klauvsteinen/unifi-network-operator
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

formatting

Browse Source
This commit is contained in:
Vegard Engen
2025-04-10 00:28:40 +02:00
parent 2f4ddc132e
commit 2485002584
4 changed files with 162 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
api/v1beta1/firewallgroup_types.go
View File

@@ -29,22 +29,22 @@ type FirewallGroupSpec struct {
// Important: Run "make" to regenerate code after modifying this file // Important: Run "make" to regenerate code after modifying this file
// Foo is an example field of FirewallGroup. Edit firewallgroup_types.go to remove/update // Foo is an example field of FirewallGroup. Edit firewallgroup_types.go to remove/update
// Description is a human-readable explanation for the object // Description is a human-readable explanation for the object
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
MatchServicesInAllNamespaces bool `json:"matchServicesInAllNamespaces,omitempty"` MatchServicesInAllNamespaces bool `json:"matchServicesInAllNamespaces,omitempty"`
// ManualAddresses is a list of manual IPs or CIDRs (IPv4 or IPv6) // ManualAddresses is a list of manual IPs or CIDRs (IPv4 or IPv6)
// +optional // +optional
ManualAddresses []string `json:"manualAddresses,omitempty"` ManualAddresses []string `json:"manualAddresses,omitempty"`
// AutoIncludeSelector defines which services to extract addresses from // AutoIncludeSelector defines which services to extract addresses from
// +optional // +optional
AutoIncludeSelector *metav1.LabelSelector `json:"autoIncludeSelector,omitempty"` AutoIncludeSelector *metav1.LabelSelector `json:"autoIncludeSelector,omitempty"`
// AddressType can be "ip", "cidr", or "both" // AddressType can be "ip", "cidr", or "both"
// +kubebuilder:validation:Enum=ip;cidr;both // +kubebuilder:validation:Enum=ip;cidr;both
// +optional // +optional
AddressType string `json:"addressType,omitempty"` AddressType string `json:"addressType,omitempty"`
} }
// FirewallGroupStatus defines the observed state of FirewallGroup. // FirewallGroupStatus defines the observed state of FirewallGroup.
@@ -52,15 +52,15 @@ type FirewallGroupStatus struct {
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
// Important: Run "make" to regenerate code after modifying this file // Important: Run "make" to regenerate code after modifying this file
ResolvedAddresses []string `json:"resolvedAddresses,omitempty"` ResolvedAddresses []string `json:"resolvedAddresses,omitempty"`
// SyncedWithUnifi indicates whether the addresses are successfully pushed // SyncedWithUnifi indicates whether the addresses are successfully pushed
// +optional // +optional
SyncedWithUnifi bool `json:"syncedWithUnifi,omitempty"` SyncedWithUnifi bool `json:"syncedWithUnifi,omitempty"`
// LastSyncTime is the last time the object was synced // LastSyncTime is the last time the object was synced
// +optional // +optional
LastSyncTime *metav1.Time `json:"lastSyncTime,omitempty"` LastSyncTime *metav1.Time `json:"lastSyncTime,omitempty"`
} }
// +kubebuilder:object:root=true // +kubebuilder:object:root=true

