novncproxy cert and routes cleanup

Add tests for novncproxy certs and routes cleanup

Closes: OSPRH-10549

Author: auniyal61

pkg/openstack/common.go

@@ -815,3 +815,21 @@ func DeleteCertificate(
 	helper.GetLogger().Info(fmt.Sprintf("Deleting cert %s", certName))
 	return cert.Delete(ctx, helper)
 }
+
+// // this checks if cert can be deleted on the basis of cellName
+// // Note: this is specific for certs/Route Name where cellName comes at index 2 - [0, 1, 2]
+// // ex: nova-novncproxy-cell1-public-svc
+// // but not: rabbitmq-cell1-svc
+// func ShouldCertRouteBeDeleted(
+// 	strObject string,
+// 	prefixSubstring string,
+// 	instance *corev1beta1.OpenStackControlPlane,
+// ) bool {
+// 	if strings.HasPrefix(strObject, prefixSubstring) {
+// 		cell := strings.Split(strObject, "-")[2]
+// 		if _, exists := (instance.Spec.Nova.Template.CellTemplates)[cell]; !exists {
+// 			return true
+// 		}
+// 	}
+// 	return false
+// }

pkg/openstack/nova.go

@@ -18,28 +18,191 @@ package openstack
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"strings"
 
 	"github.com/openstack-k8s-operators/lib-common/modules/certmanager"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/clusterdns"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
+	"github.com/openstack-k8s-operators/lib-common/modules/common/object"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/service"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/util"
 
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1"
 	corev1beta1 "github.com/openstack-k8s-operators/openstack-operator/apis/core/v1beta1"
+	corev1 "k8s.io/api/core/v1"
 	k8s_errors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/utils/ptr"
 	ctrl "sigs.k8s.io/controller-runtime"
 )
 
