From 1376e5aca2896fc967c29c2b62a5e96f6043d927 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Andr=C3=A9?= <m.andre@redhat.com>
Date: Tue, 18 Oct 2022 17:13:24 +0200
Subject: [PATCH] OCPBUGS-2508: Ensure network defs without subnet follow
 noAllowedAddressPairs

Commit 855a22c09317457ecfd08544afac6948cfdfe462 introduced a bug that
caused network definitions without subnets (the one you would get when
setting `additionalNetworkIDs` in your `install-config.yaml`) caused the
noAllowedAddressPairs property to be skipped while creating the port.

This may in turn caused machine-api to fail creating the port because it
does not have the permission to create a port with allowed_address_pair,
which is often the case when using provider networks.
---
 pkg/cloud/openstack/clients/machineservice.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/cloud/openstack/clients/machineservice.go b/pkg/cloud/openstack/clients/machineservice.go
index 4a5b635aba..f209c5785c 100644
--- a/pkg/cloud/openstack/clients/machineservice.go
+++ b/pkg/cloud/openstack/clients/machineservice.go
@@ -587,6 +587,9 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust
 					Profile:      net.Profile,
 					PortSecurity: net.PortSecurity,
 				})
+				if net.NoAllowedAddressPairs {
+					subnetsWithoutAllowedAddressPairs[net.UUID] = struct{}{}
+				}
 			}
 
 			for _, snetParam := range net.Subnets {