Merge pull request #565 from gianlucam76/referenced-resource-order

(feat) Add referenced resource data as annotations

Author: gianlucam76

lib/deployer/applier.go

@@ -245,8 +245,8 @@ func CustomSplit(text string) ([]string, error) {
 
 // GetResource returns sveltos Resource and the resource hash
 func GetResource(policy *unstructured.Unstructured, ignoreForConfigurationDrift bool,
-	referencedObject *corev1.ObjectReference, profile client.Object, tier int32, featureID string,
-	logger logr.Logger) (resource *libsveltosv1beta1.Resource, policyHash string) {
+	referencedObject *corev1.ObjectReference, profile client.Object, profileTier, referenceTier int32,
+	featureID string, logger logr.Logger) (resource *libsveltosv1beta1.Resource, policyHash string) {
 
 	resource = &libsveltosv1beta1.Resource{
 		Name:                        policy.GetName(),
@@ -265,12 +265,13 @@ func GetResource(policy *unstructured.Unstructured, ignoreForConfigurationDrift
 	}
 
 	// Get policy hash of referenced policy
-	AddLabel(policy, ReferenceKindLabel, referencedObject.GetObjectKind().GroupVersionKind().Kind)
-	AddLabel(policy, ReferenceNameLabel, referencedObject.Name)
-	AddLabel(policy, ReferenceNamespaceLabel, referencedObject.Namespace)
 	AddLabel(policy, ReasonLabel, featureID)
+	AddAnnotation(policy, ReferenceKindAnnotation, referencedObject.GetObjectKind().GroupVersionKind().Kind)
+	AddAnnotation(policy, ReferenceNameAnnotation, referencedObject.Name)
+	AddAnnotation(policy, ReferenceNamespaceAnnotation, referencedObject.Namespace)
+	AddAnnotation(policy, ReferenceTierAnnotation, fmt.Sprintf("%d", referenceTier))
 	AddAnnotation(policy, PolicyHash, policyHash)
-	AddAnnotation(policy, OwnerTier, fmt.Sprintf("%d", tier))
+	AddAnnotation(policy, OwnerTier, fmt.Sprintf("%d", profileTier))
 	AddAnnotation(policy, OwnerName, profile.GetName())
 	AddAnnotation(policy, OwnerKind, profile.GetObjectKind().GroupVersionKind().Kind)
 
@@ -358,13 +359,13 @@ func AddAnnotation(obj metav1.Object, annotationKey, annotationValue string) {
 // If resource cannot be deployed, return a ConflictError.
 // If any other error occurs while doing those verification, the error is returned
 func CanDeployResource(ctx context.Context, dr dynamic.ResourceInterface, policy *unstructured.Unstructured,
-	referencedObject *corev1.ObjectReference, profile client.Object, profileTier int32, logger logr.Logger,
-) (resourceInfo *ResourceInfo, requeueOldOwner bool, err error) {
+	referencedObject *corev1.ObjectReference, profile client.Object, profileTier, referenceTier int32,
+	logger logr.Logger) (resourceInfo *ResourceInfo, requeueOldOwner bool, err error) {
 
 	l := logger.WithValues("resource",
 		fmt.Sprintf("%s:%s/%s", referencedObject.Kind, referencedObject.Namespace, referencedObject.Name))
 	resourceInfo, err = ValidateObjectForUpdate(ctx, dr, policy,
-		referencedObject.Kind, referencedObject.Namespace, referencedObject.Name, profile)
+		referencedObject.Kind, referencedObject.Namespace, referencedObject.Name, referenceTier, profile)
 	if err != nil {
 		var conflictErr *ConflictError
 		ok := errors.As(err, &conflictErr)

lib/deployer/clean.go

@@ -37,7 +37,8 @@ func UndeployStaleResource(ctx context.Context, skipAnnotationKey, skipAnnotatio
 
