From 8d6b721ddd342530230ff067d4e305816bcf9b26 Mon Sep 17 00:00:00 2001
From: Jan Safranek <jsafrane@redhat.com>
Date: Thu, 28 Jul 2022 14:45:06 +0200
Subject: [PATCH] Extract SELinux context error handling into a common func

Add handlerSELinuxMetricError() which bumps the right metric + either
consumes a SELinux error or lets it propagate up the stack.
---
 .../cache/desired_state_of_world.go           | 45 +++++++++----------
 1 file changed, 21 insertions(+), 24 deletions(-)

diff --git a/pkg/kubelet/volumemanager/cache/desired_state_of_world.go b/pkg/kubelet/volumemanager/cache/desired_state_of_world.go
index a5a47ad9e10..28e9a79727b 100644
--- a/pkg/kubelet/volumemanager/cache/desired_state_of_world.go
+++ b/pkg/kubelet/volumemanager/cache/desired_state_of_world.go
@@ -29,6 +29,7 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apiserver/pkg/util/feature"
+	"k8s.io/component-base/metrics"
 	"k8s.io/klog/v2"
 	apiv1resource "k8s.io/kubernetes/pkg/api/v1/resource"
 	"k8s.io/kubernetes/pkg/features"
@@ -332,13 +333,8 @@ func (dsw *desiredStateOfWorld) AddPodToVolume(
 				// TODO: update the error message after tests, e.g. add at least the conflicting pod names.
 				fullErr := fmt.Errorf("conflicting SELinux labels of volume %s: %q and %q", volumeSpec.Name(), vol.seLinuxFileLabel, seLinuxFileLabel)
 				isRWOP := util.IsRWOP(volumeSpec)
-				if isRWOP {
-					seLinuxVolumeContextMismatchErrors.Add(1.0)
-					return "", fullErr
-				} else {
-					// This is not an error yet, but it will be when support for RWO and RWX volumes is added
-					seLinuxVolumeContextMismatchWarnings.Add(1.0)
-					klog.V(4).ErrorS(err, "Please report this error in https://github.com/kubernetes/enhancements/issues/1710, together with full Pod yaml file")
+				if err := handlerSELinuxMetricError(fullErr, isRWOP, seLinuxVolumeContextMismatchWarnings, seLinuxVolumeContextMismatchErrors); err != nil {
+					return "", err
 				}
 			} else {
 				if seLinuxFileLabel != "" {
@@ -385,15 +381,8 @@ func (dsw *desiredStateOfWorld) getSELinuxLabel(volumeSpec *volume.Spec, seLinux
 				newLabel, err := util.SELinuxOptionsToFileLabel(containerContext)
 				if err != nil {
 					fullErr := fmt.Errorf("failed to construct SELinux label from context %q: %s", containerContext, err)
-					if isRWOP {
-						// Cannot mount with -o context if the context can't be composed.
-						seLinuxContainerContextErrors.Add(1.0)
-						return "", false, fullErr
-					} else {
-						// This is not an error yet, but it will be when support for RWO and RWX volumes is added
-						seLinuxContainerContextWarnings.Add(1.0)
-						klog.V(4).ErrorS(err, "Please report this error in https://github.com/kubernetes/enhancements/issues/1710, together with full Pod yaml file")
-						break
+					if err := handlerSELinuxMetricError(fullErr, isRWOP, seLinuxContainerContextWarnings, seLinuxContainerContextErrors); err != nil {
+						return "", false, err
 					}
 				}
 				if seLinuxFileLabel == "" {
@@ -402,14 +391,8 @@ func (dsw *desiredStateOfWorld) getSELinuxLabel(volumeSpec *volume.Spec, seLinux
 				}
 				if seLinuxFileLabel != newLabel {
 					fullErr := fmt.Errorf("volume %s is used with two different SELinux contexts in the same pod: %q, %q", volumeSpec.Name(), seLinuxFileLabel, newLabel)
-					if isRWOP {
-						seLinuxPodContextMismatchErrors.Add(1.0)
-						return "", false, fullErr
-					} else {
-						// This is not an error yet, but it will be when support for RWO and RWX volumes is added
-						seLinuxPodContextMismatchWarnings.Add(1.0)
-						klog.V(4).ErrorS(err, "Please report this error in https://github.com/kubernetes/enhancements/issues/1710, together with full Pod yaml file")
-						break
+					if err := handlerSELinuxMetricError(fullErr, isRWOP, seLinuxPodContextMismatchWarnings, seLinuxPodContextMismatchErrors); err != nil {
+						return "", false, err
 					}
 				}
 			}
@@ -625,3 +608,17 @@ func (dsw *desiredStateOfWorld) MarkVolumeAttachability(volumeName v1.UniqueVolu
 func (dsw *desiredStateOfWorld) getSELinuxMountSupport(volumeSpec *volume.Spec) (bool, error) {
 	return util.SupportsSELinuxContextMount(volumeSpec, dsw.volumePluginMgr)
 }
+
+// Based on isRWOP, bump the right warning / error metric and either consume the error or return it.
+func handlerSELinuxMetricError(err error, isRWOP bool, warningMetric, errorMetric *metrics.Gauge) error {
+	if isRWOP {
+		// Cannot mount with -o context if the context can't be composed.
+		errorMetric.Add(1.0)
+		return err
+	}
+
+	// This is not an error yet, but it will be when support for RWO and RWX volumes is added
+	warningMetric.Add(1.0)
+	klog.V(4).ErrorS(err, "Please report this error in https://github.com/kubernetes/enhancements/issues/1710, together with full Pod yaml file")
+	return nil
+}