pkg/controller: consider project in yaml metadata

Author: weizhouapache

controller/controller.go

@@ -279,6 +279,15 @@ func (c *Controller) handleApply(w http.ResponseWriter, r *http.Request) {
 			http.Error(w, "invalid resource document", http.StatusBadRequest)
 			return
 		}
+		if p, ok := meta["project"].(string); ok && p != "" {
+			if m, ok := meta["metadata"].(map[string]interface{}); ok {
+				if _, hasProject := m["project"]; !hasProject {
+					m["project"] = p
+					meta["metadata"] = m
+					raw, _ = json.Marshal(meta)
+				}
+			}
+		}
 		kind, _ := meta["kind"].(string)
 
 		switch kind {
@@ -794,7 +803,6 @@ func (c *Controller) handleDescribe(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-
 func (c *Controller) handleDelete(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodPost {
 		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
@@ -1173,6 +1181,16 @@ func (c *Controller) applyComponent(comp *v1.Component) error {
 
 // applyVMSpec creates/updates a reusable VirtualMachineSpec resource
 func (c *Controller) applyVMSpec(vs *v1.VirtualMachineSpecResource) error {
+	// Accept project in either metadata.project or spec.project and keep them in sync.
+	vmsProject := strings.TrimSpace(vs.Metadata.Project)
+	if vmsProject == "" {
+		vmsProject = strings.TrimSpace(vs.Spec.Project)
+	}
+	if vmsProject != "" {
+		vs.Metadata.Project = vmsProject
+		vs.Spec.Project = vmsProject
+	}
+
 	// Only allow create (apply) or idempotent re-apply with identical spec.
 	var existing v1.VirtualMachineSpecResource
 	if err := db.DB.Where("name = ?", vs.Metadata.Name).First(&existing).Error; err == nil {
@@ -1192,6 +1210,16 @@ func (c *Controller) applyVMSpec(vs *v1.VirtualMachineSpecResource) error {
 
 // applyVM creates/updates a VirtualMachine resource
 func (c *Controller) applyVM(vm *v1.VirtualMachine) error {
+	// Accept project in either metadata.project or spec.project and keep them in sync.
+	vmProject := strings.TrimSpace(vm.Metadata.Project)
+	if vmProject == "" {
+		vmProject = strings.TrimSpace(vm.Spec.Project)
+	}
+	if vmProject != "" {
+		vm.Metadata.Project = vmProject
+		vm.Spec.Project = vmProject
+	}
+
 	// Attempt to find the VM in CloudStack by CloudStackID or by name
 	// If CloudStackID is empty, try to discover VM in CloudStack
 	if vm.CloudStackID == "" {

pkg/handlers/affinitygroup.go

@@ -22,9 +22,21 @@ func ApplyAffinityGroup(ag *v1.AffinityGroup) (string, error) {
 		return "", fmt.Errorf("failed to create CloudStack client: %w", err)
 	}
 
-	// Try to find by name
-	existing, _, err := client.AffinityGroup.GetAffinityGroupByName(name)
-	if err == nil && existing != nil {
+	// Try to find by name in the provided project scope.
+	listParams := client.AffinityGroup.NewListAffinityGroupsParams()
+	listParams.SetName(name)
+	if err := setProjectOnParams(listParams, ag.Metadata.Project); err != nil {
+		return "", err
+	}
+	listResp, err := client.AffinityGroup.ListAffinityGroups(listParams)
+	if err != nil {
+		return "", fmt.Errorf("failed to list affinity groups: %w", err)
+	}
+	if listResp != nil && len(listResp.AffinityGroups) > 0 {
+		existing := listResp.AffinityGroups[0]
+		if ag.Metadata.Project != "" {
+			return "", fmt.Errorf("affinitygroup %s already exists in project %s (id=%s); updates are not supported", name, ag.Metadata.Project, existing.Id)
+		}
 		return "", fmt.Errorf("affinitygroup %s already exists in CloudStack (id=%s); updates are not supported", name, existing.Id)
 	}
 

pkg/handlers/network.go

@@ -195,5 +195,8 @@ func ApplyNetwork(netRes *v1.Network) (string, error) {
 	}
 	// Resource exists — updates are not supported at this time
 	existing := listResp.Networks[0]
+	if netRes.Metadata.Project != "" {
+		return "", fmt.Errorf("network %s already exists in project %s (id=%s); updates are not supported", name, netRes.Metadata.Project, existing.Id)
+	}
 	return "", fmt.Errorf("network %s already exists in CloudStack (id=%s); updates are not supported", name, existing.Id)
 }