37
api/v1beta1/networkconfiguration_types.go
View File

@@ -29,31 +29,30 @@ type NetworkconfigurationSpec struct {
// Important: Run "make" to regenerate code after modifying this file // Important: Run "make" to regenerate code after modifying this file
// Foo is an example field of Networkconfiguration. Edit networkconfiguration_types.go to remove/update // Foo is an example field of Networkconfiguration. Edit networkconfiguration_types.go to remove/update
Enabled bool `json:"enabled,omitempty"` Enabled bool `json:"enabled,omitempty"`
FirewallZoneID string `json:"firewall_zone_id,omitempty"` FirewallZoneID string `json:"firewall_zone_id,omitempty"`
GatewayType string `json:"gateway_type,omitempty"` GatewayType string `json:"gateway_type,omitempty"`
IPSubnet string `json:"ip_subnet,omitempty"` IPSubnet string `json:"ip_subnet,omitempty"`
Ipv6InterfaceType string `json:"ipv6_interface_type,omitempty"` Ipv6InterfaceType string `json:"ipv6_interface_type,omitempty"`
Ipv6PdAutoPrefixidEnabled bool `json:"ipv6_pd_auto_prefixid_enabled,omitempty"` Ipv6PdAutoPrefixidEnabled bool `json:"ipv6_pd_auto_prefixid_enabled,omitempty"`
Ipv6RaEnabled bool `json:"ipv6_ra_enabled,omitempty"` Ipv6RaEnabled bool `json:"ipv6_ra_enabled,omitempty"`
Ipv6SettingPreference string `json:"ipv6_setting_preference,omitempty"` Ipv6SettingPreference string `json:"ipv6_setting_preference,omitempty"`
Ipv6Subnet string `json:"ipv6_subnet,omitempty"` Ipv6Subnet string `json:"ipv6_subnet,omitempty"`
Name string `json:"name"` Name string `json:"name"`
Networkname string `json:"network_name"` Networkname string `json:"network_name"`
NetworkID string `json:"network_id,omitempty"` NetworkID string `json:"network_id,omitempty"`
Networkgroup string `json:"networkgroup,omitempty"` Networkgroup string `json:"networkgroup,omitempty"`
Purpose string `json:"purpose,omitempty"` Purpose string `json:"purpose,omitempty"`
SettingPreference string `json:"setting_preference,omitempty"` SettingPreference string `json:"setting_preference,omitempty"`
Vlan int64 `json:"vlan,omitempty"` Vlan int64 `json:"vlan,omitempty"`
VlanEnabled bool `json:"vlan_enabled,omitempty"` VlanEnabled bool `json:"vlan_enabled,omitempty"`
} }
// NetworkconfigurationStatus defines the observed state of Networkconfiguration. // NetworkconfigurationStatus defines the observed state of Networkconfiguration.
type NetworkconfigurationStatus struct { type NetworkconfigurationStatus struct {
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
// Important: Run "make" to regenerate code after modifying this file // Important: Run "make" to regenerate code after modifying this file
Ipv6SubnetStatus string `json:"ipv6_subnet_status,omitempty"` Ipv6SubnetStatus string `json:"ipv6_subnet_status,omitempty"`
} }
// +kubebuilder:object:root=true // +kubebuilder:object:root=true

