Merge pull request #393 from chrischdi/pr-machines-labels

NO-JIRA: conversion: CAPI2MAPI set openshift labels for zone, region and instance-type

Author: openshift-merge-bot[bot]

pkg/admissionpolicy/testutils/util.go

@@ -25,12 +25,14 @@ import (
 	"path/filepath"
 	"strings"
 	"sync"
+	"time"
 
 	corev1 "k8s.io/api/core/v1"
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
+	"sigs.k8s.io/controller-runtime/pkg/envtest/komega"
 
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -187,6 +189,24 @@ func AddSentinelValidation(vap *admissionregistrationv1.ValidatingAdmissionPolic
 	})
 }
 
+// VerifySentinelValidation tries to update a resource to hit the sentinel validation to see that the VAP is in-place.
+func VerifySentinelValidation(k komega.Komega, sentinelObject client.Object, timeout time.Duration) {
+	Eventually(k.Update(sentinelObject, func() {
+		SetSentinelValidationLabel(sentinelObject)
+	}), timeout).Should(MatchError(ContainSubstring("policy in place")))
+}
+
+// SetSentinelValidationLabel sets the sentinel validation label on a resource.
+func SetSentinelValidationLabel(sentinelObject client.Object) {
+	currentLabels := sentinelObject.GetLabels()
+	if currentLabels == nil {
+		currentLabels = map[string]string{}
+	}
+
+	currentLabels["test-sentinel"] = "fubar"
+	sentinelObject.SetLabels(currentLabels)
+}
+
 // UpdateVAPBindingNamespaces updates a VAP binding's namespace configuration.
 //
 // Parameters:

pkg/controllers/machinesetsync/machineset_vap_test.go

@@ -188,9 +188,7 @@ var _ = Describe("MachineSet VAP Tests", func() {
 				Build()
 			Eventually(k8sClient.Create(ctx, sentinelMachineSet)).Should(Succeed(), "sentinel machineset should be able to be created")
 
-			Eventually(k.Update(sentinelMachineSet, func() {
-				sentinelMachineSet.ObjectMeta.Labels = map[string]string{"test-sentinel": "fubar"}
-			}), timeout).Should(MatchError(ContainSubstring("policy in place")))
+			admissiontestutils.VerifySentinelValidation(k, sentinelMachineSet, timeout)
 		})
 
 		It("should allow creating a MachineSet without forbidden fields", func() {

pkg/controllers/machinesync/machine_sync_controller_test.go

@@ -1132,9 +1132,7 @@ var _ = Describe("With a running MachineSync Reconciler", func() {
 				Eventually(k.Object(sentinelMachine), timeout).Should(
 					HaveField("Status.AuthoritativeAPI", Equal(mapiv1beta1.MachineAuthorityClusterAPI)))
 
-				Eventually(k.Update(sentinelMachine, func() {
-					sentinelMachine.ObjectMeta.Labels = map[string]string{"test-sentinel": "fubar"}
-				}), timeout).Should(MatchError(ContainSubstring("policy in place")))
+				admissiontestutils.VerifySentinelValidation(k, sentinelMachine, timeout)
 			})
 
 			Context("with status.AuthoritativeAPI: Machine API", func() {
@@ -1318,9 +1316,7 @@ var _ = Describe("With a running MachineSync Reconciler", func() {
 				Eventually(k8sClient.Create(ctx, sentinelMachine)).Should(Succeed())
 
 				// Continually try to update the capiMachine to a forbidden field until the VAP blocks it
-				Eventually(k.Update(sentinelMachine, func() {
-					sentinelMachine.ObjectMeta.Labels = map[string]string{"test-sentinel": "fubar"}
-				}), timeout).Should(MatchError(ContainSubstring("policy in place")))
+				admissiontestutils.VerifySentinelValidation(k, sentinelMachine, timeout)
 			})
 
 			It("updating the spec.Version should not be allowed", func() {
@@ -1383,9 +1379,7 @@ var _ = Describe("With a running MachineSync Reconciler", func() {
 
 				Eventually(k.Get(capiSentinelMachine)).Should(Succeed())
 
-				Eventually(k.Update(sentinelMachine, func() {
-					sentinelMachine.ObjectMeta.Labels = map[string]string{"test-sentinel": "fubar"}
-				}), timeout).Should(MatchError(ContainSubstring("policy in place")))
+				admissiontestutils.VerifySentinelValidation(k, sentinelMachine, timeout)
 			})
 
