fix(aws): implement cleanup on partial creation failures

ArangoGutierrez · ArangoGutierrez · commit 386ff08bde74 · 2026-02-04T17:26:12.000+01:00
Signed-off-by: Carlos Eduardo Arango Gutierrez &lt;eduardoa@nvidia.com&gt;
diff --git a/pkg/provider/aws/create.go b/pkg/provider/aws/create.go
@@ -28,6 +28,8 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
 )
 
+type cleanupFunc func() error
+
 // Create creates an EC2 instance with proper Network configuration
 // VPC, Subnet, Internet Gateway, Route Table, Security Group
 // If the environment specifies a cluster configuration, it delegates to CreateCluster()
@@ -39,46 +41,96 @@ func (p *Provider) Create() error {
 
 	// Single-node deployment
 	cache := new(AWS)
+	var cleanupStack []cleanupFunc
+	var err error
+
+	// Defer cleanup on failure - execute cleanup functions in reverse order
+	defer func() {
+		if err != nil {
+			p.log.Warning("Creation failed, rolling back created resources...")
+			for i := len(cleanupStack) - 1; i >= 0; i-- {
+				if cleanupErr := cleanupStack[i](); cleanupErr != nil {
+					p.log.Warning("Cleanup failed: %v", cleanupErr)
+				}
+			}
+		}
+	}()
 
 	p.updateProgressingCondition(*p.Environment.DeepCopy(), cache, "v1alpha1.Creating", "Creating AWS resources") // nolint:errcheck, gosec, staticcheck
 
-	if err := p.createVPC(cache); err != nil {
+	if err = p.createVPC(cache); err != nil {
 		p.updateDegradedCondition(*p.Environment.DeepCopy(), cache, "v1alpha1.Creating", "Error creating VPC") // nolint:errcheck, gosec, staticcheck
 		return fmt.Errorf("error creating VPC: %v", err)
 	}
+	// Push VPC cleanup function
+	cleanupStack = append(cleanupStack, func() error {
+		cleanupCache := &AWS{Vpcid: cache.Vpcid}
+		return p.deleteVPC(cleanupCache)
+	})
 	p.updateProgressingCondition(*p.Environment.DeepCopy(), cache, "v1alpha1.Creating", "VPC created") // nolint:errcheck, gosec, staticcheck
 
-	if err := p.createSubnet(cache); err != nil {
+	if err = p.createSubnet(cache); err != nil {
 		p.updateDegradedCondition(*p.Environment.DeepCopy(), cache, "v1alpha1.Creating", "Error creating subnet") // nolint:errcheck, gosec, staticcheck
 		return fmt.Errorf("error creating subnet: %v", err)
 	}
+	// Push subnet cleanup function
+	cleanupStack = append(cleanupStack, func() error {
+		cleanupCache := &AWS{Subnetid: cache.Subnetid}
+		return p.deleteSubnet(cleanupCache)
+	})
 	p.updateProgressingCondition(*p.Environment.DeepCopy(), cache, "v1alpha1.Creating", "Subnet created") // nolint:errcheck, gosec, staticcheck
 
-	if err := p.createInternetGateway(cache); err != nil {
+	if err = p.createInternetGateway(cache); err != nil {
 		p.updateDegradedCondition(*p.Environment.DeepCopy(), cache, "v1alpha1.Creating", "Error creating Internet Gateway") // nolint:errcheck, gosec, staticcheck
 		return fmt.Errorf("error creating Internet Gateway: %v", err)
 	}
+	// Push Internet Gateway cleanup function
+	cleanupStack = append(cleanupStack, func() error {
+		cleanupCache := &AWS{
+			InternetGwid: cache.InternetGwid,
+			Vpcid:        cache.Vpcid,
+		}
+		return p.deleteInternetGateway(cleanupCache)
+	})
 	p.updateProgressingCondition(*p.Environment.DeepCopy(), cache, "v1alpha1.Creating", "Internet Gateway created") // nolint:errcheck, gosec, staticcheck
 
-	if err := p.createRouteTable(cache); err != nil {
+	if err = p.createRouteTable(cache); err != nil {
 		p.updateDegradedCondition(*p.Environment.DeepCopy(), cache, "v1alpha1.Creating", "Error creating route table") // nolint:errcheck, gosec, staticcheck
 		return fmt.Errorf("error creating route table: %v", err)
 	}
+	// Push route table cleanup function
+	cleanupStack = append(cleanupStack, func() error {
+		cleanupCache := &AWS{
+			RouteTable: cache.RouteTable,
+			Vpcid:      cache.Vpcid,
+		}
+		return p.deleteRouteTable(cleanupCache)
+	})
 	p.updateProgressingCondition(*p.Environment.DeepCopy(), cache, "v1alpha1.Creating", "Route Table created") // nolint:errcheck, gosec, staticcheck
 
-	if err := p.createSecurityGroup(cache); err != nil {
+	if err = p.createSecurityGroup(cache); err != nil {
 		p.updateDegradedCondition(*p.Environment.DeepCopy(), cache, "v1alpha1.Creating", "Error creating security group") // nolint:errcheck, gosec, staticcheck
 		return fmt.Errorf("error creating security group: %v", err)
 	}
+	// Push security group cleanup function
+	cleanupStack = append(cleanupStack, func() error {
+		cleanupCache := &AWS{SecurityGroupid: cache.SecurityGroupid}
+		return p.deleteSecurityGroups(cleanupCache)
+	})
 	p.updateProgressingCondition(*p.Environment.DeepCopy(), cache, "v1alpha1.Creating", "Security Group created") // nolint:errcheck, gosec, staticcheck
 
-	if err := p.createEC2Instance(cache); err != nil {
+	if err = p.createEC2Instance(cache); err != nil {
 		p.updateDegradedCondition(*p.Environment.DeepCopy(), cache, "v1alpha1.Creating", "Error creating EC2 instance") // nolint:errcheck, gosec, staticcheck
 		return fmt.Errorf("error creating EC2 instance: %v", err)
 	}
+	// Push EC2 instance cleanup function
+	cleanupStack = append(cleanupStack, func() error {
+		cleanupCache := &AWS{Instanceid: cache.Instanceid}
+		return p.deleteEC2Instances(cleanupCache)
+	})
 
 	// Save objects ID's into a cache file
-	if err := p.updateAvailableCondition(*p.Environment, cache); err != nil {
+	if err = p.updateAvailableCondition(*p.Environment, cache); err != nil {
 		return fmt.Errorf("error creating cache file: %v", err)
 	}
 	return nil
