feat: tenant owned resources problem enhancements

Signed-off-by: Bence Csati <[email protected]>

Author: csatib02

controllers/telemetry/route_controller.go

@@ -19,7 +19,6 @@ import (
 	"fmt"
 	"reflect"
 	"slices"
-	"sort"
 
 	"emperror.dev/errors"
 	apiv1 "k8s.io/api/core/v1"
@@ -98,7 +97,7 @@ func (r *RouteReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
 	}
 	for _, step := range steps {
 		if err := step.fn(); err != nil {
-			return r.handleReconcileError(ctx, baseManager, tenant, step.name, err)
+			return r.handleTenantReconcileError(ctx, &baseManager, tenant, step.name, err)
 		}
 	}
 
@@ -217,8 +216,8 @@ func (r *RouteReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return builder.Complete(r)
 }
 
-// handleReconcileError handles errors that occur during reconciliation steps
-func (r *RouteReconciler) handleReconcileError(ctx context.Context, baseManager manager.BaseManager, tenant *v1alpha1.Tenant, stepName string, err error) (ctrl.Result, error) {
+// handleTenantReconcileError handles errors that occur during reconciliation steps
+func (r *RouteReconciler) handleTenantReconcileError(ctx context.Context, baseManager *manager.BaseManager, tenant *v1alpha1.Tenant, stepName string, err error) (ctrl.Result, error) {
 	wrappedErr := errors.Wrapf(err, "failed to %s for tenant %s", stepName, tenant.Name)
 
 	tenant.Status.Problems = append(tenant.Status.Problems, wrappedErr.Error())
@@ -255,11 +254,7 @@ func handleOwnedResources(ctx context.Context, tenantResManager *manager.TenantR
 		resourcesForTenant, resourceUpdateList, err := tenantResManager.GetResourceOwnedByTenant(ctx, resource, tenant)
 		if err != nil {
 			tenantResManager.Error(errors.WithStack(err), fmt.Sprintf("failed to get %T for tenant", resource), "tenant", tenant.Name)
-			if updateErr := tenantResManager.Status().Update(ctx, tenant); updateErr != nil {
-				tenantResManager.Error(errors.WithStack(updateErr), "failed updating tenant status", "tenant", tenant.Name)
-				return errors.Append(err, updateErr)
-			}
-			return err
+			return fmt.Errorf("failed to get %T for tenant %s: %w", resource, tenant.Name, err)
 		}
 
 		// Add all newly updated resources here
@@ -294,15 +289,12 @@ func validateSubscriptionOutputs(ctx context.Context, tenantResManager *manager.
 
 	for _, subscription := range realSubscriptionsForTenant {
 		originalSubscriptionStatus := subscription.Status.DeepCopy()
-		validOutputs, invalidOutputs := tenantResManager.ValidateSubscriptionOutputs(ctx, subscription)
-
+		validOutputs, invalidOutputs := tenantResManager.ValidateSubscriptionReferencedOutputs(ctx, subscription)
 		if len(invalidOutputs) > 0 {
-			subscription.Status.Problems = append(subscription.Status.Problems, fmt.Sprintf("invalid outputs for subscription %s: %v", subscription.Name, invalidOutputs))
+			subscription.Status.Problems = append(subscription.Status.Problems, fmt.Sprintf("invalid outputs referenced by subscription %s: %v", subscription.Name, invalidOutputs))
 			subscription.Status.ProblemsCount = len(subscription.Status.Problems)
 			subscription.Status.State = state.StateFailed
-			tenantResManager.UpdateOutputs(ctx, tenant, invalidOutputs)
 		}
-
 		components.SortNamespacedNames(validOutputs)
 		subscription.Status.Outputs = validOutputs
 
