networks: Add Owner annotation to NetAttachDefs

api/v1/helper.go

@@ -19,6 +19,7 @@ import (
 	uns "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	intstrutil "k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/client-go/kubernetes"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 
 	"github.com/k8snetworkplumbingwg/sriov-network-operator/pkg/consts"
@@ -651,6 +652,7 @@ func (cr *SriovIBNetwork) RenderNetAttDef() (*uns.Unstructured, error) {
 	} else {
 		data.Data["SriovNetworkNamespace"] = cr.Spec.NetworkNamespace
 	}
+	data.Data["Owner"] = OwnerRefToString(cr)
 	data.Data["SriovCniResourceName"] = os.Getenv("RESOURCE_PREFIX") + "/" + cr.Spec.ResourceName
 
 	data.Data["StateConfigured"] = true
@@ -719,6 +721,7 @@ func (cr *SriovNetwork) RenderNetAttDef() (*uns.Unstructured, error) {
 	} else {
 		data.Data["SriovNetworkNamespace"] = cr.Spec.NetworkNamespace
 	}
+	data.Data["Owner"] = OwnerRefToString(cr)
 	data.Data["SriovCniResourceName"] = os.Getenv("RESOURCE_PREFIX") + "/" + cr.Spec.ResourceName
 	data.Data["SriovCniVlan"] = cr.Spec.Vlan
 
@@ -837,6 +840,7 @@ func (cr *OVSNetwork) RenderNetAttDef() (*uns.Unstructured, error) {
 	} else {
 		data.Data["NetworkNamespace"] = cr.Spec.NetworkNamespace
 	}
+	data.Data["Owner"] = OwnerRefToString(cr)
 	data.Data["CniResourceName"] = os.Getenv("RESOURCE_PREFIX") + "/" + cr.Spec.ResourceName
 
 	if cr.Spec.Capabilities == "" {
@@ -994,3 +998,14 @@ func (s *SriovNetworkNodeState) ResetKeepUntilTime() bool {
 	s.SetAnnotations(annotations)
 	return true
 }
+
+func OwnerRefToString(cr client.Object) string {
+	if cr == nil {
+		return "owner-object-not-found"
+	}
+	if cr.GetObjectKind().GroupVersionKind().Empty() {
+		return "unknown/" + cr.GetNamespace() + "/" + cr.GetName()
+	}
+
+	return cr.GetObjectKind().GroupVersionKind().GroupKind().String() + "/" + cr.GetNamespace() + "/" + cr.GetName()
+}

api/v1/helper_test.go

@@ -10,6 +10,7 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
+	"github.com/stretchr/testify/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	intstrutil "k8s.io/apimachinery/pkg/util/intstr"
 
