Fix crash when deleting the Secret storing BGP passwords (#7042) (#7047)

hongliangl · web-flow · commit dfd320ed493a · 2025-03-05T17:54:21.000+08:00
Signed-off-by: Hongliang Liu &lt;hongliang.liu@broadcom.com&gt;
diff --git a/pkg/agent/controller/bgp/controller.go b/pkg/agent/controller/bgp/controller.go
@@ -923,7 +923,7 @@ func (c *Controller) updateBGPPeerPasswords(secret *corev1.Secret) {
 	defer c.bgpPeerPasswordsMutex.Unlock()
 
 	c.bgpPeerPasswords = make(map[string]string)
-	if secret.Data != nil {
+	if secret != nil && secret.Data != nil {
 		for k, v := range secret.Data {
 			c.bgpPeerPasswords[k] = string(v)
 		}
diff --git a/pkg/agent/controller/bgp/controller_test.go b/pkg/agent/controller/bgp/controller_test.go
@@ -1515,7 +1515,7 @@ func TestEgressLifecycle(t *testing.T) {
 	doneDummyEvent(t, c)
 }
 
-func TestBGPSecretUpdate(t *testing.T) {
+func TestBGPPasswordUpdate(t *testing.T) {
 	policy := generateBGPPolicy(bgpPolicyName1,
 		creationTimestamp,
 		nodeLabels1,
@@ -1594,12 +1594,30 @@ func TestBGPSecretUpdate(t *testing.T) {
 
 	// Wait for the dummy event triggered by Secret update event, and mark it done.
 	waitAndGetDummyEvent(t, c)
-	updatedIPv4Peer1Config := ipv4Peer1Config
-	updatedIPv4Peer3Config := ipv4Peer3Config
-	updatedIPv4Peer1Config.Password = "updated-" + peer1AuthPassword
-	updatedIPv4Peer3Config.Password = "updated-" + peer3AuthPassword
-	mockBGPServer.EXPECT().UpdatePeer(gomock.Any(), updatedIPv4Peer1Config)
-	mockBGPServer.EXPECT().UpdatePeer(gomock.Any(), updatedIPv4Peer3Config)
+	expectedIPv4Peer1Config := ipv4Peer1Config
+	expectedIPv4Peer3Config := ipv4Peer3Config
+	expectedIPv4Peer1Config.Password = "updated-" + peer1AuthPassword
+	expectedIPv4Peer3Config.Password = "updated-" + peer3AuthPassword
+	mockBGPServer.EXPECT().UpdatePeer(gomock.Any(), expectedIPv4Peer1Config)
+	mockBGPServer.EXPECT().UpdatePeer(gomock.Any(), expectedIPv4Peer3Config)
+	require.NoError(t, c.syncBGPPolicy(ctx))
+	// Done with the dummy event.
+	doneDummyEvent(t, c)
+
+	// Delete the Secret.
+	err = c.client.CoreV1().Secrets(namespaceKubeSystem).Delete(context.TODO(), secret.Name, metav1.DeleteOptions{})
+	require.NoError(t, err)
+	// Wait for the dummy event triggered by Secret delete event, and mark it done.
+	waitAndGetDummyEvent(t, c)
+	expectedIPv4Peer1Config = ipv4Peer1Config
+	expectedIPv4Peer2Config := ipv4Peer2Config
+	expectedIPv4Peer3Config = ipv4Peer3Config
+	expectedIPv4Peer1Config.Password = ""
+	expectedIPv4Peer2Config.Password = ""
+	expectedIPv4Peer3Config.Password = ""
+	mockBGPServer.EXPECT().UpdatePeer(gomock.Any(), expectedIPv4Peer1Config)
+	mockBGPServer.EXPECT().UpdatePeer(gomock.Any(), expectedIPv4Peer2Config)
+	mockBGPServer.EXPECT().UpdatePeer(gomock.Any(), expectedIPv4Peer3Config)
 	require.NoError(t, c.syncBGPPolicy(ctx))
 	// Done with the dummy event.
 	doneDummyEvent(t, c)

Original file line number	Diff line number	Diff line change
`@@ -923,7 +923,7 @@ func (c Controller) updateBGPPeerPasswords(secret corev1.Secret) {`
`923`	`923`	`defer c.bgpPeerPasswordsMutex.Unlock()`
`924`	`924`
`925`	`925`	`c.bgpPeerPasswords = make(map[string]string)`
`926`		`- if secret.Data != nil {`
	`926`	`+ if secret != nil && secret.Data != nil {`
`927`	`927`	`for k, v := range secret.Data {`
`928`	`928`	`c.bgpPeerPasswords[k] = string(v)`
`929`	`929`	`}`