214
internal/controller/firewallgroup_controller.go
View File

@@ -18,8 +18,8 @@ package controller
import ( import (
"context" "context"
"net"
"fmt" "fmt"
"net"
"reflect" "reflect"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
@@ -27,15 +27,15 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/log"
unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
goUnifi "github.com/vegardengen/go-unifi/unifi" goUnifi "github.com/vegardengen/go-unifi/unifi"
unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
"github.com/vegardengen/unifi-network-operator/internal/unifi" "github.com/vegardengen/unifi-network-operator/internal/unifi"
) )
// FirewallGroupReconciler reconciles a FirewallGroup object // FirewallGroupReconciler reconciles a FirewallGroup object
type FirewallGroupReconciler struct { type FirewallGroupReconciler struct {
client.Client client.Client
Scheme *runtime.Scheme Scheme *runtime.Scheme
UnifiClient *unifi.UnifiClient UnifiClient *unifi.UnifiClient
} }
@@ -53,125 +53,123 @@ type FirewallGroupReconciler struct {
// For more details, check Reconcile and its Result here: // For more details, check Reconcile and its Result here:
// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.20.2/pkg/reconcile // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.20.2/pkg/reconcile
func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
log := log.FromContext(ctx) log := log.FromContext(ctx)
var nwObj unifiv1beta1.FirewallGroup var nwObj unifiv1beta1.FirewallGroup
if err := r.Get(ctx, req.NamespacedName, &nwObj); err != nil { if err := r.Get(ctx, req.NamespacedName, &nwObj); err != nil {
return ctrl.Result{}, client.IgnoreNotFound(err) return ctrl.Result{}, client.IgnoreNotFound(err)
} }
log.Info(nwObj.Spec.Name) log.Info(nwObj.Spec.Name)
var ipv4, ipv6 []string var ipv4, ipv6 []string
for _,addressEntry := range nwObj.Spec.ManualAddresses { for _, addressEntry := range nwObj.Spec.ManualAddresses {
ip := net.ParseIP(addressEntry) ip := net.ParseIP(addressEntry)
if ip != nil { if ip != nil {
if ip.To4() != nil { if ip.To4() != nil {
log.Info(fmt.Sprintf("IPv4 address: %s", addressEntry)) log.Info(fmt.Sprintf("IPv4 address: %s", addressEntry))
ipv4 = append(ipv4, addressEntry) ipv4 = append(ipv4, addressEntry)
} else { } else {
log.Info(fmt.Sprintf("IPv6 address: %s", addressEntry)) log.Info(fmt.Sprintf("IPv6 address: %s", addressEntry))
ipv6 = append(ipv6, ip.String()) ipv6 = append(ipv6, ip.String())
} }
} else { } else {
addr, net, err := net.ParseCIDR(addressEntry) addr, net, err := net.ParseCIDR(addressEntry)
if err == nil && addr.Equal(net.IP) { if err == nil && addr.Equal(net.IP) {
if addr.To4() != nil { if addr.To4() != nil {
log.Info(fmt.Sprintf("Ipv4 Net: %s", net)) log.Info(fmt.Sprintf("Ipv4 Net: %s", net))
ipv4 = append(ipv4, addressEntry) ipv4 = append(ipv4, addressEntry)
} else { } else {
mask,_ := net.Mask.Size() mask, _ := net.Mask.Size()
log.Info(fmt.Sprintf("Ipv6 Net: %s", net)) log.Info(fmt.Sprintf("Ipv6 Net: %s", net))
ipv6 = append(ipv6, addr.Mask(net.Mask).String() + "/" + fmt.Sprint(mask)) ipv6 = append(ipv6, addr.Mask(net.Mask).String()+"/"+fmt.Sprint(mask))
} }
} else { } else {
log.Error(err,fmt.Sprintf("Could not parse: %s", addressEntry)) log.Error(err, fmt.Sprintf("Could not parse: %s", addressEntry))
return ctrl.Result{}, err return ctrl.Result{}, err
} }
} }
}
firewall_groups, err := r.UnifiClient.Client.ListFirewallGroup(context.Background(), r.UnifiClient.SiteID)
if err != nil {
log.Error(err,"Could not list network objects")
return ctrl.Result{}, err
} }
ipv4_name := "k8s-"+nwObj.Spec.Name+"-ipv4" firewall_groups, err := r.UnifiClient.Client.ListFirewallGroup(context.Background(), r.UnifiClient.SiteID)
ipv6_name := "k8s-"+nwObj.Spec.Name+"-ipv6" if err != nil {
log.Error(err, "Could not list network objects")
return ctrl.Result{}, err
}
ipv4_name := "k8s-" + nwObj.Spec.Name + "-ipv4"
ipv6_name := "k8s-" + nwObj.Spec.Name + "-ipv6"
ipv4_done := false ipv4_done := false
ipv6_done := false ipv6_done := false
for _,firewall_group := range firewall_groups { for _, firewall_group := range firewall_groups {
if firewall_group.Name == ipv4_name { if firewall_group.Name == ipv4_name {
if(len(ipv4) == 0) { if len(ipv4) == 0 {
log.Info(fmt.Sprintf("Delete %s", ipv4_name)) log.Info(fmt.Sprintf("Delete %s", ipv4_name))
