separate cases of "cluster-scoped resource cannot have namespace-scoped resource" and "cross-namespaces owner references are disallowed"

boylee1111 · boylee1111 · commit c0853ea8c195 · 2019-11-11T14:01:53.000-08:00
diff --git a/pkg/controller/controllerutil/controllerutil.go b/pkg/controller/controllerutil/controllerutil.go
@@ -54,14 +54,22 @@ func newAlreadyOwnedError(Object metav1.Object, Owner metav1.OwnerReference) *Al
 // reconciling the owner object on changes to owned (with a Watch + EnqueueRequestForOwner).
 // Since only one OwnerReference can be a controller, it returns an error if
 // there is another OwnerReference with Controller flag set.
+// Owner must be cluster-scoped resource or has the same namespace as object.
 func SetControllerReference(owner, object metav1.Object, scheme *runtime.Scheme) error {
 	ro, ok := owner.(runtime.Object)
 	if !ok {
 		return fmt.Errorf("%T is not a runtime.Object, cannot call SetControllerReference", owner)
 	}
 
-	if owner.GetNamespace() != "" && owner.GetNamespace() != object.GetNamespace() {
-		return fmt.Errorf("cross-namespace owner references are disallowed, owner's namespace %s, obj's namespace %s", owner.GetNamespace(), object.GetNamespace())
+	ownerNs := owner.GetNamespace()
+	if ownerNs != "" {
+		objNs := object.GetNamespace()
+		if objNs == "" {
+			return fmt.Errorf("cluster-scoped resource must not have a namespace-scoped owner, owner's namesapce %s", ownerNs)
+		}
+		if ownerNs != objNs {
+			return fmt.Errorf("cross-namespace owner references are disallowed, owner's namespace %s, obj's namespace %s", ownerNs, objNs)
+		}
 	}
 
 	gvk, err := apiutil.GVKForObject(ro, scheme)
diff --git a/pkg/controller/controllerutil/controllerutil_test.go b/pkg/controller/controllerutil/controllerutil_test.go
@@ -124,6 +124,16 @@ var _ = Describe("Controllerutil", func() {
 
 			Expect(err).To(HaveOccurred())
 		})
+
+		It("should return an error if owner is namespaced-scope resource but dependent is cluster-scoped", func() {
+			pv := &corev1.PersistentVolume{ObjectMeta: metav1.ObjectMeta{Name: "bar"}}
+			pod := &corev1.Pod{ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "default", UID: "foo-uid"}}
+
+			err := controllerutil.SetControllerReference(pod, pv, scheme.Scheme)
+
+			Expect(err).To(HaveOccurred())
+
+		})
 	})
 
 	Describe("CreateOrUpdate", func() {