+// func deleteUndefinedNoVNCProxyCertsByCellName(
+// 	ctx context.Context,
+// 	instance *corev1beta1.OpenStackControlPlane,
+// 	helper *helper.Helper,
+// ) (ctrl.Result, error) {
+
+// 	log := GetLogger(ctx)
+// 	// Fetch the list of certificates
+// 	allCerts := &certmgrv1.CertificateList{}
+// 	listOpts := []client.ListOption{
+// 		client.InNamespace(instance.GetNamespace()),
+// 	}
+// 	err := helper.GetClient().List(ctx, allCerts, listOpts...)
+// 	if err != nil {
+// 		return ctrl.Result{}, fmt.Errorf("could not get certs %w", err)
+// 	}
+
+// 	allRoutes := &routev1.RouteList{}
+// 	listOpts = []client.ListOption{
+// 		client.InNamespace(instance.GetNamespace()),
+// 	}
+// 	err = helper.GetClient().List(ctx, allRoutes, listOpts...)
+// 	if err != nil {
+// 		return ctrl.Result{}, fmt.Errorf("could not get routes %w", err)
+// 	}
+
+// 	novncproxyPrefix := "nova-novncproxy-cell"
+
+// 	var delErrs []error
+// 	for _, cert := range allCerts.Items {
+// 		shouldDelete := ShouldCertRouteBeDeleted(cert.Name, novncproxyPrefix, instance)
+// 		if shouldDelete {
+// 			if object.CheckOwnerRefExist(instance.GetUID(), cert.OwnerReferences) {
+// 				log.Info("Deleting novncproxy cert  %s", "", cert.Name)
+// 				err = DeleteCertificate(ctx, helper, instance.Namespace, cert.Name)
+// 				if err != nil {
+// 					delErrs = append(delErrs, fmt.Errorf("novncproxy cert deletion for '%s' failed, because: %w", cert.Name, err))
+// 				}
+// 			}
+
+// 		}
+// 	}
+
+// 	for _, route := range allRoutes.Items {
+// 		shouldDelete := ShouldCertRouteBeDeleted(route.Name, novncproxyPrefix, instance)
+// 		if shouldDelete {
+// 			if object.CheckOwnerRefExist(instance.GetUID(), route.OwnerReferences) {
+// 				log.Info("Deleting novncproxy route for %s", "", route.Name)
+// 				_, err := EnsureDeleted(ctx, helper, &route)
+// 				if err != nil {
+// 					delErrs = append(delErrs, fmt.Errorf("novncproxy route deletion for '%s' failed, because: %w", route.Name, err))
+// 				}
+// 			}
+// 		}
+// 	}
+
+// 	if len(delErrs) > 0 {
+// 		delErrs := errors.Join(delErrs...)
+// 		return ctrl.Result{}, delErrs
+// 	}
+
+// 	return ctrl.Result{}, nil
+// }
+
+func deleteCertsAndRoutes(
+	ctx context.Context,
+	instance *corev1beta1.OpenStackControlPlane,
+	helper *helper.Helper,
+) (ctrl.Result, error) {
+
+	log := GetLogger(ctx)
+
+	novaNovncProxy := "nova-novncproxy"
+	novncProxyLabelSelector := map[string]string{
+		"osctlplane-service": novaNovncProxy,
+	}
+
+	routes, err := GetRoutesListWithLabel(
+		ctx,
+		helper,
+		instance.Namespace,
+		novncProxyLabelSelector,
+	)
+
+	if err != nil {
+		return ctrl.Result{}, fmt.Errorf("could not get routes %w", err)
+	}
+
+	certs := &certmgrv1.CertificateList{}
+	listOpts := []client.ListOption{
+		client.InNamespace(instance.Namespace),
+	}
+
+	err = helper.GetClient().List(ctx, certs, listOpts...)
+	if err != nil {
+		return ctrl.Result{}, fmt.Errorf("could not get all certs %w", err)
+	}
+
+	var delErrs []error
+	for _, route := range routes.Items {
+		log.Info("", "xxx- route", route.Name, "---", route.Spec.To.Name)
+
+		// route.Spec.To.Name nova-novncproxy-cell1-public"
+		svc := &corev1.Service{}
+		err := helper.GetClient().Get(ctx, types.NamespacedName{
+			Name:      route.Spec.To.Name,
+			Namespace: instance.Namespace,
+		}, svc)
+
+		if err != nil {
+
+			if !k8s_errors.IsNotFound(err) {
+				// its different error
+				// do not delete yet.
+				log.Error(err, "xxx- Error")
+				continue
+			}
+
+			log.Info("", "xxx- can delete", route.Name)
+
+			if !object.CheckOwnerRefExist(instance.GetUID(), route.OwnerReferences) {
+				continue
+			}
+
+			// service not found for route, clean certs and route
+			for _, cert := range certs.Items {
+				// as we have 2 with cell-name and -vencrypt, so this is generic
+				if strings.Contains(cert.Name, novaNovncProxy) {
+					// log.Info("", "t- cert", "-------", "Name", cert.Name)
+					if object.CheckOwnerRefExist(instance.GetUID(), cert.OwnerReferences) {
+						log.Info("xxx- ", "Deleting novncproxy cert  %s", "", cert.Name)
+						err = DeleteCertificate(ctx, helper, instance.Namespace, cert.Name)
+						if err != nil {
+							delErrs = append(delErrs, fmt.Errorf("novncproxy cert deletion for '%s' failed, because: %w", cert.Name, err))
+						}
+					}
+				}
+			}
+
+			log.Info("xxx-", "Deleting novncproxy route for %s", "", route.Name)
+			_, err := EnsureDeleted(ctx, helper, &route)
+			if err != nil {
+				delErrs = append(delErrs, fmt.Errorf("novncproxy route deletion for '%s' failed, because: %w", route.Name, err))
+			}
+
+		} else {
+			log.Info("", "xxx- can't delete", route.Name)
+		}
+	}
+
+	if len(delErrs) > 0 {
+		delErrs := errors.Join(delErrs...)
+		return ctrl.Result{}, delErrs
+	}
+
+	return ctrl.Result{}, nil
+}
+
 // ReconcileNova -
 func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPlane, version *corev1beta1.OpenStackVersion, helper *helper.Helper) (ctrl.Result, error) {
 	nova := &novav1.Nova{
@@ -209,6 +372,7 @@ func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPl
 	}
 
