Port: fix type for SecurityGroupRefs

api/v1alpha1/port_types.go

@@ -162,12 +162,12 @@ type PortResourceSpec struct {
 	// +optional
 	AdminStateUp *bool `json:"adminStateUp,omitempty"`
 
-	// securityGroupRefs are the names of the security groups associated
+	// securityGroupRefs are references to the security groups associated
 	// with this port.
 	// +kubebuilder:validation:MaxItems:=64
 	// +listType=set
 	// +optional
-	SecurityGroupRefs []OpenStackName `json:"securityGroupRefs,omitempty"` //nolint:kubeapilinter // https://github.com/k-orc/openstack-resource-controller/issues/438
+	SecurityGroupRefs []KubernetesNameRef `json:"securityGroupRefs,omitempty"`
 
 	// vnicType specifies the type of vNIC which this port should be
 	// attached to. This is used to determine which mechanism driver(s) to

config/crd/bases/openstack.k-orc.cloud_ports.yaml

@@ -379,12 +379,11 @@ spec:
                       rule: self == oldSelf
                   securityGroupRefs:
                     description: |-
-                      securityGroupRefs are the names of the security groups associated
+                      securityGroupRefs are references to the security groups associated
                       with this port.
                     items:
-                      maxLength: 255
+                      maxLength: 253
                       minLength: 1
-                      pattern: ^[^,]+$
                       type: string
                     maxItems: 64
                     type: array

internal/controllers/port/actuator_test.go

@@ -234,23 +234,23 @@ func makeSecGroupWithID(id string) *orcv1alpha1.SecurityGroup {
 }
 
 func TestHandleSecurityGroupRefsUpdate(t *testing.T) {
-	sgWebName := orcv1alpha1.OpenStackName("sg-web")
-	sgDbName := orcv1alpha1.OpenStackName("sg-db")
+	sgWebName := orcv1alpha1.KubernetesNameRef("sg-web")
+	sgDbName := orcv1alpha1.KubernetesNameRef("sg-db")
 
 	idWeb := "d564a44b-346c-4f71-92b1-5899b8979374"
 	idDb := "1d23d83b-2a78-4c12-9e55-0a6e026dd201"
 	idOther := "7e8a3b8d-6c17-4581-80a5-a4b8b64f9b0c"
 
 	testCases := []struct {
 		name          string
-		newValue      []orcv1alpha1.OpenStackName
+		newValue      []orcv1alpha1.KubernetesNameRef
 		existingValue []string
 		secGroupMap   map[string]*orcv1alpha1.SecurityGroup
 		expectChange  bool
 	}{
 		{
 			name:          "Identical",
-			newValue:      []orcv1alpha1.OpenStackName{sgWebName, sgDbName},
+			newValue:      []orcv1alpha1.KubernetesNameRef{sgWebName, sgDbName},
 			existingValue: []string{idWeb, idDb},
 			secGroupMap: map[string]*orcv1alpha1.SecurityGroup{
 				string(sgWebName): makeSecGroupWithID(idWeb),
@@ -260,7 +260,7 @@ func TestHandleSecurityGroupRefsUpdate(t *testing.T) {
 		},
 		{
 			name:          "Identical but different order",
-			newValue:      []orcv1alpha1.OpenStackName{sgDbName, sgWebName},
+			newValue:      []orcv1alpha1.KubernetesNameRef{sgDbName, sgWebName},
 			existingValue: []string{idWeb, idDb},
 			secGroupMap: map[string]*orcv1alpha1.SecurityGroup{
 				string(sgWebName): makeSecGroupWithID(idWeb),
@@ -270,7 +270,7 @@ func TestHandleSecurityGroupRefsUpdate(t *testing.T) {
 		},
 		{
 			name:          "Add a security group",
-			newValue:      []orcv1alpha1.OpenStackName{sgWebName, sgDbName},
+			newValue:      []orcv1alpha1.KubernetesNameRef{sgWebName, sgDbName},
 			existingValue: []string{idWeb},
 			secGroupMap: map[string]*orcv1alpha1.SecurityGroup{
 				string(sgWebName): makeSecGroupWithID(idWeb),
@@ -280,7 +280,7 @@ func TestHandleSecurityGroupRefsUpdate(t *testing.T) {
 		},
 		{
 			name:          "Remove a security group",
-			newValue:      []orcv1alpha1.OpenStackName{sgWebName},
+			newValue:      []orcv1alpha1.KubernetesNameRef{sgWebName},
 			existingValue: []string{idWeb, idDb},
 			secGroupMap: map[string]*orcv1alpha1.SecurityGroup{
 				string(sgWebName): makeSecGroupWithID(idWeb),
@@ -290,7 +290,7 @@ func TestHandleSecurityGroupRefsUpdate(t *testing.T) {
 		},
 		{
 			name:          "Replace a security group",
-			newValue:      []orcv1alpha1.OpenStackName{sgWebName, sgDbName},
+			newValue:      []orcv1alpha1.KubernetesNameRef{sgWebName, sgDbName},
 			existingValue: []string{idWeb, idOther},
 			secGroupMap: map[string]*orcv1alpha1.SecurityGroup{
 				string(sgWebName): makeSecGroupWithID(idWeb),
@@ -300,14 +300,14 @@ func TestHandleSecurityGroupRefsUpdate(t *testing.T) {
 		},
 		{
 			name:          "Remove all security groups",
-			newValue:      []orcv1alpha1.OpenStackName{},
+			newValue:      []orcv1alpha1.KubernetesNameRef{},
 			existingValue: []string{idWeb, idDb},
 			secGroupMap:   map[string]*orcv1alpha1.SecurityGroup{},
 			expectChange:  true,
 		},
 		{
 			name:          "Add to empty list",
-			newValue:      []orcv1alpha1.OpenStackName{sgWebName},
+			newValue:      []orcv1alpha1.KubernetesNameRef{sgWebName},
 			existingValue: []string{},
 			secGroupMap: map[string]*orcv1alpha1.SecurityGroup{
 				string(sgWebName): makeSecGroupWithID(idWeb),

