check restoration hash when resource is update

Author: bruelea

config/samples/netbox_v1_prefixclaim_parentprefixselector.yaml

@@ -14,7 +14,6 @@ spec:
   prefixLength: "/31"
   parentPrefixSelector:
     tenant: "MY_TENANT"
-    site: "DM-Buffalo"
     family: "IPv4"
     environment: "Production"
-    poolName: "Pool 1"
+    poolName: "Pool 1"

internal/controller/expected_netboxmock_calls_test.go

@@ -41,7 +41,7 @@ func mockIpAddressListWithIpAddressFilter(ipamMock *mock_interfaces.MockIpamInte
 				return &ipam.IpamIPAddressesListOK{Payload: nil}, err
 			}
 			fmt.Printf("NETBOXMOCK\t ipam.IpamIPAddressesList was called with expected input\n")
-			return &ipam.IpamIPAddressesListOK{Payload: mockedResponseIPAddressList()}, nil
+			return &ipam.IpamIPAddressesListOK{Payload: mockedResponseIPAddressListWithHash(customFieldsWithHash)}, nil
 		}).MinTimes(1)
 }
 
@@ -92,6 +92,22 @@ func mockIpAddressListWithHashFilter(ipamMock *mock_interfaces.MockIpamInterface
 		}).MinTimes(1)
 }
 
+func mockIpAddressListWithHashFilterMissmatch(ipamMock *mock_interfaces.MockIpamInterface, catchUnexpectedParams chan error) {
+	ipamMock.EXPECT().IpamIPAddressesList(gomock.Any(), gomock.Any(), gomock.Any()).
+		DoAndReturn(func(params interface{}, authInfo interface{}, opts ...interface{}) (*ipam.IpamIPAddressesListOK, error) {
+			got := params.(*ipam.IpamIPAddressesListParams)
+			diff := deep.Equal(got, ExpectedIpAddressListParamsWithIpAddressData)
+			// skip check for the 3rd input parameter as it is a method, method is a non comparable type
+			if len(diff) > 0 {
+				err := fmt.Errorf("netboxmock: unexpected call to ipam.IpamIPAddressesList, diff to expected params diff: %+v", diff)
+				catchUnexpectedParams <- err
+				return &ipam.IpamIPAddressesListOK{Payload: nil}, err
+			}
+			fmt.Printf("NETBOXMOCK\t ipam.IpamIPAddressesList (empty reslut) was called with expected input,\n")
+			return &ipam.IpamIPAddressesListOK{Payload: mockedResponseIPAddressListWithHash(customFieldsWithHashMissmatch)}, nil
+		}).MinTimes(1)
+}
+
 func mockPrefixesListWithPrefixFilter(ipamMock *mock_interfaces.MockIpamInterface, catchUnexpectedParams chan error) {
 	ipamMock.EXPECT().IpamPrefixesList(gomock.Any(), gomock.Any()).
 		DoAndReturn(func(params interface{}, authInfo interface{}, opts ...interface{}) (*ipam.IpamPrefixesListOK, error) {

internal/controller/ipaddress_controller.go

@@ -170,10 +170,25 @@ func (r *IpAddressReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 
 	netboxIpAddressModel, err := r.NetboxClient.ReserveOrUpdateIpAddress(ipAddressModel)
 	if err != nil {
-		updateStatusErr := r.SetConditionAndCreateEvent(ctx, o, netboxv1.ConditionIpaddressReadyFalse,
-			corev1.EventTypeWarning, o.Spec.IpAddress)
-		return ctrl.Result{}, fmt.Errorf("failed to update ip address status: %w, "+
-			"after reservation of ip in netbox failed: %w", updateStatusErr, err)
+		if errors.Is(err, api.ErrRestorationHashMissmatch) && o.Status.IpAddressId == 0 {
+			// if there is a restoration has missmatch and the IpAddressId status field is not set,
+			// delete the ip address so it can be recreated by the ip address claim controller
+			logger.Info("restoration hash missmatch, deleting ip address custom resource", "ipaddress", o.Spec.IpAddress)
+			err = r.Client.Delete(ctx, o)
+			if err != nil {
+				updateStatusErr := r.SetConditionAndCreateEvent(ctx, o, netboxv1.ConditionIpaddressReadyFalse,
+					corev1.EventTypeWarning, err.Error())
+				return ctrl.Result{}, fmt.Errorf("failed to update ip address status: %w, "+
+					"after deletion of ip address cr failed: %w", updateStatusErr, err)
+			}
+			return ctrl.Result{}, nil
+		}
+		if updateStatusErr := r.SetConditionAndCreateEvent(ctx, o, netboxv1.ConditionIpaddressReadyFalse,
+			corev1.EventTypeWarning, o.Spec.IpAddress); updateStatusErr != nil {
+			return ctrl.Result{}, fmt.Errorf("failed to update ip address status: %w, "+
+				"after reservation of ip in netbox failed: %w", updateStatusErr, err)
+		}
+		return ctrl.Result{}, nil
 	}
 
