Complete deletion of CnsFileAccessConfig instance if associated nodeVM instance is not found

vdkotkar · vdkotkar · commit 8b5cbd739c70 · 2025-02-03T19:25:41.000+05:30
diff --git a/pkg/internalapis/cnsoperator/cnsfilevolumeclient/cnsfilevolumeclient.go b/pkg/internalapis/cnsoperator/cnsfilevolumeclient/cnsfilevolumeclient.go
@@ -49,6 +49,9 @@ type FileVolumeClient interface {
 	// clientVMIP for a given file volume. fileVolumeName is used
 	// to uniquely identify CnsFileVolumeClient instances.
 	RemoveClientVMFromIPList(ctx context.Context, fileVolumeName, clientVMName, clientVMIP string) error
+	// GetVMIPFromVMName returns the VMIP associated with a
+	// given client VM name.
+	GetVMIPFromVMName(ctx context.Context, fileVolumeName string, clientVMName string) (string, int, error)
 }
 
 // fileVolumeClient maintains a client to the API
@@ -302,3 +305,57 @@ func (f *fileVolumeClient) RemoveClientVMFromIPList(ctx context.Context,
 	log.Debugf("Could not find VM %s in list. Returning.", clientVMName)
 	return nil
 }
+
+// GetVMIPFromVMName returns the VM IP associated with a
+// given client VM name.
+// Callers need to specify fileVolumeName as a combination of
+// "<SV-namespace>/<SV-PVC-name>". This combination is used to uniquely
+// identify CnsFileVolumeClient instances.
+// Returns an empty string if the instance doesn't exist OR if the
+// input VM name is not present in this instance.
+// Returns an error if any operations fails.
+func (f *fileVolumeClient) GetVMIPFromVMName(ctx context.Context,
+	fileVolumeName string, clientVMName string) (string, int, error) {
+	log := logger.GetLogger(ctx)
+
+	log.Infof("Fetching client VM IP from cnsfilevolumeclient %s for VM name %s", fileVolumeName, clientVMName)
+	actual, _ := f.volumeLock.LoadOrStore(fileVolumeName, &sync.Mutex{})
+	instanceLock, ok := actual.(*sync.Mutex)
+	if !ok {
+		return "", 0, fmt.Errorf("failed to cast lock for cnsfilevolumeclient instance: %s", fileVolumeName)
+	}
+	instanceLock.Lock()
+	defer instanceLock.Unlock()
+
+	instance := &v1alpha1.CnsFileVolumeClient{}
+	instanceNamespace, instanceName, err := cache.SplitMetaNamespaceKey(fileVolumeName)
+	if err != nil {
+		log.Errorf("failed to split key %s with error: %+v", fileVolumeName, err)
+		return "", 0, err
+	}
+	instanceKey := types.NamespacedName{
+		Namespace: instanceNamespace,
+		Name:      instanceName,
+	}
+	err = f.client.Get(ctx, instanceKey, instance)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			// If the get() on the instance fails, then we return empty string.
+			log.Infof("Cnsfilevolumeclient instance %s not found. Returning empty string", fileVolumeName)
+			return "", 0, nil
+		}
+		log.Errorf("failed to get cnsfilevolumeclient instance %s with error: %+v", fileVolumeName, err)
+		return "", 0, err
+	}
+
+	// Verify if input VM IP exists in Spec.ExternalIPtoClientVms
+	log.Debugf("Verifying if ExternalIPtoClientVms list has VM name: %s", clientVMName)
+	for vmIP, vmNames := range instance.Spec.ExternalIPtoClientVms {
+		for _, vmName := range vmNames {
+			if vmName == clientVMName {
+				return vmIP, len(vmNames), nil
+			}
+		}
+	}
+	return "", 0, nil
+}
diff --git a/pkg/syncer/cnsoperator/controller/cnsfileaccessconfig/cnsfileaccessconfig_controller.go b/pkg/syncer/cnsoperator/controller/cnsfileaccessconfig/cnsfileaccessconfig_controller.go
@@ -246,6 +246,52 @@ func (r *ReconcileCnsFileAccessConfig) Reconcile(ctx context.Context,
 		msg := fmt.Sprintf("Failed to get virtualmachine instance for the VM with name: %q. Error: %+v",
 			instance.Spec.VMName, err)
 		log.Error(msg)
+		// If virtualmachine instance is NotFound and if deletion timestamp is set on CnsFileAccessConfig instance,
+		// then proceed with the deletion of CnsFileAccessConfig instance.
+		if apierrors.IsNotFound(err) && instance.DeletionTimestamp != nil {
+			log.Infof("CnsFileAccessConfig instance %q has deletion timestamp set, but VM instance with "+
+				"name %q is not found. Processing the deletion of CnsFileAccessConfig instance.",
+				instance.Name, instance.Spec.VMName)
+			// Fetch the PVC and PV instance and get volume ID
+			skipConfigureVolumeACL := false
+			volumeID, err := cnsoperatorutil.GetVolumeID(ctx, r.client, instance.Spec.PvcName, instance.Namespace)
+			if err != nil {
+				if apierrors.IsNotFound(err) {
+					// If PVC instance is NotFound (deleted), then there is no need to configure ACL on file volume
+					skipConfigureVolumeACL = true
+				} else {
+					msg := fmt.Sprintf("Failed to get volumeID from pvcName: %q. Error: %+v", instance.Spec.PvcName, err)
+					log.Error(msg)
+					setInstanceError(ctx, r, instance, msg)
+					return reconcile.Result{RequeueAfter: timeout}, nil
+				}
+			}
+			if !skipConfigureVolumeACL {
+				err = r.removePermissionsForFileVolume(ctx, volumeID, instance)
+				if err != nil {
+					msg := fmt.Sprintf("Failed to remove file volume permissions with error: %+v", err)
+					log.Error(msg)
+					setInstanceError(ctx, r, instance, msg)
+					return reconcile.Result{RequeueAfter: timeout}, nil
+				}
+			}
+
+			// Remove finalizer from CnsFileAccessConfig CRD
+			removeFinalizerFromCRDInstance(ctx, instance)
+			err = updateCnsFileAccessConfig(ctx, r.client, instance)
+			if err != nil {
+				msg := fmt.Sprintf("failed to update CnsFileAccessConfig instance: %q on namespace: %q. Error: %+v",
+					instance.Name, instance.Namespace, err)
+				recordEvent(ctx, r, instance, v1.EventTypeWarning, msg)
+				return reconcile.Result{RequeueAfter: timeout}, nil
+			}
+			// Cleanup instance entry from backOffDuration map.
+			backOffDurationMapMutex.Lock()
+			delete(backOffDuration, instance.Name)
+			backOffDurationMapMutex.Unlock()
+			return reconcile.Result{}, nil
+		}
+
 		setInstanceError(ctx, r, instance, msg)
 		return reconcile.Result{RequeueAfter: timeout}, nil
 	}
@@ -412,6 +458,46 @@ func (r *ReconcileCnsFileAccessConfig) Reconcile(ctx context.Context,
 	return reconcile.Result{}, nil
 }
 