 	// Verify if this policy was deployed because of a projectsveltos (ReferenceLabelName
 	// is present as label in such a case).
-	if !hasLabel(&r, ReferenceNameLabel, "") {
+	// Check both labels (this used to be set) and annotations (this is what gets set now)
+	if !hasLabel(&r, ReferenceNameLabel, "") && !hasAnnotation(&r, ReferenceNameAnnotation, "") {
 		return nil, nil
 	}
 
@@ -115,13 +116,19 @@ func handleResourceDelete(ctx context.Context, c client.Client, policy client.Ob
 	// If mode is set to LeavePolicies, leave policies in the workload cluster.
 	// Remove all labels added by Sveltos.
 	if leavePolicies {
+		// for backward compatibility (those labels used to be set, but are now
+		// replaced by corresponding annotations)
 		l := policy.GetLabels()
 		delete(l, ReferenceKindLabel)
 		delete(l, ReferenceNameLabel)
 		delete(l, ReferenceNamespaceLabel)
 		policy.SetLabels(l)
 
 		annotations := policy.GetAnnotations()
+		delete(annotations, ReferenceKindAnnotation)
+		delete(annotations, ReferenceNameAnnotation)
+		delete(annotations, ReferenceNamespaceAnnotation)
+		delete(annotations, ReferenceTierAnnotation)
 		delete(annotations, OwnerKind)
 		delete(annotations, OwnerName)
 		delete(annotations, OwnerTier)

lib/deployer/clean_test.go

@@ -42,11 +42,14 @@ var _ = Describe("Clean utils", func() {
 			ObjectMeta: metav1.ObjectMeta{
 				Namespace: randomString(),
 				Name:      randomString(),
+				Annotations: map[string]string{
+					deployer.ReferenceKindAnnotation:      randomString(),
+					deployer.ReferenceNameAnnotation:      randomString(),
+					deployer.ReferenceNamespaceAnnotation: randomString(),
+					randomKey:                             randomValue,
+				},
 				Labels: map[string]string{
-					deployer.ReferenceKindLabel:      randomString(),
-					deployer.ReferenceNameLabel:      randomString(),
-					deployer.ReferenceNamespaceLabel: randomString(),
-					randomKey:                        randomValue,
+					randomKey: randomValue,
 				},
 			},
 		}
@@ -61,8 +64,12 @@ var _ = Describe("Clean utils", func() {
 
 		currentDepl := &appsv1.Deployment{}
 		Expect(c.Get(context.TODO(), types.NamespacedName{Namespace: depl.Namespace, Name: depl.Name}, currentDepl)).To(Succeed())
+		Expect(len(currentDepl.Annotations)).To(Equal(1))
+		v, ok := currentDepl.Annotations[randomKey]
+		Expect(ok).To(BeTrue())
+		Expect(v).To(Equal(randomValue))
 		Expect(len(currentDepl.Labels)).To(Equal(1))
-		v, ok := currentDepl.Labels[randomKey]
+		v, ok = currentDepl.Labels[randomKey]
 		Expect(ok).To(BeTrue())
 		Expect(v).To(Equal(randomValue))
 	})
@@ -74,11 +81,11 @@ var _ = Describe("Clean utils", func() {
 			ObjectMeta: metav1.ObjectMeta{
 				Namespace: randomString(),
 				Name:      randomString(),
-				Labels: map[string]string{
-					deployer.ReferenceKindLabel:      randomString(),
-					deployer.ReferenceNameLabel:      randomString(),
-					deployer.ReferenceNamespaceLabel: randomString(),
-					randomKey:                        randomValue,
+				Annotations: map[string]string{
+					deployer.ReferenceKindAnnotation:      randomString(),
+					deployer.ReferenceNameAnnotation:      randomString(),
+					deployer.ReferenceNamespaceAnnotation: randomString(),
+					randomKey:                             randomValue,
 				},
 			},
 		}

lib/deployer/utils.go

@@ -19,6 +19,7 @@ package deployer
 import (
 	"context"
 	"fmt"
+	"strconv"
 	"strings"
 
 	corev1 "k8s.io/api/core/v1"
@@ -32,21 +33,44 @@ import (
 )
 
 const (
-	// ReferenceLabelKind is added to each policy deployed by a ClusterSummary
+	// ReferenceKindLabel is added to each policy deployed by a ClusterSummary
 	// instance to a managed Cluster. Indicates the Kind (ConfigMap or Secret)
 	// containing the policy.
+	// Deprecated: replaced by annotation
 	ReferenceKindLabel = "projectsveltos.io/reference-kind"
 
