From cb2ce9d23c3275948e979ffe599b51fbbc552bd8 Mon Sep 17 00:00:00 2001 From: Ashley Dumaine Date: Wed, 27 Nov 2024 10:43:14 -0500 Subject: [PATCH] use both addresses and addressetrefs --- api/v1alpha2/linodefirewall_types.go | 4 +-- ...ture.cluster.x-k8s.io_linodefirewalls.yaml | 8 ++--- .../linodefirewall_controller_helpers.go | 36 +++++++++++++------ 3 files changed, 31 insertions(+), 17 deletions(-) diff --git a/api/v1alpha2/linodefirewall_types.go b/api/v1alpha2/linodefirewall_types.go index 03b1d593..12ffe121 100644 --- a/api/v1alpha2/linodefirewall_types.go +++ b/api/v1alpha2/linodefirewall_types.go @@ -70,8 +70,8 @@ type FirewallRule struct { // +kubebuilder:validation:Enum=TCP;UDP;ICMP;IPENCAP Protocol linodego.NetworkProtocol `json:"protocol"` Addresses *NetworkAddresses `json:"addresses"` - // AddressSetRefs is a list of references to AddressSets - // If Addresses is present, AddressSetRefs will be ignored + // AddressSetRefs is a list of references to AddressSets as an alternative to + // using Addresses but can be used in conjunction with it AddressSetRefs []*corev1.ObjectReference `json:"addressSetRefs,omitempty"` } diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_linodefirewalls.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_linodefirewalls.yaml index e67ac0b6..82dbc75d 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_linodefirewalls.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_linodefirewalls.yaml @@ -85,8 +85,8 @@ spec: type: string addressSetRefs: description: |- - AddressSetRefs is a list of references to AddressSets - If Addresses is present, AddressSetRefs will be ignored + AddressSetRefs is a list of references to AddressSets as an alternative to + using Addresses but can be used in conjunction with it items: description: ObjectReference contains enough information to let you inspect or modify the referred object. @@ -183,8 +183,8 @@ spec: type: string addressSetRefs: description: |- - AddressSetRefs is a list of references to AddressSets - If Addresses is present, AddressSetRefs will be ignored + AddressSetRefs is a list of references to AddressSets as an alternative to + using Addresses but can be used in conjunction with it items: description: ObjectReference contains enough information to let you inspect or modify the referred object. diff --git a/internal/controller/linodefirewall_controller_helpers.go b/internal/controller/linodefirewall_controller_helpers.go index 890da461..b3aa8793 100644 --- a/internal/controller/linodefirewall_controller_helpers.go +++ b/internal/controller/linodefirewall_controller_helpers.go @@ -188,7 +188,8 @@ func processOutboundRule(ctx context.Context, k8sClient clients.K8sClient, log l var ruleIPv6s []string if rule.Addresses != nil { ruleIPv4s, ruleIPv6s = processAddresses(rule.Addresses) - } else if rule.AddressSetRefs != nil { + } + if rule.AddressSetRefs != nil { ruleIPv4s, ruleIPv6s = processAddressSetRefs(ctx, k8sClient, rule.AddressSetRefs, log) } ruleLabel := formatRuleLabel(outboundPolicy, rule.Label) @@ -202,9 +203,9 @@ func processOutboundRule(ctx context.Context, k8sClient clients.K8sClient, log l // processAddresses extracts and transforms IPv4 and IPv6 addresses func processAddresses(addresses *infrav1alpha2.NetworkAddresses) (ipv4s, ipv6s []string) { - // Initialize empty slices for consistent return type - ipv4s = make([]string, 0) - ipv6s = make([]string, 0) + // Declare "sets". Empty structs occupy 0 memory + ipv4Set := make(map[string]struct{}) + ipv6Set := make(map[string]struct{}) // Early return if addresses is nil if addresses == nil { @@ -214,25 +215,32 @@ func processAddresses(addresses *infrav1alpha2.NetworkAddresses) (ipv4s, ipv6s [ // Process IPv4 addresses if addresses.IPv4 != nil { for _, ip := range *addresses.IPv4 { - ipv4s = append(ipv4s, transformToCIDR(ip)) + ipv4Set[transformToCIDR(ip)] = struct{}{} } } // Process IPv6 addresses if addresses.IPv6 != nil { for _, ip := range *addresses.IPv6 { - ipv6s = append(ipv6s, transformToCIDR(ip)) + ipv6Set[transformToCIDR(ip)] = struct{}{} } } + for ipv4 := range ipv4Set { + ipv4s = append(ipv4s, ipv4) + } + for ipv6 := range ipv6Set { + ipv6s = append(ipv6s, ipv6) + } + return ipv4s, ipv6s } // processAddressSetRefs extracts and transforms IPv4 and IPv6 addresses from the reference AddressSet(s) func processAddressSetRefs(ctx context.Context, k8sClient clients.K8sClient, addressSetRefs []*corev1.ObjectReference, log logr.Logger) (ipv4s, ipv6s []string) { - // Initialize empty slices for consistent return type - ipv4s = make([]string, 0) - ipv6s = make([]string, 0) + // Declare "sets". Empty structs occupy 0 memory + ipv4Set := make(map[string]struct{}) + ipv6Set := make(map[string]struct{}) for _, addrSetRef := range addressSetRefs { addrSet := &infrav1alpha2.AddressSet{} @@ -243,17 +251,23 @@ func processAddressSetRefs(ctx context.Context, k8sClient clients.K8sClient, add // Process IPv4 addresses if addrSet.Spec.IPv4 != nil { for _, ip := range *addrSet.Spec.IPv4 { - ipv4s = append(ipv4s, transformToCIDR(ip)) + ipv4Set[transformToCIDR(ip)] = struct{}{} } } // Process IPv6 addresses if addrSet.Spec.IPv6 != nil { for _, ip := range *addrSet.Spec.IPv6 { - ipv6s = append(ipv6s, transformToCIDR(ip)) + ipv6Set[transformToCIDR(ip)] = struct{}{} } } } + for ipv4 := range ipv4Set { + ipv4s = append(ipv4s, ipv4) + } + for ipv6 := range ipv6Set { + ipv6s = append(ipv6s, ipv6) + } return ipv4s, ipv6s }