Add feature to create a Network Security Group in Azure #200
Conversation
Signed-off-by: shreya <[email protected]>
Signed-off-by: shreya <[email protected]>
Signed-off-by: shreya <[email protected]>
Signed-off-by: shreya <[email protected]>
escortnotice
changed the title
escortnotice
changed the title
Feature nsg unit test to feature msg
There was a problem hiding this comment.
@escortnotice thanks for your work here :) I have given a first pass review below, but also wanted to point you to these resources:
- https://github.com/crossplane/crossplane/blob/master/design/one-pager-managed-resource-api-design.md
- https://crossplane.io/docs/v1.0/introduction/managed-resources.html
Also, I believe you will need an update to crossplane-runtime version here 👍 The errors in CI should give you some indication about other existing issues. Let me know if you have any questions!
apis/network/v1alpha3/types.go
Outdated
|
|
||
| Spec SecurityGroupSpec `json:"spec"` | ||
| Status SecurityGroupStatus `json:"status,omitempty"` | ||
| ///Properties SecurityGroupPropertiesFormat `json:"properties,omitempty"` |
There was a problem hiding this comment.
| ///Properties SecurityGroupPropertiesFormat `json:"properties,omitempty"` |
| } | ||
|
|
||
| // A SecurityGroupSpec defines the desired state of a SecurityGroup. | ||
| type SecurityGroupSpec struct { |
There was a problem hiding this comment.
fields that are not imported from crossplane-runtime should be under forProvider struct (ref: https://github.com/crossplane/provider-azure/blob/b55e3a0dabc627726d2f5275d80f662650932d45/apis/cache/v1beta1/redis_types.go#L139)
There was a problem hiding this comment.
Just curious to know what is the significance of adding forProvider as it seems to be a level addition to me , and this is also not present in Virtualnetwork Resource.
There was a problem hiding this comment.
we have added forProvided in the SecurityGroupSpec Struct also.
apis/network/v1alpha3/types.go
Outdated
| // SecurityRulePropertiesFormat security rule resource. | ||
| type SecurityRulePropertiesFormat struct { | ||
| // Description - A description for this rule. Restricted to 140 chars. | ||
| Description string `json:"description,omitempty"` |
There was a problem hiding this comment.
All optional spec fields should be pointer types.
| Description string `json:"description,omitempty"` | |
| Description *string `json:"description,omitempty"` |
apis/network/v1alpha3/types.go
Outdated
| SourcePortRange string `json:"sourcePortRange,omitempty"` | ||
| // DestinationPortRange - The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | ||
| DestinationPortRange string `json:"destinationPortRange,omitempty"` | ||
| // SourceAddressPrefix - The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. |
There was a problem hiding this comment.
Prefer that comments be wrapped at 80 chars :)
apis/network/v1alpha3/register.go
Outdated
| func init() { | ||
| SchemeBuilder.Register(&VirtualNetwork{}, &VirtualNetworkList{}) | ||
| SchemeBuilder.Register(&Subnet{}, &SubnetList{}) | ||
| SchemeBuilder.Register(&SecurityGroup{}, &SecurityGroupList{}) | ||
| SchemeBuilder.Register(&SecurityRule{}) |
There was a problem hiding this comment.
Guessing there should also be a SecurityRuleList?
There was a problem hiding this comment.
Or is it intended that a SecurityRule just be in the spec of a SecurityGroup? If so, it should not be its own object, but it they are separate APIs on Azure then they should be separate Crossplane objects and the SecurityGroup should reference SecurityRule.
There was a problem hiding this comment.
Refactored SecurityRule as it is just a part of Security Group not a independent entity.
pkg/controller/azure.go
Outdated
| @@ -17,6 +17,7 @@ limitations under the License. | |||
| package controller | |||
|
|
|||
| import ( | |||
| SecurityGroup "github.com/crossplane/provider-azure/pkg/controller/network/securitygroup" | |||
There was a problem hiding this comment.
| SecurityGroup "github.com/crossplane/provider-azure/pkg/controller/network/securitygroup" | |
| "github.com/crossplane/provider-azure/pkg/controller/network/securitygroup" |
pkg/controller/azure.go
Outdated
| @@ -56,6 +57,7 @@ func Setup(mgr ctrl.Manager, l logging.Logger) error { | |||
| resourcegroup.Setup, | |||
| account.Setup, | |||
| container.Setup, | |||
| SecurityGroup.Setup, | |||
There was a problem hiding this comment.
| SecurityGroup.Setup, | |
| securitygroup.Setup, |
| //"github.com/crossplane/provider-azure/pkg/clients/network" | ||
|
|
||
| //"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2019-12-01/network/networkapi" |
There was a problem hiding this comment.
| //"github.com/crossplane/provider-azure/pkg/clients/network" | |
| //"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2019-12-01/network/networkapi" |
|
|
||
| type external struct { | ||
| client networkapi.SecurityGroupsClientAPI | ||
| //client azurenetwork.SecurityGroupsClient |
There was a problem hiding this comment.
| //client azurenetwork.SecurityGroupsClient |
| @@ -0,0 +1,470 @@ | |||
| package SecurityGroup | |||
|
|
|||
| import ( | |||
There was a problem hiding this comment.
these imports will fail linting https://github.com/crossplane/provider-azure/blob/b55e3a0dabc627726d2f5275d80f662650932d45/.golangci.yml#L38
There was a problem hiding this comment.
Sorry I am unable to understand this statement , could you please share more details what changes are expected.
There was a problem hiding this comment.
We require imports to be structured in groups separated by a blank line in the following order:
- stdlib packages
- external packages (i.e. not from crossplane org)
- other crossplane org packages (i.e.
crossplane-runtime) - provider-azure packages (i.e. from within this repo)
There was a problem hiding this comment.
First running:
goimports -local github.com/crossplane/provider-azure -w pkg/controller/network/securitygroup/managed_test.go pkg/controller/network/securitygroup/managed_test.go,
and then running:
goimports -local github.com/crossplane/crossplane-runtime -w pkg/controller/network/securitygroup/managed_test.go pkg/controller/network/securitygroup/managed_test.go,
should put them into shape.
| func init() { | ||
| SchemeBuilder.Register(&VirtualNetwork{}, &VirtualNetworkList{}) | ||
| SchemeBuilder.Register(&Subnet{}, &SubnetList{}) | ||
| SchemeBuilder.Register(&SecurityGroup{}, &SecurityGroupList{}) | ||
| //SchemeBuilder.Register(&SecurityRule{}) |
There was a problem hiding this comment.
Should this be removed? Is it possible to create a SecurityRule independent of a SecurityGroup? If so, it should be a separate resource type.
Description of your changes
Create a Network Security Group, which can restrict inbound and outgoing traffic using 5tuple rules. Also restrict traffic based on Service tagging and Application Security Group.
Issue: #168
Fixes #
I have:
make reviewable testto ensure this PR is ready for review.How has this code been tested
Currently we have tested the code manually on azure cloud, all the configuration files (.yaml) are in the examples folder which can be referred for use.