 	// ReferenceNameLabel is added to each policy deployed by a ClusterSummary
 	// instance to a managed Cluster. Indicates the name of the ConfigMap/Secret
 	// containing the policy.
+	// Deprecated: replaced by annotation
 	ReferenceNameLabel = "projectsveltos.io/reference-name"
 
 	// ReferenceNamespaceLabel is added to each policy deployed by a ClusterSummary
 	// instance to a managed Cluster. Indicates the namespace of the ConfigMap/Secret
 	// containing the policy.
+	// Deprecated: replaced by annotation
 	ReferenceNamespaceLabel = "projectsveltos.io/reference-namespace"
 
+	// ReferenceKindAnnotation is added to each policy deployed by a ClusterSummary
+	// instance to a managed Cluster. Indicates the Kind (ConfigMap or Secret)
+	// containing the policy.
+	ReferenceKindAnnotation = "projectsveltos.io/reference-kind"
+
+	// ReferenceNameAnnotation is added to each policy deployed by a ClusterSummary
+	// instance to a managed Cluster. Indicates the name of the ConfigMap/Secret
+	// containing the policy.
+	ReferenceNameAnnotation = "projectsveltos.io/reference-name"
+
+	// ReferenceNamespaceAnnotation is added to each policy deployed by a ClusterSummary
+	// instance to a managed Cluster. Indicates the namespace of the ConfigMap/Secret
+	// containing the policy.
+	ReferenceNamespaceAnnotation = "projectsveltos.io/reference-namespace"
+
+	// ReferenceTierAnnotation is added to each policy deployed by a ClusterSummary
+	// instance to a managed Cluster. Indicates the namespace of the ConfigMap/Secret
+	// containing the policy.
+	ReferenceTierAnnotation = "projectsveltos.io/reference-tier"
+
 	// PolicyHash is the annotation set on a policy when deployed in a managed
 	// cluster.
 	PolicyHash = "projectsveltos.io/hash"
@@ -129,7 +153,7 @@ func (r *ResourceInfo) GetResourceVersion() string {
 // If object exists, return value of PolicyHash annotation.
 func ValidateObjectForUpdate(ctx context.Context, dr dynamic.ResourceInterface,
 	object *unstructured.Unstructured, referenceKind, referenceNamespace, referenceName string,
-	profile client.Object) (*ResourceInfo, error) {
+	referenceTier int32, profile client.Object) (*ResourceInfo, error) {
 
 	if object == nil {
 		return nil, nil
@@ -154,40 +178,27 @@ func ValidateObjectForUpdate(ctx context.Context, dr dynamic.ResourceInterface,
 		}
 	}
 
-	if labels := currentObject.GetLabels(); labels != nil {
-		kind, kindOk := labels[ReferenceKindLabel]
-		namespace, namespaceOk := labels[ReferenceNamespaceLabel]
-		name, nameOk := labels[ReferenceNameLabel]
+	kind, namespace, name, tier := getReferenceInfo(currentObject)
 