@@ -320,18 +312,12 @@ func validateSubscriptionOutputs(ctx context.Context, tenantResManager *manager.
 func handleBridgeResources(ctx context.Context, bridgeManager *manager.BridgeManager, tenant *v1alpha1.Tenant) error {
 	bridgesForTenant, err := bridgeManager.GetBridgesForTenant(ctx, tenant.Name)
 	if err != nil {
-		tenant.Status.State = state.StateFailed
 		bridgeManager.Error(errors.WithStack(err), "failed to get bridges for tenant", "tenant", tenant.Name)
-		if updateErr := bridgeManager.Status().Update(ctx, tenant); updateErr != nil {
-			bridgeManager.Error(errors.WithStack(updateErr), "failed updating tenant status", "tenant", tenant.Name)
-			return errors.Append(err, updateErr)
-		}
-
-		return err
+		return fmt.Errorf("failed to get bridges for tenant %s: %w", tenant.Name, err)
 	}
 
 	bridgesForTenantNames := manager.GetBridgeNamesFromBridges(bridgesForTenant)
-	sort.Strings(bridgesForTenantNames)
+	slices.Sort(bridgesForTenantNames)
 	tenant.Status.ConnectedBridges = bridgesForTenantNames
 
 	for _, bridge := range bridgesForTenant {

pkg/resources/manager/bridge_manager.go

@@ -75,7 +75,7 @@ func (b *BridgeManager) getTenants(ctx context.Context, listOpts *client.ListOpt
 	return tenants.Items, nil
 }
 
-func (b *BridgeManager) CheckBridgeConnection(ctx context.Context, tenantName string, bridge *v1alpha1.Bridge) error {
+func (b *BridgeManager) ValidateBridgeConnection(ctx context.Context, tenantName string, bridge *v1alpha1.Bridge) error {
 	for _, tenantReference := range []string{bridge.Spec.SourceTenant, bridge.Spec.TargetTenant} {
 		if tenantReference != tenantName {
 			listOpts := &client.ListOptions{

pkg/resources/manager/tenant_resource_manager.go

@@ -99,12 +99,21 @@ func (t *TenantResourceManager) GetResourceOwnedByTenant(ctx context.Context, re
 		currentTenant := res.GetTenant()
 		if currentTenant != "" && currentTenant != tenant.Name {
 			t.Error(
-				fmt.Errorf("resource is owned by another tenant"),
+				fmt.Errorf("resource: %s of kind: %s is owned by another tenant", res.GetName(), res.GetObjectKind().GroupVersionKind().Kind),
 				"skipping reconciliation",
 				"current_tenant", currentTenant,
 				"desired_tenant", tenant.Name,
 				"action_required", "remove resource from previous tenant before adopting to new tenant",
 			)
+
+			res.SetProblems([]string{
+				fmt.Sprintf("resource %s/%s is already owned by tenant %s", res.GetNamespace(), res.GetName(), currentTenant),
+			})
+			res.SetProblemsCount(len(res.GetProblems()))
+			res.SetState(state.StateFailed)
+			if err := t.Status().Update(ctx, res); err != nil {
+				t.Error(err, fmt.Sprintf("failed to update resource (%s/%s) state", res.GetNamespace(), res.GetName()))
+			}
 			continue
 		}
 
@@ -188,42 +197,46 @@ func (t *TenantResourceManager) DisownResources(ctx context.Context, resourceToD
 	}
 }
 
-// ValidateSubscriptionOutputs validates the output references of a subscription
-func (t *TenantResourceManager) ValidateSubscriptionOutputs(ctx context.Context, subscription *v1alpha1.Subscription) []v1alpha1.NamespacedName {
+// ValidateSubscriptionReferencedOutputs validates the output references of a subscription
+func (t *TenantResourceManager) ValidateSubscriptionReferencedOutputs(ctx context.Context, subscription *v1alpha1.Subscription) ([]v1alpha1.NamespacedName, []v1alpha1.Output) {
 	validOutputs := []v1alpha1.NamespacedName{}
-	invalidOutputs := []v1alpha1.NamespacedName{}
+	invalidOutputs := []v1alpha1.Output{}
 	for _, outputRef := range subscription.Spec.Outputs {
+		invalid := false
 		checkedOutput := &v1alpha1.Output{}
 		if err := t.Get(ctx, types.NamespacedName(outputRef), checkedOutput); err != nil {
 			t.Error(err, "referred output invalid", "output", outputRef.String())
-
-			invalidOutputs = append(invalidOutputs, outputRef)
+			checkedOutput.Status.Problems = append(checkedOutput.Status.Problems, fmt.Sprintf("referred output %s could not be queried", outputRef.String()))
+			t.updateInvalidOutput(ctx, checkedOutput)
 			continue
 		}
 
