Force creation of generic items into AppWrapper deployment namespace (#665)

tardieu · web-flow · commit ccec55c99bfd · 2023-10-19T10:46:01.000-04:00
* Force creation of generic items into namespace of AppWrapper

* Restrict resource deletion to AppWrapper namespace
diff --git a/pkg/controller/queuejobresources/genericresource/genericresource.go b/pkg/controller/queuejobresources/genericresource/genericresource.go
@@ -150,21 +150,24 @@ func (gr *GenericResources) Cleanup(aw *arbv1.AppWrapper, awr *arbv1.AppWrapperG
 	}
 
 	unstruct.Object = blob.(map[string]interface{}) // set object to the content of the blob after Unmarshalling
-	namespace := ""
+	namespace := aw.Namespace                       // only delete resources from AppWrapper namespace
 	if md, ok := unstruct.Object["metadata"]; ok {
 
 		metadata := md.(map[string]interface{})
 		if objectName, ok := metadata["name"]; ok {
 			name = objectName.(string)
 		}
 		if objectns, ok := metadata["namespace"]; ok {
-			namespace = objectns.(string)
+			if objectns.(string) != namespace {
+				err := fmt.Errorf("[Cleanup] resource namespace \"%s\" is different from AppWrapper namespace \"%s\"", objectns.(string), namespace)
+				return name, gvk, err
+			}
 		}
 	}
 
-	// Get the resource to see if it exists
+	// Get the resource to see if it exists in the AppWrapper namespace
 	labelSelector := fmt.Sprintf("%s=%s, %s=%s", appwrapperJobName, aw.Name, resourceName, unstruct.GetName())
-	inEtcd, err := dclient.Resource(rsrc).List(context.Background(), metav1.ListOptions{LabelSelector: labelSelector})
+	inEtcd, err := dclient.Resource(rsrc).Namespace(aw.Namespace).List(context.Background(), metav1.ListOptions{LabelSelector: labelSelector})
 	if err != nil {
 		return name, gvk, err
 	}
@@ -273,7 +276,7 @@ func (gr *GenericResources) SyncQueueJob(aw *arbv1.AppWrapper, awr *arbv1.AppWra
 	ownerRef := metav1.NewControllerRef(aw, appWrapperKind)
 	unstruct.Object = blob.(map[string]interface{}) // set object to the content of the blob after Unmarshalling
 	unstruct.SetOwnerReferences(append(unstruct.GetOwnerReferences(), *ownerRef))
-	namespace := "default"
+	namespace := aw.Namespace // only create resources in AppWrapper namespace
 	name := ""
 	if md, ok := unstruct.Object["metadata"]; ok {
 
@@ -282,7 +285,10 @@ func (gr *GenericResources) SyncQueueJob(aw *arbv1.AppWrapper, awr *arbv1.AppWra
 			name = objectName.(string)
 		}
 		if objectns, ok := metadata["namespace"]; ok {
-			namespace = objectns.(string)
+			if objectns.(string) != namespace {
+				err := fmt.Errorf("[SyncQueueJob] resource namespace \"%s\" is different from AppWrapper namespace \"%s\"", objectns.(string), namespace)
+				return []*v1.Pod{}, err
+			}
 		}
 	}
 	labels := map[string]string{}

Original file line number	Diff line number	Diff line change
`@@ -150,21 +150,24 @@ func (gr GenericResources) Cleanup(aw arbv1.AppWrapper, awr *arbv1.AppWrapperG`
`150`	`150`	`}`
`151`	`151`
`152`	`152`	`unstruct.Object = blob.(map[string]interface{}) // set object to the content of the blob after Unmarshalling`
`153`		`- namespace := ""`
	`153`	`+ namespace := aw.Namespace // only delete resources from AppWrapper namespace`
`154`	`154`	`if md, ok := unstruct.Object["metadata"]; ok {`
`155`	`155`
`156`	`156`	`metadata := md.(map[string]interface{})`
`157`	`157`	`if objectName, ok := metadata["name"]; ok {`
`158`	`158`	`name = objectName.(string)`
`159`	`159`	`}`
`160`	`160`	`if objectns, ok := metadata["namespace"]; ok {`
`161`		`- namespace = objectns.(string)`
	`161`	`+ if objectns.(string) != namespace {`
	`162`	`+ err := fmt.Errorf("[Cleanup] resource namespace \"%s\" is different from AppWrapper namespace \"%s\"", objectns.(string), namespace)`
	`163`	`+ return name, gvk, err`
	`164`	`+ }`
`162`	`165`	`}`
`163`	`166`	`}`
`164`	`167`
`165`		`- // Get the resource to see if it exists`
	`168`	`+ // Get the resource to see if it exists in the AppWrapper namespace`
`166`	`169`	`labelSelector := fmt.Sprintf("%s=%s, %s=%s", appwrapperJobName, aw.Name, resourceName, unstruct.GetName())`
`167`		`- inEtcd, err := dclient.Resource(rsrc).List(context.Background(), metav1.ListOptions{LabelSelector: labelSelector})`
	`170`	`+ inEtcd, err := dclient.Resource(rsrc).Namespace(aw.Namespace).List(context.Background(), metav1.ListOptions{LabelSelector: labelSelector})`
`168`	`171`	`if err != nil {`
`169`	`172`	`return name, gvk, err`
`170`	`173`	`}`
`@@ -273,7 +276,7 @@ func (gr GenericResources) SyncQueueJob(aw arbv1.AppWrapper, awr *arbv1.AppWra`
`273`	`276`	`ownerRef := metav1.NewControllerRef(aw, appWrapperKind)`
`274`	`277`	`unstruct.Object = blob.(map[string]interface{}) // set object to the content of the blob after Unmarshalling`
`275`	`278`	`unstruct.SetOwnerReferences(append(unstruct.GetOwnerReferences(), *ownerRef))`
`276`		`- namespace := "default"`
	`279`	`+ namespace := aw.Namespace // only create resources in AppWrapper namespace`
`277`	`280`	`name := ""`
`278`	`281`	`if md, ok := unstruct.Object["metadata"]; ok {`
`279`	`282`
`@@ -282,7 +285,10 @@ func (gr GenericResources) SyncQueueJob(aw arbv1.AppWrapper, awr *arbv1.AppWra`
`282`	`285`	`name = objectName.(string)`
`283`	`286`	`}`
`284`	`287`	`if objectns, ok := metadata["namespace"]; ok {`
`285`		`- namespace = objectns.(string)`
	`288`	`+ if objectns.(string) != namespace {`
	`289`	`+ err := fmt.Errorf("[SyncQueueJob] resource namespace \"%s\" is different from AppWrapper namespace \"%s\"", objectns.(string), namespace)`
	`290`	`+ return []*v1.Pod{}, err`
	`291`	`+ }`
`286`	`292`	`}`
`287`	`293`	`}`
`288`	`294`	`labels := map[string]string{}`