-		if kindOk {
+	// if proposed tier is lower than current tier, do not check for conflict on referenced resource.
+	if referenceTier >= tier {
+		if kind != "" {
 			if kind != referenceKind {
 				return resourceInfo, &ConflictError{
 					message: fmt.Sprintf("A conflict was detected while deploying resource %s:%s/%s. %s"+
 						"This resource is currently deployed because of %s %s/%s.\n",
 						object.GroupVersionKind().Kind, object.GetNamespace(), object.GetName(),
 						getOwnerMessage(currentObject), kind, namespace, name)}
 			}
-		}
-		if namespaceOk {
+
 			if namespace != referenceNamespace {
 				return resourceInfo, &ConflictError{
 					message: fmt.Sprintf("A conflict was detected while deploying resource %s:%s/%s. %s"+
 						"This resource is currently deployed because of %s %s/%s.\n",
 						object.GroupVersionKind().Kind, object.GetNamespace(), object.GetName(),
 						getOwnerMessage(currentObject), kind, namespace, name)}
 			}
-		}
-		if nameOk {
-			if name != referenceName {
-				return resourceInfo, &ConflictError{
-					message: fmt.Sprintf("A conflict was detected while deploying resource %s:%s/%s. %s"+
-						"This resource is currently deployed because of %s %s/%s.\n",
-						object.GroupVersionKind().Kind, object.GetNamespace(), object.GetName(),
-						getOwnerMessage(currentObject), kind, namespace, name)}
-			}
-		}
 
-		if nameOk {
 			if name != referenceName {
 				return resourceInfo, &ConflictError{
 					message: fmt.Sprintf("A conflict was detected while deploying resource %s:%s/%s. %s"+
@@ -196,11 +207,11 @@ func ValidateObjectForUpdate(ctx context.Context, dr dynamic.ResourceInterface,
 						getOwnerMessage(currentObject), kind, namespace, name)}
 			}
 		}
+	}
 
-		err := validateSveltosOwner(object, currentObject, profile, kind, namespace, name)
-		if err != nil {
-			return resourceInfo, &ConflictError{message: err.Error()}
-		}
+	err = validateSveltosOwner(object, currentObject, profile, kind, namespace, name)
+	if err != nil {
+		return resourceInfo, &ConflictError{message: err.Error()}
 	}
 
 	// Only in case object exists and there are no conflicts, return hash
@@ -211,6 +222,53 @@ func ValidateObjectForUpdate(ctx context.Context, dr dynamic.ResourceInterface,
 	return resourceInfo, nil
 }
 
+// getReferenceInfo extracts the kind, namespace, and name from object annotations
+// and falls back to labels if the annotations are missing or the annotation map is nil.
+func getReferenceInfo(object *unstructured.Unstructured) (kind, namespace, name string, tier int32) {
+	// 1. Attempt to get info from Annotations
+	annotations := object.GetAnnotations()
+	if annotations != nil {
+		kind = annotations[ReferenceKindAnnotation]
+		namespace = annotations[ReferenceNamespaceAnnotation]
+		name = annotations[ReferenceNameAnnotation]
+
+		const defaultTier = 100
+		tier := int32(defaultTier)
+		tierStr, tierOk := annotations[ReferenceTierAnnotation]
+		if tierOk {
+			tier64, err := strconv.ParseInt(tierStr, 10, 32)
+			if err == nil {
+				tier = int32(tier64)
+			}
+			// If ParseInt fails, 'tier' remains the DefaultTier (100)
+		}
+
+		// If we found the kind, we assume the annotation set is complete enough.
+		if kind != "" {
+			return kind, namespace, name, tier
+		}
+	}
+
+	// 2. Fallback to Labels if annotations were nil OR kind was not found in annotations
+	labels := object.GetLabels()
+	if labels != nil {
+		var kindOk bool
+
+		// NOTE: You had a bug in your original prompt's fallback logic where it
+		// still referenced 'annotations'. This is corrected here to use 'labels'.
+		kind, kindOk = labels[ReferenceKindLabel]
+		namespace = labels[ReferenceNamespaceLabel]
+		name = labels[ReferenceNameLabel]
+
+		if kindOk {
+			return kind, namespace, name, tier
+		}
+	}
+
+	// 3. Info not found
+	return "", "", "", tier
+}
+
 func validateSveltosOwner(object, currentObject *unstructured.Unstructured, profile client.Object,
 	kind, namespace, name string) error {