diff --git a/internal/controller/firewallgroup_controller.go b/internal/controller/firewallgroup_controller.go index 722d2c1..d05dd27 100644 --- a/internal/controller/firewallgroup_controller.go +++ b/internal/controller/firewallgroup_controller.go @@ -21,10 +21,10 @@ import ( "fmt" "net" "reflect" + "regexp" "slices" "strconv" "strings" - "regexp" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -39,15 +39,15 @@ import ( goUnifi "github.com/vegardengen/go-unifi/unifi" unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1" - "github.com/vegardengen/unifi-network-operator/internal/unifi" "github.com/vegardengen/unifi-network-operator/internal/config" + "github.com/vegardengen/unifi-network-operator/internal/unifi" ) // FirewallGroupReconciler reconciles a FirewallGroup object type FirewallGroupReconciler struct { client.Client - Scheme *runtime.Scheme - UnifiClient *unifi.UnifiClient + Scheme *runtime.Scheme + UnifiClient *unifi.UnifiClient ConfigLoader *config.ConfigLoaderType } @@ -69,13 +69,13 @@ type FirewallGroupReconciler struct { func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) { log := log.FromContext(ctx) - - cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config") - if err != nil { - return ctrl.Result{}, err - } - defaultNs := cfg.Data["defaultNamespace"] + cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config") + if err != nil { + return ctrl.Result{}, err + } + + defaultNs := cfg.Data["defaultNamespace"] log.Info(defaultNs) var nwObj unifiv1beta1.FirewallGroup @@ -118,19 +118,19 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R port_type := "tcp" port := portEntry if match, _ := regexp.MatchString("(?:tcp|udp)\\/?)\\d+", string(portEntry)); match { - fields := strings.Split("/",portEntry) - port_type = fields[0] - port = fields[1] + fields := strings.Split("/", portEntry) + port_type = fields[0] + port = fields[1] } - if(port_type == "tcp") { - if !slices.Contains(tcpports, port) { - tcpports = append(tcpports, port) - } + if port_type == "tcp" { + if !slices.Contains(tcpports, port) { + tcpports = append(tcpports, port) + } } - if(port_type == "udp") { - if !slices.Contains(udpports, port) { - tcpports = append(udpports, port) - } + if port_type == "udp" { + if !slices.Contains(udpports, port) { + tcpports = append(udpports, port) + } } } var services corev1.ServiceList @@ -162,15 +162,15 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R for _, portSpec := range service.Spec.Ports { log.Info(fmt.Sprintf("portSpec: %+v", portSpec)) log.Info(fmt.Sprintf("Port: %s %d", strconv.Itoa(int(portSpec.Port)), portSpec.Port)) - if(portSpec.Protocol == "TCP") { - if !slices.Contains(tcpports, strconv.Itoa(int(portSpec.Port))) { - tcpports = append(tcpports, strconv.Itoa(int(portSpec.Port))) - } + if portSpec.Protocol == "TCP" { + if !slices.Contains(tcpports, strconv.Itoa(int(portSpec.Port))) { + tcpports = append(tcpports, strconv.Itoa(int(portSpec.Port))) + } } - if(portSpec.Protocol == "UDP") { - if !slices.Contains(udpports, strconv.Itoa(int(portSpec.Port))) { - udpports = append(udpports, strconv.Itoa(int(portSpec.Port))) - } + if portSpec.Protocol == "UDP" { + if !slices.Contains(udpports, strconv.Itoa(int(portSpec.Port))) { + udpports = append(udpports, strconv.Itoa(int(portSpec.Port))) + } } } } diff --git a/internal/controller/firewallrule_controller.go b/internal/controller/firewallrule_controller.go index 4f1e283..10dfd5a 100644 --- a/internal/controller/firewallrule_controller.go +++ b/internal/controller/firewallrule_controller.go @@ -25,15 +25,15 