klauvsteinen/unifi-network-operator
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More making annotations handle namespaces

Browse Source
This commit is contained in:
Vegard Engen
2025-04-21 01:40:27 +02:00
parent 5f7b39b76e
commit 0233e71b7e
1 changed files with 22 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
internal/controller/firewallpolicy_controller.go
View File

@@ -99,8 +99,6 @@ func fillDefaultPolicy() goUnifi.FirewallPolicy {
func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
log := log.FromContext(ctx) log := log.FromContext(ctx)
// TODO(user): your logic here
cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config") cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config")
if err != nil { if err != nil {
return ctrl.Result{}, err return ctrl.Result{}, err
@@ -805,6 +803,13 @@ func (r *FirewallPolicyReconciler) mapFirewallGroupToFirewallPolicies(ctx contex
return requests return requests
} }
cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config")
if err != nil {
return requests
}
defaultNs := cfg.Data["defaultNamespace"]
var allFirewallPolicies unifiv1beta1.FirewallPolicyList var allFirewallPolicies unifiv1beta1.FirewallPolicyList
if err := r.List(ctx, &allFirewallPolicies); err != nil { if err := r.List(ctx, &allFirewallPolicies); err != nil {
@@ -813,9 +818,7 @@ func (r *FirewallPolicyReconciler) mapFirewallGroupToFirewallPolicies(ctx contex
for _, policy := range allFirewallPolicies.Items { for _, policy := range allFirewallPolicies.Items {
if policy.Spec.MatchFirewallGroupsInAllNamespaces || policy.Namespace == firewallGroup.Namespace { if policy.Spec.MatchFirewallGroupsInAllNamespaces || policy.Namespace == firewallGroup.Namespace {
annotationKey := "unifi.engen.priv.no/firewall-policy" if val, found := firewallGroup.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == policy.Namespace+"/"+policy.Name) || (val == policy.Name && policy.Namespace == defaultNs)) {
annotationVal := policy.Name
if val, ok := firewallGroup.Annotations[annotationKey]; ok && (annotationVal == "" || val == annotationVal) {
requests = append(requests, ctrl.Request{ requests = append(requests, ctrl.Request{
NamespacedName: types.NamespacedName{ NamespacedName: types.NamespacedName{
Name: policy.Name, Name: policy.Name,
@@ -836,6 +839,13 @@ func (r *FirewallPolicyReconciler) mapServiceToFirewallPolicies(ctx context.Cont
return requests return requests
} }
cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config")
if err != nil {
return requests
}
defaultNs := cfg.Data["defaultNamespace"]
var allFirewallPolicies unifiv1beta1.FirewallPolicyList var allFirewallPolicies unifiv1beta1.FirewallPolicyList
if err := r.List(ctx, &allFirewallPolicies); err != nil { if err := r.List(ctx, &allFirewallPolicies); err != nil {
@@ -844,9 +854,7 @@ func (r *FirewallPolicyReconciler) mapServiceToFirewallPolicies(ctx context.Cont
for _, policy := range allFirewallPolicies.Items { for _, policy := range allFirewallPolicies.Items {
if policy.Spec.MatchServicesInAllNamespaces || policy.Namespace == service.Namespace { if policy.Spec.MatchServicesInAllNamespaces || policy.Namespace == service.Namespace {
annotationKey := "unifi.engen.priv.no/firewall-policy" if val, found := service.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == policy.Namespace+"/"+policy.Name) || (val == policy.Name && policy.Namespace == defaultNs)) {
annotationVal := policy.Name
if val, ok := service.Annotations[annotationKey]; ok && (annotationVal == "" || val == annotationVal) {
requests = append(requests, ctrl.Request{ requests = append(requests, ctrl.Request{
NamespacedName: types.NamespacedName{ NamespacedName: types.NamespacedName{
Name: policy.Name, Name: policy.Name,