Skip to content

Commit 43c5956

Browse files
Atish-iafAtish-iaf
committed
Improve uniqueness of ClusterControlPlane
- "-" as delimiter when generating cluster-control-plane names results in following two different namespaces and clusters to have the same name. namespace: xx, cluster: yy-zz, result: xx-yy-zz namespace: xx-yy, cluster: zz, result: xx-yy-zz - Use '_' instead of '-' as delimiter when generating cluster-control-plane names because K8s doesn't allow namespace and name to include underscore "_". - Do not change existing NSXServiceAccount cluster-control-plane node IDs and names. - Delete PrincipalIdentity and ClusterControlPlane node by NSXServiceAccount UID. Signed-off-by: Kumar Atish <kumar.atish@broadcom.com>
1 parent 5434566 commit 43c5956

File tree

2 files changed

+637
-106
lines changed

2 files changed

+637
-106
lines changed

pkg/nsx/services/nsxserviceaccount/cluster.go

Lines changed: 53 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,7 @@ func (s *NSXServiceAccountService) SetUpStore() {
104104
}
105105

106106
func (s *NSXServiceAccountService) CreateOrUpdateNSXServiceAccount(ctx context.Context, obj *v1alpha1.NSXServiceAccount) error {
107-
clusterName := s.getClusterName(obj.Namespace, obj.Name)
107+
clusterName := s.getClusterName(obj.Status.ClusterName, obj.Namespace, obj.Name)
108108
normalizedClusterName := util.NormalizeId(clusterName)
109109
// TODO: Use WCPConfig.NSXTProject as project when WCPConfig.EnableWCPVPCNetwork is true
110110
project := s.NSXConfig.CoeConfig.Cluster
@@ -336,6 +336,30 @@ func (s *NSXServiceAccountService) getProxyEndpoints(ctx context.Context) (v1alp
336336
return proxyEndpoints, nil
337337
}
338338

339+
func (s *NSXServiceAccountService) getClusterControlPlaneByNSXServiceAccountUID(uid string) (*model.ClusterControlPlane, error) {
340+
objs, err := s.ClusterControlPlaneStore.ByIndex(common.TagScopeNSXServiceAccountCRUID, uid)
341+
if err != nil {
342+
return nil, err
343+
}
344+
for _, obj := range objs {
345+
ccp := obj.(*model.ClusterControlPlane)
346+
return ccp, nil
347+
}
348+
return nil, nil
349+
}
350+
351+
func (s *NSXServiceAccountService) getPrincipalIdentityByNSXServiceAccountUID(uid string) (*mpmodel.PrincipalIdentity, error) {
352+
objs, err := s.PrincipalIdentityStore.ByIndex(common.TagScopeNSXServiceAccountCRUID, uid)
353+
if err != nil {
354+
return nil, err
355+
}
356+
for _, obj := range objs {
357+
pi := obj.(*mpmodel.PrincipalIdentity)
358+
return pi, nil
359+
}
360+
return nil, nil
361+
}
362+
339363
func (s *NSXServiceAccountService) DeleteNSXServiceAccount(ctx context.Context, namespacedName types.NamespacedName, uid types.UID) error {
340364
isDeleteSecret := false
341365
nsxsa := &v1alpha1.NSXServiceAccount{}
@@ -345,8 +369,6 @@ func (s *NSXServiceAccountService) DeleteNSXServiceAccount(ctx context.Context,
345369
isDeleteSecret = true
346370
}
347371

348-
clusterName := s.getClusterName(namespacedName.Namespace, namespacedName.Name)
349-
normalizedClusterName := util.NormalizeId(clusterName)
350372
// delete Secret
351373
if isDeleteSecret {
352374
secretName := namespacedName.Name + SecretSuffix
@@ -357,25 +379,28 @@ func (s *NSXServiceAccountService) DeleteNSXServiceAccount(ctx context.Context,
357379
}
358380
}
359381

360-
isDeleteCCP := true
361-
isDeletePI := true
362-
if !isDeleteSecret {
363-
isDeletePI = len(s.PrincipalIdentityStore.GetByIndex(common.TagScopeNSXServiceAccountCRUID, string(uid))) > 0
364-
isDeleteCCP = len(s.ClusterControlPlaneStore.GetByIndex(common.TagScopeNSXServiceAccountCRUID, string(uid))) > 0
365-
}
366382
// delete ClusterControlPlane
367-
if isDeleteCCP {
368-
if err := s.DeleteClusterControlPlane(ctx, normalizedClusterName); err != nil {
383+
ccp, err := s.getClusterControlPlaneByNSXServiceAccountUID(string(uid))
384+
if err != nil {
385+
log.Error(err, "failed to search ClusterControlPlaneStore by NSXServiceAccount UID", "UID", uid)
386+
return err
387+
}
388+
if ccp != nil && ccp.Id != nil {
389+
if err := s.DeleteClusterControlPlane(ctx, *ccp.Id); err != nil {
369390
err = nsxutil.TransNSXApiError(err)
370-
log.Error(err, "failed to delete", "ClusterControlPlane", normalizedClusterName)
391+
log.Error(err, "failed to delete", "ClusterControlPlane", *ccp.Id)
371392
return err
372393
}
373-
s.ClusterControlPlaneStore.Delete(&model.ClusterControlPlane{Id: &normalizedClusterName})
394+
s.ClusterControlPlaneStore.Delete(ccp)
374395
}
375396