 	// 3. unlock lease of parent prefix

internal/controller/ipaddress_controller_test.go

@@ -28,6 +28,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	netboxv1 "github.com/netbox-community/netbox-operator/api/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 )
 
 var _ = Describe("IpAddress Controller", Ordered, func() {
@@ -51,6 +52,7 @@ var _ = Describe("IpAddress Controller", Ordered, func() {
 		cr *netboxv1.IpAddress, // our CR as typed object
 		IpamMocksIpAddress []func(*mock_interfaces.MockIpamInterface, chan error),
 		TenancyMocks []func(*mock_interfaces.MockTenancyInterface, chan error),
+		restorationHashMissmatch bool, // To check for deletion if restoration hash does not match
 		expectedConditionReady bool, // Expected state of the ConditionReady condition
 		expectedCRStatus netboxv1.IpAddressStatus, // Expected status of the CR
 	) {
@@ -81,31 +83,40 @@ var _ = Describe("IpAddress Controller", Ordered, func() {
 		By("Creating IpAddress CR")
 		Eventually(k8sClient.Create(ctx, cr), timeout, interval).Should(Succeed())
 
-		// check that reconcile loop did run a least once by checking that conditions are set
 		createdCR := &netboxv1.IpAddress{}
-		Eventually(func() bool {
-			err := k8sClient.Get(ctx, types.NamespacedName{Name: cr.GetName(), Namespace: cr.GetNamespace()}, createdCR)
-			return err == nil && len(createdCR.Status.Conditions) > 0
-		}, timeout, interval).Should(BeTrue())
-
-		// Now check if conditions are set as expected
-		Eventually(func() bool {
-			err := k8sClient.Get(ctx, types.NamespacedName{Name: cr.GetName(), Namespace: cr.GetNamespace()}, createdCR)
-			return err == nil &&
-				apismeta.IsStatusConditionTrue(createdCR.Status.Conditions, netboxv1.ConditionIpaddressReadyTrue.Type) == expectedConditionReady
-		}, timeout, interval).Should(BeTrue())
-
-		// Check that the expected ip address is present in the status
-		Expect(createdCR.Status.IpAddressId).To(Equal(expectedCRStatus.IpAddressId))
-
-		// Cleanup the netbox resources
-		Expect(k8sClient.Delete(ctx, createdCR)).Should(Succeed())
-
-		// Wait until the resource is deleted to make sure that it will not interfere with the next test case
-		Eventually(func() bool {
-			err := k8sClient.Get(ctx, types.NamespacedName{Name: cr.GetName(), Namespace: cr.GetNamespace()}, createdCR)
-			return err != client.IgnoreNotFound(err)
-		}, timeout, interval).Should(BeTrue())
+
+		if restorationHashMissmatch {
+			Eventually(func() bool {
+				err := k8sClient.Get(ctx, types.NamespacedName{Name: cr.GetName(), Namespace: cr.GetNamespace()}, createdCR)
+				return apierrors.IsNotFound(err)
+			}, timeout, interval).Should(BeTrue())
+		} else {
+
+			// check that reconcile loop did run a least once by checking that conditions are set
+			Eventually(func() bool {
+				err := k8sClient.Get(ctx, types.NamespacedName{Name: cr.GetName(), Namespace: cr.GetNamespace()}, createdCR)
+				return err == nil && len(createdCR.Status.Conditions) > 0
+			}, timeout, interval).Should(BeTrue())
+
+			// Now check if conditions are set as expected
+			Eventually(func() bool {
+				err := k8sClient.Get(ctx, types.NamespacedName{Name: cr.GetName(), Namespace: cr.GetNamespace()}, createdCR)
+				return err == nil &&
+					apismeta.IsStatusConditionTrue(createdCR.Status.Conditions, netboxv1.ConditionIpaddressReadyTrue.Type) == expectedConditionReady
+			}, timeout, interval).Should(BeTrue())
+
+			// Check that the expected ip address is present in the status
+			Expect(createdCR.Status.IpAddressId).To(Equal(expectedCRStatus.IpAddressId))
+
+			// Cleanup the netbox resources
+			Expect(k8sClient.Delete(ctx, createdCR)).Should(Succeed())
+
+			// Wait until the resource is deleted to make sure that it will not interfere with the next test case
+			Eventually(func() bool {
+				err := k8sClient.Get(ctx, types.NamespacedName{Name: cr.GetName(), Namespace: cr.GetNamespace()}, createdCR)
+				return err != client.IgnoreNotFound(err)
+			}, timeout, interval).Should(BeTrue())
+		}
 
