Ensure SG rule is deleted from CRD upon Namespace deletion

When a namespace is deleted/updated the corresponding sg rule is deleted on Neutron but the pointer on the CRD still remains, which might break the CRD patching during a network policy update. This commit ensures the sg rule is also removed from the CRD. Closes-bug: 1872688 Change-Id: I2193f0900b49398b091c5a8f9ba16709e73b1b35
2020-04-14 10:28:55 +00:00 · 2020-04-14 10:28:55 +00:00 · c4e47c169d
commit c4e47c169d
parent faa59b8893
1 changed files with 8 additions and 7 deletions
--- a/kuryr_kubernetes/controller/drivers/network_policy_security_groups.py
+++ b/kuryr_kubernetes/controller/drivers/network_policy_security_groups.py
@ -396,13 +396,14 @@ def _parse_rules_on_delete_namespace(rule_list, direction, ns_name):
            matched = True
            driver_utils.delete_security_group_rule(
                rule['security_group_rule']['id'])
-        for remote_ip, namespace in list(remote_ip_prefixes.items()):
-            if namespace == ns_name:
-                matched = True
-                remote_ip_prefixes.pop(remote_ip)
-                if remote_ip_prefixes:
-                    rule['remote_ip_prefixes'] = remote_ip_prefixes
-                    rules.append(rule)
+        elif remote_ip_prefixes:
+            for remote_ip, namespace in list(remote_ip_prefixes.items()):
+                if namespace == ns_name:
+                    matched = True
+                    remote_ip_prefixes.pop(remote_ip)
+            if remote_ip_prefixes:
+                rule['remote_ip_prefixes'] = remote_ip_prefixes
+                rules.append(rule)
        else:
            rules.append(rule)
    return matched, rules