Skip to content

Commit 9d627f6

Browse files
auniyal61auniyal61
committed
novncproxy cert and routes cleanup
Add tests for novncproxy certs and routes cleanup Closes: OSPRH-10549
1 parent 49734b3 commit 9d627f6

4 files changed

Lines changed: 295 additions & 49 deletions

File tree

controllers/core/openstackcontrolplane_controller.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -479,6 +479,17 @@ func (r *OpenStackControlPlaneReconciler) reconcileNormal(ctx context.Context, i
479479
return ctrlResult, nil
480480
}
481481

482+
ctrlResult, errs := openstack.DeleteCertsAndRoutes(ctx, instance, helper)
483+
if errs != nil {
484+
instance.Status.Conditions.Set(condition.FalseCondition(
485+
corev1beta1.OpenStackControlPlaneNovaReadyCondition,
486+
condition.ErrorReason,
487+
condition.SeverityWarning,
488+
corev1beta1.OpenStackControlPlaneNovaReadyErrorMessage,
489+
errs))
490+
return ctrlResult, errs
491+
}
492+
482493
return ctrl.Result{}, nil
483494
}
484495

pkg/openstack/common.go

Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,9 @@ package openstack
22

33
import (
44
"context"
5+
"errors"
56
"fmt"
7+
"strings"
68
"time"
79

810
certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
@@ -22,6 +24,7 @@ import (
2224
"github.com/openstack-k8s-operators/lib-common/modules/common/clusterdns"
2325
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
2426
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
27+
"github.com/openstack-k8s-operators/lib-common/modules/common/object"
2528
"github.com/openstack-k8s-operators/lib-common/modules/common/route"
2629
"github.com/openstack-k8s-operators/lib-common/modules/common/secret"
2730
"github.com/openstack-k8s-operators/lib-common/modules/common/service"
@@ -33,6 +36,9 @@ import (
3336
novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1"
3437
octaviav1 "github.com/openstack-k8s-operators/octavia-operator/api/v1beta1"
3538
corev1 "github.com/openstack-k8s-operators/openstack-operator/apis/core/v1beta1"
39+
40+
// corev1 "k8s.io/api/core/v1"
41+
corev1beta1 "github.com/openstack-k8s-operators/openstack-operator/apis/core/v1beta1"
3642
ovnv1 "github.com/openstack-k8s-operators/ovn-operator/api/v1beta1"
3743
placementv1 "github.com/openstack-k8s-operators/placement-operator/api/v1beta1"
3844
swiftv1 "github.com/openstack-k8s-operators/swift-operator/api/v1beta1"
@@ -796,6 +802,18 @@ func hasCertInOverrideSpec(overrideSpec route.OverrideSpec) bool {
796802
overrideSpec.Spec.TLS.Key != ""
797803
}
798804

