Skip to content

🐛 Allow setting disablePortSecurity on OSM port#2784

Merged
k8s-ci-robot merged 1 commit into
kubernetes-sigs:mainfrom
nikParasyr:port-security
Oct 15, 2025
Merged

🐛 Allow setting disablePortSecurity on OSM port#2784
k8s-ci-robot merged 1 commit into
kubernetes-sigs:mainfrom
nikParasyr:port-security

Conversation

@nikParasyr
Copy link
Copy Markdown
Contributor

@nikParasyr nikParasyr commented Oct 15, 2025

What this PR does / why we need it:
Ensure that disablePortSecurity is unset or false before setting the default securityGroup to a port.

Currently the default SG is added without checking disablePortSecurity. This leads to both disablePortSecurity and securityGroup being set which triggers an api validation error.

Which issue(s) this PR fixes:
Fixes #2783

Special notes for your reviewer:

  1. I spent some time looking on e2e tests but couldnt find a scenario to cover this, unit-test were updated though.

TODOs:

  • squashed commits
  • if necessary:
    • includes documentation
    • adds unit tests

/hold

@nikParasyr
Allow setting disablePortSecurity on OSM port
0c84d39 
Ensure that disablePortSecurity is unset or false before setting
the default securityGroup to a port.
@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 15, 2025
@netlify
Copy link
Copy Markdown

netlify Bot commented Oct 15, 2025
edited
Loading

Deploy Preview for kubernetes-sigs-cluster-api-openstack ready!

Name Link
🔨 Latest commit 0c84d39
🔍 Latest deploy log https://app.netlify.com/projects/kubernetes-sigs-cluster-api-openstack/deploys/68ef5725f3592c0008b64431
😎 Deploy Preview https://deploy-preview-2784--kubernetes-sigs-cluster-api-openstack.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Oct 15, 2025
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 15, 2025
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Oct 15, 2025

Hi @nikParasyr. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

lentzi90
lentzi90 reviewed Oct 15, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@lentzi90 lentzi90 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/ok-to-test
/approve

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 15, 2025
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Oct 15, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lentzi90

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 15, 2025
smoshiur1237
smoshiur1237 reviewed Oct 15, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@smoshiur1237 smoshiur1237 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 15, 2025
@lentzi90
Copy link
Copy Markdown
Contributor

lentzi90 commented Oct 15, 2025

/hold cancel
/cherry-pick release-0.13 release-0.12

@k8s-infra-cherrypick-robot
Copy link
Copy Markdown

k8s-infra-cherrypick-robot commented Oct 15, 2025

@lentzi90: once the present PR merges, I will cherry-pick it on top of release-0.13 in a new PR and assign it to you.

Details

In response to this:

/hold cancel
/cherry-pick release-0.13 release-0.12

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 15, 2025
@k8s-ci-robot k8s-ci-robot merged commit 28aae17 into kubernetes-sigs:main Oct 15, 2025
12 checks passed
@github-project-automation github-project-automation Bot moved this from Inbox to Done in CAPO Roadmap Oct 15, 2025
@k8s-infra-cherrypick-robot
Copy link
Copy Markdown

k8s-infra-cherrypick-robot commented Oct 15, 2025

@lentzi90: #2784 failed to apply on top of branch "release-0.13":

Applying: Allow setting disablePortSecurity on OSM port
Using index info to reconstruct a base tree...
M	controllers/openstackmachine_controller.go
M	controllers/openstackmachine_controller_test.go
Falling back to patching base and 3-way merge...
Auto-merging controllers/openstackmachine_controller_test.go
Auto-merging controllers/openstackmachine_controller.go
CONFLICT (content): Merge conflict in controllers/openstackmachine_controller.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0001 Allow setting disablePortSecurity on OSM port
Details

In response to this:

/hold cancel
/cherry-pick release-0.13 release-0.12

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@lentzi90
Copy link
Copy Markdown
Contributor

lentzi90 commented Oct 15, 2025

Too bad. If you want this backported to v0.13 and v0.12 you will have to do it manually.
Thanks for the fix!

@nikParasyr nikParasyr deleted the port-security branch October 15, 2025 12:17
@nikParasyr nikParasyr mentioned this pull request Jan 21, 2026
Closed
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lentzi90 lentzi90 lentzi90 left review comments

+1 more reviewer

@smoshiur1237 smoshiur1237 smoshiur1237 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@smoshiur1237 smoshiur1237

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

CAPO Roadmap
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cannot set disablePortSecurity to a OpenStackMachine port

5 participants

@nikParasyr @k8s-ci-robot @lentzi90 @k8s-infra-cherrypick-robot @smoshiur1237