From 5a120e7e78cb82164c605bd3b41dc7ec39a7baa6 Mon Sep 17 00:00:00 2001 From: Claudio Lorina Date: Mon, 16 Dec 2024 17:22:55 +0100 Subject: [PATCH] fix: skip firewall rules cleanup when rules have already been deleted --- .../route/internalnode_k8s.go | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/pkg/liqo-controller-manager/networking/internal-network/route/internalnode_k8s.go b/pkg/liqo-controller-manager/networking/internal-network/route/internalnode_k8s.go index 47038cbcc0..5821f4c68d 100644 --- a/pkg/liqo-controller-manager/networking/internal-network/route/internalnode_k8s.go +++ b/pkg/liqo-controller-manager/networking/internal-network/route/internalnode_k8s.go @@ -20,6 +20,7 @@ import ( "slices" corev1 "k8s.io/api/core/v1" + k8serrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/utils/ptr" @@ -72,15 +73,23 @@ func enforceRouteWithConntrackPresence(ctx context.Context, cl client.Client, func enforceRouteWithConntrackAbsence(ctx context.Context, cl client.Client, internalnode *networkingv1beta1.InternalNode, opts *Options) error { - fwcfg := &networkingv1beta1.FirewallConfiguration{ - ObjectMeta: metav1.ObjectMeta{Name: configurationNameSvc, Namespace: opts.Namespace}, + fwcfg := &networkingv1beta1.FirewallConfiguration{} + + err := cl.Get(ctx, client.ObjectKey{Name: configurationNameSvc, Namespace: opts.Namespace}, fwcfg) + if k8serrors.IsNotFound(err) { + // If the firewall configuration does not exist no needs to clean things up. + return nil + } else if err != nil { + return fmt.Errorf("unable to get firewall configuration: %w", err) } - if _, err := resource.CreateOrUpdate(ctx, cl, fwcfg, - cleanFirewallConfigurationMutateFunction(internalnode, fwcfg)); err != nil { + // We need to remove from the firewall configurations all the rules related to the InternalNode to be remove + cleanFirewallConfigurationChains(fwcfg, internalnode) + if err := cl.Update(ctx, fwcfg); err != nil { return fmt.Errorf("an error occurred while cleaning the firewall configuration: %w", err) } + // If there are no firewall configurations left, delete the resource if err := deleteVoidFwcfg(ctx, cl, fwcfg); err != nil { return fmt.Errorf("an error occurred while deleting the firewall configuration: %w", err) } @@ -240,14 +249,6 @@ func forgeRouteConfigurationRules(internalnode *networkingv1beta1.InternalNode, } } -func cleanFirewallConfigurationMutateFunction(internalnode *networkingv1beta1.InternalNode, - fwcfg *networkingv1beta1.FirewallConfiguration) controllerutil.MutateFn { - return func() error { - cleanFirewallConfigurationChains(fwcfg, internalnode) - return nil - } -} - func cleanFirewallConfigurationChains(fwcfg *networkingv1beta1.FirewallConfiguration, internalnode *networkingv1beta1.InternalNode) { for i := range fwcfg.Spec.Table.Chains {