updated logic to update state file in place instead of delete state file upon pod subnet expansion

Author: Riya

cns/restserver/internalapi.go

@@ -11,7 +11,6 @@ import (
 	"net"
 	"net/http"
 	"net/http/httptest"
-	"os"
 	"reflect"
 	"strconv"
 	"strings"
@@ -23,16 +22,13 @@ import (
 	"github.com/Azure/azure-container-networking/cns/types"
 	"github.com/Azure/azure-container-networking/common"
 	"github.com/Azure/azure-container-networking/crd/nodenetworkconfig/api/v1alpha"
-	"github.com/labstack/gommon/log"
 	"github.com/pkg/errors"
-	"go.uber.org/zap"
 )
 
 const (
 	// Known API names we care about
 	expectedIMDSAPIVersion = "2025-07-24"
 	PrefixOnNicNCVersion   = "1"
-	cnsStateFilePath       = "/var/lib/azure-network/azure-cns.json"
 )
 
 // This file contains the internal functions called by either HTTP APIs (api.go) or
@@ -634,24 +630,23 @@ func (service *HTTPRestService) CreateOrUpdateNetworkContainerInternal(req *cns.
 	if ok {
 		existingReq := existingNCInfo.CreateNetworkContainerRequest
 		if !reflect.DeepEqual(existingReq.IPConfiguration.IPSubnet, req.IPConfiguration.IPSubnet) {
-			logger.Errorf("[Azure CNS] Error. PrimaryCA is not same, NCId %s, old CA %s/%d, new CA %s/%d",
-				req.NetworkContainerid,
-				existingReq.IPConfiguration.IPSubnet.IPAddress,
-				existingReq.IPConfiguration.IPSubnet.PrefixLength,
-				req.IPConfiguration.IPSubnet.IPAddress,
-				req.IPConfiguration.IPSubnet.PrefixLength)
-			// delete the existing azure-cns file
-			if err := os.Remove(cnsStateFilePath); err != nil && !os.IsNotExist(err) {
-				log.Error("Error deleting azure-cns state file", zap.Error(err))
+
+			logger.Debugf("Updating PrimaryCA for NCId %s", req.NetworkContainerid)
+
+			// Update the in-memory state
+			service.Lock()
+			ncInfo := service.state.ContainerStatus[req.NetworkContainerid]
+			ncInfo.CreateNetworkContainerRequest.IPConfiguration.IPSubnet = req.IPConfiguration.IPSubnet
+			service.state.ContainerStatus[req.NetworkContainerid] = ncInfo
+			service.Unlock()
+
+			// Persist the updated state to disk
+			if err := service.saveState(); err != nil {
+				logger.Errorf("Failed to save updated CNS state: %v", err)
+				return types.UnexpectedError
 			}
 
-			// panic (this will force azure-cns daemonset to restart and pick up the new state with updated nnc)
-			panic(fmt.Sprintf("PrimaryCA mismatch for NCId %s: old CA %s/%d, new CA %s/%d",
-				req.NetworkContainerid,
-				existingReq.IPConfiguration.IPSubnet.IPAddress,
-				existingReq.IPConfiguration.IPSubnet.PrefixLength,
-				req.IPConfiguration.IPSubnet.IPAddress,
-				req.IPConfiguration.IPSubnet.PrefixLength))
+			logger.Debugf("Successfully updated PrimaryCA and saved CNS state")
 		}
 	}
 

cns/restserver/internalapi_test.go

@@ -95,22 +95,12 @@ func TestReconcileNCStatePrimaryIPChangeShouldFail(t *testing.T) {
 		},
 	}
 
-	// Create dummy CNS state file
-	stateFile := "/var/lib/azure-network/azure-cns.json"
-	_ = os.WriteFile(stateFile, []byte("dummy"), 0o600)
-	defer os.Remove(stateFile)
-
-	defer func() {
-		if r := recover(); r == nil {
-			t.Errorf("Expected panic on PrimaryCA mismatch, but did not panic")
-		}
-		if _, err := os.Stat(stateFile); !os.IsNotExist(err) {
-			t.Errorf("Expected CNS state file to be deleted, but it still exists")
-		}
-	}()
-
 	// now try to reconcile the state where the NC primary IP has changed
 	_ = svc.ReconcileIPAMStateForSwift(ncReqs, map[string]cns.PodInfo{}, &v1alpha.NodeNetworkConfig{})
+
+	// Validate that the state was updated
+	updatedNC := svc.state.ContainerStatus[ncID]
+	assert.Equal(t, "10.0.2.0", updatedNC.CreateNetworkContainerRequest.IPConfiguration.IPSubnet.IPAddress, "PrimaryCA should be updated in state")
 }
 
 // TestReconcileNCStateGatewayChange tests that NC state gets updated when reconciled
@@ -1692,49 +1682,3 @@ func setupIMDSMockAPIsWithCustomIDs(svc *HTTPRestService, interfaceIDs []string)
 	// Return cleanup function
 	return func() { svc.imdsClient = originalIMDS }
 }
-
-func TestCreateOrUpdateNCInternal_PrimaryCAMismatchShouldPanicAndDeleteStateFile(t *testing.T) {
-	restartService()
-	setEnv(t)
-	setOrchestratorTypeInternal(cns.KubernetesCRD)
-
-	// Step 1: Create initial NC with PrimaryCA "10.0.0.5/24"
-	secondaryIPConfigs := make(map[string]cns.SecondaryIPConfig)
-	ipaddress := "10.0.0.6"
-	secIPConfig := newSecondaryIPConfig(ipaddress, -1)
-	ipID := uuid.New()
-	secondaryIPConfigs[ipID.String()] = secIPConfig
-
-	ncID := "test-nc"
-	ncVersion := "-1"
-	req := generateNetworkContainerRequest(secondaryIPConfigs, ncID, ncVersion)
-	req.IPConfiguration.IPSubnet.IPAddress = "10.0.0.5"
-	req.IPConfiguration.IPSubnet.PrefixLength = 24
-	returnCode := svc.CreateOrUpdateNetworkContainerInternal(req)
-	if returnCode != 0 {
-		t.Fatalf("Failed to createNetworkContainerRequest, req: %+v, err: %d", req, returnCode)
-	}
-	validateNetworkRequest(t, *req)
-
-	// Step 2: Prepare a request with a different PrimaryCA
-	reqMismatch := generateNetworkContainerRequest(secondaryIPConfigs, ncID, ncVersion)
-	reqMismatch.IPConfiguration.IPSubnet.IPAddress = "10.0.0.7" // different IP
-	reqMismatch.IPConfiguration.IPSubnet.PrefixLength = 24
-
-	// Step 3: Create dummy CNS state file
-	stateFile := "/var/lib/azure-network/azure-cns.json"
-	_ = os.WriteFile(stateFile, []byte("dummy"), 0o600)
-	defer os.Remove(stateFile)
-
-	defer func() {
-		if r := recover(); r == nil {
-			t.Errorf("Expected panic on PrimaryCA mismatch, but did not panic")
-		}
-		if _, err := os.Stat(stateFile); !os.IsNotExist(err) {
-			t.Errorf("Expected CNS state file to be deleted, but it still exists")
-		}
-	}()
-
-	// Step 4: Should panic and delete state file
-	svc.CreateOrUpdateNetworkContainerInternal(reqMismatch)
-}