err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID) err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID)
if err != nil { if err != nil {
log.Error(err,"Could not delete firewall group") log.Error(err, "Could not delete firewall group")
return ctrl.Result{}, err return ctrl.Result{}, err
} }
ipv4_done = true ipv4_done = true
} else { } else {
if !reflect.DeepEqual(firewall_group.GroupMembers, ipv4) { if !reflect.DeepEqual(firewall_group.GroupMembers, ipv4) {
firewall_group.GroupMembers = ipv4 firewall_group.GroupMembers = ipv4
log.Info(fmt.Sprintf("Updating %s", ipv4_name)) log.Info(fmt.Sprintf("Updating %s", ipv4_name))
_, err := r.UnifiClient.Client.UpdateFirewallGroup(context.Background(), r.UnifiClient.SiteID, &firewall_group) _, err := r.UnifiClient.Client.UpdateFirewallGroup(context.Background(), r.UnifiClient.SiteID, &firewall_group)
if err != nil { if err != nil {
log.Error(err,"Could not update firewall group") log.Error(err, "Could not update firewall group")
return ctrl.Result{}, err return ctrl.Result{}, err
} }
} }
ipv4_done = true ipv4_done = true
} }
} }
if firewall_group.Name == ipv6_name { if firewall_group.Name == ipv6_name {
if(len(ipv6) == 0) { if len(ipv6) == 0 {
log.Info(fmt.Sprintf("Delete %s", ipv6_name)) log.Info(fmt.Sprintf("Delete %s", ipv6_name))
err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID) err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID)
if err != nil { if err != nil {
log.Error(err,"Could not delete firewall group") log.Error(err, "Could not delete firewall group")
return ctrl.Result{}, err return ctrl.Result{}, err
} }
ipv6_done = true ipv6_done = true
} else { } else {
if !reflect.DeepEqual(firewall_group.GroupMembers, ipv6) { if !reflect.DeepEqual(firewall_group.GroupMembers, ipv6) {
firewall_group.GroupMembers = ipv6 firewall_group.GroupMembers = ipv6
log.Info(fmt.Sprintf("Updating %s", ipv6_name)) log.Info(fmt.Sprintf("Updating %s", ipv6_name))
_, err := r.UnifiClient.Client.UpdateFirewallGroup(context.Background(), r.UnifiClient.SiteID, &firewall_group) _, err := r.UnifiClient.Client.UpdateFirewallGroup(context.Background(), r.UnifiClient.SiteID, &firewall_group)
if err != nil { if err != nil {
log.Error(err,"Could not update firewall group") log.Error(err, "Could not update firewall group")
return ctrl.Result{}, err return ctrl.Result{}, err
} }
} }
ipv6_done = true ipv6_done = true
} }
} }
} }
if len(ipv4) > 0 && !ipv4_done { if len(ipv4) > 0 && !ipv4_done {
log.Info(fmt.Sprintf("Creating %s", ipv4_name)) log.Info(fmt.Sprintf("Creating %s", ipv4_name))
var firewall_group goUnifi.FirewallGroup var firewall_group goUnifi.FirewallGroup
firewall_group.Name=ipv4_name firewall_group.Name = ipv4_name
firewall_group.SiteID=r.UnifiClient.SiteID firewall_group.SiteID = r.UnifiClient.SiteID
firewall_group.GroupMembers = ipv4 firewall_group.GroupMembers = ipv4
firewall_group.GroupType = "address-group" firewall_group.GroupType = "address-group"
_, err := r.UnifiClient.Client.CreateFirewallGroup(context.Background(), r.UnifiClient.SiteID, &firewall_group) _, err := r.UnifiClient.Client.CreateFirewallGroup(context.Background(), r.UnifiClient.SiteID, &firewall_group)
if err != nil { if err != nil {
log.Error(err,"Could not create firewall group") log.Error(err, "Could not create firewall group")
return ctrl.Result{}, err return ctrl.Result{}, err
} }
} }
if len(ipv6) > 0 && !ipv6_done { if len(ipv6) > 0 && !ipv6_done {
log.Info(fmt.Sprintf("Creating %s", ipv6_name)) log.Info(fmt.Sprintf("Creating %s", ipv6_name))
var firewall_group goUnifi.FirewallGroup var firewall_group goUnifi.FirewallGroup
firewall_group.Name=ipv6_name firewall_group.Name = ipv6_name
firewall_group.SiteID=r.UnifiClient.SiteID firewall_group.SiteID = r.UnifiClient.SiteID
firewall_group.GroupMembers = ipv6 firewall_group.GroupMembers = ipv6
firewall_group.GroupType = "ipv6-address-group" firewall_group.GroupType = "ipv6-address-group"
_, err := r.UnifiClient.Client.CreateFirewallGroup(context.Background(), r.UnifiClient.SiteID, &firewall_group) _, err := r.UnifiClient.Client.CreateFirewallGroup(context.Background(), r.UnifiClient.SiteID, &firewall_group)
if err != nil { if err != nil {
log.Error(err,"Could not create firewall group") log.Error(err, "Could not create firewall group")
return ctrl.Result{}, err return ctrl.Result{}, err
} }
} }
return ctrl.Result{}, nil return ctrl.Result{}, nil