805+
func serviceExists(route string, services *k8s_corev1.ServiceList) bool {
806+
807+
exists := false
808+
for _, svc := range services.Items {
809+
if svc.Name == route {
810+
exists = true
811+
break
812+
}
813+
}
814+
return exists
815+
}
816+
799817
func DeleteCertificate(
800818
ctx context.Context,
801819
helper *helper.Helper,
@@ -815,3 +833,66 @@ func DeleteCertificate(
815833
helper.GetLogger().Info(fmt.Sprintf("Deleting cert %s", certName))
816834
return cert.Delete(ctx, helper)
817835
}
836+
837+
func DeleteCertsAndRoutes(
838+
ctx context.Context,
839+
instance *corev1beta1.OpenStackControlPlane,
840+
helper *helper.Helper,
841+
) (ctrl.Result, error) {
842+
843+
log := GetLogger(ctx)
844+
845+
// Retrieve all routes, certs and services in the namespace
846+
routes, err := GetRoutesListWithLabel(ctx, helper, instance.Namespace, nil)
847+
if err != nil {
848+
return ctrl.Result{}, fmt.Errorf("could not get routes: %w", err)
849+
}
850+
851+
certs := &certmgrv1.CertificateList{}
852+
if err := helper.GetClient().List(ctx, certs, client.InNamespace(instance.Namespace)); err != nil {
853+
return ctrl.Result{}, fmt.Errorf("could not get certificates: %w", err)
854+
}
855+
856+
services := &k8s_corev1.ServiceList{}
857+
if err := helper.GetClient().List(ctx, services, client.InNamespace(instance.Namespace)); err != nil {
858+
return ctrl.Result{}, fmt.Errorf("could not get services: %w", err)
859+
}
860+
861+
var delErrs []error
862+
for _, route := range routes.Items {
863+
864+
if !object.CheckOwnerRefExist(instance.GetUID(), route.OwnerReferences) {
865+
continue
866+
}
867+
868+
if serviceExists(route.Spec.To.Name, services) {
869+
continue
870+
}
871+
872+
// Delete related certs by route-basename and owner
873+
routeBaseName := strings.TrimSuffix(route.Name, "-public")
874+
for _, cert := range certs.Items {
875+
if object.CheckOwnerRefExist(instance.GetUID(), cert.OwnerReferences) {
876+
if strings.Contains(cert.Name, routeBaseName) {
877+
log.Info("Deleting certificate", ":", cert.Name)
878+
err := DeleteCertificate(ctx, helper, instance.Namespace, cert.Name)
879+
if err != nil {
880+
delErrs = append(delErrs, fmt.Errorf("cert deletion for '%s' failed, because: %w", cert.Name, err))
881+
}
882+
}
883+
}
884+
}
885+
886+
log.Info("Deleting route", ":", route.Name)
887+
_, err := EnsureDeleted(ctx, helper, &route)
888+
if err != nil {
889+
delErrs = append(delErrs, fmt.Errorf("route deletion for '%s' failed, because: %w", route.Name, err))
890+
}
891+
}
892+
893+
if len(delErrs) > 0 {
894+
return ctrl.Result{}, errors.Join(delErrs...)
895+
}
896+
897+
return ctrl.Result{}, nil
898+
}

tests/functional/ctlplane/base_test.go

Lines changed: 56 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -44,47 +44,50 @@ import (
4444
)
4545