 		catchCtxCancel()
 	},
@@ -119,7 +130,7 @@ var _ = Describe("IpAddress Controller", Ordered, func() {
 			[]func(*mock_interfaces.MockTenancyInterface, chan error){
 				mockTenancyTenancyTenantsList,
 			},
-			true, ExpectedIpAddressStatus),
+			false, true, ExpectedIpAddressStatus),
 		Entry("Create IpAddress CR, ip address already reserved in NetBox, preserved in netbox, ",
 			defaultIpAddressCR(true),
 			[]func(*mock_interfaces.MockIpamInterface, chan error){
@@ -129,7 +140,7 @@ var _ = Describe("IpAddress Controller", Ordered, func() {
 			[]func(*mock_interfaces.MockTenancyInterface, chan error){
 				mockTenancyTenancyTenantsList,
 			},
-			true, ExpectedIpAddressStatus),
+			false, true, ExpectedIpAddressStatus),
 		Entry("Create IpAddress CR, ip address already reserved in NetBox",
 			defaultIpAddressCR(false),
 			[]func(*mock_interfaces.MockIpamInterface, chan error){
@@ -140,7 +151,7 @@ var _ = Describe("IpAddress Controller", Ordered, func() {
 			[]func(*mock_interfaces.MockTenancyInterface, chan error){
 				mockTenancyTenancyTenantsList,
 			},
-			true, ExpectedIpAddressStatus),
+			false, true, ExpectedIpAddressStatus),
 		Entry("Create IpAddress CR, reserve or update failure",
 			defaultIpAddressCR(false),
 			[]func(*mock_interfaces.MockIpamInterface, chan error){
@@ -151,6 +162,15 @@ var _ = Describe("IpAddress Controller", Ordered, func() {
 			[]func(*mock_interfaces.MockTenancyInterface, chan error){
 				mockTenancyTenancyTenantsList,
 			},
-			false, ExpectedIpAddressFailedStatus),
+			false, false, ExpectedIpAddressFailedStatus),
+		Entry("Create IpAddress CR, restoration hash missmatch",
+			defaultIpAddressCreatedByClaim(true),
+			[]func(*mock_interfaces.MockIpamInterface, chan error){
+				mockIpAddressListWithHashFilterMissmatch,
+			},
+			[]func(*mock_interfaces.MockTenancyInterface, chan error){
+				mockTenancyTenancyTenantsList,
+			},
+			true, false, nil),
 	)
 })