pkg/handlers/securitygroup.go

@@ -80,8 +80,20 @@ func ApplySecurityGroup(sg *v1.SecurityGroup) (string, error) {
 	if err != nil {
 		return "", fmt.Errorf("failed to create CloudStack client: %w", err)
 	}
-	existing, _, err := client.SecurityGroup.GetSecurityGroupByName(sg.Metadata.Name)
-	if existing != nil {
+	listParams := client.SecurityGroup.NewListSecurityGroupsParams()
+	listParams.SetSecuritygroupname(sg.Metadata.Name)
+	if err := setProjectOnParams(listParams, sg.Metadata.Project); err != nil {
+		return "", err
+	}
+	listResp, err := client.SecurityGroup.ListSecurityGroups(listParams)
+	if err != nil {
+		return "", fmt.Errorf("failed to list security groups: %w", err)
+	}
+	if listResp != nil && len(listResp.SecurityGroups) > 0 {
+		existing := listResp.SecurityGroups[0]
+		if sg.Metadata.Project != "" {
+			return "", fmt.Errorf("securitygroup %s already exists in project %s (id=%s); updates are not supported", sg.Metadata.Name, sg.Metadata.Project, existing.Id)
+		}
 		return "", fmt.Errorf("securitygroup %s already exists in CloudStack (id=%s); updates are not supported", sg.Metadata.Name, existing.Id)
 	}
 	// Create security group with optional description from metadata.annotations["description"]

pkg/handlers/sshkey.go

@@ -92,6 +92,9 @@ func ApplySSHKey(key *v1.SSHKey) (string, error) {
 		return "", fmt.Errorf("cloudstack API error: %w", err)
 	}
 	if resp != nil && len(resp.SSHKeyPairs) > 0 {
+		if key.Metadata.Project != "" {
+			return "", fmt.Errorf("sshkey %s already exists in project %s (fingerprint=%s); updates are not supported", key.Metadata.Name, key.Metadata.Project, resp.SSHKeyPairs[0].Fingerprint)
+		}
 		return "", fmt.Errorf("sshkey %s already exists in CloudStack (fingerprint=%s); updates are not supported", key.Metadata.Name, resp.SSHKeyPairs[0].Fingerprint)
 	}
 

pkg/handlers/userdata.go

@@ -23,6 +23,22 @@ func ApplyUserData(ud *v1.UserData) (string, error) {
 	if err != nil {
 		return "", fmt.Errorf("failed to create CloudStack client: %w", err)
 	}
+	listParams := client.User.NewListUserDataParams()
+	listParams.SetName(ud.Metadata.Name)
+	if err := setProjectOnParams(listParams, ud.Metadata.Project); err != nil {
+		return "", err
+	}
+	listResp, err := client.User.ListUserData(listParams)
+	if err != nil {
+		return "", fmt.Errorf("failed to list userdata: %w", err)
+	}
+	if listResp != nil && len(listResp.UserData) > 0 {
+		existing := listResp.UserData[0]
+		if ud.Metadata.Project != "" {
+			return "", fmt.Errorf("userdata %s already exists in project %s (id=%s); updates are not supported", ud.Metadata.Name, ud.Metadata.Project, existing.Id)
+		}
+		return "", fmt.Errorf("userdata %s already exists in CloudStack (id=%s); updates are not supported", ud.Metadata.Name, existing.Id)
+	}
 	// Register UserData in CloudStack as a standalone UserData entry.
 	// Use the SDK register/create method; CloudStack expects the content
 	// to be provided as a string.

pkg/handlers/virtualmachine.go

@@ -11,6 +11,48 @@ import (
 	cs "github.com/apache/cloudstack-go/v2/cloudstack"
 )
 
