fix: skip firewall rules cleanup when rules have already been deleted

liqotech · Dec 17, 2024 · 5a120e7 · 5a120e7
1 parent 971bdf5
commit 5a120e7
Showing 1 changed file with 13 additions and 12 deletions.
diff --git a/pkg/liqo-controller-manager/networking/internal-network/route/internalnode_k8s.go b/pkg/liqo-controller-manager/networking/internal-network/route/internalnode_k8s.go
@@ -20,6 +20,7 @@ import (
 	"slices"
 
 	corev1 "k8s.io/api/core/v1"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/utils/ptr"
@@ -72,15 +73,23 @@ func enforceRouteWithConntrackPresence(ctx context.Context, cl client.Client,
 
 func enforceRouteWithConntrackAbsence(ctx context.Context, cl client.Client,
 	internalnode *networkingv1beta1.InternalNode, opts *Options) error {
-	fwcfg := &networkingv1beta1.FirewallConfiguration{
-		ObjectMeta: metav1.ObjectMeta{Name: configurationNameSvc, Namespace: opts.Namespace},
+	fwcfg := &networkingv1beta1.FirewallConfiguration{}
+
+	err := cl.Get(ctx, client.ObjectKey{Name: configurationNameSvc, Namespace: opts.Namespace}, fwcfg)
+	if k8serrors.IsNotFound(err) {
+		// If the firewall configuration does not exist no needs to clean things up.
+		return nil
+	} else if err != nil {
+		return fmt.Errorf("unable to get firewall configuration: %w", err)
 	}
 
-	if _, err := resource.CreateOrUpdate(ctx, cl, fwcfg,
-		cleanFirewallConfigurationMutateFunction(internalnode, fwcfg)); err != nil {
+	// We need to remove from the firewall configurations all the rules related to the InternalNode to be remove
+	cleanFirewallConfigurationChains(fwcfg, internalnode)
+	if err := cl.Update(ctx, fwcfg); err != nil {
 		return fmt.Errorf("an error occurred while cleaning the firewall configuration: %w", err)
 	}
 
+	// If there are no firewall configurations left, delete the resource
 	if err := deleteVoidFwcfg(ctx, cl, fwcfg); err != nil {
 		return fmt.Errorf("an error occurred while deleting the firewall configuration: %w", err)
 	}
@@ -240,14 +249,6 @@ func forgeRouteConfigurationRules(internalnode *networkingv1beta1.InternalNode,
 	}
 }
 
-func cleanFirewallConfigurationMutateFunction(internalnode *networkingv1beta1.InternalNode,
-	fwcfg *networkingv1beta1.FirewallConfiguration) controllerutil.MutateFn {
-	return func() error {
-		cleanFirewallConfigurationChains(fwcfg, internalnode)
-		return nil
-	}
-}
-
 func cleanFirewallConfigurationChains(fwcfg *networkingv1beta1.FirewallConfiguration,
 	internalnode *networkingv1beta1.InternalNode) {
 	for i := range fwcfg.Spec.Table.Chains {