From 47eac9eb1121489cb1c1c9836817400394aab932 Mon Sep 17 00:00:00 2001
From: Gilad Sid <gsid@redhat.com>
Date: Tue, 28 Jan 2025 13:29:44 +0200
Subject: [PATCH] Snapshot deletion validation during KataConfig removal

Included a validation for ensuring the Snapshot associated with the AMI was deleted properly

Signed-off-by: Gilad Sid <gsid@redhat.com>
---
 .../peerpods/podvm/aws-podvm-image-handler.sh | 45 +++++++++++++++----
 1 file changed, 37 insertions(+), 8 deletions(-)

diff --git a/config/peerpods/podvm/aws-podvm-image-handler.sh b/config/peerpods/podvm/aws-podvm-image-handler.sh
index 42ac53f6..8598588c 100755
--- a/config/peerpods/podvm/aws-podvm-image-handler.sh
+++ b/config/peerpods/podvm/aws-podvm-image-handler.sh
@@ -331,7 +331,39 @@ function create_ami() {
 
 }
 
-# function to delete the ami
+# Function to delete the ami's snapshots
+# SNAPSHOT_IDS must be set as an environment variable
+
+function delete_ami_snapshots() {
+    echo "Deleting AWS AMIs snapshots"
+
+    # SNAPSHOT_IDS shouldn't be empty
+    [[ -z "${SNAPSHOT_IDS}" ]] && error_exit "SNAPSHOT_IDS is empty"
+
+    SNAPSHOT_IDS_LIST=($SNAPSHOT_IDS)
+    for SNAPSHOT_ID in "${SNAPSHOT_IDS_LIST[@]}"; do
+
+        # Delete the associated snapshot
+        aws ec2 delete-snapshot --region "${AWS_REGION}" --snapshot-id "${SNAPSHOT_ID}" ||
+            error_exit "Failed to delete snapshot '${SNAPSHOT_ID}'"
+
+        # Validate the snapshot was deleted
+        snapshot_description=$(
+            aws ec2 describe-snapshots \
+            --region "${AWS_REGION}" \
+            --filters "Name=snapshot-id,Values='${SNAPSHOT_ID}'" \
+            --query "Snapshots" \
+            --output text
+        ) || error_exit "Failed to get the ami's snapshot description"
+        if [[ -n "$snapshot_description" ]]; then
+            error_exit "Snapshot '${SNAPSHOT_ID}' still exists after deletion attempt"
+        else
+            echo "Snapshot '${SNAPSHOT_ID}' successfully deleted"
+        fi
+    done
+}
+
+# Function to delete the ami
 # AMI_ID must be set as an environment variable
 
 function delete_ami_using_id() {
@@ -343,7 +375,7 @@ function delete_ami_using_id() {
     # AMI_ID shouldn't be empty
     [[ -z "${AMI_ID}" ]] && error_exit "AMI_ID is empty"
 
-    # Retrieve the associated snapshots
+    # Retrieve the associated snapshots before deleting the ami
     SNAPSHOT_IDS_JSON_PATH='Images[].BlockDeviceMappings[].Ebs.SnapshotId'
     SNAPSHOT_IDS=$(
         aws ec2 describe-images \
@@ -352,17 +384,14 @@ function delete_ami_using_id() {
         --query "${SNAPSHOT_IDS_JSON_PATH}" \
         --output text
     ) || error_exit "Failed to get the ami's snapshot ids"
+    export SNAPSHOT_IDS
 
     # Delete the ami
     aws ec2 deregister-image --region "${AWS_REGION}" --image-id "${AMI_ID}" ||
         error_exit "Failed to delete the ami"
 
-    # Delete the associated snapshots
-    SNAPSHOT_IDS_LIST=($SNAPSHOT_IDS)
-    for SNAPSHOT_ID in "${SNAPSHOT_IDS_LIST[@]}"; do
-        aws ec2 delete-snapshot --region "${AWS_REGION}" --snapshot-id "${SNAPSHOT_ID}" ||
-            error_exit "Failed to delete snapshot '${SNAPSHOT_ID}'"
-    done
+    # Delete the amis snapshots
+    delete_ami_snapshots
 
     # Remove the ami id annotation from peer-pods-cm configmap
     delete_ami_id_annotation_from_peer_pods_cm