 			// The Authoritative API defaults to MachineAPI so we can't test if it's unset.
@@ -1451,9 +1445,7 @@ var _ = Describe("With a running MachineSync Reconciler", func() {
 
 				Eventually(k.Get(capiSentinelMachine)).Should(Succeed())
 
-				Eventually(k.Update(sentinelMachine, func() {
-					sentinelMachine.ObjectMeta.Labels = map[string]string{"test-sentinel": "fubar"}
-				}), timeout).Should(MatchError(ContainSubstring("policy in place")))
+				admissiontestutils.VerifySentinelValidation(k, sentinelMachine, timeout)
 			})
 
 			It("denies updating the AuthoritativeAPI when the machine is in Provisioning", func() {
@@ -1566,7 +1558,7 @@ var _ = Describe("With a running MachineSync Reconciler", func() {
 					warnSink.Reset() // keep each probe self-contained
 
 					err := warnKomega.Update(sentinelMachine, func() {
-						sentinelMachine.ObjectMeta.Labels = map[string]string{"test-sentinel": "fubar"}
+						admissiontestutils.SetSentinelValidationLabel(sentinelMachine)
 					})()
 					g.Expect(err).NotTo(HaveOccurred())
 

pkg/conversion/capi2mapi/aws.go

@@ -21,6 +21,7 @@ import (
 	"strings"
 
 	mapiv1beta1 "github.com/openshift/api/machine/v1beta1"
+	"github.com/openshift/cluster-capi-operator/pkg/conversion/consts"
 
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -49,9 +50,10 @@ const (
 
 // machineAndAWSMachineAndAWSCluster stores the details of a Cluster API Machine and AWSMachine and AWSCluster.
 type machineAndAWSMachineAndAWSCluster struct {
-	machine    *clusterv1.Machine
-	awsMachine *awsv1.AWSMachine
-	awsCluster *awsv1.AWSCluster
+	machine                               *clusterv1.Machine
+	awsMachine                            *awsv1.AWSMachine
+	awsCluster                            *awsv1.AWSCluster
+	excludeMachineAPILabelsAndAnnotations bool
 }
 
 // machineSetAndAWSMachineTemplateAndAWSCluster stores the details of a Cluster API MachineSet and AWSMachineTemplate and AWSCluster.
@@ -84,7 +86,8 @@ func FromMachineSetAndAWSMachineTemplateAndAWSCluster(ms *clusterv1.MachineSet,
 			awsMachine: &awsv1.AWSMachine{
 				Spec: mts.Spec.Template.Spec,
 			},
-			awsCluster: ac,
+			awsCluster:                            ac,
+			excludeMachineAPILabelsAndAnnotations: true,
 		},
 	}
 }
@@ -258,7 +261,20 @@ func (m machineAndAWSMachineAndAWSCluster) ToMachine() (*mapiv1beta1.Machine, []
 
 	warnings = append(warnings, warn...)
 
-	mapiMachine, err := fromCAPIMachineToMAPIMachine(m.machine)
+	var additionalMachineAPIMetadataLabels, additionalMachineAPIMetadataAnnotations map[string]string
+	if !m.excludeMachineAPILabelsAndAnnotations {
+		additionalMachineAPIMetadataLabels = map[string]string{
+			consts.MAPIMachineMetadataLabelInstanceType: m.awsMachine.Spec.InstanceType,
+			consts.MAPIMachineMetadataLabelRegion:       m.awsCluster.Spec.Region,
+			consts.MAPIMachineMetadataLabelZone:         ptr.Deref(m.machine.Spec.FailureDomain, ""),
+		}
+
+		additionalMachineAPIMetadataAnnotations = map[string]string{
+			consts.MAPIMachineMetadataAnnotationInstanceState: string(ptr.Deref(m.awsMachine.Status.InstanceState, "")),
+		}
+	}
+
+	mapiMachine, err := fromCAPIMachineToMAPIMachine(m.machine, additionalMachineAPIMetadataLabels, additionalMachineAPIMetadataAnnotations)
 	if err != nil {
 		errors = append(errors, err...)
 	}

pkg/conversion/capi2mapi/common.go

@@ -45,13 +45,13 @@ func RawExtensionFromInterface(spec interface{}) (*runtime.RawExtension, error)
 
