Closed jnummelin closed 1 month ago
@EmilienM Do you remember why we have this in validateRemoteManagedGroups
? https://github.com/kubernetes-sigs/cluster-api-provider-openstack/blob/64242f4d91a6b8dff8d85ef24cb2307935470753/pkg/cloud/services/networking/securitygroups.go#L299-L311
I think empty remote managed groups is fine, right? They just need to be valid if specified.
Hmm, we have a test that this produces an error: https://github.com/kubernetes-sigs/cluster-api-provider-openstack/blob/64242f4d91a6b8dff8d85ef24cb2307935470753/pkg/cloud/services/networking/securitygroups_test.go#L51-L65
Now I'm worried I'm forgetting something important.
I suspect we've just over-encoded an assumption that there will always be a remote group because the 'upgrade' rules all had one. I suspect we can just remove it, but I'd like to get a second opinion.
/assign EmilienM
/kind bug
What steps did you take and what happened: Adding SG rules for e.g. SSH fails:
This fails to reconcile:
The docs say that I should be able to provide only the prefix, right:
What did you expect to happen: I was expecting to have a rule in the managed SG to allow SSH
Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]
Environment:
git rev-parse HEAD
if manually built):v0.10.2
kubectl version
): 1.29.4/etc/os-release
):