 		// ensure the output belongs to the same tenant
 		if checkedOutput.Status.Tenant != subscription.Status.Tenant {
+			invalid = true
 			t.Error(errors.New("output and subscription tenants mismatch"),
 				"output and subscription tenants mismatch",
 				"output", checkedOutput.NamespacedName().String(),
 				"output's tenant", checkedOutput.Status.Tenant,
 				"subscription", subscription.NamespacedName().String(),
 				"subscription's tenant", subscription.Status.Tenant)
-
-			invalidOutputs = append(invalidOutputs, outputRef)
-			continue
+			checkedOutput.Status.Problems = append(checkedOutput.Status.Problems, fmt.Sprintf("output %s does not belong to the same tenant as subscription %s", outputRef.String(), subscription.NamespacedName().String()))
 		}
 
 		// validate output secret
 		if checkedOutput.Spec.Authentication != nil {
 			if err := components.QueryOutputSecret(ctx, t.Client, checkedOutput); err != nil {
+				invalid = true
 				t.Error(err, "failed to query output secret", "output", checkedOutput.NamespacedName().String())
-
-				invalidOutputs = append(invalidOutputs, outputRef)
-				continue
+				checkedOutput.Status.Problems = append(checkedOutput.Status.Problems, fmt.Sprintf("output %s secret could not be queried: %v", outputRef.String(), err))
 			}
 		}
 
+		if invalid {
+			t.updateInvalidOutput(ctx, checkedOutput)
+			invalidOutputs = append(invalidOutputs, *checkedOutput)
+		}
+
 		// update the output state if validation was successful
 		checkedOutput.SetState(state.StateReady)
 		if updateErr := t.Status().Update(ctx, checkedOutput); updateErr != nil {
@@ -234,11 +247,7 @@ func (t *TenantResourceManager) ValidateSubscriptionOutputs(ctx context.Context,
 		validOutputs = append(validOutputs, outputRef)
 	}
 
-	if len(invalidOutputs) > 0 {
-		t.Error(errors.New("some outputs are invalid"), "some outputs are invalid", "invalidOutputs", invalidOutputs, "subscription", subscription.NamespacedName().String())
-	}
-
-	return validOutputs
+	return validOutputs, invalidOutputs
 }
 
 // getNamespacesForSelectorSlice returns a list of namespaces that match the given label selectors
@@ -266,6 +275,20 @@ func (t *TenantResourceManager) getNamespacesForSelectorSlice(ctx context.Contex
 	return namespaces, nil
 }
 
+func (t *TenantResourceManager) updateInvalidOutput(ctx context.Context, output *v1alpha1.Output) error {
+	if output == nil {
+		return fmt.Errorf("output is nil")
+	}
+
+	output.Status.State = state.StateFailed
+	output.Status.ProblemsCount = len(output.Status.Problems)
+	if err := t.Status().Update(ctx, output); err != nil {
+		return fmt.Errorf("failed to update output %s/%s: %w", output.GetNamespace(), output.GetName(), err)
+	}
+
+	return nil
+}
+
 func GetResourceNamesFromResource(resources []model.ResourceOwnedByTenant) []v1alpha1.NamespacedName {
 	resourceNames := make([]v1alpha1.NamespacedName, len(resources))
 	for i, resource := range resources {