update ipv6 security-group remote group name (#2389)

hongzhen-ma · hongzhen-ma · commit 8ec90f578322 · 2023-03-01T10:20:07.000+08:00
diff --git a/pkg/controller/security_group.go b/pkg/controller/security_group.go
@@ -366,6 +366,9 @@ func (c *Controller) syncSgLogicalPort(key string) error {
 		klog.Errorf("failed to find logical port, %v", err)
 		return err
 	}
+	if len(results) == 0 {
+		return nil
+	}
 
 	var v4s, v6s []string
 	var ports []string
diff --git a/pkg/ovs/ovn-nbctl-legacy.go b/pkg/ovs/ovn-nbctl-legacy.go
@@ -2109,10 +2109,14 @@ func (c LegacyClient) createSgRuleACL(sgName string, direction AclDirection, rul
 			matchArgs = append(matchArgs, fmt.Sprintf("inport==@%s && %s && %s.dst==%s", sgPortGroupName, ipSuffix, ipSuffix, rule.RemoteAddress))
 		}
 	} else {
+		remotePgName := GetSgV4AssociatedName(rule.RemoteSecurityGroup)
+		if rule.IPVersion == "ipv6" {
+			remotePgName = GetSgV6AssociatedName(rule.RemoteSecurityGroup)
+		}
 		if direction == SgAclIngressDirection {
-			matchArgs = append(matchArgs, fmt.Sprintf("outport==@%s && %s && %s.src==$%s", sgPortGroupName, ipSuffix, ipSuffix, GetSgV4AssociatedName(rule.RemoteSecurityGroup)))
+			matchArgs = append(matchArgs, fmt.Sprintf("outport==@%s && %s && %s.src==$%s", sgPortGroupName, ipSuffix, ipSuffix, remotePgName))
 		} else {
-			matchArgs = append(matchArgs, fmt.Sprintf("inport==@%s && %s && %s.dst==$%s", sgPortGroupName, ipSuffix, ipSuffix, GetSgV4AssociatedName(rule.RemoteSecurityGroup)))
+			matchArgs = append(matchArgs, fmt.Sprintf("inport==@%s && %s && %s.dst==$%s", sgPortGroupName, ipSuffix, ipSuffix, remotePgName))
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -366,6 +366,9 @@ func (c *Controller) syncSgLogicalPort(key string) error {`
`366`	`366`	`klog.Errorf("failed to find logical port, %v", err)`
`367`	`367`	`return err`
`368`	`368`	`}`
	`369`	`+ if len(results) == 0 {`
	`370`	`+ return nil`
	`371`	`+ }`
`369`	`372`
`370`	`373`	`var v4s, v6s []string`
`371`	`374`	`var ports []string`
Original file line number	Diff line number	Diff line change
`@@ -2109,10 +2109,14 @@ func (c LegacyClient) createSgRuleACL(sgName string, direction AclDirection, rul`
`2109`	`2109`	`matchArgs = append(matchArgs, fmt.Sprintf("inport==@%s && %s && %s.dst==%s", sgPortGroupName, ipSuffix, ipSuffix, rule.RemoteAddress))`
`2110`	`2110`	`}`
`2111`	`2111`	`} else {`
	`2112`	`+ remotePgName := GetSgV4AssociatedName(rule.RemoteSecurityGroup)`
	`2113`	`+ if rule.IPVersion == "ipv6" {`
	`2114`	`+ remotePgName = GetSgV6AssociatedName(rule.RemoteSecurityGroup)`
	`2115`	`+ }`
`2112`	`2116`	`if direction == SgAclIngressDirection {`
`2113`		`- matchArgs = append(matchArgs, fmt.Sprintf("outport==@%s && %s && %s.src==$%s", sgPortGroupName, ipSuffix, ipSuffix, GetSgV4AssociatedName(rule.RemoteSecurityGroup)))`
	`2117`	`+ matchArgs = append(matchArgs, fmt.Sprintf("outport==@%s && %s && %s.src==$%s", sgPortGroupName, ipSuffix, ipSuffix, remotePgName))`
`2114`	`2118`	`} else {`
`2115`		`- matchArgs = append(matchArgs, fmt.Sprintf("inport==@%s && %s && %s.dst==$%s", sgPortGroupName, ipSuffix, ipSuffix, GetSgV4AssociatedName(rule.RemoteSecurityGroup)))`
	`2119`	`+ matchArgs = append(matchArgs, fmt.Sprintf("inport==@%s && %s && %s.dst==$%s", sgPortGroupName, ipSuffix, ipSuffix, remotePgName))`
`2116`	`2120`	`}`
`2117`	`2121`	`}`
`2118`	`2122`