Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add feature to update / delete attached firewall #171

Merged
merged 9 commits into from
Jan 23, 2024
Merged

Add feature to update / delete attached firewall #171

merged 9 commits into from
Jan 23, 2024

Conversation

rammanoj
Copy link
Contributor

Fixes #146

Changes:

  • Add the below three features while updating the node balancer:
    • Attach New Firewall
    • Update Attached Firewall
    • Delete Attached Firewall
  • Upgrade linodego to 1.26

General:

  • Have you removed all sensitive information, including but not limited to access keys and passwords?
  • Have you checked to ensure there aren't other open or closed Pull Requests for the same bug/feature/question?

Pull Request Guidelines:

  1. Does your submission pass tests?
  2. Have you added tests?
  3. Are you addressing a single feature in this PR?
  4. Are your commits atomic, addressing one change per commit?
  5. Are you following the conventions of the language?
  6. Have you saved your large formatting changes for a different PR, so we can focus on your work?
  7. Have you explained your rationale for why this feature is needed?
  8. Have you linked your PR to an open issue

@rammanoj rammanoj marked this pull request as draft January 21, 2024 05:56
@rammanoj rammanoj marked this pull request as ready for review January 21, 2024 20:02
tchinmai7
tchinmai7 reviewed Jan 22, 2024
View reviewed changes
cloud/linode/loadbalancers.go
@@ -229,6 +229,90 @@ func (l *loadbalancers) EnsureLoadBalancer(ctx context.Context, clusterName stri
return lbStatus, nil
}

func (l *loadbalancers) getNodeBalancerDeviceId(ctx context.Context, firewallID, nbID, page int) (int, bool, error) {
devices, err := l.client.ListFirewallDevices(ctx, firewallID, &linodego.ListOptions{PageSize: 500, PageOptions: &linodego.PageOptions{Page: page}})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think you need to handle pagination manually here - linodego abstracts it from you

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Though the output is []linodego.FirewallDevice. The PageOptions is passed as an input parameter. The max. page size is 500. If there are more than 500 items, this might be useful.

As discussed, for the sake of simplicity, this could be skipped with just a single call rather than recursive set of calls.

cloud/linode/loadbalancers.go
// get the attached firewall
firewalls, err := l.client.ListNodeBalancerFirewalls(ctx, nb.ID, &linodego.ListOptions{})
if err != nil {
if !ok {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you add comments explaining this logic?

cloud/linode/loadbalancers.go
if existingFirewallID != newFirewallID {
// remove the existing firewall

if existingFirewallID != 0 {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when will existingFirewallID be 0?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The value is zero when there is no Firewall assigned. Default value of a integer variable in golang is 0. The existingFirewallID variable would only be tampered if there's a firewall attached to nodeBalancer. If not, it would be 0

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah I see the logic now. can you move the declaration for existingFirewallID to line 277 so its immediately obvious?

okokes-akamai
okokes-akamai reviewed Jan 23, 2024
View reviewed changes
cloud/linode/fake_linode_test.go
@@ -186,6 +190,40 @@ func (f *fakeAPI) ServeHTTP(w http.ResponseWriter, r *http.Request) {
_, _ = w.Write(rr)
return
}

rx, _ = regexp.Compile("/nodebalancers/[0-9]+/firewalls")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's weird to ignore the error here - maybe just run MustCompile to ensure it passes.

cloud/linode/fake_linode_test.go
{Reason: "Not Found"},
},
}
rr, _ := json.Marshal(resp)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's kinda weird that we check errors from strconv.Atoi and not these ones. They seem to be similarly likely to happen.

cloud/linode/fake_linode_test.go
@@ -24,6 +24,8 @@ type fakeAPI struct {
nb map[string]*linodego.NodeBalancer
nbc map[string]*linodego.NodeBalancerConfig
nbn map[string]*linodego.NodeBalancerNode
fw map[int]*linodego.Firewall
fwd map[int]map[int]*linodego.FirewallDevice
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's useful to add comments here to signal what the ints stand for

cloud/linode/loadbalancers.go
@@ -229,6 +229,103 @@ func (l *loadbalancers) EnsureLoadBalancer(ctx context.Context, clusterName stri
return lbStatus, nil
}

// getNodeBalancerDeviceId gets the deviceID of the nodeBalancer that is attached to the firewall.
func (l *loadbalancers) getNodeBalancerDeviceId(ctx context.Context, firewallID, nbID, page int) (int, bool, error) {
devices, err := l.client.ListFirewallDevices(ctx, firewallID, &linodego.ListOptions{PageSize: 500, PageOptions: &linodego.PageOptions{Page: page}})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is only called with Page: 1 - so when do we actually paginate?

cloud/linode/loadbalancers.go
firewalls, err := l.client.ListNodeBalancerFirewalls(ctx, nb.ID, &linodego.ListOptions{})
if err != nil {
if !ok {
if err.Error() != "[404] Not Found" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a bit icky, can we maybe use the linodego.Error type assertion and its Code field?

cloud/linode/loadbalancers.go
@@ -258,6 +354,12 @@ func (l *loadbalancers) updateNodeBalancer(ctx context.Context, clusterName stri
}
}

// update node-balancer firewall
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: this comment seems redundant

cloud/linode/loadbalancers_test.go
@@ -639,7 +651,7 @@ func testUpdateLoadBalancerAddTLSPort(t *testing.T, client *linodego.Client, _ *
}

if !reflect.DeepEqual(expectedPorts, observedPorts) {
t.Errorf("NodeBalancer ports mismatch: expected %v, got %v", expectedPorts, observedPorts)
t.Errorf("NodeBalancer ports mismatch: expected %v, got %v", `expectedPorts`, observedPorts)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we passing a string literal to the formatter?

@tchinmai7 tchinmai7 merged commit 3a68362 into linode:main Jan 23, 2024
4 checks passed
@tchinmai7
Copy link
Contributor

Merging now, will address comments in a followup PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@okokes-akamai okokes-akamai okokes-akamai left review comments

@tchinmai7 tchinmai7 tchinmai7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix Update/Delete Usage of Firewall Association
3 participants
@rammanoj @tchinmai7 @okokes-akamai