+func vmAttachedToAnyNetwork(vm *cs.VirtualMachine, networkIDs []string) bool {
+	if vm == nil || len(networkIDs) == 0 {
+		return false
+	}
+	requested := make(map[string]struct{}, len(networkIDs))
+	for _, id := range networkIDs {
+		if id != "" {
+			requested[id] = struct{}{}
+		}
+	}
+	for _, nic := range vm.Nic {
+		if _, ok := requested[nic.Networkid]; ok {
+			return true
+		}
+	}
+	return false
+}
+
+func findExistingVMInScope(client *cs.CloudStackClient, name, project string, networkIDs []string) (*cs.VirtualMachine, error) {
+	params := client.VirtualMachine.NewListVirtualMachinesParams()
+	params.SetName(name)
+	if err := setProjectOnParams(params, project); err != nil {
+		return nil, err
+	}
+	resp, err := client.VirtualMachine.ListVirtualMachines(params)
+	if err != nil {
+		return nil, fmt.Errorf("failed to list virtual machines: %w", err)
+	}
+	if resp == nil || len(resp.VirtualMachines) == 0 {
+		return nil, nil
+	}
+	if len(networkIDs) == 0 {
+		return resp.VirtualMachines[0], nil
+	}
+	for _, existing := range resp.VirtualMachines {
+		if vmAttachedToAnyNetwork(existing, networkIDs) {
+			return existing, nil
+		}
+	}
+	return nil, nil
+}
+
 // ListVMs queries CloudStack and returns the SDK response for callers to format.
 func ListVMs(name, project string, allProjects bool) (any, error) {
 	client, err := cloudstack.NewClient()
@@ -103,12 +145,9 @@ func ApplyVirtualMachineManaged(vm *v1.VirtualMachine, managed bool) (string, er
 	if err != nil {
 		return "", fmt.Errorf("failed to create CloudStack client: %w", err)
 	}
-	// Check for existing VM with the same name - we don't support updates
-	listParams := client.VirtualMachine.NewListVirtualMachinesParams()
-	listParams.SetName(vm.Metadata.Name)
-	listResp, lerr := client.VirtualMachine.ListVirtualMachines(listParams)
-	if lerr == nil && listResp != nil && len(listResp.VirtualMachines) > 0 {
-		return "", fmt.Errorf("virtualmachine %s already exists in CloudStack (id=%s); updates are not supported", vm.Metadata.Name, listResp.VirtualMachines[0].Id)
+	project := vm.Spec.Project
+	if project == "" {
+		project = vm.Metadata.Project
 	}
 
 	// Resolve potential name references to IDs for template, service offering, and networks
@@ -132,6 +171,19 @@ func ApplyVirtualMachineManaged(vm *v1.VirtualMachine, managed bool) (string, er
 		resolvedNets = append(resolvedNets, nid)
 	}
 
+	// For create via apply, only treat the VM as existing when it is found in the
+	// same project scope and, when requested, attached to one of the requested networks.
+	existingVM, lerr := findExistingVMInScope(client, vm.Metadata.Name, project, resolvedNets)
+	if lerr != nil {
+		return "", lerr
+	}
+	if existingVM != nil {
+		if project != "" {
+			return "", fmt.Errorf("virtualmachine %s already exists in project %s (id=%s); updates are not supported", vm.Metadata.Name, project, existingVM.Id)
+		}
+		return "", fmt.Errorf("virtualmachine %s already exists in CloudStack (id=%s); updates are not supported", vm.Metadata.Name, existingVM.Id)
+	}
+
 	params := client.VirtualMachine.NewDeployVirtualMachineParams(serviceOfferingID, templateID, "")
 	params.SetName(vm.Metadata.Name)
 	// If a zone is provided in the spec, try to resolve the zone name to an ID.
@@ -143,13 +195,8 @@ func ApplyVirtualMachineManaged(vm *v1.VirtualMachine, managed bool) (string, er
 		}
 		params.SetZoneid(zid)
 	}
-	if vm.Spec.Project != "" {
-		// Accept either a project UUID or a project name; try resolving name first.
-		if pid, perr := ResolveProject(vm.Spec.Project); perr == nil {
-			params.SetProjectid(pid)
-		} else {
-			params.SetProjectid(vm.Spec.Project)
-		}
+	if err := setProjectOnParams(params, project); err != nil {
+		return "", err
 	}
 	if len(vm.Spec.Networks) > 0 {
 		params.SetNetworkids(resolvedNets)

pkg/handlers/volume.go

@@ -83,7 +83,13 @@ func ApplyVolume(vol *v1.Volume) (string, error) {
 		return "", err
 	}
 	resp, err := client.Volume.ListVolumes(params)
-	if err == nil && resp != nil && len(resp.Volumes) > 0 {
+	if err != nil {
+		return "", fmt.Errorf("failed to list volumes: %w", err)
+	}
+	if resp != nil && len(resp.Volumes) > 0 {
+		if vol.Metadata.Project != "" {
+			return "", fmt.Errorf("volume %s already exists in project %s (id=%s); updates are not supported", vol.Metadata.Name, vol.Metadata.Project, resp.Volumes[0].Id)
+		}
 		return "", fmt.Errorf("volume %s already exists in CloudStack (id=%s); updates are not supported", vol.Metadata.Name, resp.Volumes[0].Id)
 	}