From 9bdf96a5a0a48dee19b0fa94ae5616b764822a4a Mon Sep 17 00:00:00 2001
From: adil ghaffar <muhammad.adil.ghaffar@est.tech>
Date: Mon, 13 Jun 2022 17:58:31 +0300
Subject: [PATCH] Add checks for not topology owned templates to never
 reconcile.

---
 .../topology/cluster/current_state.go         |  6 ++++++
 .../topology/cluster/current_state_test.go    | 20 +++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/internal/controllers/topology/cluster/current_state.go b/internal/controllers/topology/cluster/current_state.go
index de8af7c4ee91..51a71c41c65a 100644
--- a/internal/controllers/topology/cluster/current_state.go
+++ b/internal/controllers/topology/cluster/current_state.go
@@ -158,6 +158,12 @@ func (r *Reconciler) getCurrentMachineDeploymentState(ctx context.Context, clust
 	for i := range md.Items {
 		m := &md.Items[i]
 
+		// check that the MachineDeployment has the ClusterTopologyOwnedLabel label.
+		// Nb. This is to make sure that a managed topology cluster does not have a reference to an object that is not
+		// owned by the topology.
+		if !labels.IsTopologyOwned(m) {
+			return nil, fmt.Errorf(" %s is not topology owned", tlog.KObj{Obj: m})
+		}
 		// Retrieve the name which is assigned in Cluster's topology
 		// from a well-defined label.
 		mdTopologyName, ok := m.ObjectMeta.Labels[clusterv1.ClusterTopologyMachineDeploymentLabelName]
diff --git a/internal/controllers/topology/cluster/current_state_test.go b/internal/controllers/topology/cluster/current_state_test.go
index 3a102446feee..09ea0b7371fc 100644
--- a/internal/controllers/topology/cluster/current_state_test.go
+++ b/internal/controllers/topology/cluster/current_state_test.go
@@ -97,6 +97,14 @@ func TestGetCurrentState(t *testing.T) {
 		WithInfrastructureTemplate(machineDeploymentInfrastructure).
 		Build()
 
+	machineDeploymentNotTopologyOwned := builder.MachineDeployment(metav1.NamespaceDefault, "md1").
+		WithLabels(map[string]string{
+			clusterv1.ClusterLabelName: "cluster1",
+		}).
+		WithBootstrapTemplate(machineDeploymentBootstrap).
+		WithInfrastructureTemplate(machineDeploymentInfrastructure).
+		Build()
+
 	// MachineHealthChecks for the MachineDeployment and the ControlPlane.
 	machineHealthCheckForMachineDeployment := builder.MachineHealthCheck(machineDeployment.Namespace, machineDeployment.Name).
 		WithSelector(*selectorForMachineDeploymentMHC(machineDeployment)).
@@ -380,6 +388,18 @@ func TestGetCurrentState(t *testing.T) {
 			// Expect error to be thrown as no managed MachineDeployment is reconcilable unless it has a ClusterTopologyMachineDeploymentLabelName.
 			wantErr: true,
 		},
+		{
+			name: "Fails if there are MachineDeployments without the topology.cluster.x-k8s.io/owned",
+			cluster: builder.Cluster(metav1.NamespaceDefault, "cluster1").
+				Build(),
+			class: clusterClassWithControlPlaneInfra,
+			objects: []client.Object{
+				clusterClassWithControlPlaneInfra,
+				machineDeploymentNotTopologyOwned,
+			},
+			// Expect error to be thrown as no managed MachineDeployment is reconcilable unless it has a ClusterTopologyOwnedLabel.
+			wantErr: true,
+		},
 		{
 			name: "Fails if there are MachineDeployments with the same topology.cluster.x-k8s.io/deployment-name",
 			cluster: builder.Cluster(metav1.NamespaceDefault, "cluster1").