v1alpha2.IPPool, subnetReque
 	if IPPool.Spec.Type == common.IPPoolTypePrivate {
 		IpBlockPathList = VPCInfo[0].PrivateIpv4Blocks
 	} else {
-		// IpBlockPathList = VPCInfo[0].ExternalIPv4Blocks
+		IpBlockPathList = VPCInfo[0].ExternalIPv4Blocks
 	}
 	for _, ipBlockPath := range IpBlockPathList {
 		if util.Contains(service.ExhaustedIPBlock, ipBlockPath) {

diff --git a/pkg/nsx/services/ippool/builder_test.go b/pkg/nsx/services/ippool/builder_test.go
@@ -67,7 +67,7 @@ func TestIPPoolService_BuildIPPool(t *testing.T) {
 	}
 
 	vpcinfolist := []common.VPCResourceInfo{
-		// {ExternalIPv4Blocks: []string{"/infra/ip-blocks/block-test"},
+		{ExternalIPv4Blocks: []string{"/infra/ip-blocks/block-test"}},
 	}
 	vpcCacheIndexer := cache.NewIndexer(keyFunc, cache.Indexers{})
 	resourceStore := common.ResourceStore{

diff --git a/pkg/nsx/services/ippool/ippool_test.go b/pkg/nsx/services/ippool/ippool_test.go
@@ -89,7 +89,7 @@ func TestIPPoolService_DeleteIPPool(t *testing.T) {
 				Tag: String("1")}}}}
 
 	patch := gomonkey.ApplyMethod(reflect.TypeOf(service), "BuildIPPool", func(service *IPPoolService, IPPool *v1alpha2.IPPool) (*model.
-	IpAddressPool,
+		IpAddressPool,
 		[]*model.IpAddressPoolBlockSubnet) {
 		return iap, iapbs
 	})

diff --git a/pkg/nsx/services/securitypolicy/wrap.go b/pkg/nsx/services/securitypolicy/wrap.go
@@ -84,7 +84,7 @@ func (service *SecurityPolicyService) wrapRules(rules []model.Rule) ([]*data.Str
 	for _, r := range rules {
 		rule := r
 		rule.ResourceType = &common.ResourceTypeRule // need this field to identify the resource type
-		childRule := model.ChildRule{ // We need to put child rule's id into upper level, otherwise, NSX-T will not find the child rule
+		childRule := model.ChildRule{                // We need to put child rule's id into upper level, otherwise, NSX-T will not find the child rule
 			ResourceType:    resourceType, // Children are not allowed for rule, so we don't need to wrap ServiceEntry into Children
 			Id:              rule.Id,
 			Rule:            &rule,

diff --git a/pkg/nsx/services/vpc/builder.go b/pkg/nsx/services/vpc/builder.go
@@ -67,21 +67,21 @@ func buildNSXVPC(obj *v1alpha1.NetworkInfo, nsObj *v1.Namespace, nc common.VPCNe
 		vpcName := util.GenerateDisplayName("", "vpc", obj.GetNamespace(), "", cluster)
 		vpc.DisplayName = &vpcName
 		vpc.Id = common.String(string(nsObj.GetUID()))
-		// vpc.DefaultGatewayPath = &nc.DefaultGatewayPath
+		vpc.DefaultGatewayPath = &nc.DefaultGatewayPath
 		vpc.IpAddressType = &DefaultVPCIPAddressType
 
-		// siteInfos := []model.SiteInfo{
-		// 	{
-		// 		EdgeClusterPaths: []string{nc.EdgeClusterPath},
-		// 	},
-		// }
-		// vpc.SiteInfos = siteInfos
+		siteInfos := []model.SiteInfo{
+			{
+				EdgeClusterPaths: []string{nc.EdgeClusterPath},
+			},
+		}
+		vpc.SiteInfos = siteInfos
 		vpc.LoadBalancerVpcEndpoint = &model.LoadBalancerVPCEndpoint{Enabled: &DefaultLoadBalancerVPCEndpointEnabled}
 		vpc.Tags = util.BuildBasicTags(cluster, obj, nsObj.UID)
 	}
 
 	// update private/public blocks
-	// vpc.ExternalIpv4Blocks = nc.ExternalIPv4Blocks
+	vpc.ExternalIpv4Blocks = nc.ExternalIPv4Blocks
 	vpc.PrivateIpv4Blocks = util.GetMapValues(pathMap)
 	if nc.ShortID != "" {
 		vpc.ShortId = &nc.ShortID

diff --git a/pkg/nsx/services/vpc/compare.go b/pkg/nsx/services/vpc/compare.go
@@ -9,9 +9,9 @@ import (
 // currently we only support appending public/private cidrs
 // so only comparing list size is enough to identify if vcp changed
 func IsVPCChanged(nc common.VPCNetworkConfigInfo, vpc *model.Vpc) bool {
-	// if len(nc.ExternalIPv4Blocks) != len(vpc.ExternalIpv4Blocks) {
-	// 	return true
-	// }
+	if len(nc.ExternalIPv4Blocks) != len(vpc.ExternalIpv4Blocks) {
+		return true
+	}
 
 	if len(nc.PrivateIPv4CIDRs) != len(vpc.PrivateIpv4Blocks) {
 		return true