Merge branch 'main' into firewall-docs

api/v1alpha1/conversion.go

@@ -47,11 +47,14 @@ func Convert_v1alpha2_LinodeMachineSpec_To_v1alpha1_LinodeMachineSpec(in *infras
 	return autoConvert_v1alpha2_LinodeMachineSpec_To_v1alpha1_LinodeMachineSpec(in, out, s)
 }
 
+func Convert_v1alpha1_LinodeMachineSpec_To_v1alpha2_LinodeMachineSpec(in *LinodeMachineSpec, out *infrastructurev1alpha2.LinodeMachineSpec, s conversion.Scope) error {
+	return autoConvert_v1alpha1_LinodeMachineSpec_To_v1alpha2_LinodeMachineSpec(in, out, s)
+}
+
 func Convert_v1alpha1_LinodeObjectStorageBucketSpec_To_v1alpha2_LinodeObjectStorageBucketSpec(in *LinodeObjectStorageBucketSpec, out *infrastructurev1alpha2.LinodeObjectStorageBucketSpec, s conversion.Scope) error {
 	// WARNING: in.Cluster requires manual conversion: does not exist in peer-type
 	out.Region = in.Cluster
 	out.CredentialsRef = in.CredentialsRef
-	out.SecretType = in.SecretType
 	return nil
 }
 func Convert_v1alpha1_LinodeObjectStorageBucketStatus_To_v1alpha2_LinodeObjectStorageBucketStatus(in *LinodeObjectStorageBucketStatus, out *infrastructurev1alpha2.LinodeObjectStorageBucketStatus, s conversion.Scope) error {
@@ -71,7 +74,7 @@ func Convert_v1alpha2_LinodeObjectStorageBucketSpec_To_v1alpha1_LinodeObjectStor
 	out.Cluster = in.Region
 	out.CredentialsRef = in.CredentialsRef
 	out.KeyGeneration = ptr.To(0)
-	out.SecretType = in.SecretType
+	out.SecretType = DefaultSecretTypeObjectStorageBucket
 	return nil
 }
 

api/v1alpha1/linodemachine_conversion_test.go

@@ -40,7 +40,6 @@ func TestLinodeMachineConvertTo(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{Name: "test-machine"},
 		Spec: LinodeMachineSpec{
 			ProviderID:      ptr.To("linode://1234"),
-			InstanceID:      ptr.To(1234),
 			Region:          "us-mia",
 			Type:            "g6-standard-2",
 			Group:           "",
@@ -53,7 +52,6 @@ func TestLinodeMachineConvertTo(t *testing.T) {
 			BackupsEnabled:  false,
 			PrivateIP:       ptr.To(true),
 			Tags:            []string{"test instance"},
-			FirewallID:      123,
 			OSDisk: ptr.To(InstanceDisk{
 				DiskID:     0,
 				Size:       *resource.NewQuantity(12, resource.DecimalSI),
@@ -83,7 +81,6 @@ func TestLinodeMachineConvertTo(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{Name: "test-machine"},
 		Spec: infrav1alpha2.LinodeMachineSpec{
 			ProviderID:      ptr.To("linode://1234"),
-			InstanceID:      ptr.To(1234),
 			Region:          "us-mia",
 			Type:            "g6-standard-2",
 			Group:           "",
@@ -96,7 +93,6 @@ func TestLinodeMachineConvertTo(t *testing.T) {
 			BackupsEnabled:  false,
 			PrivateIP:       ptr.To(true),
 			Tags:            []string{"test instance"},
-			FirewallID:      123,
 			OSDisk: ptr.To(infrav1alpha2.InstanceDisk{
 				DiskID:     0,
 				Size:       *resource.NewQuantity(12, resource.DecimalSI),
@@ -170,7 +166,6 @@ func TestLinodeMachineConvertFrom(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{Name: "test-machine"},
 		Spec: infrav1alpha2.LinodeMachineSpec{
 			ProviderID:      ptr.To("linode://1234"),
-			InstanceID:      ptr.To(1234),
 			Region:          "us-mia",
 			Type:            "g6-standard-2",
 			Group:           "",
@@ -183,7 +178,6 @@ func TestLinodeMachineConvertFrom(t *testing.T) {
 			BackupsEnabled:  false,
 			PrivateIP:       ptr.To(true),
 			Tags:            []string{"test instance"},
-			FirewallID:      123,
 			OSDisk: ptr.To(infrav1alpha2.InstanceDisk{
 				DiskID:     0,
 				Size:       *resource.NewQuantity(12, resource.DecimalSI),
@@ -218,7 +212,6 @@ func TestLinodeMachineConvertFrom(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{Name: "test-machine"},
 		Spec: LinodeMachineSpec{
 			ProviderID:      ptr.To("linode://1234"),
-			InstanceID:      ptr.To(1234),
 			Region:          "us-mia",
 			Type:            "g6-standard-2",
 			Group:           "",
@@ -231,7 +224,6 @@ func TestLinodeMachineConvertFrom(t *testing.T) {
 			BackupsEnabled:  false,
 			PrivateIP:       ptr.To(true),
 			Tags:            []string{"test instance"},
-			FirewallID:      123,
 			OSDisk: ptr.To(InstanceDisk{
 				DiskID:     0,
 				Size:       *resource.NewQuantity(12, resource.DecimalSI),

api/v1alpha1/linodemachinetemplate_conversion_test.go

@@ -42,7 +42,6 @@ func TestLinodeMachineTemplateConvertTo(t *testing.T) {
 			Template: LinodeMachineTemplateResource{
 				Spec: LinodeMachineSpec{
 					ProviderID:      ptr.To("linode://1234"),
-					InstanceID:      ptr.To(1234),
 					Region:          "us-mia",
 					Type:            "g6-standard-2",
 					Group:           "",
@@ -55,7 +54,6 @@ func TestLinodeMachineTemplateConvertTo(t *testing.T) {
 					BackupsEnabled:  false,
 					PrivateIP:       ptr.To(true),
 					Tags:            []string{"test instance"},
-					FirewallID:      123,
 					OSDisk: ptr.To(InstanceDisk{
 						DiskID:     0,
 						Size:       *resource.NewQuantity(12, resource.DecimalSI),
@@ -88,7 +86,6 @@ func TestLinodeMachineTemplateConvertTo(t *testing.T) {
 			Template: infrav1alpha2.LinodeMachineTemplateResource{
 				Spec: infrav1alpha2.LinodeMachineSpec{
 					ProviderID:      ptr.To("linode://1234"),
-					InstanceID:      ptr.To(1234),
 					Region:          "us-mia",
 					Type:            "g6-standard-2",
 					Group:           "",
@@ -101,7 +98,6 @@ func TestLinodeMachineTemplateConvertTo(t *testing.T) {
 					BackupsEnabled:  false,
 					PrivateIP:       ptr.To(true),
 					Tags:            []string{"test instance"},
-					FirewallID:      123,
 					OSDisk: ptr.To(infrav1alpha2.InstanceDisk{
 						DiskID:     0,
 						Size:       *resource.NewQuantity(12, resource.DecimalSI),
@@ -178,7 +174,6 @@ func TestLinodeMachineTemplateConvertFrom(t *testing.T) {
 			Template: infrav1alpha2.LinodeMachineTemplateResource{
 				Spec: infrav1alpha2.LinodeMachineSpec{
 					ProviderID:      ptr.To("linode://1234"),
-					InstanceID:      ptr.To(1234),
 					Region:          "us-mia",
 					Type:            "g6-standard-2",
 					Group:           "",
@@ -191,7 +186,6 @@ func TestLinodeMachineTemplateConvertFrom(t *testing.T) {
 					BackupsEnabled:  false,
 					PrivateIP:       ptr.To(true),
 					Tags:            []string{"test instance"},
-					FirewallID:      123,
 					OSDisk: ptr.To(infrav1alpha2.InstanceDisk{
 						DiskID:     0,
 						Size:       *resource.NewQuantity(12, resource.DecimalSI),
@@ -224,7 +218,6 @@ func TestLinodeMachineTemplateConvertFrom(t *testing.T) {
 			Template: LinodeMachineTemplateResource{
 				Spec: LinodeMachineSpec{
 					ProviderID:      ptr.To("linode://1234"),
-					InstanceID:      ptr.To(1234),
 					Region:          "us-mia",
 					Type:            "g6-standard-2",
 					Group:           "",
@@ -237,7 +230,6 @@ func TestLinodeMachineTemplateConvertFrom(t *testing.T) {
 					BackupsEnabled:  false,
 					PrivateIP:       ptr.To(true),
 					Tags:            []string{"test instance"},
-					FirewallID:      123,
 					OSDisk: ptr.To(InstanceDisk{
 						DiskID:     0,
 						Size:       *resource.NewQuantity(12, resource.DecimalSI),