 func convertCAPIMachineSetSelectorToMAPI(capiSelector metav1.LabelSelector) metav1.LabelSelector {
 	mapiSelector := capiSelector.DeepCopy()
-	mapiSelector.MatchLabels = convertCAPILabelsToMAPILabels(capiSelector.MatchLabels)
+	mapiSelector.MatchLabels = convertCAPILabelsToMAPILabels(capiSelector.MatchLabels, nil)
 
 	return *mapiSelector
 }
 
-func convertCAPILabelsToMAPILabels(capiLabels map[string]string) map[string]string {
-	if len(capiLabels) == 0 {
+func convertCAPILabelsToMAPILabels(capiLabels map[string]string, machineAPILabels map[string]string) map[string]string {
+	if len(capiLabels) == 0 && len(machineAPILabels) == 0 {
 		return nil
 	}
 
@@ -77,6 +77,15 @@ func convertCAPILabelsToMAPILabels(capiLabels map[string]string) map[string]stri
 		mapiLabels[k] = v
 	}
 
+	for k, v := range machineAPILabels {
+		// Ignore empty labels to ensure to not overwrite potentially existing labels with empty values.
+		if v == "" {
+			continue
+		}
+
+		mapiLabels[k] = v
+	}
+
 	// On the original MAPI object some label fields are nil rather than empty.
 	// So return nil instead to avoid unnecessary diff being picked up by the diff checker.
 	if len(mapiLabels) == 0 {
@@ -124,8 +133,8 @@ func convertCAPIMachineAnnotationsToMAPIMachineSpecObjectMetaAnnotations(capiAnn
 	return mapiAnnotations
 }
 
-func convertCAPIAnnotationsToMAPIAnnotations(capiAnnotations map[string]string) map[string]string {
-	if len(capiAnnotations) == 0 {
+func convertCAPIAnnotationsToMAPIAnnotations(capiAnnotations map[string]string, machineAPIAnnotations map[string]string) map[string]string {
+	if len(capiAnnotations) == 0 && len(machineAPIAnnotations) == 0 {
 		return nil
 	}
 
@@ -155,5 +164,20 @@ func convertCAPIAnnotationsToMAPIAnnotations(capiAnnotations map[string]string)
 		mapiAnnotations[k] = v
 	}
 
+	for k, v := range machineAPIAnnotations {
+		// Ignore empty annotations to ensure to not overwrite potentially existing annotations with empty values.
+		if v == "" {
+			continue
+		}
+
+		mapiAnnotations[k] = v
+	}
+
+	// On the original MAPI object some label fields are nil rather than empty.
+	// So return nil instead to avoid unnecessary diff being picked up by the diff checker.
+	if len(mapiAnnotations) == 0 {
+		return nil
+	}
+
 	return mapiAnnotations
 }

pkg/conversion/capi2mapi/machine.go

@@ -34,7 +34,7 @@ const (
 )
 
 // fromCAPIMachineToMAPIMachine translates a core CAPI Machine to its MAPI Machine correspondent.
-func fromCAPIMachineToMAPIMachine(capiMachine *clusterv1.Machine) (*mapiv1beta1.Machine, field.ErrorList) {
+func fromCAPIMachineToMAPIMachine(capiMachine *clusterv1.Machine, additionalMachineAPIMetadataLabels, additionalMachineAPIMetadataAnnotations map[string]string) (*mapiv1beta1.Machine, field.ErrorList) {
 	errs := field.ErrorList{}
 
 	lifecycleHooks, capiMachineNonHookAnnotations := convertCAPILifecycleHookAnnotationsToMAPILifecycleHooksAndAnnotations(capiMachine.Annotations)
@@ -48,8 +48,8 @@ func fromCAPIMachineToMAPIMachine(capiMachine *clusterv1.Machine) (*mapiv1beta1.
 		ObjectMeta: metav1.ObjectMeta{
 			Name:            capiMachine.Name,
 			Namespace:       mapiNamespace,
-			Labels:          convertCAPILabelsToMAPILabels(capiMachine.Labels),
-			Annotations:     convertCAPIAnnotationsToMAPIAnnotations(capiMachineNonHookAnnotations),
+			Labels:          convertCAPILabelsToMAPILabels(capiMachine.Labels, additionalMachineAPIMetadataLabels),
+			Annotations:     convertCAPIAnnotationsToMAPIAnnotations(capiMachineNonHookAnnotations, additionalMachineAPIMetadataAnnotations),
 			Finalizers:      []string{mapiv1beta1.MachineFinalizer},
 			OwnerReferences: nil, // OwnerReferences not populated here. They are added later by the machineSync controller.
 		},

pkg/conversion/capi2mapi/machineset.go

@@ -32,8 +32,8 @@ func fromCAPIMachineSetToMAPIMachineSet(capiMachineSet *clusterv1.MachineSet) (*
 		ObjectMeta: metav1.ObjectMeta{
 			Name:            capiMachineSet.Name,
 			Namespace:       capiMachineSet.Namespace,
-			Labels:          convertCAPILabelsToMAPILabels(capiMachineSet.Labels),
-			Annotations:     convertCAPIAnnotationsToMAPIAnnotations(capiMachineSet.Annotations),
+			Labels:          convertCAPILabelsToMAPILabels(capiMachineSet.Labels, nil),
+			Annotations:     convertCAPIAnnotationsToMAPIAnnotations(capiMachineSet.Annotations, nil),
 			Finalizers:      nil, // MAPI MachineSet does not have finalizers.
 			OwnerReferences: nil, // OwnerReferences not populated here. They are added later by the machineSetSync controller.
 		},
@@ -44,8 +44,8 @@ func fromCAPIMachineSetToMAPIMachineSet(capiMachineSet *clusterv1.MachineSet) (*
 			DeletePolicy:    capiMachineSet.Spec.DeletePolicy,
 			Template: mapiv1beta1.MachineTemplateSpec{
 				ObjectMeta: mapiv1beta1.ObjectMeta{
-					Labels:      convertCAPILabelsToMAPILabels(capiMachineSet.Spec.Template.Labels),
-					Annotations: convertCAPIAnnotationsToMAPIAnnotations(capiMachineSet.Spec.Template.Annotations),
+					Labels:      convertCAPILabelsToMAPILabels(capiMachineSet.Spec.Template.Labels, nil),
+					Annotations: convertCAPIAnnotationsToMAPIAnnotations(capiMachineSet.Spec.Template.Annotations, nil),
 				},
 			},
 		},

pkg/conversion/capi2mapi/openstack.go

@@ -23,11 +23,13 @@ import (
 
 	mapiv1alpha1 "github.com/openshift/api/machine/v1alpha1"
 	mapiv1beta1 "github.com/openshift/api/machine/v1beta1"
+	"github.com/openshift/cluster-capi-operator/pkg/conversion/consts"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	"k8s.io/apimachinery/pkg/util/validation/field"
+	"k8s.io/utils/ptr"
 	openstackv1 "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta1"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 )
@@ -39,9 +41,10 @@ var (
 
 // machineAndOpenStackMachineAndOpenStackCluster stores the details of a Cluster API Machine and OpenStackMachine and OpenStackCluster.
 type machineAndOpenStackMachineAndOpenStackCluster struct {
-	machine          *clusterv1.Machine
-	openstackMachine *openstackv1.OpenStackMachine
-	openstackCluster *openstackv1.OpenStackCluster
+	machine                               *clusterv1.Machine
+	openstackMachine                      *openstackv1.OpenStackMachine
+	openstackCluster                      *openstackv1.OpenStackCluster
+	excludeMachineAPILabelsAndAnnotations bool
 }
 
 // machineSetAndOpenStackMachineTemplateAndOpenStackCluster stores the details of a Cluster API MachineSet and OpenStackMachineTemplate and OpenStackCluster.
@@ -74,7 +77,8 @@ func FromMachineSetAndOpenStackMachineTemplateAndOpenStackCluster(ms *clusterv1.
 			openstackMachine: &openstackv1.OpenStackMachine{
 				Spec: mts.Spec.Template.Spec,
 			},
-			openstackCluster: ac,
+			openstackCluster:                      ac,
+			excludeMachineAPILabelsAndAnnotations: true,
 		},
 	}
 }
@@ -201,7 +205,22 @@ func (m machineAndOpenStackMachineAndOpenStackCluster) ToMachine() (*mapiv1beta1
 
 	warnings = append(warnings, warns...)
 
-	mapiMachine, errs := fromCAPIMachineToMAPIMachine(m.machine)
+	var additionalMachineAPIMetadataLabels, additionalMachineAPIMetadataAnnotations map[string]string
+	if !m.excludeMachineAPILabelsAndAnnotations {
+		additionalMachineAPIMetadataLabels = map[string]string{
+			// Unable to determine the region without fetching the identity resources as done at:
+			// https://github.com/openshift/machine-api-provider-openstack/blob/2defb131bd0836beba0a9790de7c9a63137a5cec/pkg/machine/actuator.go#L85-L89
+			// consts.MAPIMachineMetadataLabelRegion
+			consts.MAPIMachineMetadataLabelInstanceType: ptr.Deref(m.openstackMachine.Spec.Flavor, ""),
+			consts.MAPIMachineMetadataLabelZone:         ptr.Deref(m.machine.Spec.FailureDomain, ""),
+		}
+
+		additionalMachineAPIMetadataAnnotations = map[string]string{
+			consts.MAPIMachineMetadataAnnotationInstanceState: string(ptr.Deref(m.openstackMachine.Status.InstanceState, "")),
+		}
+	}
+
+	mapiMachine, errs := fromCAPIMachineToMAPIMachine(m.machine, additionalMachineAPIMetadataLabels, additionalMachineAPIMetadataAnnotations)
 	if errs != nil {
 		errors = append(errors, errs...)
 	}

pkg/conversion/capi2mapi/powervs.go

@@ -22,6 +22,7 @@ import (
 
 	mapiv1 "github.com/openshift/api/machine/v1"
 	mapiv1beta1 "github.com/openshift/api/machine/v1beta1"
+	"github.com/openshift/cluster-capi-operator/pkg/conversion/consts"
 
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -39,9 +40,10 @@ var (
 
 // machineAndPowerVSMachineAndPowerVSCluster stores the details of a Cluster API Machine and PowerVSMachine and PowerVSCluster.
 type machineAndPowerVSMachineAndPowerVSCluster struct {
-	machine        *clusterv1.Machine
-	powerVSMachine *ibmpowervsv1.IBMPowerVSMachine
-	powerVSCluster *ibmpowervsv1.IBMPowerVSCluster
+	machine                               *clusterv1.Machine
+	powerVSMachine                        *ibmpowervsv1.IBMPowerVSMachine
+	powerVSCluster                        *ibmpowervsv1.IBMPowerVSCluster
+	excludeMachineAPILabelsAndAnnotations bool
 }
 
 // machineSetAndPowerVSMachineTemplateAndPowerVSCluster stores the details of a Cluster API MachineSet and PowerVSMachineTemplate and AWSCluster.
@@ -74,7 +76,8 @@ func FromMachineSetAndPowerVSMachineTemplateAndPowerVSCluster(ms *clusterv1.Mach
 			powerVSMachine: &ibmpowervsv1.IBMPowerVSMachine{
 				Spec: mts.Spec.Template.Spec,
 			},
-			powerVSCluster: pc,
+			powerVSCluster:                        pc,
+			excludeMachineAPILabelsAndAnnotations: true,
 		},
 	}
 }
@@ -100,7 +103,20 @@ func (m machineAndPowerVSMachineAndPowerVSCluster) ToMachine() (*mapiv1beta1.Mac
 		return nil, nil, fmt.Errorf("unable to convert PowerVS providerSpec to raw extension: %w", errRaw)
 	}
 
-	mapiMachine, err := fromCAPIMachineToMAPIMachine(m.machine)
+	var additionalMachineAPIMetadataLabels, additionalMachineAPIMetadataAnnotations map[string]string
+	if !m.excludeMachineAPILabelsAndAnnotations {
+		additionalMachineAPIMetadataLabels = map[string]string{
+			consts.MAPIMachineMetadataLabelInstanceType: m.powerVSMachine.Spec.SystemType,
+			consts.MAPIMachineMetadataLabelRegion:       ptr.Deref(m.powerVSMachine.Status.Region, ""),
+			consts.MAPIMachineMetadataLabelZone:         ptr.Deref(m.machine.Spec.FailureDomain, ""),
+		}
+
+		additionalMachineAPIMetadataAnnotations = map[string]string{
+			consts.MAPIMachineMetadataAnnotationInstanceState: string(m.powerVSMachine.Status.InstanceState),
+		}
+	}
+
+	mapiMachine, err := fromCAPIMachineToMAPIMachine(m.machine, additionalMachineAPIMetadataLabels, additionalMachineAPIMetadataAnnotations)
 	if err != nil {
 		errors = append(errors, err...)
 	}