internal/controller/iprange_controller.go

@@ -19,6 +19,7 @@ package controller
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"maps"
 	"strconv"
@@ -142,6 +143,20 @@ func (r *IpRangeReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 
 	netboxIpRangeModel, err := r.NetboxClient.ReserveOrUpdateIpRange(ipRangeModel)
 	if err != nil {
+		if errors.Is(err, api.ErrRestorationHashMissmatch) && o.Status.IpRangeId == 0 {
+			// if there is a restoration has missmatch and the IpRangeId status field is not set,
+			// delete the ip range so it can be recreated by the ip range claim controller
+			logger.Info("restoration hash missmatch, deleting ip range custom resource", "ip-range-start", o.Spec.StartAddress, "ip-range-end", o.Spec.EndAddress)
+			err = r.Client.Delete(ctx, o)
+			if err != nil {
+				if err := r.logErrorSetConditionAndCreateEvent(ctx, o, netboxv1.ConditionIpRangeReadyFalse,
+					corev1.EventTypeWarning, "", err); err != nil {
+					return ctrl.Result{}, err
+				}
+			}
+			return ctrl.Result{}, nil
+		}
+
 		if loggingErr := r.logErrorSetConditionAndCreateEvent(ctx, o, netboxv1.ConditionIpRangeReadyFalse,
 			corev1.EventTypeWarning, fmt.Sprintf("%s-%s ", o.Spec.StartAddress, o.Spec.EndAddress), err); loggingErr != nil {
 			return ctrl.Result{}, fmt.Errorf("logging error: %w. Original error from ReserveOrUpdateIpRange: %w", loggingErr, err)

internal/controller/netbox_testdata_test.go

@@ -55,6 +55,7 @@ var restorationHash = "6f6c67651f0b43b2969ba2ae35c74fc91815513b"
 
 var customFields = map[string]string{"example_field": "example value"}
 var customFieldsWithHash = map[string]string{"example_field": "example value", "netboxOperatorRestorationHash": restorationHash}
+var customFieldsWithHashMissmatch = map[string]string{"example_field": "example value", "netboxOperatorRestorationHash": "different hash"}
 
 var netboxLabel = "Status"
 var value = "active"
@@ -176,6 +177,22 @@ func mockedResponsePrefixList() *ipam.IpamPrefixesListOKBody {
 	}
 }
 
+func mockedResponseIPAddressListWithHash(customFields map[string]string) *ipam.IpamIPAddressesListOKBody {
+	return &ipam.IpamIPAddressesListOKBody{
+		Results: []*netboxModels.IPAddress{
+			{
+				ID:           mockedResponseIPAddress().ID,
+				Address:      mockedResponseIPAddress().Address,
+				Comments:     mockedResponseIPAddress().Comments,
+				CustomFields: customFields,
+				Description:  mockedResponseIPAddress().Description,
+				Display:      mockedResponseIPAddress().Display,
+				Tenant:       mockedResponseIPAddress().Tenant,
+			},
+		},
+	}
+}
+
 func mockedResponseIPAddressList() *ipam.IpamIPAddressesListOKBody {
 	return &ipam.IpamIPAddressesListOKBody{
 		Results: []*netboxModels.IPAddress{

internal/controller/prefix_controller.go

@@ -184,8 +184,25 @@ func (r *PrefixReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
 
 	netboxPrefixModel, err := r.NetboxClient.ReserveOrUpdatePrefix(prefixModel)
 	if err != nil {
-		updateStatusErr := r.SetConditionAndCreateEvent(ctx, prefix, netboxv1.ConditionPrefixReadyFalse, corev1.EventTypeWarning, prefix.Spec.Prefix)
-		return ctrl.Result{}, fmt.Errorf("failed at update prefix status: %w, "+"after reservation of prefix in netbox failed: %w", updateStatusErr, err)
+		if errors.Is(err, api.ErrRestorationHashMissmatch) && prefix.Status.PrefixId == 0 {
+			// if there is a restoration has missmatch and the PrefixId status field is not set,
+			// delete the prefix so it can be recreated by the prefix claim controller
+			logger.Info("restoration hash missmatch, deleting prefix custom resource", "prefix", prefix.Spec.Prefix)
+			err = r.Client.Delete(ctx, prefix)
+			if err != nil {
+				updateStatusErr := r.SetConditionAndCreateEvent(ctx, prefix, netboxv1.ConditionIpaddressReadyFalse,
+					corev1.EventTypeWarning, err.Error())
+				return ctrl.Result{}, fmt.Errorf("failed to update prefix status: %w, "+
+					"after deletion of prefix cr failed: %w", updateStatusErr, err)
+			}
+			return ctrl.Result{}, nil
+		}
+		if updateStatusErr := r.SetConditionAndCreateEvent(ctx, prefix, netboxv1.ConditionIpaddressReadyFalse,
+			corev1.EventTypeWarning, prefix.Spec.Prefix); updateStatusErr != nil {
+			return ctrl.Result{}, fmt.Errorf("failed to update prefix status: %w, "+
+				"after reservation of prefix netbox failed: %w", updateStatusErr, err)
+		}
+		return ctrl.Result{}, nil
 	}
 
