fix: deduplicate resource rule scope to prevent resource overflow (#336)

arturshadnik · web-flow · commit 88745e5f9399 · 2024-08-19T17:26:43.000-07:00
## Issue Resolves #306 ## Description If the same scope is used in 2 or more resource validation rules, all rules after the 1st will automatically fail. The goal is to prevent potentially reusing the same set of resources to validate 2 rules. Two unit tests have been added to check for various cluster/scope combos.
diff --git a/Dockerfile.devspace b/Dockerfile.devspace
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM --platform=$TARGETPLATFORM golang:alpine3.18 as builder
+FROM --platform=$TARGETPLATFORM golang:alpine3.19 as builder
 ARG TARGETOS
 ARG TARGETARCH
 
diff --git a/README.md b/README.md
@@ -62,7 +62,16 @@ make undeploy
 ```
 
 ## Contributing
-// TODO(user): Add detailed information on how you would like others to contribute to this project
+All contributions are welcome! Feel free to reach out on the [Spectro Cloud community Slack](https://spectrocloudcommunity.slack.com/join/shared_invite/zt-g8gfzrhf-cKavsGD_myOh30K24pImLA#/shared-invite/email).
+
+Make sure `pre-commit` is [installed](https://pre-commit.com#install).
+
+Install the `pre-commit` scripts:
+
+```console
+pre-commit install --hook-type commit-msg
+pre-commit install --hook-type pre-commit
+```
 
 ### How it works
 This project aims to follow the Kubernetes [Operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/).
diff --git a/pkg/validate/validate.go b/pkg/validate/validate.go
@@ -113,13 +113,16 @@ func Validate(ctx context.Context, spec v1alpha1.VsphereValidatorSpec, vsphereAc
 
 	// Compute resource validation rules
 	computeResourceValidationService := computeresources.NewValidationService(log, driver)
+	seenScope := make(map[string]bool, 0)
 	for _, rule := range spec.ComputeResourceRules {
-		vrr, err := computeResourceValidationService.ReconcileComputeResourceValidationRule(rule, finder, driver)
+		vrr, err := computeResourceValidationService.ReconcileComputeResourceValidationRule(rule, finder, driver, seenScope)
 		if err != nil {
 			log.Error(err, "failed to reconcile computeresources validation rule")
 		}
 		resp.AddResult(vrr, err)
 		log.Info("Validated compute resources", "scope", rule.Scope, "entity name", rule.EntityName)
+		key := computeresources.GetScopeKey(rule)
+		seenScope[key] = true
 	}
 
 	return resp
diff --git a/pkg/validators/computeresources/computeresources.go b/pkg/validators/computeresources/computeresources.go
@@ -29,6 +29,7 @@ var (
 	// GetResourcePoolAndVMs is defined to enable monkey patching the getResourcePoolAndVMs function in integration tests
 	GetResourcePoolAndVMs           = getResourcePoolAndVMs
 	errInsufficientComputeResources = errors.New("compute resources rule not satisfied")
+	errRuleAlreadyProcessed         = errors.New("rule for scope already processed")
 )
 
 // ValidationService is a service that validates compute resource rules
@@ -103,10 +104,19 @@ type Usage struct {
 }
 
 // ReconcileComputeResourceValidationRule reconciles the compute resource rule
-func (c *ValidationService) ReconcileComputeResourceValidationRule(rule v1alpha1.ComputeResourceRule, finder *find.Finder, driver *vsphere.CloudDriver) (*types.ValidationRuleResult, error) {
+func (c *ValidationService) ReconcileComputeResourceValidationRule(rule v1alpha1.ComputeResourceRule, finder *find.Finder, driver *vsphere.CloudDriver, seenScopes map[string]bool) (*types.ValidationRuleResult, error) {
 
 	vr := buildValidationResult(rule, constants.ValidationTypeComputeResources)
 
+	key := GetScopeKey(rule)
+	if seenScopes[key] {
+		vr.State = util.Ptr(vapi.ValidationFailed)
+		vr.Condition.Message = "Rule for scope already processed"
+		vr.Condition.Failures = append(vr.Condition.Failures, fmt.Sprintf("Rule for scope %s already processed", key))
+		vr.Condition.Status = corev1.ConditionFalse
+		return vr, errRuleAlreadyProcessed
+	}
+