 	// cell Metadata and NoVNCProxy
+	Log.Info("", "", "XXX ReconcileNova iterating cells")
 	for cellName, cellTemplate := range instance.Spec.Nova.Template.CellTemplates {
 		// create certificate for Metadata agend if internal TLS and Metadata per cell is enabled
 		if instance.Spec.TLS.PodLevel.Enabled &&
@@ -232,6 +396,7 @@ func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPl
 
 		// NoVNCProxy check for/creating route if service is enabled
 		if noVNCProxyEnabled(cellTemplate.NoVNCProxyServiceTemplate) {
+			Log.Info("", "XXX ReconcileNova VNC enabled cell name", cellName)
 			if cellTemplate.NoVNCProxyServiceTemplate.Override.Service == nil {
 				cellTemplate.NoVNCProxyServiceTemplate.Override.Service = &service.RoutedOverrideSpec{}
 			}
@@ -247,6 +412,7 @@ func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPl
 			}
 
 			// make sure to get to EndpointConfig when all service got created
+			Log.Info("", "XXX vnc services", svcs.Items)
 			if len(svcs.Items) == 1 {
 				endpointDetails, ctrlResult, err := EnsureEndpointConfig(
 					ctx,
@@ -394,6 +560,18 @@ func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPl
 			corev1beta1.OpenStackControlPlaneNovaReadyRunningMessage))
 	}
 
+	// _, errs := deleteUndefinedNoVNCProxyCertsByCellName(ctx, instance, helper)
+	_, errs := deleteCertsAndRoutes(ctx, instance, helper)
+	if errs != nil {
+		instance.Status.Conditions.Set(condition.FalseCondition(
+			corev1beta1.OpenStackControlPlaneNovaReadyCondition,
+			condition.ErrorReason,
+			condition.SeverityWarning,
+			corev1beta1.OpenStackControlPlaneNovaReadyErrorMessage,
+			errs))
+		return ctrl.Result{}, errs
+	}
+
 	return ctrl.Result{}, nil
 }
 

tests/functional/ctlplane/base_test.go

@@ -44,47 +44,50 @@ import (
 )
 
