From 35cd30df3a97d7d3786638fd024775d7ccf3f2fa Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 22 Jul 2025 11:47:54 +0100 Subject: [PATCH 1/2] Improve handling of missing load balancer permissions Currently, when a user tries to create a cluster using OpenStack credentials which are missing the load balancer permissions, CAPO adds the finalized to the OpenStackCluster resource then fails to create the load balancer. When the user then tries to delete the cluster, CAPO makes a GET request to the Octavia API to get the load balancer details and receives a 403 (permission denied) response, so the only way to allow the cluster deletion to proceed is to manually remove the finalizer from the OpenStackCluster resource. This change prevents the above edge case by only attempting to delete the API server load balancer if the load balancer ID is populated in the OpenStackCluster's status field. --- controllers/openstackcluster_controller.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/openstackcluster_controller.go b/controllers/openstackcluster_controller.go index 02ebb6dfd3..aade6d0286 100644 --- a/controllers/openstackcluster_controller.go +++ b/controllers/openstackcluster_controller.go @@ -177,7 +177,7 @@ func (r *OpenStackClusterReconciler) reconcileDelete(ctx context.Context, scope return reconcile.Result{}, err } - if openStackCluster.Spec.APIServerLoadBalancer.IsEnabled() { + if (openStackCluster.Spec.APIServerLoadBalancer.IsEnabled() && openStackCluster.Status.APIServerLoadBalancer.ID != "") { loadBalancerService, err := loadbalancer.NewService(scope) if err != nil { return reconcile.Result{}, err From 22820cbb406676c85acebb2d424ed9e87b8ed405 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 12 Aug 2025 15:11:07 +0100 Subject: [PATCH 2/2] Appease linter --- controllers/openstackcluster_controller.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/openstackcluster_controller.go b/controllers/openstackcluster_controller.go index aade6d0286..2b2292fd98 100644 --- a/controllers/openstackcluster_controller.go +++ b/controllers/openstackcluster_controller.go @@ -177,7 +177,7 @@ func (r *OpenStackClusterReconciler) reconcileDelete(ctx context.Context, scope return reconcile.Result{}, err } - if (openStackCluster.Spec.APIServerLoadBalancer.IsEnabled() && openStackCluster.Status.APIServerLoadBalancer.ID != "") { + if openStackCluster.Spec.APIServerLoadBalancer.IsEnabled() && openStackCluster.Status.APIServerLoadBalancer.ID != "" { loadBalancerService, err := loadbalancer.NewService(scope) if err != nil { return reconcile.Result{}, err