not return err when failed to get avi security policy

Signed-off-by: Wenqi Qiu <[email protected]>
vmware-tanzu · Jul 29, 2024 · e75e348 · e75e348
1 parent 5a2b03d
commit e75e348
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 24 deletions.
diff --git a/pkg/controllers/networkinfo/networkinfo_controller.go b/pkg/controllers/networkinfo/networkinfo_controller.go
@@ -5,6 +5,7 @@ package networkinfo
 
 import (
 	"context"
+	"strings"
 	"sync"
 
 	corev1 "k8s.io/api/core/v1"
@@ -88,16 +89,42 @@ func (r *NetworkInfoReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 					LoadBalancerIPAddresses: "",
 					PrivateIPs:              nc.PrivateIPs,
 				}
-				log.Error(err, "update avi rule failed, would retry exponentially", "NetworkInfo", req.NamespacedName)
-				updateFail(r, &ctx, obj, &err, r.Client, state)
-				return common.ResultRequeueAfter10sec, err
+				log.Error(err, "update avi rule failed, would retry exponentially", "NetworkInfo", req.NamespacedName, "state", state)
+				// updateFail(r, &ctx, obj, &err, r.Client, state)
+				// return common.ResultRequeueAfter10sec, err
 			}
 		}
 
 		snatIP, path, cidr := "", "", ""
+		parts := strings.Split(nc.VPCConnectivityProfile, "/")
+		if len(parts) < 1 {
+			log.Error(err, "failed to check VPCConnectivityProfile length", "VPCConnectivityProfile", nc.VPCConnectivityProfile)
+			return common.ResultRequeue, err
+		}
+		vpcConnectivityProfileName := parts[len(parts)-1]
+		vpcConnectivityProfile, err := r.Service.NSXClient.VPCConnectivityProfilesClient.Get(nc.Org, nc.NSXProject, vpcConnectivityProfileName)
+		if err != nil {
+			log.Error(err, "failed to get NSX VPC ConnectivityProfile object")
+			return common.ResultRequeue, err
+		}
+		isEnableAutoSNAT := func() bool {
+			if createdVpc.ServiceGateway != nil && createdVpc.ServiceGateway.AutoSnat != nil {
+				return *createdVpc.ServiceGateway.AutoSnat
+			}
+			if vpcConnectivityProfile.ServiceGateway == nil || vpcConnectivityProfile.ServiceGateway.Enable == nil {
+				return false
+			}
+			if *vpcConnectivityProfile.ServiceGateway.Enable {
+				if vpcConnectivityProfile.ServiceGateway.NatConfig == nil || vpcConnectivityProfile.ServiceGateway.NatConfig.EnableDefaultSnat == nil {
+					return false
+				}
+				return *vpcConnectivityProfile.ServiceGateway.NatConfig.EnableDefaultSnat
+			}
+			return false
+		}
 		// currently, auto snat is not exposed, and use default value True
 		// checking autosnat to support future extension in vpc configuration
-		if createdVpc.ServiceGateway != nil && *createdVpc.ServiceGateway.AutoSnat {
+		if isEnableAutoSNAT() {
 			snatIP, err = r.Service.GetDefaultSNATIP(*createdVpc)
 			if err != nil {
 				log.Error(err, "failed to read default SNAT ip from VPC", "VPC", createdVpc.Id)
@@ -116,7 +143,7 @@ func (r *NetworkInfoReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		// if lb vpc enabled, read avi subnet path and cidr
 		// nsx bug, if set LoadBalancerVpcEndpoint.Enabled to false, when read this vpc back,
 		// LoadBalancerVpcEndpoint.Enabled will become a nil pointer.
-		if createdVpc.LoadBalancerVpcEndpoint.Enabled != nil && *createdVpc.LoadBalancerVpcEndpoint.Enabled {
+		if createdVpc.LoadBalancerVpcEndpoint != nil && createdVpc.LoadBalancerVpcEndpoint.Enabled != nil && *createdVpc.LoadBalancerVpcEndpoint.Enabled {
 			path, cidr, err = r.Service.GetAVISubnetInfo(*createdVpc)
 			if err != nil {
 				log.Error(err, "failed to read lb subnet path and cidr", "VPC", createdVpc.Id)

diff --git a/pkg/nsx/services/vpc/vpc.go b/pkg/nsx/services/vpc/vpc.go
@@ -574,25 +574,6 @@ func (s *VPCService) CreateOrUpdateVPC(obj *v1alpha1.NetworkInfo) (*model.Vpc, *
 		return existingVPC[0], &nc, nil
 	}
 
-	parts := strings.Split(nc.VPCConnectivityProfile, "/")
-	if len(parts) < 1 {
-		return nil, nil, fmt.Errorf("invalid VPCConnectivityProfile path: %s", nc.VPCConnectivityProfile)
-	}
-	vpcConnectivityProfileName := parts[len(parts)-1]
-	vpcConnectivityProfile, err := s.NSXClient.VPCConnectivityProfilesClient.Get(nc.Org, nc.NSXProject, vpcConnectivityProfileName)
-	if err != nil {
-		log.Error(err, "failed to get NSX VPC ConnectivityProfile object")
-		return nil, nil, err
-	}
-	if vpcConnectivityProfile.ServiceGateway != nil {
-		enableServiceGateway := !*vpcConnectivityProfile.ServiceGateway.Enable
-		createdVpc.ServiceGateway = &model.ServiceGateway{
-			AutoSnat:  vpcConnectivityProfile.ServiceGateway.NatConfig.EnableDefaultSnat,
-			Disable:   &enableServiceGateway,
-			QosConfig: vpcConnectivityProfile.ServiceGateway.QosConfig,
-		}
-	}
-
 	log.Info("creating NSX VPC", "VPC", *createdVpc.Id)
 	err = s.NSXClient.VPCClient.Patch(nc.Org, nc.NSXProject, *createdVpc.Id, *createdVpc)
 	err = nsxutil.NSXApiError(err)