novncproxy cert and routes cleanup

Author: auniyal61

pkg/openstack/common.go

@@ -3,6 +3,7 @@ package openstack
 import (
 	"context"
 	"fmt"
+	"strings"
 	"time"
 
 	certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
@@ -33,6 +34,7 @@ import (
 	novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1"
 	octaviav1 "github.com/openstack-k8s-operators/octavia-operator/api/v1beta1"
 	corev1 "github.com/openstack-k8s-operators/openstack-operator/apis/core/v1beta1"
+	corev1beta1 "github.com/openstack-k8s-operators/openstack-operator/apis/core/v1beta1"
 	ovnv1 "github.com/openstack-k8s-operators/ovn-operator/api/v1beta1"
 	placementv1 "github.com/openstack-k8s-operators/placement-operator/api/v1beta1"
 	swiftv1 "github.com/openstack-k8s-operators/swift-operator/api/v1beta1"
@@ -815,3 +817,21 @@ func DeleteCertificate(
 	helper.GetLogger().Info(fmt.Sprintf("Deleting cert %s", certName))
 	return cert.Delete(ctx, helper)
 }
+
+// this checks if cert can be deleted on the basis of cellName
+// Note: this is specific for certs/Route Name where cellName comes at index 2 - [0, 1, 2]
+// ex: nova-novncproxy-cell1-public-svc
+// but not: rabbitmq-cell1-svc
+func ShouldCertRouteBeDeleted(
+	strObject string,
+	prefixSubstring string,
+	instance *corev1beta1.OpenStackControlPlane,
+) bool {
+	if strings.HasPrefix(strObject, prefixSubstring) {
+		cell := strings.Split(strObject, "-")[2]
+		if _, exists := (instance.Spec.Nova.Template.CellTemplates)[cell]; !exists {
+			return true
+		}
+	}
+	return false
+}

pkg/openstack/nova.go

@@ -18,16 +18,20 @@ package openstack
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
+	routev1 "github.com/openshift/api/route/v1"
 	"github.com/openstack-k8s-operators/lib-common/modules/certmanager"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/clusterdns"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
+	"github.com/openstack-k8s-operators/lib-common/modules/common/object"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/service"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/util"
 
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
@@ -40,6 +44,70 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 )
 
+func deleteUndefinedNoVNCProxyCertsByCellName(
+	ctx context.Context,
+	instance *corev1beta1.OpenStackControlPlane,
+	helper *helper.Helper,
+) (ctrl.Result, error) {
+
+	log := GetLogger(ctx)
+	// Fetch the list of certificates
+	allCerts := &certmgrv1.CertificateList{}
+	listOpts := []client.ListOption{
+		client.InNamespace(instance.GetNamespace()),
+	}
+	err := helper.GetClient().List(ctx, allCerts, listOpts...)
+	if err != nil {
+		return ctrl.Result{}, fmt.Errorf("could not get certs %w", err)
+	}
+
+	allRoutes := &routev1.RouteList{}
+	listOpts = []client.ListOption{
+		client.InNamespace(instance.GetNamespace()),
+	}
+	err = helper.GetClient().List(ctx, allRoutes, listOpts...)
+	if err != nil {
+		return ctrl.Result{}, fmt.Errorf("could not get routes %w", err)
+	}
+
+	novncproxyPrefix := "nova-novncproxy-cell"
+
+	var delErrs []error
+	for _, cert := range allCerts.Items {
+		shouldDelete := ShouldCertRouteBeDeleted(cert.Name, novncproxyPrefix, instance)
+		if shouldDelete {
+			if object.CheckOwnerRefExist(instance.GetUID(), cert.OwnerReferences) {
+				log.Info("Deleting novncproxy cert  %s", "", cert.Name)
+				err = DeleteCertificate(ctx, helper, instance.Namespace, cert.Name)
+				if err != nil {
+					delErrs = append(delErrs, fmt.Errorf("novncproxy cert deletion for '%s' failed, because: %w", cert.Name, err))
+				}
+			}
+
+		}
+	}
+
+	for _, route := range allRoutes.Items {
+		shouldDelete := ShouldCertRouteBeDeleted(route.Name, novncproxyPrefix, instance)
+		if shouldDelete {
+			if object.CheckOwnerRefExist(instance.GetUID(), route.OwnerReferences) {
+				log.Info("Deleting novncproxy route for %s", "", route.Name)
+				_, err := EnsureDeleted(ctx, helper, &route)
+				if err != nil {
+					delErrs = append(delErrs, fmt.Errorf("novncproxy route deletion for '%s' failed, because: %w", route.Name, err))
+				}
+			}
+		}
+	}
+
+	if len(delErrs) > 0 {
+		delErrs := errors.Join(delErrs...)
+		return ctrl.Result{}, delErrs
+	}
+
+	return ctrl.Result{}, nil
+}
+
 // ReconcileNova -
 func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPlane, version *corev1beta1.OpenStackVersion, helper *helper.Helper) (ctrl.Result, error) {
 	nova := &novav1.Nova{
@@ -209,6 +277,7 @@ func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPl
 	}
 
 	// cell Metadata and NoVNCProxy
+	Log.Info("", "", "XXX ReconcileNova iterating cells")
 	for cellName, cellTemplate := range instance.Spec.Nova.Template.CellTemplates {
 		// create certificate for Metadata agend if internal TLS and Metadata per cell is enabled
 		if instance.Spec.TLS.PodLevel.Enabled &&
@@ -232,6 +301,7 @@ func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPl
 
 		// NoVNCProxy check for/creating route if service is enabled
 		if noVNCProxyEnabled(cellTemplate.NoVNCProxyServiceTemplate) {
+			Log.Info("", "XXX ReconcileNova VNC enabled cell name", cellName)
 			if cellTemplate.NoVNCProxyServiceTemplate.Override.Service == nil {
 				cellTemplate.NoVNCProxyServiceTemplate.Override.Service = &service.RoutedOverrideSpec{}
 			}
@@ -247,6 +317,7 @@ func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPl
 			}
 
 			// make sure to get to EndpointConfig when all service got created
+			Log.Info("", "XXX vnc services", svcs.Items)
 			if len(svcs.Items) == 1 {
 				endpointDetails, ctrlResult, err := EnsureEndpointConfig(
 					ctx,
@@ -394,6 +465,17 @@ func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPl
 			corev1beta1.OpenStackControlPlaneNovaReadyRunningMessage))
 	}
 
+	_, errs := deleteUndefinedNoVNCProxyCertsByCellName(ctx, instance, helper)
+	if errs != nil {
+		instance.Status.Conditions.Set(condition.FalseCondition(
+			corev1beta1.OpenStackControlPlaneNovaReadyCondition,
+			condition.ErrorReason,
+			condition.SeverityWarning,
+			corev1beta1.OpenStackControlPlaneNovaReadyErrorMessage,
+			errs))
+		return ctrl.Result{}, errs
+	}
+
 	return ctrl.Result{}, nil
 }