Merge pull request #194 from dakotalongRH/NVSG

(OSD-16076) osd-network-verifier security group not being cleaned up
openshift · Jun 29, 2023 · a7196a9 · a7196a9
2 parents 8efdacc + 2f6fcc3
commit a7196a9
Showing 1 changed file with 16 additions and 9 deletions.
diff --git a/pkg/verifier/aws/entry_point.go b/pkg/verifier/aws/entry_point.go
@@ -170,6 +170,11 @@ func (a *AwsVerifier) ValidateEgress(vei verifier.ValidateEgressInput) *output.O
 		keyPair:         vei.ImportKeyPair,
 	})
 
+	//If securitygroup was created by network-verifier, delete it as part of cleanup
+	if cleanupSecurityGroup {
+		defer CleanupSecurityGroup(vei, a)
+	}
+
 	if err != nil {
 		a.Output.AddError(err)
 	} else {
@@ -184,15 +189,6 @@ func (a *AwsVerifier) ValidateEgress(vei verifier.ValidateEgressInput) *output.O
 		}
 	}
 
-	if cleanupSecurityGroup {
-		_, err := a.AwsClient.DeleteSecurityGroup(vei.Ctx, &ec2.DeleteSecurityGroupInput{GroupId: awsTools.String(vei.AWS.SecurityGroupId)})
-		if err != nil {
-			a.Output.AddError(handledErrors.NewGenericError(err))
-			a.Output.AddException(handledErrors.NewGenericError(fmt.Errorf("unable to cleanup security group %s, please manually clean up", vei.AWS.SecurityGroupId)))
-
-		}
-	}
-
 	return &a.Output
 }
 
@@ -243,3 +239,14 @@ func (a *AwsVerifier) VerifyDns(vdi verifier.VerifyDnsInput) *output.Output {
 
 	return &a.Output
 }
+
+// Cleans up the security groups created by network-verifier
+func CleanupSecurityGroup(vei verifier.ValidateEgressInput, a *AwsVerifier) *output.Output {
+	_, err := a.AwsClient.DeleteSecurityGroup(vei.Ctx, &ec2.DeleteSecurityGroupInput{GroupId: awsTools.String(vei.AWS.SecurityGroupId)})
+	if err != nil {
+		a.Output.AddError(handledErrors.NewGenericError(err))
+		a.Output.AddException(handledErrors.NewGenericError(fmt.Errorf("unable to cleanup security group %s, please manually clean up", vei.AWS.SecurityGroupId)))
+
+	}
+	return &a.Output
+}