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1" - "github.com/vegardengen/unifi-network-operator/internal/unifi" "github.com/vegardengen/unifi-network-operator/internal/config" + "github.com/vegardengen/unifi-network-operator/internal/unifi" ) // FirewallRuleReconciler reconciles a FirewallRule object type FirewallRuleReconciler struct { client.Client - Scheme *runtime.Scheme - UnifiClient *unifi.UnifiClient + Scheme *runtime.Scheme + UnifiClient *unifi.UnifiClient ConfigLoader *config.ConfigLoaderType } @@ -57,13 +57,18 @@ func (r *FirewallRuleReconciler) Reconcile(ctx context.Context, req ctrl.Request // TODO(user): your logic here cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config") - if err != nil { - return ctrl.Result{}, err - } + if err != nil { + return ctrl.Result{}, err + } - defaultNs := cfg.Data["defaultNamespace"] + defaultNs := cfg.Data["defaultNamespace"] log.Info(defaultNs) + err = r.UnifiClient.Reauthenticate() + if err != nil { + return ctrl.Result{}, err + } + return ctrl.Result{}, nil } diff --git a/internal/controller/firewallzone_controller.go b/internal/controller/firewallzone_controller.go index 8ec3108..2f1bbb6 100644 --- a/internal/controller/firewallzone_controller.go +++ b/internal/controller/firewallzone_controller.go @@ -19,8 +19,8 @@ package controller import ( "context" "fmt" - "strings" "regexp" + "strings" "time" "k8s.io/apimachinery/pkg/runtime" @@ -29,40 +29,39 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1" - "github.com/vegardengen/unifi-network-operator/internal/unifi" "github.com/vegardengen/unifi-network-operator/internal/config" + "github.com/vegardengen/unifi-network-operator/internal/unifi" ) // FirewallZoneReconciler reconciles a FirewallZone object type FirewallZoneReconciler struct { client.Client - Scheme *runtime.Scheme - UnifiClient *unifi.UnifiClient + Scheme *runtime.Scheme + UnifiClient *unifi.UnifiClient ConfigLoader *config.ConfigLoaderType } func toKubeName(input string) string { - // Lowercase the input - name := strings.ToLower(input) + // Lowercase the input + name := strings.ToLower(input) - // Replace any non-alphanumeric characters with dashes - re := regexp.MustCompile(`[^a-z0-9\-\.]+`) - name = re.ReplaceAllString(name, "-") + // Replace any non-alphanumeric characters with dashes + re := regexp.MustCompile(`[^a-z0-9\-\.]+`) + name = re.ReplaceAllString(name, "-") - // Trim leading and trailing non-alphanumerics - name = strings.Trim(name, "-.") + // Trim leading and trailing non-alphanumerics + name = strings.Trim(name, "-.") - // Ensure it's not empty and doesn't exceed 253 characters - if len(name) == 0 { - name = "default" - } else if len(name) > 253 { - name = name[:253] - } + // Ensure it's not empty and doesn't exceed 253 characters + if len(name) == 0 { + name = "default" + } else if len(name) > 253 { + name = name[:253] + } - return name + return name } - // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallzones,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallzones/status,verbs=get;update;patch // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallzones/finalizers,verbs=update @@ -81,11 +80,16 @@ func (r *FirewallZoneReconciler) Reconcile(ctx context.Context, req ctrl.Request log := log.FromContext(ctx) cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config") - if err != nil { - return ctrl.Result{}, err - } + if err != nil { + return ctrl.Result{}, err + } - defaultNs := cfg.Data["defaultNamespace"] + defaultNs := cfg.Data["defaultNamespace"] + + err = r.UnifiClient.Reauthenticate() + if err != nil { + return ctrl.Result{}, err + } var fwzCRDs unifiv1beta1.FirewallZoneList _ = r.List(ctx, &fwzCRDs, client.InNamespace(defaultNs)) @@ -118,17 +122,17 @@ func (r *FirewallZoneReconciler) Reconcile(ctx context.Context, req ctrl.Request for _, unifizone := range firewall_zones { log.Info(fmt.Sprintf("%+v\n", unifizone)) if _, found := firewallZoneNamesCRDs[unifizone.Name]; !found { - zoneCRD := &unifiv1beta1.FirewallZone { - ObjectMeta : ctrl.ObjectMeta { - Name: toKubeName(unifizone.Name), - Namespace: defaultNs, - }, - Spec: unifiv1beta1.FirewallZoneSpec { - Name : unifizone.Name, - ID : unifizone.ID, + zoneCRD := &unifiv1beta1.FirewallZone{ + ObjectMeta: ctrl.ObjectMeta{ + Name: toKubeName(unifizone.Name), + Namespace: defaultNs, + }, + Spec: unifiv1beta1.FirewallZoneSpec{ + Name: unifizone.Name, + ID: unifizone.ID, DefaultZone: unifizone.DefaultZone, - ZoneKey : unifizone.ZoneKey, - NetworkIDs : unifizone.NetworkIDs, + ZoneKey: unifizone.ZoneKey, + NetworkIDs: unifizone.NetworkIDs, }, } err := r.Create(ctx, zoneCRD) @@ -136,22 +140,22 @@ func (r *FirewallZoneReconciler) Reconcile(ctx context.Context, req ctrl.Request return ctrl.Result{RequeueAfter: 10 * time.Minute}, err } } else { - for _, zoneCRD := range fwzCRDs.Items { - if zoneCRD.Spec.Name == unifizone.Name { - zoneCRD.Spec = unifiv1beta1.FirewallZoneSpec { - Name : unifizone.Name, - ID : unifizone.ID, - DefaultZone: unifizone.DefaultZone, - ZoneKey : unifizone.ZoneKey, - NetworkIDs : unifizone.NetworkIDs, - } - err := r.Update(ctx, &zoneCRD) - if err != nil { - return ctrl.Result{RequeueAfter: 10 * time.Minute}, err - } - } - } - } + for _, zoneCRD := range fwzCRDs.Items { + if zoneCRD.Spec.Name == unifizone.Name { + zoneCRD.Spec = unifiv1beta1.FirewallZoneSpec{ + Name: unifizone.Name, + ID: unifizone.ID, + DefaultZone: unifizone.DefaultZone, + ZoneKey: unifizone.ZoneKey, + NetworkIDs: unifizone.NetworkIDs, + } + err := r.Update(ctx, &zoneCRD) + if err != nil { + return ctrl.Result{RequeueAfter: 10 * time.Minute}, err + } + } + } + } } return ctrl.Result{RequeueAfter: 10 * time.Minute}, nil diff --git a/internal/controller/networkconfiguration_controller.go b/internal/controller/networkconfiguration_controller.go index e2b706f..7fce34e 100644 --- a/internal/controller/networkconfiguration_controller.go +++ b/internal/controller/networkconfiguration_controller.go @@ -26,15 +26,15 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" unifiv1 "github.com/vegardengen/unifi-network-operator/api/v1beta1" - "github.com/vegardengen/unifi-network-operator/internal/unifi" "github.com/vegardengen/unifi-network-operator/internal/config" + "github.com/vegardengen/unifi-network-operator/internal/unifi" ) // NetworkconfigurationReconciler reconciles a Networkconfiguration object type NetworkconfigurationReconciler struct { client.Client - Scheme *runtime.Scheme - UnifiClient *unifi.UnifiClient + Scheme *runtime.Scheme + UnifiClient *unifi.UnifiClient ConfigLoader *config.ConfigLoaderType } @@ -55,17 +55,23 @@ type NetworkconfigurationReconciler struct { func (r *NetworkconfigurationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { log := log.FromContext(ctx) cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config") - if err != nil { - return ctrl.Result{}, err - } + if err != nil { + return ctrl.Result{}, err + } - defaultNs := cfg.Data["defaultNamespace"] + defaultNs := cfg.Data["defaultNamespace"] log.Info(defaultNs) var networkCRDs unifiv1.NetworkconfigurationList if err := r.List(ctx, &networkCRDs); err != nil { return ctrl.Result{}, err } + + err = r.UnifiClient.Reauthenticate() + if err != nil { + return ctrl.Result{}, err + } + k8sNetworks := make(map[string]*unifiv1.Networkconfiguration) for i := range networkCRDs.Items { log.Info(fmt.Sprintf("Inserting network %s\n", networkCRDs.Items[i].Spec.NetworkID))