 	/* 3. unlock lease of parent prefix */

pkg/netbox/api/errors.go

@@ -23,4 +23,5 @@ var (
 	ErrParentPrefixNotFound            = errors.New("parent prefix not found")
 	ErrWrongMatchingPrefixSubnetFormat = errors.New("wrong matchingPrefix subnet format")
 	ErrInvalidIpFamily                 = errors.New("invalid IP Family")
+	ErrRestorationHashMissmatch        = errors.New("restoration hash missmatch")
 )

pkg/netbox/api/ip_address.go

@@ -17,10 +17,12 @@ limitations under the License.
 package api
 
 import (
+	"fmt"
 	"net/http"
 
 	"github.com/netbox-community/go-netbox/v3/netbox/client/ipam"
 	netboxModels "github.com/netbox-community/go-netbox/v3/netbox/models"
+	"github.com/netbox-community/netbox-operator/pkg/config"
 
 	"github.com/netbox-community/netbox-operator/pkg/netbox/models"
 	"github.com/netbox-community/netbox-operator/pkg/netbox/utils"
@@ -33,14 +35,18 @@ func (r *NetboxClient) ReserveOrUpdateIpAddress(ipAddress *models.IPAddress) (*n
 	}
 
 	desiredIPAddress := &netboxModels.WritableIPAddress{
-		Address:      &ipAddress.IpAddress,
-		Comments:     ipAddress.Metadata.Comments + warningComment,
-		CustomFields: ipAddress.Metadata.Custom,
-		Description:  TruncateDescription(ipAddress.Metadata.Description),
-		Status:       "active",
+		Address:     &ipAddress.IpAddress,
+		Description: TruncateDescription(""),
+		Status:      "active",
 	}
 
-	if ipAddress.Metadata.Tenant != "" {
+	if ipAddress.Metadata != nil {
+		desiredIPAddress.CustomFields = ipAddress.Metadata.Custom
+		desiredIPAddress.Comments = ipAddress.Metadata.Comments + warningComment
+		desiredIPAddress.Description = TruncateDescription(ipAddress.Metadata.Description)
+	}
+
+	if ipAddress.Metadata != nil && ipAddress.Metadata.Tenant != "" {
 		tenantDetails, err := r.GetTenantDetails(ipAddress.Metadata.Tenant)
 		if err != nil {
 			return nil, err
@@ -52,7 +58,22 @@ func (r *NetboxClient) ReserveOrUpdateIpAddress(ipAddress *models.IPAddress) (*n
 	if len(responseIpAddress.Payload.Results) == 0 {
 		return r.CreateIpAddress(desiredIPAddress)
 	}
-	//update ip address since it does exist
+
+	ipToUpdate := responseIpAddress.Payload.Results[0]
+
+	// if the desired ip address has a restoration hash
+	// check that the ip address to update has the same restoration hash
+	restorationHashKey := config.GetOperatorConfig().NetboxRestorationHashFieldName
+	if ipAddress.Metadata != nil {
+		if restorationHash, ok := ipAddress.Metadata.Custom[restorationHashKey]; ok {
+			if ipToUpdate.CustomFields != nil && ipToUpdate.CustomFields.(map[string]interface{})[restorationHashKey] == restorationHash {
+				//update ip address since it does exist and the restoration hash matches
+				return r.UpdateIpAddress(ipToUpdate.ID, desiredIPAddress)
+			}
+			return nil, fmt.Errorf("%w, assigned ip address %s", ErrRestorationHashMissmatch, ipAddress.IpAddress)
+		}
+	}
+
 	ipAddressId := responseIpAddress.Payload.Results[0].ID
 	return r.UpdateIpAddress(ipAddressId, desiredIPAddress)
 }