@@ -149,6 +150,8 @@ func TestRendering(t *testing.T) {
 		{
 			tname: "simple",
 			network: v1.SriovNetwork{
+				TypeMeta:   metav1.TypeMeta{APIVersion: v1.GroupVersion.String(), Kind: "SriovNetwork"},
+				ObjectMeta: metav1.ObjectMeta{Namespace: "ns", Name: "test"},
 				Spec: v1.SriovNetworkSpec{
 					NetworkNamespace: "testnamespace",
 					ResourceName:     "testresource",
@@ -158,6 +161,8 @@ func TestRendering(t *testing.T) {
 		{
 			tname: "chained",
 			network: v1.SriovNetwork{
+				TypeMeta:   metav1.TypeMeta{APIVersion: v1.GroupVersion.String(), Kind: "SriovNetwork"},
+				ObjectMeta: metav1.ObjectMeta{Namespace: "ns", Name: "test"},
 				Spec: v1.SriovNetworkSpec{
 					NetworkNamespace: "testnamespace",
 					ResourceName:     "testresource",
@@ -194,10 +199,8 @@ func TestRendering(t *testing.T) {
 			if err != nil {
 				t.Fatalf("failed reading .golden: %s", err)
 			}
-			t.Log(b.String())
-			if !bytes.Equal(b.Bytes(), g) {
-				t.Errorf("bytes do not match .golden file")
-			}
+
+			assert.Equal(t, string(g), b.String(), "bytes do not match .golden file [%s]", gp)
 		})
 	}
 }
@@ -210,6 +213,8 @@ func TestIBRendering(t *testing.T) {
 		{
 			tname: "simpleib",
 			network: v1.SriovIBNetwork{
+				TypeMeta:   metav1.TypeMeta{APIVersion: v1.GroupVersion.String(), Kind: "SriovIBNetwork"},
+				ObjectMeta: metav1.ObjectMeta{Namespace: "ns", Name: "test"},
 				Spec: v1.SriovIBNetworkSpec{
 					NetworkNamespace: "testnamespace",
 					ResourceName:     "testresource",
@@ -241,10 +246,8 @@ func TestIBRendering(t *testing.T) {
 			if err != nil {
 				t.Fatalf("failed reading .golden: %s", err)
 			}
-			t.Log(b.String())
-			if !bytes.Equal(b.Bytes(), g) {
-				t.Errorf("bytes do not match .golden file")
-			}
+
+			assert.Equal(t, string(g), b.String(), "bytes do not match .golden file [%s]", gp)
 		})
 	}
 }
@@ -257,9 +260,8 @@ func TestOVSRendering(t *testing.T) {
 		{
 			tname: "simpleovs",
 			network: v1.OVSNetwork{
-				ObjectMeta: metav1.ObjectMeta{
-					Name: "test",
-				},
+				TypeMeta:   metav1.TypeMeta{APIVersion: v1.GroupVersion.String(), Kind: "OVSNetwork"},
+				ObjectMeta: metav1.ObjectMeta{Namespace: "ns", Name: "test"},
 				Spec: v1.OVSNetworkSpec{
 					NetworkNamespace: "testnamespace",
 					ResourceName:     "testresource",
@@ -269,9 +271,8 @@ func TestOVSRendering(t *testing.T) {
 		{
 			tname: "chained",
 			network: v1.OVSNetwork{
-				ObjectMeta: metav1.ObjectMeta{
-					Name: "test",
-				},
+				TypeMeta:   metav1.TypeMeta{APIVersion: v1.GroupVersion.String(), Kind: "OVSNetwork"},
+				ObjectMeta: metav1.ObjectMeta{Namespace: "ns", Name: "test"},
 				Spec: v1.OVSNetworkSpec{
 					NetworkNamespace: "testnamespace",
 					ResourceName:     "testresource",
@@ -288,9 +289,8 @@ func TestOVSRendering(t *testing.T) {
 		{
 			tname: "complexconf",
 			network: v1.OVSNetwork{
-				ObjectMeta: metav1.ObjectMeta{
-					Name: "test",
-				},
+				TypeMeta:   metav1.TypeMeta{APIVersion: v1.GroupVersion.String(), Kind: "OVSNetwork"},
+				ObjectMeta: metav1.ObjectMeta{Namespace: "ns", Name: "test"},
 				Spec: v1.OVSNetworkSpec{
 					NetworkNamespace: "testnamespace",
 					ResourceName:     "testresource",
@@ -334,10 +334,8 @@ func TestOVSRendering(t *testing.T) {
 			if err != nil {
 				t.Fatalf("failed reading .golden: %s", err)
 			}
-			t.Log(b.String())
-			if !bytes.Equal(b.Bytes(), g) {
-				t.Errorf("bytes do not match .golden file")
-			}
+
+			assert.Equal(t, string(g), b.String(), "bytes do not match .golden file [%s]", gp)
 		})
 	}
 }

api/v1/testdata/TestIBRendering/simpleib.golden

@@ -3,12 +3,13 @@
   "kind": "NetworkAttachmentDefinition",
   "metadata": {
     "annotations": {
-      "k8s.v1.cni.cncf.io/resourceName": "/testresource"
+      "k8s.v1.cni.cncf.io/resourceName": "/testresource",
+      "sriovnetwork.openshift.io/owner-ref": "SriovIBNetwork.sriovnetwork.openshift.io/ns/test"
     },
-    "name": null,
+    "name": "test",
     "namespace": "testnamespace"
   },
   "spec": {
-    "config": "{ \"cniVersion\":\"1.0.0\", \"name\":\"\",\"type\":\"ib-sriov\",\"capabilities\":foo,\"ipam\":{} }"
+    "config": "{ \"cniVersion\":\"1.0.0\", \"name\":\"test\",\"type\":\"ib-sriov\",\"capabilities\":foo,\"ipam\":{} }"
   }
 }

api/v1/testdata/TestOVSRendering/chained.golden

@@ -3,7 +3,8 @@
   "kind": "NetworkAttachmentDefinition",
   "metadata": {
     "annotations": {
-      "k8s.v1.cni.cncf.io/resourceName": "/testresource"
+      "k8s.v1.cni.cncf.io/resourceName": "/testresource",
+      "sriovnetwork.openshift.io/owner-ref": "OVSNetwork.sriovnetwork.openshift.io/ns/test"
     },
     "name": "test",
     "namespace": "testnamespace"

api/v1/testdata/TestOVSRendering/complexconf.golden

@@ -3,7 +3,8 @@
   "kind": "NetworkAttachmentDefinition",
   "metadata": {
     "annotations": {
-      "k8s.v1.cni.cncf.io/resourceName": "/testresource"
+      "k8s.v1.cni.cncf.io/resourceName": "/testresource",
+      "sriovnetwork.openshift.io/owner-ref": "OVSNetwork.sriovnetwork.openshift.io/ns/test"
     },
     "name": "test",
     "namespace": "testnamespace"

api/v1/testdata/TestOVSRendering/simpleovs.golden

@@ -3,7 +3,8 @@
   "kind": "NetworkAttachmentDefinition",
   "metadata": {
     "annotations": {
-      "k8s.v1.cni.cncf.io/resourceName": "/testresource"
+      "k8s.v1.cni.cncf.io/resourceName": "/testresource",
+      "sriovnetwork.openshift.io/owner-ref": "OVSNetwork.sriovnetwork.openshift.io/ns/test"
     },
     "name": "test",
     "namespace": "testnamespace"

