From 22c8df683388f6d8649aa509f94925a4a6dd95d7 Mon Sep 17 00:00:00 2001 From: Vegard Engen Date: Fri, 27 Jun 2025 16:46:45 +0200 Subject: [PATCH 1/4] Add namespace to name of firewallgroups --- internal/controller/firewallgroup_controller.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/controller/firewallgroup_controller.go b/internal/controller/firewallgroup_controller.go index 86dcb6d..504c73c 100644 --- a/internal/controller/firewallgroup_controller.go +++ b/internal/controller/firewallgroup_controller.go @@ -361,10 +361,10 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R log.Error(err, "Could not list network objects") return reconcile.Result{}, err } - ipv4_name := "k8s-" + firewallGroup.Spec.Name + "-ipv4" - ipv6_name := "k8s-" + firewallGroup.Spec.Name + "-ipv6" - tcpports_name := "k8s-" + firewallGroup.Spec.Name + "-tcpports" - udpports_name := "k8s-" + firewallGroup.Spec.Name + "-udpports" + ipv4_name := "k8s-" + firewallGroup.Spec.Namespace + "/" + firewallGroup.Spec.Name + "-ipv4" + ipv6_name := "k8s-" + firewallGroup.Spec.Namespace + "/" + firewallGroup.Spec.Name + "-ipv6" + tcpports_name := "k8s-" firewallGroup.Spec.Namespace + "/" + firewallGroup.Spec.Name + "-tcpports" + udpports_name := "k8s-" + firewallGroup.Spec.Namespace + "/" + firewallGroup.Spec.Name + "-udpports" ipv4_done := false ipv6_done := false tcpports_done := false From 440dc04e5bbb88d77698e424a33faec80d85be59 Mon Sep 17 00:00:00 2001 From: Vegard Engen Date: Fri, 27 Jun 2025 16:51:05 +0200 Subject: [PATCH 2/4] Add namespace to some names --- internal/controller/firewallpolicy_controller.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/internal/controller/firewallpolicy_controller.go b/internal/controller/firewallpolicy_controller.go index 506125f..292fbe7 100644 --- a/internal/controller/firewallpolicy_controller.go +++ b/internal/controller/firewallpolicy_controller.go @@ -468,7 +468,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 { if len(firewallGroup.Status.ResolvedTCPPorts) > 0 { - policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp" + policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp" if _, found := unifiFirewallpolicyNames[policyname]; !found { log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname)) unifiFirewallPolicy := fillDefaultPolicy() @@ -503,7 +503,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque } } if len(firewallGroup.Status.ResolvedUDPPorts) > 0 { - policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp" + policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp" if _, found := unifiFirewallpolicyNames[policyname]; !found { log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname)) unifiFirewallPolicy := fillDefaultPolicy() @@ -541,7 +541,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque } if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 { if len(firewallGroup.Status.ResolvedTCPPorts) > 0 { - policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp" + policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp" if _, found := unifiFirewallpolicyNames[policyname]; !found { log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname)) unifiFirewallPolicy := fillDefaultPolicy() @@ -577,7 +577,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque } } if len(firewallGroup.Status.ResolvedUDPPorts) > 0 { - policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp" + policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp" if _, found := unifiFirewallpolicyNames[policyname]; !found { log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname)) unifiFirewallPolicy := fillDefaultPolicy() @@ -640,7 +640,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque } if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 { if len(firewallGroup.Status.ResolvedTCPPorts) > 0 { - policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp" + policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp" if _, found := unifiFirewallpolicyNames[policyname]; !found { log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname)) unifiFirewallPolicy := fillDefaultPolicy() @@ -677,7 +677,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque } } if len(firewallGroup.Status.ResolvedUDPPorts) > 0 { - policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp" + policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp" if _, found := unifiFirewallpolicyNames[policyname]; !found { log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname)) unifiFirewallPolicy := fillDefaultPolicy() @@ -716,7 +716,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque } if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 { if len(firewallGroup.Status.ResolvedTCPPorts) > 0 { - policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp" + policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp" if _, found := unifiFirewallpolicyNames[policyname]; !found { log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname)) unifiFirewallPolicy := fillDefaultPolicy() @@ -753,7 +753,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque } } if len(firewallGroup.Status.ResolvedUDPPorts) > 0 { - policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp" + policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp" if _, found := unifiFirewallpolicyNames[policyname]; !found { log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname)) unifiFirewallPolicy := fillDefaultPolicy() From 5885daac558b8196cb92826d85c9e655f562a486 Mon Sep 17 00:00:00 2001 From: Vegard Engen Date: Fri, 27 Jun 2025 16:53:44 +0200 Subject: [PATCH 3/4] Fix --- internal/controller/firewallgroup_controller.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/controller/firewallgroup_controller.go b/internal/controller/firewallgroup_controller.go index 504c73c..99e5423 100644 --- a/internal/controller/firewallgroup_controller.go +++ b/internal/controller/firewallgroup_controller.go @@ -363,7 +363,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R } ipv4_name := "k8s-" + firewallGroup.Spec.Namespace + "/" + firewallGroup.Spec.Name + "-ipv4" ipv6_name := "k8s-" + firewallGroup.Spec.Namespace + "/" + firewallGroup.Spec.Name + "-ipv6" - tcpports_name := "k8s-" firewallGroup.Spec.Namespace + "/" + firewallGroup.Spec.Name + "-tcpports" + tcpports_name := "k8s-" + firewallGroup.Spec.Namespace + "/" + firewallGroup.Spec.Name + "-tcpports" udpports_name := "k8s-" + firewallGroup.Spec.Namespace + "/" + firewallGroup.Spec.Name + "-udpports" ipv4_done := false ipv6_done := false From 8d70a78a503a3ba8cbb617d66bca1e56615ca61a Mon Sep 17 00:00:00 2001 From: Vegard Engen Date: Fri, 27 Jun 2025 17:01:55 +0200 Subject: [PATCH 4/4] fix --- internal/controller/firewallgroup_controller.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/controller/firewallgroup_controller.go b/internal/controller/firewallgroup_controller.go index 99e5423..f74117f 100644 --- a/internal/controller/firewallgroup_controller.go +++ b/internal/controller/firewallgroup_controller.go @@ -361,10 +361,10 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R log.Error(err, "Could not list network objects") return reconcile.Result{}, err } - ipv4_name := "k8s-" + firewallGroup.Spec.Namespace + "/" + firewallGroup.Spec.Name + "-ipv4" - ipv6_name := "k8s-" + firewallGroup.Spec.Namespace + "/" + firewallGroup.Spec.Name + "-ipv6" - tcpports_name := "k8s-" + firewallGroup.Spec.Namespace + "/" + firewallGroup.Spec.Name + "-tcpports" - udpports_name := "k8s-" + firewallGroup.Spec.Namespace + "/" + firewallGroup.Spec.Name + "-udpports" + ipv4_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-ipv4" + ipv6_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-ipv6" + tcpports_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-tcpports" + udpports_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-udpports" ipv4_done := false ipv6_done := false tcpports_done := false