"status.bastionSecurityGroup.rules: Required value" updating cluster

[mdbooth]

/kind bug

From @lentzi90

❯ kubectl diff -k CAPO/test-cluster
The OpenStackCluster "lennart-test" is invalid: 
* status.bastionSecurityGroup.rules: Required value
* status.workerSecurityGroup.rules: Required value
* status.controlPlaneSecurityGroup.rules: Required value

when doing the following:

* Init with CAPO v0.9
* Create a v1alpha7 cluster
* Upgrade CAPO to v0.10.0-alpha.0
* Try to update the OpenStackCluster (e.g. add an IP to the allowedCidrs)

[mdbooth]

It looks like you're editing the cluster as v1alpha7, which is fine and is intended to work, but is important context.

I think this is complaining that the rules are required in v1alpha7, not v1beta1. We removed rules in v1beta1. I think what's happening here is that:

• it's correctly up-converted
• the controller modifies the status and persists the object as v1beta1
• the client requests v1alpha7 to show the result
• status was modified during up-conversion, so is not restored, only converted
• without restoration the rules are lost in v1alpha7

This would explain why:

• You get the warning about a field which has been removed
• The change is persisted anyway

[mdbooth]

I think the fix here is to make the field option in versions prior to v1beta1.