 type Names struct {
-	Namespace                   string
-	OpenStackControlplaneName   types.NamespacedName
-	OpenStackVersionName        types.NamespacedName
-	KeystoneAPIName             types.NamespacedName
-	MemcachedName               types.NamespacedName
-	MemcachedCertName           types.NamespacedName
-	CinderName                  types.NamespacedName
-	ManilaName                  types.NamespacedName
-	GlanceName                  types.NamespacedName
-	NeutronName                 types.NamespacedName
-	HorizonName                 types.NamespacedName
-	HeatName                    types.NamespacedName
-	TelemetryName               types.NamespacedName
-	DBName                      types.NamespacedName
-	DBCertName                  types.NamespacedName
-	DBCell1Name                 types.NamespacedName
-	DBCell1CertName             types.NamespacedName
-	RabbitMQName                types.NamespacedName
-	RabbitMQCertName            types.NamespacedName
-	RabbitMQCell1Name           types.NamespacedName
-	RabbitMQCell1CertName       types.NamespacedName
-	ServiceAccountName          types.NamespacedName
-	RoleName                    types.NamespacedName
-	RoleBindingName             types.NamespacedName
-	RootCAPublicName            types.NamespacedName
-	RootCAInternalName          types.NamespacedName
-	RootCAOvnName               types.NamespacedName
-	RootCALibvirtName           types.NamespacedName
-	SelfSignedIssuerName        types.NamespacedName
-	CustomIssuerName            types.NamespacedName
-	CustomServiceCertSecretName types.NamespacedName
-	CABundleName                types.NamespacedName
-	OpenStackClientName         types.NamespacedName
-	OVNNorthdName               types.NamespacedName
-	OVNNorthdCertName           types.NamespacedName
-	OVNControllerName           types.NamespacedName
-	OVNControllerCertName       types.NamespacedName
-	OVNDbServerNBName           types.NamespacedName
-	OVNDbServerSBName           types.NamespacedName
-	NeutronOVNCertName          types.NamespacedName
-	OpenStackTopology           []types.NamespacedName
+	Namespace                          string
+	OpenStackControlplaneName          types.NamespacedName
+	OpenStackVersionName               types.NamespacedName
+	KeystoneAPIName                    types.NamespacedName
+	MemcachedName                      types.NamespacedName
+	MemcachedCertName                  types.NamespacedName
+	CinderName                         types.NamespacedName
+	ManilaName                         types.NamespacedName
+	GlanceName                         types.NamespacedName
+	NeutronName                        types.NamespacedName
+	HorizonName                        types.NamespacedName
+	HeatName                           types.NamespacedName
+	TelemetryName                      types.NamespacedName
+	DBName                             types.NamespacedName
+	DBCertName                         types.NamespacedName
+	DBCell1Name                        types.NamespacedName
+	DBCell1CertName                    types.NamespacedName
+	RabbitMQName                       types.NamespacedName
+	RabbitMQCertName                   types.NamespacedName
+	RabbitMQCell1Name                  types.NamespacedName
+	RabbitMQCell1CertName              types.NamespacedName
+	NoVNCProxyCell1CertPublicRouteName types.NamespacedName
+	NoVNCProxyCell1CertPublicSvcName   types.NamespacedName
+	NoVNCProxyCell1CertVencryptName    types.NamespacedName
+	ServiceAccountName                 types.NamespacedName
+	RoleName                           types.NamespacedName
+	RoleBindingName                    types.NamespacedName
+	RootCAPublicName                   types.NamespacedName
+	RootCAInternalName                 types.NamespacedName
+	RootCAOvnName                      types.NamespacedName
+	RootCALibvirtName                  types.NamespacedName
+	SelfSignedIssuerName               types.NamespacedName
+	CustomIssuerName                   types.NamespacedName
+	CustomServiceCertSecretName        types.NamespacedName
+	CABundleName                       types.NamespacedName
+	OpenStackClientName                types.NamespacedName
+	OVNNorthdName                      types.NamespacedName
+	OVNNorthdCertName                  types.NamespacedName
+	OVNControllerName                  types.NamespacedName
+	OVNControllerCertName              types.NamespacedName
+	OVNDbServerNBName                  types.NamespacedName
+	OVNDbServerSBName                  types.NamespacedName
+	NeutronOVNCertName                 types.NamespacedName
+	OpenStackTopology                  []types.NamespacedName
 }
 
 func CreateNames(openstackControlplaneName types.NamespacedName) Names {
@@ -200,6 +203,18 @@ func CreateNames(openstackControlplaneName types.NamespacedName) Names {
 			Namespace: openstackControlplaneName.Namespace,
 			Name:      "cert-rabbitmq-cell1-svc",
 		},
+		NoVNCProxyCell1CertPublicRouteName: types.NamespacedName{
+			Name:      "cert-nova-novncproxy-cell1-public-route",
+			Namespace: openstackControlplaneName.Namespace,
+		},
+		NoVNCProxyCell1CertPublicSvcName: types.NamespacedName{
+			Name:      "cert-nova-novncproxy-cell1-public-svc",
+			Namespace: openstackControlplaneName.Namespace,
+		},
+		NoVNCProxyCell1CertVencryptName: types.NamespacedName{
+			Name:      "cert-nova-novncproxy-cell1-vencrypt",
+			Namespace: openstackControlplaneName.Namespace,
+		},
 		OpenStackClientName: types.NamespacedName{
 			Namespace: openstackControlplaneName.Namespace,
 			Name:      "openstackclient",