api/v1/testdata/TestRendering/chained.golden

@@ -3,12 +3,13 @@
   "kind": "NetworkAttachmentDefinition",
   "metadata": {
     "annotations": {
-      "k8s.v1.cni.cncf.io/resourceName": "/testresource"
+      "k8s.v1.cni.cncf.io/resourceName": "/testresource",
+      "sriovnetwork.openshift.io/owner-ref": "SriovNetwork.sriovnetwork.openshift.io/ns/test"
     },
-    "name": null,
+    "name": "test",
     "namespace": "testnamespace"
   },
   "spec": {
-    "config": "{ \"cniVersion\":\"1.0.0\", \"name\":\"\",\"plugins\": [ {\"type\":\"sriov\",\"vlan\":0,\"vlanQoS\":0,\"ipam\":{} },\n{ \"type\": \"vrf\", \"vrfname\": \"blue\" }\n] }"
+    "config": "{ \"cniVersion\":\"1.0.0\", \"name\":\"test\",\"plugins\": [ {\"type\":\"sriov\",\"vlan\":0,\"vlanQoS\":0,\"ipam\":{} },\n{ \"type\": \"vrf\", \"vrfname\": \"blue\" }\n] }"
   }
 }

api/v1/testdata/TestRendering/simple.golden

@@ -3,12 +3,13 @@
   "kind": "NetworkAttachmentDefinition",
   "metadata": {
     "annotations": {
-      "k8s.v1.cni.cncf.io/resourceName": "/testresource"
+      "k8s.v1.cni.cncf.io/resourceName": "/testresource",
+      "sriovnetwork.openshift.io/owner-ref": "SriovNetwork.sriovnetwork.openshift.io/ns/test"
     },
-    "name": null,
+    "name": "test",
     "namespace": "testnamespace"
   },
   "spec": {
-    "config": "{ \"cniVersion\":\"1.0.0\", \"name\":\"\",\"type\":\"sriov\",\"vlan\":0,\"vlanQoS\":0,\"ipam\":{} }"
+    "config": "{ \"cniVersion\":\"1.0.0\", \"name\":\"test\",\"type\":\"sriov\",\"vlan\":0,\"vlanQoS\":0,\"ipam\":{} }"
   }
 }

bindata/manifests/cni-config/ovs/ovs-cni-config.yaml

@@ -5,6 +5,7 @@ metadata:
   namespace: {{.NetworkNamespace}}
   annotations:
     k8s.v1.cni.cncf.io/resourceName: {{.CniResourceName}}
+    sriovnetwork.openshift.io/owner-ref: {{.Owner}}
 spec:
   config: '{
   "cniVersion":"1.0.0",

bindata/manifests/cni-config/sriov/sriov-cni-config.yaml

@@ -5,6 +5,7 @@ metadata:
   namespace: {{.SriovNetworkNamespace}}
   annotations:
     k8s.v1.cni.cncf.io/resourceName: {{.SriovCniResourceName}}
+    sriovnetwork.openshift.io/owner-ref: {{.Owner}}
 spec:
   config: '{
   "cniVersion":"1.0.0",

controllers/generic_network_controller.go

@@ -38,6 +38,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
 	sriovnetworkv1 "github.com/k8snetworkplumbingwg/sriov-network-operator/api/v1"
+	"github.com/k8snetworkplumbingwg/sriov-network-operator/pkg/consts"
 	"github.com/k8snetworkplumbingwg/sriov-network-operator/pkg/utils"
 	"github.com/k8snetworkplumbingwg/sriov-network-operator/pkg/vars"
 )
@@ -189,6 +190,20 @@ func (r *genericNetworkReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 		}
 	} else {
 		reqLogger.Info("NetworkAttachmentDefinition CR already exist")
+
+		foundOwner := found.GetAnnotations()[consts.OwnerRefAnnotation]
+		expectedOwner := netAttDef.GetAnnotations()[consts.OwnerRefAnnotation]
+
+		// Note for the future: the `foundOwner != ""` condition can be removed to make the operator not touching the NetworkAttachmentDefinition created
+		// by the user.
+		if foundOwner != "" && foundOwner != expectedOwner {
+			reqLogger.Info("A NetworkAttachmentDefinition with the same name already exists and it does not belong to this resource",
+				"Namespace", netAttDef.Namespace, "Name", netAttDef.Name,
+				"CurrentOwner", foundOwner, "ExpectedOwner", expectedOwner,
+			)
+			return reconcile.Result{}, nil
+		}
+
 		if !equality.Semantic.DeepEqual(found.Spec, netAttDef.Spec) || !equality.Semantic.DeepEqual(found.GetAnnotations(), netAttDef.GetAnnotations()) {
 			reqLogger.Info("Update NetworkAttachmentDefinition CR", "Namespace", netAttDef.Namespace, "Name", netAttDef.Name)
 			netAttDef.SetResourceVersion(found.GetResourceVersion())