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
@@ -348,3 +358,16 @@ func getTotalQuantity(quantity string, numberOfNodes int) resource.Quantity {
 	}
 	return totalQuantity
 }
+
+// GetScopeKey returns a formatted key depending on the scope of a rule
+func GetScopeKey(rule v1alpha1.ComputeResourceRule) string {
+	switch rule.Scope {
+	case "cluster":
+		return fmt.Sprintf("%s-%s", rule.Scope, rule.EntityName)
+	case "host":
+		return fmt.Sprintf("%s-%s", rule.Scope, rule.EntityName)
+	case "resourcepool":
+		return fmt.Sprintf("%s-%s", rule.Scope, rule.ClusterName)
+	}
+	return ""
+}
diff --git a/pkg/validators/computeresources/computeresources_test.go b/pkg/validators/computeresources/computeresources_test.go
@@ -458,6 +458,77 @@ func TestComputeResourcesValidationService_ReconcileComputeResourceValidationRul
 				State: util.Ptr(vapi.ValidationFailed),
 			},
 		},
+		{
+			name:        "Duplicate scope resourcepool",
+			expectedErr: errRuleAlreadyProcessed,
+			rule: v1alpha1.ComputeResourceRule{
+				Name:        "Test Resourcepool Resource Validation rule",
+				Scope:       "resourcepool",
+				ClusterName: "DC0_C1",
+				EntityName:  "DC0_C1_RP0",
+				NodepoolResourceRequirements: []v1alpha1.NodepoolResourceRequirement{
+					{
+						Name:          "masterpool",
+						NumberOfNodes: 1,
+						CPU:           "1GHz",
+						Memory:        "500Mi",
+						DiskSpace:     "500Ti",
+					},
+					{
+						Name:          "workerpool",
+						NumberOfNodes: 1,
+						CPU:           "1GHz",
+						Memory:        "1Gi",
+						DiskSpace:     "100Ti",
+					},
+				},
+			},
+			expectedResult: types.ValidationRuleResult{Condition: &vapi.ValidationCondition{
+				ValidationType: "vsphere-compute-resources",
+				ValidationRule: "validation-resourcepool-DC0_C1_RP0",
+				Message:        "Rule for scope already processed",
+				Details:        []string{},
+				Failures:       []string{"Rule for scope resourcepool-DC0_C1 already processed"},
+				Status:         corev1.ConditionFalse,
+			},
+				State: util.Ptr(vapi.ValidationFailed),
+			},
+		},
+		{
+			name:        "Duplicate scope cluster",
+			expectedErr: errRuleAlreadyProcessed,
+			rule: v1alpha1.ComputeResourceRule{
+				Name:       "Test Resourcepool Resource Validation rule",
+				Scope:      "cluster",
+				EntityName: "DC0_C1",
+				NodepoolResourceRequirements: []v1alpha1.NodepoolResourceRequirement{
+					{
+						Name:          "masterpool",
+						NumberOfNodes: 1,
+						CPU:           "1GHz",
+						Memory:        "500Mi",
+						DiskSpace:     "500Ti",
+					},
+					{
+						Name:          "workerpool",
+						NumberOfNodes: 1,
+						CPU:           "1GHz",
+						Memory:        "1Gi",
+						DiskSpace:     "100Ti",
+					},
+				},
+			},
+			expectedResult: types.ValidationRuleResult{Condition: &vapi.ValidationCondition{
+				ValidationType: "vsphere-compute-resources",
+				ValidationRule: "validation-cluster-DC0_C1",
+				Message:        "Rule for scope already processed",
+				Details:        []string{},
+				Failures:       []string{"Rule for scope cluster-DC0_C1 already processed"},
+				Status:         corev1.ConditionFalse,
+			},
+				State: util.Ptr(vapi.ValidationFailed),
+			},
+		},
 	}
 
 	GetResourcePoolAndVMs = func(ctx context.Context, inventoryPath string, finder *find.Finder) (*mo.ResourcePool, *[]mo.VirtualMachine, error) {
@@ -487,8 +558,13 @@ func TestComputeResourcesValidationService_ReconcileComputeResourceValidationRul
 		return &resourcePool, &virtualmachines, nil
 	}
 
+	seenScopes := map[string]bool{
+		"resourcepool-DC0_C1": true,
+		"cluster-DC0_C1":      true,
+	}
+
 	for _, tc := range testCases {
-		vr, err := validationService.ReconcileComputeResourceValidationRule(tc.rule, finder, vcSim.Driver)
+		vr, err := validationService.ReconcileComputeResourceValidationRule(tc.rule, finder, vcSim.Driver, seenScopes)
 		util.CheckTestCase(t, vr, tc.expectedResult, err, tc.expectedErr)
 	}
 }
