From b526e4041fb92754e412323a1b528b84f7021643 Mon Sep 17 00:00:00 2001
From: cernnuthman <uthmannassim@gmail.com>
Date: Tue, 9 Aug 2022 16:48:36 +0200
Subject: [PATCH 1/3] Add Visibility for Intranet/Internet switching

---
 api/v1alpha1/drupalsite_types.go    | 5 +++++
 controllers/drupalsite_resources.go | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/api/v1alpha1/drupalsite_types.go b/api/v1alpha1/drupalsite_types.go
index e0f19205..1454def9 100644
--- a/api/v1alpha1/drupalsite_types.go
+++ b/api/v1alpha1/drupalsite_types.go
@@ -118,6 +118,11 @@ type Configuration struct {
 	// +kubebuilder:validation:Enum:=enable
 	// +optional
 	Easystart string `json:"easystart,omitempty"`
+
+	//Visibility when "cern", only accessible within cern network
+	// +kubebuilder:validation:Enum:=cern
+	// +optional
+	Visibility string `json:"visibility,omitempty"`
 }
 
 // ExtraConfigurationRepository injects the composer project and other supported configuration from a git repository
diff --git a/controllers/drupalsite_resources.go b/controllers/drupalsite_resources.go
index 6a563aa6..eebc4623 100644
--- a/controllers/drupalsite_resources.go
+++ b/controllers/drupalsite_resources.go
@@ -1259,7 +1259,13 @@ func routeForDrupalSite(currentobject *routev1.Route, d *webservicesv1a1.DrupalS
 
 	if _, exists := d.Annotations["haproxy.router.openshift.io/ip_whitelist"]; exists {
 		currentobject.Annotations["haproxy.router.openshift.io/ip_whitelist"] = d.Annotations["haproxy.router.openshift.io/ip_whitelist"]
+
+	} else if d.Spec.Configuration.Visibility == "cern" {
+		d.Annotations["haproxy.router.openshift.io/ip_whitelist"] = "2001:1458::/32 2001:1459::/32 FD01:1458::/32 FD01:1459::/32 10.0.0.0/8 100.64.0.0/10 128.141.0.0/16 128.142.0.0/16 137.138.0.0/16 172.16.0.0/12 188.184.0.0/15 192.16.155.0/24 192.16.165.0/24 192.91.242.0/24 192.168.0.0/16 194.12.128.0/18"
+	} else {
+		d.Annotations["haproxy.router.openshift.io/ip_whitelist"] = ""
 	}
+
 	// Set timeout to 60sec: https://gitlab.cern.ch/webservices/webframeworks-planning/-/issues/642
 	currentobject.Annotations["haproxy.router.openshift.io/timeout"] = "200s"
 	currentobject.Spec.Host = Url
-- 
GitLab


From d0ef4a80e5d5e54c4bcf9d636786c7fd06e89842 Mon Sep 17 00:00:00 2001
From: cernnuthman <uthmannassim@gmail.com>
Date: Wed, 10 Aug 2022 14:05:29 +0200
Subject: [PATCH 2/3] Define Const for Intranet Addresses

---
 controllers/drupalsite_resources.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/controllers/drupalsite_resources.go b/controllers/drupalsite_resources.go
index eebc4623..e7da12fc 100644
--- a/controllers/drupalsite_resources.go
+++ b/controllers/drupalsite_resources.go
@@ -60,6 +60,9 @@ const (
 	webDAVDefaultLogin string = "admin"
 	// Variable to set the used Memory for all Jobs generated by the Operator
 	jobMemoryRequest string = "512Mi"
+
+	//Variable used to define set of CERN IP-Addresses
+	CernIPAddresses string = "2001:1458::/32 2001:1459::/32 FD01:1458::/32 FD01:1459::/32 10.0.0.0/8 100.64.0.0/10 128.141.0.0/16 128.142.0.0/16 137.138.0.0/16 172.16.0.0/12 188.184.0.0/15 192.16.155.0/24 192.16.165.0/24 192.91.242.0/24 192.168.0.0/16 194.12.128.0/18"
 )
 
 var (
@@ -1261,9 +1264,9 @@ func routeForDrupalSite(currentobject *routev1.Route, d *webservicesv1a1.DrupalS
 		currentobject.Annotations["haproxy.router.openshift.io/ip_whitelist"] = d.Annotations["haproxy.router.openshift.io/ip_whitelist"]
 
 	} else if d.Spec.Configuration.Visibility == "cern" {
-		d.Annotations["haproxy.router.openshift.io/ip_whitelist"] = "2001:1458::/32 2001:1459::/32 FD01:1458::/32 FD01:1459::/32 10.0.0.0/8 100.64.0.0/10 128.141.0.0/16 128.142.0.0/16 137.138.0.0/16 172.16.0.0/12 188.184.0.0/15 192.16.155.0/24 192.16.165.0/24 192.91.242.0/24 192.168.0.0/16 194.12.128.0/18"
+		currentobject.Annotations["haproxy.router.openshift.io/ip_whitelist"] = CernIPAddresses
 	} else {
-		d.Annotations["haproxy.router.openshift.io/ip_whitelist"] = ""
+		currentobject.Annotations["haproxy.router.openshift.io/ip_whitelist"] = ""
 	}
 
 	// Set timeout to 60sec: https://gitlab.cern.ch/webservices/webframeworks-planning/-/issues/642
-- 
GitLab


From 05cce0edc3568afc6f208d09cd5a3a0f2cfb4571 Mon Sep 17 00:00:00 2001
From: cernnuthman <uthmannassim@gmail.com>
Date: Mon, 15 Aug 2022 16:44:57 +0200
Subject: [PATCH 3/3] Updated crd files

---
 .../crd/bases/drupal.webservices.cern.ch_drupalsites.yaml   | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/config/crd/bases/drupal.webservices.cern.ch_drupalsites.yaml b/config/crd/bases/drupal.webservices.cern.ch_drupalsites.yaml
index ef30065e..8ed1c4b9 100644
--- a/config/crd/bases/drupal.webservices.cern.ch_drupalsites.yaml
+++ b/config/crd/bases/drupal.webservices.cern.ch_drupalsites.yaml
@@ -110,6 +110,12 @@ spec:
                     - enabled
                     - disabled
                     type: string
+                  visibility:
+                    description: Visibility when "cern", only accessible within cern
+                      network
+                    enum:
+                    - cern
+                    type: string
                   webDAVPassword:
                     description: WebDAVPassword sets the HTTP basic auth password
                       for WebDAV file access. A default is auto-generated if a value
-- 
GitLab