From f8ececdd7bd4e7383e735b0f75fe968b5d075e2e Mon Sep 17 00:00:00 2001
From: Arbaaz Khan <arbaazkhan083@gmail.com>
Date: Tue, 13 Feb 2024 22:37:06 +0530
Subject: [PATCH] Restrict CIS to sync static routes created by itself

---
 pkg/controller/worker.go                  |  2 +-
 pkg/networkmanager/networkmanager.go      | 16 ++++++++++++----
 pkg/networkmanager/networkmanager_test.go |  4 ++--
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/pkg/controller/worker.go b/pkg/controller/worker.go
index a9c9b7a5e..7b4c8e886 100644
--- a/pkg/controller/worker.go
+++ b/pkg/controller/worker.go
@@ -3890,7 +3890,7 @@ func (ctlr *Controller) processConfigCR(configCR *cisapiv1.DeployConfig, isDelet
 	bigipconfig := configCR.Spec.BigIpConfig
 	ctlr.handleBigipConfigUpdates(bigipconfig)
 	if ctlr.StaticRoutingMode && ctlr.PoolMemberType != NodePort {
-		err := ctlr.networkManager.SetInstanceIds(configCR.Spec.BigIpConfig)
+		err := ctlr.networkManager.SetInstanceIds(configCR.Spec.BigIpConfig, ctlr.ControllerIdentifier)
 		if err != nil {
 			log.Errorf("%v", err)
 			os.Exit(1)
diff --git a/pkg/networkmanager/networkmanager.go b/pkg/networkmanager/networkmanager.go
index 48e73af2e..8f8323c3b 100644
--- a/pkg/networkmanager/networkmanager.go
+++ b/pkg/networkmanager/networkmanager.go
@@ -115,7 +115,7 @@ func NewNetworkManager(tm *tokenmanager.TokenManager, clusterName string) *Netwo
 }
 
 // SetInstanceIds performs an HTTP GET request to the API, extracts address and ID mappings, and stores them
-func (nm *NetworkManager) SetInstanceIds(bigIpConfigs []cisapiv1.BigIpConfig) error {
+func (nm *NetworkManager) SetInstanceIds(bigIpConfigs []cisapiv1.BigIpConfig, controllerID string) error {
 
 	// initialize the device map
 	nm.DeviceMap = make(map[string]string)
@@ -173,7 +173,7 @@ func (nm *NetworkManager) SetInstanceIds(bigIpConfigs []cisapiv1.BigIpConfig) er
 							nm.DeviceMap[address] = id
 							nm.L3ForwardStore.Lock()
 							if _, ok := nm.L3ForwardStore.InstanceStaticRoutes[id]; !ok {
-								staticRouteMap, err := nm.GetL3ForwardsFromInstance(id)
+								staticRouteMap, err := nm.GetL3ForwardsFromInstance(id, controllerID)
 								if err != nil {
 									log.Errorf("%v Error getting static routes for instance %v: %v", networkManagerPrefix, id, err)
 									nm.L3ForwardStore.Unlock()
@@ -192,7 +192,7 @@ func (nm *NetworkManager) SetInstanceIds(bigIpConfigs []cisapiv1.BigIpConfig) er
 }
 
 // GetL3ForwardsFromInstance performs an HTTP GET request to the API, extracts name and route information, and stores them
-func (nm *NetworkManager) GetL3ForwardsFromInstance(instanceId string) (StaticRouteMap, error) {
+func (nm *NetworkManager) GetL3ForwardsFromInstance(instanceId string, controllerID string) (StaticRouteMap, error) {
 
 	// Create request
 	req, err := http.NewRequest("GET", nm.CMTokenManager.ServerURL+InstancesURI+instanceId+L3Forwards, nil)
@@ -225,8 +225,16 @@ func (nm *NetworkManager) GetL3ForwardsFromInstance(instanceId string) (StaticRo
 		if l3ForwardsArray, ok := embedded["l3forwards"].([]interface{}); ok {
 			for _, l3ForwardData := range l3ForwardsArray {
 				if l3Forward, ok := l3ForwardData.(map[string]interface{}); ok {
-					id, idOk := l3Forward["id"].(string)
 					name, nameOk := l3Forward["payload"].(map[string]interface{})["name"].(string)
+					if nameOk {
+						routeNameArray := strings.Split(name, "/")
+						if len(routeNameArray) == 0 || routeNameArray[0] != controllerID {
+							// ControllerID is not present or not matching in the l3Forward name, so skip this L3Forward
+							// as it's not be created by this CIS
+							continue
+						}
+					}
+					id, idOk := l3Forward["id"].(string)
 
 					configData, configOk := l3Forward["payload"].(map[string]interface{})["config"].(map[string]interface{})
 					config := StaticRouteConfig{}
diff --git a/pkg/networkmanager/networkmanager_test.go b/pkg/networkmanager/networkmanager_test.go
index a26aae1c3..3625df9a9 100644
--- a/pkg/networkmanager/networkmanager_test.go
+++ b/pkg/networkmanager/networkmanager_test.go
@@ -104,7 +104,7 @@ var _ = Describe("Network Manager Tests", func() {
 				bigIPConfig = []cisapiv1.BigIpConfig{{
 					BigIpAddress: BigIPAddress,
 				}}
-				networkManager.SetInstanceIds(bigIPConfig)
+				networkManager.SetInstanceIds(bigIPConfig, "")
 				go networkManager.NetworkConfigHandler()
 			})
 			AfterEach(func() {
@@ -442,7 +442,7 @@ var _ = Describe("Network Manager Tests", func() {
 			It("Initialize the network controller when l3forwards are present on server", func() {
 				isr, _ := networkManager.L3ForwardStore.InstanceStaticRoutes[BigIpId]
 				Expect(len(isr)).To(BeZero())
-				networkManager.SetInstanceIds(bigIPConfig)
+				networkManager.SetInstanceIds(bigIPConfig, "")
 				isr, _ = networkManager.L3ForwardStore.InstanceStaticRoutes[BigIpId]
 				Expect(len(isr)).ToNot(BeZero())
 				// test retry timeout increment