Merge pull request #5363 from darkweaver87/fix/warning

k8s-ci-robot · web-flow · commit 1c7995203dbd · 2025-06-06T12:00:44.000-07:00
🐛 fix(EmptyRoutesDefaultVPCSecurityGroup): empty rule should not produce a warning event
diff --git a/pkg/cloud/services/securitygroup/securitygroups.go b/pkg/cloud/services/securitygroup/securitygroups.go
@@ -440,7 +440,7 @@ func (s *Service) revokeIngressAndEgressRulesFromVPCDefaultSecurityGroup() error
 		},
 	}
 	err = s.revokeSecurityGroupIngressRules(defaultSecurityGroupID, ingressRules)
-	if err != nil && !awserrors.IsPermissionNotFoundError(errors.Cause(err)) {
+	if err != nil {
 		return errors.Wrapf(err, "failed to revoke ingress rules from vpc default security group %q in VPC %q", defaultSecurityGroupID, s.scope.VPC().ID)
 	}
 
@@ -453,7 +453,7 @@ func (s *Service) revokeIngressAndEgressRulesFromVPCDefaultSecurityGroup() error
 		},
 	}
 	err = s.revokeSecurityGroupEgressRules(defaultSecurityGroupID, egressRules)
-	if err != nil && !awserrors.IsPermissionNotFoundError(errors.Cause(err)) {
+	if err != nil {
 		return errors.Wrapf(err, "failed to revoke egress rules from vpc default security group %q in VPC %q", defaultSecurityGroupID, s.scope.VPC().ID)
 	}
 
@@ -514,7 +514,7 @@ func (s *Service) revokeSecurityGroupIngressRules(id string, rules infrav1.Ingre
 		input.IpPermissions = append(input.IpPermissions, ingressRuleToSDKType(s.scope, &rule))
 	}
 
-	if _, err := s.EC2Client.RevokeSecurityGroupIngressWithContext(context.TODO(), input); err != nil {
+	if _, err := s.EC2Client.RevokeSecurityGroupIngressWithContext(context.TODO(), input); err != nil && !awserrors.IsPermissionNotFoundError(errors.Cause(err)) {
 		record.Warnf(s.scope.InfraCluster(), "FailedRevokeSecurityGroupIngressRules", "Failed to revoke security group ingress rules %v for SecurityGroup %q: %v", rules, id, err)
 		return errors.Wrapf(err, "failed to revoke security group %q ingress rules: %v", id, rules)
 	}
@@ -530,7 +530,7 @@ func (s *Service) revokeSecurityGroupEgressRules(id string, rules infrav1.Ingres
 		input.IpPermissions = append(input.IpPermissions, ingressRuleToSDKType(s.scope, &rule))
 	}
 
-	if _, err := s.EC2Client.RevokeSecurityGroupEgressWithContext(context.TODO(), input); err != nil {
+	if _, err := s.EC2Client.RevokeSecurityGroupEgressWithContext(context.TODO(), input); err != nil && !awserrors.IsPermissionNotFoundError(errors.Cause(err)) {
 		record.Warnf(s.scope.InfraCluster(), "FailedRevokeSecurityGroupEgressRules", "Failed to revoke security group egress rules %v for SecurityGroup %q: %v", rules, id, err)
 		return errors.Wrapf(err, "failed to revoke security group %q egress rules: %v", id, rules)
 	}

Original file line number	Diff line number	Diff line change
`@@ -440,7 +440,7 @@ func (s *Service) revokeIngressAndEgressRulesFromVPCDefaultSecurityGroup() error`
`440`	`440`	`},`
`441`	`441`	`}`
`442`	`442`	`err = s.revokeSecurityGroupIngressRules(defaultSecurityGroupID, ingressRules)`
`443`		`- if err != nil && !awserrors.IsPermissionNotFoundError(errors.Cause(err)) {`
	`443`	`+ if err != nil {`
`444`	`444`	`return errors.Wrapf(err, "failed to revoke ingress rules from vpc default security group %q in VPC %q", defaultSecurityGroupID, s.scope.VPC().ID)`
`445`	`445`	`}`
`446`	`446`
`@@ -453,7 +453,7 @@ func (s *Service) revokeIngressAndEgressRulesFromVPCDefaultSecurityGroup() error`
`453`	`453`	`},`
`454`	`454`	`}`
`455`	`455`	`err = s.revokeSecurityGroupEgressRules(defaultSecurityGroupID, egressRules)`
`456`		`- if err != nil && !awserrors.IsPermissionNotFoundError(errors.Cause(err)) {`
	`456`	`+ if err != nil {`
`457`	`457`	`return errors.Wrapf(err, "failed to revoke egress rules from vpc default security group %q in VPC %q", defaultSecurityGroupID, s.scope.VPC().ID)`
`458`	`458`	`}`
`459`	`459`
`@@ -514,7 +514,7 @@ func (s *Service) revokeSecurityGroupIngressRules(id string, rules infrav1.Ingre`
`514`	`514`	`input.IpPermissions = append(input.IpPermissions, ingressRuleToSDKType(s.scope, &rule))`
`515`	`515`	`}`
`516`	`516`
`517`		`- if _, err := s.EC2Client.RevokeSecurityGroupIngressWithContext(context.TODO(), input); err != nil {`
	`517`	`+ if _, err := s.EC2Client.RevokeSecurityGroupIngressWithContext(context.TODO(), input); err != nil && !awserrors.IsPermissionNotFoundError(errors.Cause(err)) {`
`518`	`518`	`record.Warnf(s.scope.InfraCluster(), "FailedRevokeSecurityGroupIngressRules", "Failed to revoke security group ingress rules %v for SecurityGroup %q: %v", rules, id, err)`
`519`	`519`	`return errors.Wrapf(err, "failed to revoke security group %q ingress rules: %v", id, rules)`
`520`	`520`	`}`
`@@ -530,7 +530,7 @@ func (s *Service) revokeSecurityGroupEgressRules(id string, rules infrav1.Ingres`
`530`	`530`	`input.IpPermissions = append(input.IpPermissions, ingressRuleToSDKType(s.scope, &rule))`
`531`	`531`	`}`
`532`	`532`
`533`		`- if _, err := s.EC2Client.RevokeSecurityGroupEgressWithContext(context.TODO(), input); err != nil {`
	`533`	`+ if _, err := s.EC2Client.RevokeSecurityGroupEgressWithContext(context.TODO(), input); err != nil && !awserrors.IsPermissionNotFoundError(errors.Cause(err)) {`
`534`	`534`	`record.Warnf(s.scope.InfraCluster(), "FailedRevokeSecurityGroupEgressRules", "Failed to revoke security group egress rules %v for SecurityGroup %q: %v", rules, id, err)`
`535`	`535`	`return errors.Wrapf(err, "failed to revoke security group %q egress rules: %v", id, rules)`
`536`	`536`	`}`