api/v1alpha1/linodeobjectstoragebucket_conversion_test.go

@@ -59,7 +59,6 @@ func TestLinodeObjectStorageBucketConvertTo(t *testing.T) {
 				Namespace: "default",
 				Name:      "cred-secret",
 			},
-			SecretType: "Opaque",
 		},
 		Status: infrav1alpha2.LinodeObjectStorageBucketStatus{},
 	}
@@ -95,15 +94,14 @@ func TestLinodeObjectStorageBucketFrom(t *testing.T) {
 				Namespace: "default",
 				Name:      "cred-secret",
 			},
-			SecretType: "Opaque",
 		},
 		Status: infrav1alpha2.LinodeObjectStorageBucketStatus{},
 	}
 	expectedDst := &LinodeObjectStorageBucket{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "test-bucket",
 			Annotations: map[string]string{
-				ConversionDataAnnotation: `{"spec":{"credentialsRef":{"name":"cred-secret","namespace":"default"},"region":"us-mia-1","secretType":"Opaque"},"status":{"ready":false}}`,
+				ConversionDataAnnotation: `{"spec":{"credentialsRef":{"name":"cred-secret","namespace":"default"},"region":"us-mia-1"},"status":{"ready":false}}`,
 			},
 		},
 		Spec: LinodeObjectStorageBucketSpec{
@@ -113,7 +111,7 @@ func TestLinodeObjectStorageBucketFrom(t *testing.T) {
 				Name:      "cred-secret",
 			},
 			KeyGeneration: ptr.To(0),
-			SecretType:    "Opaque",
+			SecretType:    DefaultSecretTypeObjectStorageBucket,
 		},
 		Status: LinodeObjectStorageBucketStatus{},
 	}

api/v1alpha1/linodeobjectstoragebucket_types.go

@@ -25,7 +25,8 @@ import (
 const (
 	// ObjectStorageBucketFinalizer allows ReconcileLinodeObjectStorageBucket to clean up Linode resources associated
 	// with LinodeObjectStorageBucket before removing it from the apiserver.
-	ObjectStorageBucketFinalizer = "linodeobjectstoragebucket.infrastructure.cluster.x-k8s.io"
+	ObjectStorageBucketFinalizer         = "linodeobjectstoragebucket.infrastructure.cluster.x-k8s.io"
+	DefaultSecretTypeObjectStorageBucket = "addons.cluster.x-k8s.io/resource-set"
 )
 
 // LinodeObjectStorageBucketSpec defines the desired state of LinodeObjectStorageBucket

api/v1alpha2/linodemachine_types.go

@@ -38,6 +38,7 @@ type LinodeMachineSpec struct {
 	ProviderID *string `json:"providerID,omitempty"`
 	// InstanceID is the Linode instance ID for this machine.
 	// +optional
+	// +kubebuilder:deprecatedversion:warning="ProviderID deprecates InstanceID"
 	InstanceID *int `json:"instanceID,omitempty"`
 
 	// +kubebuilder:validation:Required
@@ -67,6 +68,7 @@ type LinodeMachineSpec struct {
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
 	Tags []string `json:"tags,omitempty"`
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
+	// +kubebuilder:deprecatedversion:warning="Firewalls should be referenced via FirewallRef"
 	FirewallID int `json:"firewallID,omitempty"`
 	// OSDisk is configuration for the root disk that includes the OS,
 	// if not specified this defaults to whatever space is not taken up by the DataDisks
@@ -96,6 +98,10 @@ type LinodeMachineSpec struct {
 	// +optional
 	// PlacementGroupRef is a reference to a placement group object. This makes the linode to be launched in that specific group.
 	PlacementGroupRef *corev1.ObjectReference `json:"placementGroupRef,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
+	// +optional
+	// FirewallRef is a reference to a firewall object. This makes the linode use the specified firewall.
+	FirewallRef *corev1.ObjectReference `json:"firewallRef,omitempty"`
 }
 
 // InstanceDisk defines a list of disks to use for an instance
@@ -210,7 +216,7 @@ type LinodeMachineStatus struct {
 // +kubebuilder:printcolumn:name="Cluster",type="string",JSONPath=".metadata.labels.cluster\\.x-k8s\\.io/cluster-name",description="Cluster to which this LinodeMachine belongs"
 // +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.instanceState",description="Linode instance state"
 // +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.ready",description="Machine ready status"
-// +kubebuilder:printcolumn:name="InstanceID",type="string",JSONPath=".spec.providerID",description="Linode instance ID"
+// +kubebuilder:printcolumn:name="ProviderID",type="string",JSONPath=".spec.providerID",description="Provider ID"
 // +kubebuilder:printcolumn:name="Machine",type="string",JSONPath=".metadata.ownerReferences[?(@.kind==\"Machine\")].name",description="Machine object which owns with this LinodeMachine"
 
