klauvsteinen/unifi-network-operator
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reauthenticate method plus workaround for delete

Browse Source
This commit is contained in:
Vegard Engen
2025-04-10 13:45:51 +02:00
parent 1306939d58
commit a1ed82258c
3 changed files with 73 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
config/samples/unifi_v1beta1_firewallgroup.yaml
View File

@@ -9,9 +9,4 @@ spec:
name: Test name: Test
manualAddresses: manualAddresses:
- 192.168.1.153 - 192.168.1.153
- 192.168.1.154
- 192.168.1.155
- 2a01::3
- 2a01:0::5
- 2a01:2a01::/32
# TODO(user): Add fields here # TODO(user): Add fields here

53
internal/controller/firewallgroup_controller.go
View File

@@ -21,6 +21,7 @@ import (
"fmt" "fmt"
"net" "net"
"reflect" "reflect"
"strings"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
ctrl "sigs.k8s.io/controller-runtime" ctrl "sigs.k8s.io/controller-runtime"
@@ -90,6 +91,10 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req ctrl.Reques
} }
} }
} }
err := r.UnifiClient.Reauthenticate()
if err != nil {
return ctrl.Result{}, err
}
firewall_groups, err := r.UnifiClient.Client.ListFirewallGroup(context.Background(), r.UnifiClient.SiteID) firewall_groups, err := r.UnifiClient.Client.ListFirewallGroup(context.Background(), r.UnifiClient.SiteID)
if err != nil { if err != nil {
log.Error(err, "Could not list network objects") log.Error(err, "Could not list network objects")
@@ -105,9 +110,22 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req ctrl.Reques
log.Info(fmt.Sprintf("Delete %s", ipv4_name)) log.Info(fmt.Sprintf("Delete %s", ipv4_name))
err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID) err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID)
if err != nil { if err != nil {
msg := strings.ToLower(err.Error())
log.Info(msg)
if strings.Contains(msg, "api.err.objectreferredby") {
log.Info("Firewall group is in use. Invoking workaround...!")
firewall_group.GroupMembers = []string{"127.0.0.1"}
firewall_group.Name = firewall_group.Name + "-deleted"
_, updateerr := r.UnifiClient.Client.UpdateFirewallGroup(context.Background(), r.UnifiClient.SiteID, &firewall_group)
if updateerr != nil {
log.Error(updateerr, "Could neither delete or rename firewall group")
return ctrl.Result{}, updateerr
}
} else {
log.Error(err, "Could not delete firewall group") log.Error(err, "Could not delete firewall group")
return ctrl.Result{}, err return ctrl.Result{}, err
} }
}
ipv4_done = true ipv4_done = true
} else { } else {
if !reflect.DeepEqual(firewall_group.GroupMembers, ipv4) { if !reflect.DeepEqual(firewall_group.GroupMembers, ipv4) {
@@ -127,9 +145,22 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req ctrl.Reques
log.Info(fmt.Sprintf("Delete %s", ipv6_name)) log.Info(fmt.Sprintf("Delete %s", ipv6_name))
err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID) err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID)
if err != nil { if err != nil {
msg := strings.ToLower(err.Error())
log.Info(msg)
if strings.Contains(msg, "api.err.objectreferredby") {
log.Info("Firewall group is in use. Invoking workaround...!")
firewall_group.GroupMembers = []string{"::1"}
firewall_group.Name = firewall_group.Name + "-deleted"
_, updateerr := r.UnifiClient.Client.UpdateFirewallGroup(context.Background(), r.UnifiClient.SiteID, &firewall_group)
if updateerr != nil {
log.Error(updateerr, "Could neither delete or rename firewall group")
return ctrl.Result{}, updateerr
}
} else {
log.Error(err, "Could not delete firewall group") log.Error(err, "Could not delete firewall group")
return ctrl.Result{}, err return ctrl.Result{}, err
} }
}
ipv6_done = true ipv6_done = true
} else { } else {
if !reflect.DeepEqual(firewall_group.GroupMembers, ipv6) { if !reflect.DeepEqual(firewall_group.GroupMembers, ipv6) {
@@ -144,6 +175,28 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req ctrl.Reques
ipv6_done = true ipv6_done = true
} }
} }
if firewall_group.Name == ipv4_name+"-deleted" && len(ipv4) > 0 {
firewall_group.Name = ipv4_name
firewall_group.GroupMembers = ipv4
log.Info(fmt.Sprintf("Creating %s (from previously deleted)", ipv4_name))
_, err := r.UnifiClient.Client.UpdateFirewallGroup(context.Background(), r.UnifiClient.SiteID, &firewall_group)
if err != nil {
log.Error(err, "Could not update firewall group")
return ctrl.Result{}, err
}
ipv4_done = true
}
if firewall_group.Name == ipv6_name+"-deleted" && len(ipv6) > 0 {
firewall_group.Name = ipv6_name
firewall_group.GroupMembers = ipv6
log.Info(fmt.Sprintf("Creating %s (from previously deleted)", ipv6_name))
_, err := r.UnifiClient.Client.UpdateFirewallGroup(context.Background(), r.UnifiClient.SiteID, &firewall_group)
if err != nil {
log.Error(err, "Could not update firewall group")
return ctrl.Result{}, err
}
ipv6_done = true
}
} }
if len(ipv4) > 0 && !ipv4_done { if len(ipv4) > 0 && !ipv4_done {
log.Info(fmt.Sprintf("Creating %s", ipv4_name)) log.Info(fmt.Sprintf("Creating %s", ipv4_name))

18
internal/unifi/unifi.go
View File

@@ -7,11 +7,11 @@ import (
"crypto/tls" "crypto/tls"
"errors" "errors"
"fmt" "fmt"
"sync"
"strings"
"net/http" "net/http"
"net/http/cookiejar" "net/http/cookiejar"
"os" "os"
"strings"
"sync"
"github.com/vegardengen/go-unifi/unifi" "github.com/vegardengen/go-unifi/unifi"
) )
@@ -99,6 +99,20 @@ func (s *UnifiClient) WithSession(action func(c *unifi.Client) error) error {
return err return err
} }
func (uClient *UnifiClient) Reauthenticate() error {
_, err := uClient.Client.ListSites(context.Background())
if err == nil {
return nil
}
if IsSessionExpired(err) {
if loginErr := uClient.Client.Login(context.Background(), uClient.username, uClient.password); loginErr != nil {
return fmt.Errorf("re-login to Unifi failed: %w", loginErr)
}
}
return nil
}
func IsSessionExpired(err error) bool { func IsSessionExpired(err error) bool {
if err == nil { if err == nil {
return false return false