adding new way to apply firewall #55

aabughosh · 2024-10-09T09:46:23Z

No description provided.

openshift-ci · 2024-10-09T09:46:30Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: aabughosh
Once this PR has been reviewed and has the lgtm label, please assign schseba for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

sabinaaledort · 2024-11-03T14:37:08Z

pkg/utils/utils.go

@@ -238,3 +240,13 @@ func (u *utils) IsBMInfra() (bool, error) {

 	return infra.Status.PlatformStatus.Type == configv1.BareMetalPlatformType, nil
 }
+
+func (u *utils) GetClusterVersion() (string, error) {


This is only used in the test, not sure if you miss a use of this func in main or you can use this function that's already in the test files

sabinaaledort · 2024-11-03T14:38:38Z

test/e2e/nftables_test.go

+		versionMajorMinor, err := utilsHelpers.GetClusterVersion()
+		Expect(err).ToNot(HaveOccurred())
+
+		if firewall.IsVersionGreaterThan(versionMajorMinor, "4.16") { // if version more than 4.16 need to change cluster MachineConfiguration.


The communication matrix is only supported since 4.16

Yah yah
The meaning is from 4.17+
And for 4.16 we are not doing that

test/e2e/nftables_test.go

test/pkg/firewall/firewall.go

sabinaaledort · 2024-11-04T09:35:21Z

test/pkg/firewall/firewall.go

-	if len(output) == 0 {
-		return nil, fmt.Errorf("no nft rules on node %s: ", debugPod.Spec.NodeName)
-	}
+func UpdateMachineConfiguration(c *client.ClientSet) error {


I don't think this func belongs to firewall package

From my understanding this is not updating a MC, it's creating a new one.
Can you just use a MC object and apply it with the client?
You already added the scheme here https://github.com/openshift-kni/commatrix/pull/55/files#diff-2895f30116602d8fe6b0545c186d4f81247fa4eaab049dab174c6c91c0036e08R49 no need to create an additional client
Also maybe use a more meaningful name for the MC than "cluster"

sabinaaledort · 2024-11-04T09:36:07Z

test/pkg/firewall/firewall.go

+		allReady := true
+
+		for _, mcp := range mcpList.Items {
+			fmt.Printf("MCP: %s\n", mcp.Name)


These are checked next I don't think there is an extra value in printing them

test/pkg/firewall/firewall.go

pkg/client/client.go

aabughosh added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 9, 2024

openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 9, 2024

openshift-ci bot requested review from sabinaaledort and SchSeba October 9, 2024 09:46

openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 9, 2024

adding new way to apply firewall

c57dce2

aabughosh force-pushed the UpdateFirewallImp branch from 767da83 to c57dce2 Compare October 9, 2024 09:55

openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 9, 2024

aabughosh added 12 commits October 9, 2024 12:56

update go mod and sum

390d4e5

Update nftables_test.go

b7bfbb7

fix sigs version

9f4a1b5

Update nftables_test.go

0bbba64

Update firewall.go

f0b2c30

remove exec commands

8d48969

Update firewall.go

a49ffa7

update cluster to update machinconfiguration 1 time

acca11f

update the convert to json function

c2ab468

update logs

a864b3a

Update firewall.go

26a29a0

fix linter errors

a725376

aabughosh added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 14, 2024

aabughosh added 3 commits October 14, 2024 16:25

add wait for mcp ready

57a1001

Update firewall.go

4453c54

update names and remove non use function

5ea198d

aabughosh removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 3, 2024

sabinaaledort reviewed Nov 3, 2024

View reviewed changes

sabinaaledort reviewed Nov 4, 2024

View reviewed changes

aabughosh added 2 commits November 4, 2024 13:51

resolve few comments

0deaa9a

addtional fixes

76eee31

openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 4, 2024

aabughosh added 2 commits November 4, 2024 16:28

Update nftables_test.go

9a7148c

Merge branch 'main' into UpdateFirewallImp

8e47250

openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 4, 2024

Update nftables_test.go

0bf66ae

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

adding new way to apply firewall #55

adding new way to apply firewall #55

aabughosh commented Oct 9, 2024

openshift-ci bot commented Oct 9, 2024

sabinaaledort Nov 3, 2024

sabinaaledort Nov 3, 2024

aabughosh Nov 4, 2024

sabinaaledort Nov 4, 2024

sabinaaledort Nov 4, 2024

sabinaaledort Nov 4, 2024

adding new way to apply firewall #55

Are you sure you want to change the base?

adding new way to apply firewall #55

Conversation

aabughosh commented Oct 9, 2024

openshift-ci bot commented Oct 9, 2024

sabinaaledort Nov 3, 2024

Choose a reason for hiding this comment

sabinaaledort Nov 3, 2024

Choose a reason for hiding this comment

aabughosh Nov 4, 2024

Choose a reason for hiding this comment

sabinaaledort Nov 4, 2024

Choose a reason for hiding this comment

sabinaaledort Nov 4, 2024

Choose a reason for hiding this comment

sabinaaledort Nov 4, 2024

Choose a reason for hiding this comment