Avoid release_vif race when using namespaces and pools

If ports pools and namespace isolation features are enabled together
it may happen that namespace object gets deleted before the vif handler
on_delete function gets executed, leading to a ResourceNotReady
exception raised by the namespace security group driver when trying
to get the kuryrnet crd annotated on the (deleted) namespace object.

This patch ensure if that happens, the vif handler can still complete
the on_deleted function, releasing the vif by using an empty security
group list as the ports are going to be deleted anyway with the rest
of the namespace related OpenStack resources.

Closes-Bug: 1787951
Change-Id: I19a8f89fb13de1b43e2f6178b6b0261f5dde7990

kuryr_kubernetes/controller/handlers/vif.py

@@ -110,7 +110,16 @@ class VIFHandler(k8s_base.ResourceEventHandler):
         if self._is_host_network(pod):
             return
         project_id = self._drv_project.get_project(pod)
-        security_groups = self._drv_sg.get_security_groups(pod, project_id)
+        try:
+            security_groups = self._drv_sg.get_security_groups(pod, project_id)
+        except k_exc.ResourceNotReady:
+            # NOTE(ltomasbo): If the namespace object gets deleted first the
+            # namespace security group driver will raise a ResourceNotReady
+            # exception as it cannot access anymore the kuryrnet CRD annotated
+            # on the namespace object. In such case we set security groups to
+            # empty list so that if pools are enabled they will be properly
+            # released.
+            security_groups = []
 
         state = self._get_pod_state(pod)
         if state: