fix: identical endpoint name conflicts

Signed-off-by: Oleksii Kurinnyi <[email protected]>

Author: akurinnoy

controllers/controller/devworkspacerouting/devworkspacerouting_controller.go

@@ -96,6 +96,7 @@ func (r *DevWorkspaceRoutingReconciler) Reconcile(ctx context.Context, req ctrl.
 	solver, err := r.SolverGetter.GetSolver(r.Client, instance.Spec.RoutingClass)
 	if err != nil {
 		if errors.Is(err, solvers.RoutingNotSupported) {
+			reqLogger.Info("Routing class not supported by this controller, skipping reconciliation", "routingClass", instance.Spec.RoutingClass)
 			return reconcile.Result{}, nil
 		}
 		return reconcile.Result{}, r.markRoutingFailed(instance, fmt.Sprintf("Invalid routingClass for DevWorkspace: %s", err))
@@ -131,7 +132,7 @@ func (r *DevWorkspaceRoutingReconciler) Reconcile(ctx context.Context, req ctrl.
 	}
 
 	restrictedAccess, setRestrictedAccess := instance.Annotations[constants.DevWorkspaceRestrictedAccessAnnotation]
-	routingObjects, err := solver.GetSpecObjects(instance, workspaceMeta)
+	routingObjects, err := solver.GetSpecObjects(instance, workspaceMeta, r.Client, reqLogger)
 	if err != nil {
 		var notReady *solvers.RoutingNotReady
 		if errors.As(err, &notReady) {
@@ -149,6 +150,12 @@ func (r *DevWorkspaceRoutingReconciler) Reconcile(ctx context.Context, req ctrl.
 			return reconcile.Result{}, r.markRoutingFailed(instance, fmt.Sprintf("Unable to provision networking for DevWorkspace: %s", invalid))
 		}
 
+		var conflict *solvers.ServiceConflictError
+		if errors.As(err, &conflict) {
+			reqLogger.Error(conflict, "Routing controller detected a service conflict", "serviceName", conflict.Reason)
+			return reconcile.Result{}, r.markRoutingFailed(instance, fmt.Sprintf("Unable to provision networking for DevWorkspace: %s", conflict))
+		}
+
 		// generic error, just fail the reconciliation
 		return reconcile.Result{}, err
 	}
@@ -208,6 +215,10 @@ func (r *DevWorkspaceRoutingReconciler) Reconcile(ctx context.Context, req ctrl.
 			if errors.As(err, &failError) {
 				return reconcile.Result{}, r.markRoutingFailed(instance, err.Error())
 			}
+			conflictErr := &solvers.HostnameConflictError{}
+			if errors.As(err, &conflictErr) {
+				return reconcile.Result{}, r.markRoutingFailed(instance, conflictErr.Error())
+			}
 			reqLogger.Error(err, "Error syncing routes")
 			return reconcile.Result{Requeue: true}, r.reconcileStatus(instance, nil, nil, false, "Preparing routes")
 		} else if !routesInSync {
@@ -222,6 +233,10 @@ func (r *DevWorkspaceRoutingReconciler) Reconcile(ctx context.Context, req ctrl.
 			if errors.As(err, &failError) {
 				return reconcile.Result{}, r.markRoutingFailed(instance, err.Error())
 			}
+			conflictErr := &solvers.HostnameConflictError{}
+			if errors.As(err, &conflictErr) {
+				return reconcile.Result{}, r.markRoutingFailed(instance, conflictErr.Error())
+			}
 			reqLogger.Error(err, "Error syncing ingresses")
 			return reconcile.Result{Requeue: true}, r.reconcileStatus(instance, nil, nil, false, "Preparing ingresses")
 		} else if !ingressesInSync {

controllers/controller/devworkspacerouting/solvers/basic_solver.go

@@ -20,6 +20,8 @@ import (
 	"github.com/devfile/devworkspace-operator/pkg/config"
 	"github.com/devfile/devworkspace-operator/pkg/constants"
 	"github.com/devfile/devworkspace-operator/pkg/infrastructure"
+	"github.com/go-logr/logr"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 var routeAnnotations = func(endpointName string, endpointAnnotations map[string]string) map[string]string {
@@ -59,7 +61,7 @@ func (s *BasicSolver) Finalize(*controllerv1alpha1.DevWorkspaceRouting) error {
 	return nil
 }
 
-func (s *BasicSolver) GetSpecObjects(routing *controllerv1alpha1.DevWorkspaceRouting, workspaceMeta DevWorkspaceMetadata) (RoutingObjects, error) {
+func (s *BasicSolver) GetSpecObjects(routing *controllerv1alpha1.DevWorkspaceRouting, workspaceMeta DevWorkspaceMetadata, cl client.Client, log logr.Logger) (RoutingObjects, error) {
 	routingObjects := RoutingObjects{}
 
 	// TODO: Use workspace-scoped ClusterHostSuffix to allow overriding
@@ -70,7 +72,11 @@ func (s *BasicSolver) GetSpecObjects(routing *controllerv1alpha1.DevWorkspaceRou
 
 	spec := routing.Spec
 	services := getServicesForEndpoints(spec.Endpoints, workspaceMeta)
-	services = append(services, GetDiscoverableServicesForEndpoints(spec.Endpoints, workspaceMeta)...)
+	discoverableServices, err := GetDiscoverableServicesForEndpoints(spec.Endpoints, workspaceMeta, cl, log)
+	if err != nil {
+		return RoutingObjects{}, err
+	}
+	services = append(services, discoverableServices...)
 	routingObjects.Services = services
 	if infrastructure.IsOpenShift() {
 		routingObjects.Routes = getRoutesForSpec(routingSuffix, spec.Endpoints, workspaceMeta)

controllers/controller/devworkspacerouting/solvers/cluster_solver.go

@@ -24,6 +24,8 @@ import (
 	corev1 "k8s.io/api/core/v1"
 
 	controllerv1alpha1 "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1"
+	"github.com/go-logr/logr"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 const (
@@ -44,9 +46,14 @@ func (s *ClusterSolver) Finalize(*controllerv1alpha1.DevWorkspaceRouting) error
 	return nil
 }
 
-func (s *ClusterSolver) GetSpecObjects(routing *controllerv1alpha1.DevWorkspaceRouting, workspaceMeta DevWorkspaceMetadata) (RoutingObjects, error) {
+func (s *ClusterSolver) GetSpecObjects(routing *controllerv1alpha1.DevWorkspaceRouting, workspaceMeta DevWorkspaceMetadata, cl client.Client, log logr.Logger) (RoutingObjects, error) {
 	spec := routing.Spec
 	services := getServicesForEndpoints(spec.Endpoints, workspaceMeta)
+	discoverableServices, err := GetDiscoverableServicesForEndpoints(spec.Endpoints, workspaceMeta, cl, log)
+	if err != nil {
+		return RoutingObjects{}, err
+	}
+	services = append(services, discoverableServices...)
 	podAdditions := &controllerv1alpha1.PodAdditions{}
 	if s.TLS {
 		readOnlyMode := int32(420)

controllers/controller/devworkspacerouting/solvers/common.go

@@ -16,9 +16,15 @@
 package solvers
 
 import (
+	"context"
+	"fmt"
+
 	controllerv1alpha1 "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1"
 	"github.com/devfile/devworkspace-operator/pkg/common"
 	"github.com/devfile/devworkspace-operator/pkg/constants"
+	"github.com/go-logr/logr"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	routeV1 "github.com/openshift/api/route/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -36,7 +42,7 @@ type DevWorkspaceMetadata struct {
 
 // GetDiscoverableServicesForEndpoints converts the endpoint list into a set of services, each corresponding to a single discoverable
 // endpoint from the list. Endpoints with the NoneEndpointExposure are ignored.
-func GetDiscoverableServicesForEndpoints(endpoints map[string]controllerv1alpha1.EndpointList, meta DevWorkspaceMetadata) []corev1.Service {
+func GetDiscoverableServicesForEndpoints(endpoints map[string]controllerv1alpha1.EndpointList, meta DevWorkspaceMetadata, cl client.Client, log logr.Logger) ([]corev1.Service, error) {
 	var services []corev1.Service
 	for _, machineEndpoints := range endpoints {
 		for _, endpoint := range machineEndpoints {
@@ -45,18 +51,36 @@ func GetDiscoverableServicesForEndpoints(endpoints map[string]controllerv1alpha1
 			}
 
 			if endpoint.Attributes.GetBoolean(string(controllerv1alpha1.DiscoverableAttribute), nil) {
-				// Create service with name matching endpoint
-				// TODO: This could cause a reconcile conflict if multiple workspaces define the same discoverable endpoint
-				// Also endpoint names may not be valid as service names
+				serviceName := common.EndpointName(endpoint.Name)
+				log.Info("Checking for existing service for discoverable endpoint", "serviceName", serviceName)
+				existingService := &corev1.Service{}
+				err := cl.Get(context.TODO(), client.ObjectKey{Name: serviceName, Namespace: meta.Namespace}, existingService)
+				if err != nil {
+					if !errors.IsNotFound(err) {
+						log.Error(err, "Failed to get service from cluster", "serviceName", serviceName)
+						return nil, err
+					}
+					log.Info("No existing service found", "serviceName", serviceName)
+				} else {
+					log.Info("Found existing service", "serviceName", serviceName)
+					if existingService.Labels[constants.DevWorkspaceIDLabel] != meta.DevWorkspaceId {
+						log.Info("Service conflict detected", "serviceName", serviceName, "existingWorkspaceId", existingService.Labels[constants.DevWorkspaceIDLabel], "currentWorkspaceId", meta.DevWorkspaceId)
+						return nil, &ServiceConflictError{
+							Reason: fmt.Sprintf("discoverable endpoint %s conflicts with existing service", endpoint.Name),
+						}
+					}
+					log.Info("Existing service is owned by the same workspace", "serviceName", serviceName)
+				}
+
 				servicePort := corev1.ServicePort{
-					Name:       common.EndpointName(endpoint.Name),
+					Name:       serviceName,
 					Protocol:   corev1.ProtocolTCP,
 					Port:       int32(endpoint.TargetPort),
 					TargetPort: intstr.FromInt(endpoint.TargetPort),
 				}
 				services = append(services, corev1.Service{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      common.EndpointName(endpoint.Name),
+						Name:      serviceName,
 						Namespace: meta.Namespace,
 						Labels: map[string]string{
 							constants.DevWorkspaceIDLabel: meta.DevWorkspaceId,
@@ -74,7 +98,7 @@ func GetDiscoverableServicesForEndpoints(endpoints map[string]controllerv1alpha1
 			}
 		}
 	}
-	return services
+	return services, nil
 }
 
 // GetServiceForEndpoints returns a single service that exposes all endpoints of given exposure types, possibly also including the discoverable types.

controllers/controller/devworkspacerouting/solvers/common_test.go

@@ -0,0 +1,203 @@
+package solvers
+
+import (
+	"testing"
+
+	controllerv1alpha1 "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1"
+	"github.com/devfile/devworkspace-operator/pkg/constants"
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+)
+
+func TestGetDiscoverableServicesForEndpoints(t *testing.T) {
+	testLog := zap.New(zap.UseDevMode(true))
+	scheme := runtime.NewScheme()
+	_ = corev1.AddToScheme(scheme)
+	_ = controllerv1alpha1.AddToScheme(scheme)
+
+	discoverableEndpoint := controllerv1alpha1.Endpoint{
+		Name:       "test-endpoint",
+		TargetPort: 8080,
+		Exposure:   controllerv1alpha1.PublicEndpointExposure,
+		Attributes: controllerv1alpha1.Attributes{}.
+			PutBoolean(string(controllerv1alpha1.DiscoverableAttribute), true),
+	}
+	endpoints := map[string]controllerv1alpha1.EndpointList{
+		"machine1": {discoverableEndpoint},
+	}
+
+	meta := DevWorkspaceMetadata{
+		DevWorkspaceId: "current-workspace",
+		Namespace:      "test-namespace",
+	}
+
+	tests := []struct {
+		name          string
+		existing      []runtime.Object
+		expectErr     bool
+		expectErrType error
+		expectMsg     string
+	}{
+		{
+			name:      "No existing service",
+			existing:  []runtime.Object{},
+			expectErr: false,
+		},
+		{
+			name: "Existing service with different owner in same namespace",
+			existing: []runtime.Object{
+				&corev1.Service{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "test-endpoint",
+						Namespace: "test-namespace",
+						Labels: map[string]string{
+							constants.DevWorkspaceIDLabel: "other-workspace",
+						},
+					},
+				},
+			},
+			expectErr:     true,
+			expectErrType: &ServiceConflictError{},
+			expectMsg:     "conflicts with existing service",
+		},
+		{
+			name: "Existing service with same owner (reconciliation)",
+			existing: []runtime.Object{
+				&corev1.Service{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "test-endpoint",
+						Namespace: "test-namespace",
+						Labels: map[string]string{
+							constants.DevWorkspaceIDLabel: "current-workspace",
+						},
+					},
+				},
+			},
+			expectErr: false,
+		},
+		{
+			name: "Service with same name in different namespace (should not conflict)",
+			existing: []runtime.Object{
+				&corev1.Service{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "test-endpoint",
+						Namespace: "other-namespace",
+						Labels: map[string]string{
+							constants.DevWorkspaceIDLabel: "other-workspace",
+						},
+					},
+				},
+			},
+			expectErr: false,
+		},
+		{
+			name: "Service without workspace ID label",
+			existing: []runtime.Object{
+				&corev1.Service{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "test-endpoint",
+						Namespace: "test-namespace",
+						Labels:    map[string]string{},
+					},
+				},
+			},
+			expectErr:     true,
+			expectErrType: &ServiceConflictError{},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(tt.existing...).Build()
+			_, err := GetDiscoverableServicesForEndpoints(endpoints, meta, fakeClient, testLog)
+
+			if tt.expectErr {
+				assert.Error(t, err, "Expected an error but got none")
+				if tt.expectErrType != nil {
+					assert.IsType(t, tt.expectErrType, err, "Error is of unexpected type")
+				}
+				if tt.expectMsg != "" {
+					assert.Contains(t, err.Error(), tt.expectMsg)
+				}
+			} else {
+				assert.NoError(t, err, "Got unexpected error")
+			}
+		})
+	}
+}
+
+func TestGetDiscoverableServicesForEndpoints_MultipleEndpoints(t *testing.T) {
+	testLog := zap.New(zap.UseDevMode(true))
+	scheme := runtime.NewScheme()
+	_ = corev1.AddToScheme(scheme)
+	_ = controllerv1alpha1.AddToScheme(scheme)
+
+	endpoints := map[string]controllerv1alpha1.EndpointList{
+		"machine1": {
+			{
+				Name:       "postgresql",
+				TargetPort: 5432,
+				Exposure:   controllerv1alpha1.InternalEndpointExposure,
+				Attributes: controllerv1alpha1.Attributes{}.
+					PutBoolean(string(controllerv1alpha1.DiscoverableAttribute), true),
+			},
+			{
+				Name:       "redis",
+				TargetPort: 6379,
+				Exposure:   controllerv1alpha1.InternalEndpointExposure,
+				Attributes: controllerv1alpha1.Attributes{}.
+					PutBoolean(string(controllerv1alpha1.DiscoverableAttribute), true),
+			},
+			{
+				Name:       "http",
+				TargetPort: 8080,
+				Exposure:   controllerv1alpha1.PublicEndpointExposure,
+				// Not discoverable
+			},
+		},
+	}
+
+	meta := DevWorkspaceMetadata{
+		DevWorkspaceId: "current-workspace",
+		Namespace:      "test-namespace",
+		PodSelector: map[string]string{
+			constants.DevWorkspaceIDLabel: "current-workspace",
+		},
+	}
+
+	t.Run("Multiple discoverable endpoints without conflicts", func(t *testing.T) {
+		fakeClient := fake.NewClientBuilder().WithScheme(scheme).Build()
+		services, err := GetDiscoverableServicesForEndpoints(endpoints, meta, fakeClient, testLog)
+		assert.NoError(t, err)
+		assert.Len(t, services, 2, "Should create 2 discoverable services (postgresql and redis, not http)")
+
+		serviceNames := make(map[string]bool)
+		for _, svc := range services {
+			serviceNames[svc.Name] = true
+		}
+		assert.True(t, serviceNames["postgresql"], "Should have postgresql service")
+		assert.True(t, serviceNames["redis"], "Should have redis service")
+		assert.False(t, serviceNames["http"], "Should not have http service (not discoverable)")
+	})
+
+	t.Run("Conflict on one of multiple endpoints", func(t *testing.T) {
+		existingService := &corev1.Service{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "postgresql",
+				Namespace: "test-namespace",
+				Labels: map[string]string{
+					constants.DevWorkspaceIDLabel: "other-workspace",
+				},
+			},
+		}
+		fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(existingService).Build()
+		_, err := GetDiscoverableServicesForEndpoints(endpoints, meta, fakeClient, testLog)
+		assert.Error(t, err, "Should error when one endpoint conflicts")
+		assert.IsType(t, &ServiceConflictError{}, err)
+		assert.Contains(t, err.Error(), "postgresql")
+	})
+}