 // LinodeMachine is the Schema for the linodemachines API

api/v1alpha2/linodeobjectstoragebucket_types.go

@@ -26,13 +26,10 @@ type ObjectStorageACL string
 
 // ObjectStorageACL options represent the access control level of a bucket.
 const (
-	// ObjectStorageBucketFinalizer allows ReconcileLinodeObjectStorageBucket to clean up Linode resources associated
-	// with LinodeObjectStorageBucket before removing it from the apiserver.
-	ObjectStorageBucketFinalizer                  = "linodeobjectstoragebucket.infrastructure.cluster.x-k8s.io"
-	ACLPrivate                   ObjectStorageACL = "private"
-	ACLPublicRead                ObjectStorageACL = "public-read"
-	ACLAuthenticatedRead         ObjectStorageACL = "authenticated-read"
-	ACLPublicReadWrite           ObjectStorageACL = "public-read-write"
+	ACLPrivate           ObjectStorageACL = "private"
+	ACLPublicRead        ObjectStorageACL = "public-read"
+	ACLAuthenticatedRead ObjectStorageACL = "authenticated-read"
+	ACLPublicReadWrite   ObjectStorageACL = "public-read-write"
 )
 
 // LinodeObjectStorageBucketSpec defines the desired state of LinodeObjectStorageBucket
@@ -44,7 +41,7 @@ type LinodeObjectStorageBucketSpec struct {
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
 	Region string `json:"region"`
 
-	// ACL sets The Access Control Level of the bucket using a canned ACL string
+	// Acl sets the Access Control Level of the bucket using a canned ACL string
 	// +optional
 	// +kubebuilder:default=private
 	// +kubebuilder:validation:Enum=private;public-read;authenticated-read;public-read-write
@@ -53,17 +50,12 @@ type LinodeObjectStorageBucketSpec struct {
 	// corsEnabled enables for all origins in the bucket .If set to false, CORS is disabled for all origins in the bucket
 	// +optional
 	// +kubebuilder:default=true
-	CorsEnabled *bool `json:"corsEnabled,omitempty"`
+	CorsEnabled bool `json:"corsEnabled,omitempty"`
 
 	// CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning the bucket.
 	// If not supplied then the credentials of the controller will be used.
 	// +optional
 	CredentialsRef *corev1.SecretReference `json:"credentialsRef"`
-
-	// SecretType sets the type for the bucket-details secret that will be generated by the controller.
-	// +optional
-	// +kubebuilder:default=addons.cluster.x-k8s.io/resource-set
-	SecretType string `json:"secretType,omitempty"`
 }
 
 // LinodeObjectStorageBucketStatus defines the observed state of LinodeObjectStorageBucket

clients/clients.go

@@ -75,6 +75,8 @@ type LinodeNodeBalancerClient interface {
 type LinodeObjectStorageClient interface {
 	GetObjectStorageBucket(ctx context.Context, regionID, label string) (*linodego.ObjectStorageBucket, error)
 	CreateObjectStorageBucket(ctx context.Context, opts linodego.ObjectStorageBucketCreateOptions) (*linodego.ObjectStorageBucket, error)
+	GetObjectStorageBucketAccess(ctx context.Context, clusterOrRegionID, label string) (*linodego.ObjectStorageBucketAccess, error)
+	UpdateObjectStorageBucketAccess(ctx context.Context, clusterOrRegionID, label string, opts linodego.ObjectStorageBucketUpdateAccessOptions) error
 	GetObjectStorageKey(ctx context.Context, keyID int) (*linodego.ObjectStorageKey, error)
 	CreateObjectStorageKey(ctx context.Context, opts linodego.ObjectStorageKeyCreateOptions) (*linodego.ObjectStorageKey, error)
 	DeleteObjectStorageKey(ctx context.Context, keyID int) error

cloud/scope/object_storage_bucket.go

@@ -8,7 +8,6 @@ import (
 
 	"github.com/go-logr/logr"
 	"sigs.k8s.io/cluster-api/util/patch"
-	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	infrav1alpha2 "github.com/linode/cluster-api-provider-linode/api/v1alpha2"
 
@@ -88,13 +87,3 @@ func (s *ObjectStorageBucketScope) PatchObject(ctx context.Context) error {
 func (s *ObjectStorageBucketScope) Close(ctx context.Context) error {
 	return s.PatchObject(ctx)
 }
-
-// AddFinalizer adds a finalizer if not present and immediately patches the
-// object to avoid any race conditions.
-func (s *ObjectStorageBucketScope) AddFinalizer(ctx context.Context) error {
-	if controllerutil.AddFinalizer(s.Bucket, infrav1alpha2.ObjectStorageBucketFinalizer) {
-		return s.Close(ctx)
-	}
-
-	return nil
-}