4646
type Names struct {
47-
Namespace string
48-
OpenStackControlplaneName types.NamespacedName
49-
OpenStackVersionName types.NamespacedName
50-
KeystoneAPIName types.NamespacedName
51-
MemcachedName types.NamespacedName
52-
MemcachedCertName types.NamespacedName
53-
CinderName types.NamespacedName
54-
ManilaName types.NamespacedName
55-
GlanceName types.NamespacedName
56-
NeutronName types.NamespacedName
57-
HorizonName types.NamespacedName
58-
HeatName types.NamespacedName
59-
TelemetryName types.NamespacedName
60-
DBName types.NamespacedName
61-
DBCertName types.NamespacedName
62-
DBCell1Name types.NamespacedName
63-
DBCell1CertName types.NamespacedName
64-
RabbitMQName types.NamespacedName
65-
RabbitMQCertName types.NamespacedName
66-
RabbitMQCell1Name types.NamespacedName
67-
RabbitMQCell1CertName types.NamespacedName
68-
ServiceAccountName types.NamespacedName
69-
RoleName types.NamespacedName
70-
RoleBindingName types.NamespacedName
71-
RootCAPublicName types.NamespacedName
72-
RootCAInternalName types.NamespacedName
73-
RootCAOvnName types.NamespacedName
74-
RootCALibvirtName types.NamespacedName
75-
SelfSignedIssuerName types.NamespacedName
76-
CustomIssuerName types.NamespacedName
77-
CustomServiceCertSecretName types.NamespacedName
78-
CABundleName types.NamespacedName
79-
OpenStackClientName types.NamespacedName
80-
OVNNorthdName types.NamespacedName
81-
OVNNorthdCertName types.NamespacedName
82-
OVNControllerName types.NamespacedName
83-
OVNControllerCertName types.NamespacedName
84-
OVNDbServerNBName types.NamespacedName
85-
OVNDbServerSBName types.NamespacedName
86-
NeutronOVNCertName types.NamespacedName
87-
OpenStackTopology []types.NamespacedName
47+
Namespace string
48+
OpenStackControlplaneName types.NamespacedName
49+
OpenStackVersionName types.NamespacedName
50+
KeystoneAPIName types.NamespacedName
51+
MemcachedName types.NamespacedName
52+
MemcachedCertName types.NamespacedName
53+
CinderName types.NamespacedName
54+
ManilaName types.NamespacedName
55+
GlanceName types.NamespacedName
56+
NeutronName types.NamespacedName
57+
HorizonName types.NamespacedName
58+
HeatName types.NamespacedName
59+
TelemetryName types.NamespacedName
60+
DBName types.NamespacedName
61+
DBCertName types.NamespacedName
62+
DBCell1Name types.NamespacedName
63+
DBCell1CertName types.NamespacedName
64+
RabbitMQName types.NamespacedName
65+
RabbitMQCertName types.NamespacedName
66+
RabbitMQCell1Name types.NamespacedName
67+
RabbitMQCell1CertName types.NamespacedName
68+
NoVNCProxyCell1CertPublicRouteName types.NamespacedName
69+
NoVNCProxyCell1CertPublicSvcName types.NamespacedName
70+
NoVNCProxyCell1CertVencryptName types.NamespacedName
71+
ServiceAccountName types.NamespacedName
72+
RoleName types.NamespacedName
73+
RoleBindingName types.NamespacedName
74+
RootCAPublicName types.NamespacedName
75+
RootCAInternalName types.NamespacedName
76+
RootCAOvnName types.NamespacedName
77+
RootCALibvirtName types.NamespacedName
78+
SelfSignedIssuerName types.NamespacedName
79+
CustomIssuerName types.NamespacedName
80+
CustomServiceCertSecretName types.NamespacedName
81+
CABundleName types.NamespacedName
82+
OpenStackClientName types.NamespacedName
83+
OVNNorthdName types.NamespacedName
84+
OVNNorthdCertName types.NamespacedName
85+
OVNControllerName types.NamespacedName
86+
OVNControllerCertName types.NamespacedName
87+
OVNDbServerNBName types.NamespacedName
88+
OVNDbServerSBName types.NamespacedName
89+
NeutronOVNCertName types.NamespacedName
90+
OpenStackTopology []types.NamespacedName
8891
}
8992

9093
func CreateNames(openstackControlplaneName types.NamespacedName) Names {
@@ -200,6 +203,18 @@ func CreateNames(openstackControlplaneName types.NamespacedName) Names {
200203
Namespace: openstackControlplaneName.Namespace,
201204
Name: "cert-rabbitmq-cell1-svc",
202205
},
206+
NoVNCProxyCell1CertPublicRouteName: types.NamespacedName{
207+
Name: "cert-nova-novncproxy-cell1-public-route",
208+
Namespace: openstackControlplaneName.Namespace,
209+
},
210+
NoVNCProxyCell1CertPublicSvcName: types.NamespacedName{
211+
Name: "cert-nova-novncproxy-cell1-public-svc",
212+
Namespace: openstackControlplaneName.Namespace,
213+
},
214+
NoVNCProxyCell1CertVencryptName: types.NamespacedName{
215+
Name: "cert-nova-novncproxy-cell1-vencrypt",
216+
Namespace: openstackControlplaneName.Namespace,
217+
},
203218
OpenStackClientName: types.NamespacedName{
204219
Namespace: openstackControlplaneName.Namespace,
205220
Name: "openstackclient",

0 commit comments

Comments
 (0)