34
internal/controller/networkconfiguration_controller.go
View File

@@ -32,7 +32,7 @@ import (
// NetworkconfigurationReconciler reconciles a Networkconfiguration object // NetworkconfigurationReconciler reconciles a Networkconfiguration object
type NetworkconfigurationReconciler struct { type NetworkconfigurationReconciler struct {
client.Client client.Client
Scheme *runtime.Scheme Scheme *runtime.Scheme
UnifiClient *unifi.UnifiClient UnifiClient *unifi.UnifiClient
} }
@@ -53,35 +53,33 @@ func (r *NetworkconfigurationReconciler) Reconcile(ctx context.Context, req ctrl
log := log.FromContext(ctx) log := log.FromContext(ctx)
var networkCRDs unifiv1.NetworkconfigurationList var networkCRDs unifiv1.NetworkconfigurationList
if err := r.List(ctx, &networkCRDs); err != nil { if err := r.List(ctx, &networkCRDs); err != nil {
return ctrl.Result{}, err return ctrl.Result{}, err
} }
k8sNetworks := make(map[string]*unifiv1.Networkconfiguration) k8sNetworks := make(map[string]*unifiv1.Networkconfiguration)
for i := range networkCRDs.Items { for i := range networkCRDs.Items {
log.Info(fmt.Sprintf("Inserting network %s\n", networkCRDs.Items[i].Spec.NetworkID)) log.Info(fmt.Sprintf("Inserting network %s\n", networkCRDs.Items[i].Spec.NetworkID))
k8sNetworks[networkCRDs.Items[i].Spec.NetworkID] = &networkCRDs.Items[i] k8sNetworks[networkCRDs.Items[i].Spec.NetworkID] = &networkCRDs.Items[i]
} }
networks, err := r.UnifiClient.Client.ListNetwork(context.Background(), r.UnifiClient.SiteID) networks, err := r.UnifiClient.Client.ListNetwork(context.Background(), r.UnifiClient.SiteID)
if err != nil { if err != nil {
log.Error(err,"Failed to list Unifi Networks") log.Error(err, "Failed to list Unifi Networks")
return ctrl.Result{}, err return ctrl.Result{}, err
} }
seenNetworks := map[string]bool{} seenNetworks := map[string]bool{}
for _,network := range networks { for _, network := range networks {
networkID := network.ID networkID := network.ID
seenNetworks[networkID] = true seenNetworks[networkID] = true
log.Info(fmt.Sprintf("Searching for %s\n",networkID)) log.Info(fmt.Sprintf("Searching for %s\n", networkID))
if existing, found := k8sNetworks[networkID]; found { if existing, found := k8sNetworks[networkID]; found {
log.Info(fmt.Sprintf("Found network match: %s/%s", existing.Spec.NetworkID,networkID)) log.Info(fmt.Sprintf("Found network match: %s/%s", existing.Spec.NetworkID, networkID))
} else { } else {
log.Info(fmt.Sprintf("New network: %s with ID %s", network.Name, network.ID)) log.Info(fmt.Sprintf("New network: %s with ID %s", network.Name, network.ID))
} }
} }
return ctrl.Result{}, nil return ctrl.Result{}, nil