Merge pull request #1318 from Fryguy/fix_http_policy

jrafanie · web-flow · commit fd3a70af61e8 · 2025-11-19T08:56:49.000-05:00
Fix issue where IPBlock and NamespaceSelector are mutually exclusive
diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/network_policies.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/network_policies.go
@@ -2,6 +2,7 @@ package miqtools
 
 import (
 	"context"
+
 	miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1"
 	routev1 "github.com/openshift/api/route/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -56,13 +57,15 @@ func NetworkPolicyAllowInboundHttpd(cr *miqv1alpha1.ManageIQ, scheme *runtime.Sc
 				networkingv1.NetworkPolicyPeer{},
 			}
 		}
-		if openshift == true {
+		if openshift {
+			networkPolicy.Spec.Ingress[0].From[0].IPBlock = nil
 			networkPolicy.Spec.Ingress[0].From[0].NamespaceSelector = &metav1.LabelSelector{
 				MatchLabels: map[string]string{
 					"network.openshift.io/policy-group": "ingress",
 				},
 			}
 		} else {
+			networkPolicy.Spec.Ingress[0].From[0].NamespaceSelector = nil
 			networkPolicy.Spec.Ingress[0].From[0].IPBlock = &networkingv1.IPBlock{}
 			networkPolicy.Spec.Ingress[0].From[0].IPBlock.CIDR = "0.0.0.0/0"
 		}

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ package miqtools`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"context"`
	`5`	`+`
`5`	`6`	`miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1"`
`6`	`7`	`routev1 "github.com/openshift/api/route/v1"`
`7`	`8`	`corev1 "k8s.io/api/core/v1"`
`@@ -56,13 +57,15 @@ func NetworkPolicyAllowInboundHttpd(cr miqv1alpha1.ManageIQ, scheme runtime.Sc`
`56`	`57`	`networkingv1.NetworkPolicyPeer{},`
`57`	`58`	`}`
`58`	`59`	`}`
`59`		`- if openshift == true {`
	`60`	`+ if openshift {`
	`61`	`+ networkPolicy.Spec.Ingress[0].From[0].IPBlock = nil`
`60`	`62`	`networkPolicy.Spec.Ingress[0].From[0].NamespaceSelector = &metav1.LabelSelector{`
`61`	`63`	`MatchLabels: map[string]string{`
`62`	`64`	`"network.openshift.io/policy-group": "ingress",`
`63`	`65`	`},`
`64`	`66`	`}`
`65`	`67`	`} else {`
	`68`	`+ networkPolicy.Spec.Ingress[0].From[0].NamespaceSelector = nil`
`66`	`69`	`networkPolicy.Spec.Ingress[0].From[0].IPBlock = &networkingv1.IPBlock{}`
`67`	`70`	`networkPolicy.Spec.Ingress[0].From[0].IPBlock.CIDR = "0.0.0.0/0"`
`68`	`71`	`}`