376397
// delete PI
377-
if piobj := s.PrincipalIdentityStore.GetByKey(normalizedClusterName); isDeletePI && (piobj != nil) {
378-
pi := piobj.(*mpmodel.PrincipalIdentity)
398+
pi, err := s.getPrincipalIdentityByNSXServiceAccountUID(string(uid))
399+
if err != nil {
400+
log.Error(err, "failed to search PrincipalIdentityStore by NSXServiceAccount UID", "UID", uid)
401+
return err
402+
}
403+
if pi != nil {
379404
if err := s.NSXClient.PrincipalIdentitiesClient.Delete(*pi.Id); err != nil {
380405
err = nsxutil.TransNSXApiError(err)
381406
log.Error(err, "failed to delete", "PrincipalIdentity", *pi.Name)
@@ -400,7 +425,7 @@ func (s *NSXServiceAccountService) DeleteNSXServiceAccount(ctx context.Context,
400425
func (s *NSXServiceAccountService) ValidateAndUpdateRealizedNSXServiceAccount(ctx context.Context, obj *v1alpha1.NSXServiceAccount, ca []byte,
401426
nsxRestoreStatus *v1alpha1.NSXRestoreStatus) error {
402427

403-
clusterName := s.getClusterName(obj.Namespace, obj.Name)
428+
clusterName := s.getClusterName(obj.Status.ClusterName, obj.Namespace, obj.Name)
404429
normalizedClusterName := util.NormalizeId(clusterName)
405430
secretName := obj.Name + SecretSuffix
406431
secretNamespace := obj.Namespace
@@ -551,13 +576,12 @@ func (s *NSXServiceAccountService) ListNSXServiceAccountRealization() sets.Set[s
551576
}
552577

553578
func (s *NSXServiceAccountService) GetNSXServiceAccountNameByUID(uid string) (namespacedName types.NamespacedName) {
554-
objs, err := s.PrincipalIdentityStore.ByIndex(common.TagScopeNSXServiceAccountCRUID, uid)
579+
pi, err := s.getPrincipalIdentityByNSXServiceAccountUID(uid)
555580
if err != nil {
556-
log.Error(err, "failed to search PrincipalIdentityStore by UID")
581+
log.Error(err, "failed to search PrincipalIdentityStore by NSXServiceAccount UID", "UID", uid)
557582
return
558583
}
559-
for _, obj := range objs {
560-
pi := obj.(*mpmodel.PrincipalIdentity)
584+
if pi != nil {
561585
for _, tag := range pi.Tags {
562586
switch *tag.Scope {
563587
case common.TagScopeNamespace:
@@ -570,13 +594,13 @@ func (s *NSXServiceAccountService) GetNSXServiceAccountNameByUID(uid string) (na
570594
}
571595
}
572596
}
573-
objs, err = s.ClusterControlPlaneStore.ByIndex(common.TagScopeNSXServiceAccountCRUID, uid)
597+
598+
ccp, err := s.getClusterControlPlaneByNSXServiceAccountUID(uid)
574599
if err != nil {
575-
log.Error(err, "failed to search ClusterControlPlaneStore by UID")
600+
log.Error(err, "failed to search ClusterControlPlaneStore by NSXServiceAccount UID", "UID", uid)
576601
return
577602
}
578-
for _, obj := range objs {
579-
ccp := obj.(*model.ClusterControlPlane)
603+
if ccp != nil {
580604
for _, tag := range ccp.Tags {
581605
if tag.Scope != nil {
582606
switch *tag.Scope {
@@ -594,8 +618,11 @@ func (s *NSXServiceAccountService) GetNSXServiceAccountNameByUID(uid string) (na
594618
return
595619
}
596620

597-
func (s *NSXServiceAccountService) getClusterName(namespace, name string) string {
598-
return fmt.Sprintf("%s-%s-%s", s.NSXConfig.CoeConfig.Cluster, namespace, name)
621+
func (s *NSXServiceAccountService) getClusterName(clusterName, namespace, name string) string {
622+
if clusterName != "" {
623+
return clusterName
624+
}
625+
return fmt.Sprintf("%s_%s_%s", s.NSXConfig.CoeConfig.Cluster, namespace, name)
599626
}
600627

601628
func GenerateNSXServiceAccountConditions(existingConditions []metav1.Condition, generation int64, realizedStatus metav1.ConditionStatus, realizedReason string, message string) []metav1.Condition {

0 commit comments

Comments
 (0)