fix: add scope validation on custom resource

Fixes operator-framework#339

Author: daniellavoie

operator-framework-core/src/main/java/io/javaoperatorsdk/operator/CustomResourceUtils.java

@@ -0,0 +1,44 @@
+package io.javaoperatorsdk.operator;
+
+import io.fabric8.kubernetes.api.model.Cluster;
+import io.fabric8.kubernetes.api.model.Namespaced;
+import io.fabric8.kubernetes.api.model.apiextensions.v1.CustomResourceDefinition;
+import java.util.Arrays;
+
+public abstract class CustomResourceUtils {
+
+  /**
+   * Applies internal validations that may not be handled by the fabric8 client.
+   *
+   * @param resClass Custom Resource to validate
+   * @param crd CRD for the Custom Resource
+   * @throws OperatorException when the Custom Resource has validation error
+   */
+  public static void assertCustomResource(Class<?> resClass, CustomResourceDefinition crd) {
+    var namespaced =
+        Arrays.stream(resClass.getInterfaces())
+            .filter(classInterface -> classInterface.equals(Namespaced.class))
+            .findAny()
+            .isPresent();
+
+    if (!namespaced && Namespaced.class.getSimpleName().equals(crd.getSpec().getScope())) {
+      throw new OperatorException(
+          "Custom resource '"
+              + resClass.getName()
+              + "' must implement '"
+              + Namespaced.class.getName()
+              + "' since CRD '"
+              + crd.getMetadata().getName()
+              + "' is scoped as 'Namespaced'");
+    } else if (namespaced && Cluster.class.getSimpleName().equals(crd.getSpec().getScope())) {
+      throw new OperatorException(
+          "Custom resource '"
+              + resClass.getName()
+              + "' must not implement '"
+              + Namespaced.class.getName()
+              + "' since CRD '"
+              + crd.getMetadata().getName()
+              + "' is scoped as 'Cluster'");
+    }
+  }
+}

operator-framework-core/src/main/java/io/javaoperatorsdk/operator/Operator.java

@@ -95,10 +95,6 @@ public <R extends CustomResource> void register(
       final var targetNamespaces = configuration.getNamespaces().toArray(new String[] {});
       Class<R> resClass = configuration.getCustomResourceClass();
       String finalizer = configuration.getFinalizer();
-      final var client = k8sClient.customResources(resClass);
-      EventDispatcher dispatcher =
-          new EventDispatcher(
-              controller, finalizer, new EventDispatcher.CustomResourceFacade(client));
 
       // check that the custom resource is known by the cluster
       final var crdName = configuration.getCRDName();
@@ -114,6 +110,14 @@ public <R extends CustomResource> void register(
                 + " cannot be registered");
       }
 
+      // Apply validations that are not handled by fabric8
+      CustomResourceUtils.assertCustomResource(resClass, crd);
+
+      final var client = k8sClient.customResources(resClass);
+      EventDispatcher dispatcher =
+          new EventDispatcher(
+              controller, finalizer, new EventDispatcher.CustomResourceFacade(client));
+
       CustomResourceCache customResourceCache = new CustomResourceCache();
       DefaultEventHandler defaultEventHandler =
           new DefaultEventHandler(customResourceCache, dispatcher, controllerName, retry);

operator-framework-core/src/test/java/io/javaoperatorsdk/operator/CustomResourceUtilsTest.java

@@ -0,0 +1,29 @@
+package io.javaoperatorsdk.operator;
+
+import io.javaoperatorsdk.operator.sample.simple.NamespacedTestCustomResource;
+import io.javaoperatorsdk.operator.sample.simple.TestCustomResource;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+public class CustomResourceUtilsTest {
+  @Test
+  public void assertNamespacedCustomResource() {
+    var clusterCrd = TestUtils.testCRD("Cluster");
+
+    CustomResourceUtils.assertCustomResource(TestCustomResource.class, clusterCrd);
+
+    Assertions.assertThrows(
+        OperatorException.class,
+        () ->
+            CustomResourceUtils.assertCustomResource(
+                NamespacedTestCustomResource.class, clusterCrd));
+
+    var namespacedCrd = TestUtils.testCRD("Namespaced");
+
+    Assertions.assertThrows(
+        OperatorException.class,
+        () -> CustomResourceUtils.assertCustomResource(TestCustomResource.class, namespacedCrd));
+
+    CustomResourceUtils.assertCustomResource(NamespacedTestCustomResource.class, namespacedCrd);
+  }
+}

operator-framework-core/src/test/java/io/javaoperatorsdk/operator/TestUtils.java

@@ -1,6 +1,8 @@
 package io.javaoperatorsdk.operator;
 
 import io.fabric8.kubernetes.api.model.ObjectMetaBuilder;
+import io.fabric8.kubernetes.api.model.apiextensions.v1.CustomResourceDefinition;
+import io.fabric8.kubernetes.api.model.apiextensions.v1.CustomResourceDefinitionBuilder;
 import io.javaoperatorsdk.operator.sample.simple.TestCustomResource;
 import io.javaoperatorsdk.operator.sample.simple.TestCustomResourceSpec;
 import java.util.HashMap;
@@ -15,6 +17,17 @@ public static TestCustomResource testCustomResource() {
     return testCustomResource(UUID.randomUUID().toString());
   }
 
+  public static CustomResourceDefinition testCRD(String scope) {
+    return new CustomResourceDefinitionBuilder()
+        .editOrNewSpec()
+        .withScope(scope)
+        .and()
+        .editOrNewMetadata()
+        .withName("test.operator.javaoperatorsdk.io")
+        .and()
+        .build();
+  }
+
   public static TestCustomResource testCustomResource(String uid) {
     TestCustomResource resource = new TestCustomResource();
     resource.setMetadata(

operator-framework-core/src/test/java/io/javaoperatorsdk/operator/sample/simple/NamespacedTestCustomResource.java

@@ -0,0 +1,12 @@
+package io.javaoperatorsdk.operator.sample.simple;
+
+import io.fabric8.kubernetes.api.model.Namespaced;
+import io.fabric8.kubernetes.client.CustomResource;
+import io.fabric8.kubernetes.model.annotation.Group;
+import io.fabric8.kubernetes.model.annotation.Version;
+
+@Group("namespaced-sample.javaoperatorsdk.io")
+@Version("v1")
+public class NamespacedTestCustomResource
+    extends CustomResource<TestCustomResourceSpec, TestCustomResourceStatus>
+    implements Namespaced {}