fix duplicate acls because of parentkey

Signed-off-by: clyi <[email protected]>

Author: changluyi

mocks/pkg/ovs/interface.go

@@ -23,6 +23,10 @@ import (
 
 func (c *Controller) InitOVN() error {
 	var err error
+	if err = c.migrateACLForVersionCompat(); err != nil {
+		klog.Errorf("failed to sync the older acl : %v", err)
+		return err
+	}
 
 	if err = c.initClusterRouter(); err != nil {
 		klog.Errorf("init cluster router failed: %v", err)
@@ -54,6 +58,15 @@ func (c *Controller) InitOVN() error {
 	return nil
 }
 
+func (c *Controller) migrateACLForVersionCompat() error {
+	// clean all no parent key acls
+	if err := c.OVNNbClient.CleanNoParentKeyAcls(); err != nil {
+		klog.Errorf("failed to clean all no parent key acls: %v", err)
+		return err
+	}
+	return nil
+}
+
 func (c *Controller) InitDefaultVpc() error {
 	cachedVpc, err := c.vpcsLister.Get(c.config.ClusterRouter)
 	if err != nil {

pkg/controller/init.go

@@ -138,6 +138,7 @@ type ACL interface {
 	SGLostACL(sg *kubeovnv1.SecurityGroup) (bool, error)
 	DeleteAcls(parentName, parentType, direction string, externalIDs map[string]string) error
 	DeleteAclsOps(parentName, parentType, direction string, externalIDs map[string]string) ([]ovsdb.Operation, error)
+	CleanNoParentKeyAcls() error
 }
 
 type AddressSet interface {

pkg/ovs/interface.go

@@ -1274,3 +1274,58 @@ func (c *OVNNbClient) SGLostACL(sg *kubeovnv1.SecurityGroup) (bool, error) {
 	}
 	return false, nil
 }
+
+func (c *OVNNbClient) CleanNoParentKeyAcls() error {
+	ctx, cancel := context.WithTimeout(context.Background(), c.Timeout)
+	defer cancel()
+
+	var aclList []ovnnb.ACL
+	if err := c.ovsDbClient.WhereCache(func(acl *ovnnb.ACL) bool {
+		_, ok := acl.ExternalIDs[aclParentKey]
+		return !ok
+	}).List(ctx, &aclList); err != nil {
+		err = fmt.Errorf("failed to list acls without parent: %w", err)
+		klog.Error(err)
+		return err
+	}
+
+	ops := make([]ovsdb.Operation, 0, len(aclList))
+	for _, acl := range aclList {
+		var portGroups []ovnnb.PortGroup
+		if err := c.ovsDbClient.WhereCache(func(pg *ovnnb.PortGroup) bool {
+			return slices.Contains(pg.ACLs, acl.UUID)
+		}).List(ctx, &portGroups); err == nil {
+			for _, pg := range portGroups {
+				op, err := c.portGroupUpdateACLOp(pg.Name, []string{acl.UUID}, ovsdb.MutateOperationDelete)
+				if err == nil {
+					ops = append(ops, op...)
+				}
+			}
+		}
+		var logicalSwitches []ovnnb.LogicalSwitch
+		if err := c.ovsDbClient.WhereCache(func(ls *ovnnb.LogicalSwitch) bool {
+			return slices.Contains(ls.ACLs, acl.UUID)
+		}).List(ctx, &logicalSwitches); err == nil {
+			for _, ls := range logicalSwitches {
+				op, err := c.logicalSwitchUpdateACLOp(ls.Name, []string{acl.UUID}, ovsdb.MutateOperationDelete)
+				if err == nil {
+					ops = append(ops, op...)
+				}
+			}
+		}
+		delOp, err := c.Where(&acl).Delete()
+		if err == nil {
+			ops = append(ops, delOp...)
+		}
+	}
+	if len(ops) == 0 {
+		return nil
+	}
+
+	if err := c.Transact("acl-clean-no-parent", ops); err != nil {
+		klog.Error(err)
+		return fmt.Errorf("failed to clean acls without parent: %w", err)
+	}
+
+	return nil
+}