Add duplicate cluster check (#65)

Add duplicate cluster check and update clusterExists logic
rancher · Sep 7, 2022 · 8a968ec · 8a968ec
1 parent bf2125f
commit 8a968ec
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 12 deletions.
diff --git a/controller/aks-cluster-config-handler.go b/controller/aks-cluster-config-handler.go
@@ -153,7 +153,12 @@ func (h *Handler) OnAksConfigRemoved(key string, config *aksv1.AKSClusterConfig)
 		return config, err
 	}
 
-	if aks.ExistsCluster(ctx, resourceClusterClient, &config.Spec) {
+	clusterExists, err := aks.ExistsCluster(ctx, resourceClusterClient, &config.Spec)
+	if err != nil && strings.Contains(err.Error(), "unauthorized") {
+		logrus.Infof("user does not have permissions to access cluster [%s]: %s", config.Spec.ClusterName, err)
+	}
+
+	if clusterExists {
 		if err = aks.RemoveCluster(ctx, resourceClusterClient, &config.Spec); err != nil {
 			return config, fmt.Errorf("error removing cluster [%s] message %v", config.Spec.ClusterName, err)
 		}
@@ -221,14 +226,35 @@ func (h *Handler) createCluster(config *aksv1.AKSClusterConfig) (*aksv1.AKSClust
 		return config, err
 	}
 
+	resourceClusterClient, err := aks.NewClusterClient(credentials)
+	if err != nil {
+		return config, err
+	}
+
+	logrus.Infof("Checking if cluster [%s] exists", config.Spec.ClusterName)
+
+	clusterExists, err := aks.ExistsCluster(ctx, resourceClusterClient, &config.Spec)
+	if err != nil && strings.Contains(err.Error(), "unauthorized") {
+		logrus.Infof("user does not have permissions to access cluster [%s]: %s", config.Spec.ClusterName, err)
+	}
+
+	if clusterExists {
+		return config, fmt.Errorf("cluster [%s] already exists in AKS. Update configuration or import the existing one", config.Spec.ClusterName)
+	}
+
 	resourceGroupsClient, err := aks.NewResourceGroupClient(credentials)
 	if err != nil {
 		return config, err
 	}
 
 	logrus.Infof("Checking if resource group [%s] exists", config.Spec.ResourceGroup)
 
-	if !aks.ExistsResourceGroup(ctx, resourceGroupsClient, config.Spec.ResourceGroup) {
+	resourceGroupExists, err := aks.ExistsResourceGroup(ctx, resourceGroupsClient, config.Spec.ResourceGroup)
+	if err != nil && strings.Contains(err.Error(), "unauthorized") {
+		logrus.Infof("user does not have permissions to access resource group [%s]: %s", config.Spec.ResourceGroup, err)
+	}
+
+	if !resourceGroupExists {
 		logrus.Infof("Creating resource group [%s] for cluster [%s]", config.Spec.ResourceGroup, config.Spec.ClusterName)
 		err = aks.CreateResourceGroup(ctx, resourceGroupsClient, &config.Spec)
 		if err != nil {
@@ -239,11 +265,6 @@ func (h *Handler) createCluster(config *aksv1.AKSClusterConfig) (*aksv1.AKSClust
 
 	logrus.Infof("Creating AKS cluster [%s]", config.Spec.ClusterName)
 
-	resourceClusterClient, err := aks.NewClusterClient(credentials)
-	if err != nil {
-		return config, err
-	}
-
 	err = aks.CreateCluster(ctx, credentials, resourceClusterClient, &config.Spec, config.Status.Phase)
 	if err != nil {
 		return config, fmt.Errorf("error failed to create cluster: %v ", err)
@@ -785,7 +806,12 @@ func (h *Handler) updateUpstreamClusterState(ctx context.Context, secretsCache w
 			return config, err
 		}
 
-		if !aks.ExistsResourceGroup(ctx, resourceGroupsClient, config.Spec.ResourceGroup) {
+		resourceGroupExists, err := aks.ExistsResourceGroup(ctx, resourceGroupsClient, config.Spec.ResourceGroup)
+		if err != nil && strings.Contains(err.Error(), "unauthorized") {
+			logrus.Infof("user does not have permissions to access resource group [%s]: %s", config.Spec.ResourceGroup, err)
+		}
+
+		if !resourceGroupExists {
 			logrus.Infof("Resource group [%s] does not exist, creating", config.Spec.ResourceGroup)
 			if err = aks.CreateResourceGroup(ctx, resourceGroupsClient, &config.Spec); err != nil {
 				return config, fmt.Errorf("error during updating resource group %v", err)

diff --git a/pkg/aks/exists.go b/pkg/aks/exists.go
@@ -8,15 +8,19 @@ import (
 	aksv1 "github.com/rancher/aks-operator/pkg/apis/aks.cattle.io/v1"
 )
 
-func ExistsResourceGroup(ctx context.Context, groupsClient *resources.GroupsClient, resourceGroup string) bool {
+func ExistsResourceGroup(ctx context.Context, groupsClient *resources.GroupsClient, resourceGroup string) (bool, error) {
 	resp, err := groupsClient.CheckExistence(ctx, resourceGroup)
 
-	return err == nil && resp.StatusCode == 204
+	// client should return 204 (no content) and if not, return false and the associated error.
+	return resp.StatusCode == 204, err
 }
 
 // ExistsCluster Check if AKS managed Kubernetes cluster exist
-func ExistsCluster(ctx context.Context, clusterClient *containerservice.ManagedClustersClient, spec *aksv1.AKSClusterConfigSpec) bool {
+func ExistsCluster(ctx context.Context, clusterClient *containerservice.ManagedClustersClient, spec *aksv1.AKSClusterConfigSpec) (bool, error) {
 	resp, err := clusterClient.Get(ctx, spec.ResourceGroup, spec.ClusterName)
 
-	return err == nil && resp.StatusCode == 200
+	// client should return 200 OK and if not, return false and the associated error. If the error is non nil and
+	// permissions related, we will want that bubbled up to the ui so the user knows to adjust their resource permissions
+	// in AKS.
+	return resp.StatusCode == 200, err
 }