test/apivalidations/port_test.go

@@ -107,7 +107,7 @@ var _ = Describe("ORC Port API validations", func() {
 			WithSecurityGroupRefs("sg-foo").
 			WithPortSecurity(orcv1alpha1.PortSecurityEnabled))
 		Expect(applyObj(ctx, port, patch)).To(Succeed())
-		Expect(port.Spec.Resource.SecurityGroupRefs).To(Equal([]orcv1alpha1.OpenStackName{"sg-foo"}))
+		Expect(port.Spec.Resource.SecurityGroupRefs).To(Equal([]orcv1alpha1.KubernetesNameRef{"sg-foo"}))
 		Expect(port.Spec.Resource.PortSecurity).To(Equal(orcv1alpha1.PortSecurityEnabled))
 	})
 

website/docs/crd-reference.md

@@ -2730,7 +2730,7 @@ _Appears in:_
 | `allowedAddressPairs` _[AllowedAddressPair](#allowedaddresspair) array_ | allowedAddressPairs are allowed addresses associated with this port. |  | MaxItems: 128 <br />Optional: \{\} <br /> |
 | `addresses` _[Address](#address) array_ | addresses are the IP addresses for the port. |  | MaxItems: 128 <br />Optional: \{\} <br /> |
 | `adminStateUp` _boolean_ | adminStateUp is the administrative state of the port,<br />which is up (true) or down (false). The default value is true. | true | Optional: \{\} <br /> |
-| `securityGroupRefs` _[OpenStackName](#openstackname) array_ | securityGroupRefs are the names of the security groups associated<br />with this port. |  | MaxItems: 64 <br />MaxLength: 255 <br />MinLength: 1 <br />Pattern: `^[^,]+$` <br />Optional: \{\} <br /> |
+| `securityGroupRefs` _[KubernetesNameRef](#kubernetesnameref) array_ | securityGroupRefs are references to the security groups associated<br />with this port. |  | MaxItems: 64 <br />MaxLength: 253 <br />MinLength: 1 <br />Optional: \{\} <br /> |
 | `vnicType` _string_ | vnicType specifies the type of vNIC which this port should be<br />attached to. This is used to determine which mechanism driver(s) to<br />be used to bind the port. The valid values are normal, macvtap,<br />direct, baremetal, direct-physical, virtio-forwarder, smart-nic and<br />remote-managed, although these values will not be validated in this<br />API to ensure compatibility with future neutron changes or custom<br />implementations. What type of vNIC is actually available depends on<br />deployments. If not specified, the Neutron default value is used. |  | MaxLength: 64 <br />Optional: \{\} <br /> |
 | `portSecurity` _[PortSecurityState](#portsecuritystate)_ | portSecurity controls port security for this port.<br />When set to Enabled, port security is enabled.<br />When set to Disabled, port security is disabled and SecurityGroupRefs must be empty.<br />When set to Inherit (default), it takes the value from the network level. | Inherit | Enum: [Enabled Disabled Inherit] <br />Optional: \{\} <br /> |
 | `projectRef` _[KubernetesNameRef](#kubernetesnameref)_ | projectRef is a reference to the ORC Project this resource is associated with.<br />Typically, only used by admin. |  | MaxLength: 253 <br />MinLength: 1 <br />Optional: \{\} <br /> |