+// removePermissionsForFileVolume helps to remove net permissions for a given file volume.
+// This method is used when we don't have VM instance. It fetches the VM IP from CNSFileVolumeClient
+// instance for the VM name assocaited with CnsFileAccessConfig.
+func (r *ReconcileCnsFileAccessConfig) removePermissionsForFileVolume(ctx context.Context,
+	volumeID string, instance *cnsfileaccessconfigv1alpha1.CnsFileAccessConfig) error {
+	log := logger.GetLogger(ctx)
+	cnsFileVolumeClientInstance, err := cnsfilevolumeclient.GetFileVolumeClientInstance(ctx)
+	if err != nil {
+		return logger.LogNewErrorf(log, "Failed to get CNSFileVolumeClient instance. Error: %+v", err)
+	}
+
+	vmIP, vmsAssociatedWithIP, err := cnsFileVolumeClientInstance.GetVMIPFromVMName(ctx,
+		instance.Namespace+"/"+instance.Spec.PvcName, instance.Spec.VMName)
+	if err != nil {
+		return logger.LogNewErrorf(log, "Failed to get VM IP from VM name in CNSFileVolumeClient instance. "+
+			"Error: %+v", err)
+	}
+	if vmIP == "" {
+		// vmIP is "" if we can't find given vmName in ExternalIPtoClientVms map of CNSFileVolumeClient instance.
+		// Assuming that this vmName is already removed, return success.
+		return nil
+	}
+	if vmsAssociatedWithIP == 1 {
+		err = r.configureVolumeACLs(ctx, volumeID, vmIP, true)
+		if err != nil {
+			return logger.LogNewErrorf(log, "Failed to remove net permissions for file volume %q. Error: %+v",
+				volumeID, err)
+		}
+	}
+	err = cnsFileVolumeClientInstance.RemoveClientVMFromIPList(ctx,
+		instance.Namespace+"/"+instance.Spec.PvcName, instance.Spec.VMName, vmIP)
+	if err != nil {
+		return logger.LogNewErrorf(log, "Failed to remove VM %q with IP %q from IPList. Error: %+v",
+			instance.Spec.VMName, vmIP, err)
+	}
+	log.Infof("Successfully removed VM IP %q from IPList for CnsFileAccessConfig request with name: %q on "+
+		"namespace: %q", vmIP, instance.Name, instance.Namespace)
+	return nil
+}
+
 // configureNetPermissionsForFileVolume helps to add or remove net permissions
 // for a given file volume. The callers of this method can remove or add net
 // permissions by setting the parameter removePermission to true or false
