[CHAOSPLT-463] Set user info annotation on disruption creation from parent resource (#927)

* fix: store user information in annotations

* refactor and unit tests

* nit

* fix: log error when can't parse annotations

* fix: unit tests

Author: diyarab

api/v1beta1/disruption_types.go

@@ -16,13 +16,15 @@ import (
 	"os"
 	"path/filepath"
 	"reflect"
+	"strings"
 	"time"
 
 	chaosapi "github.com/DataDog/chaos-controller/api"
 	eventtypes "github.com/DataDog/chaos-controller/eventnotifier/types"
 	chaostypes "github.com/DataDog/chaos-controller/types"
 	"github.com/DataDog/chaos-controller/utils"
 	"github.com/hashicorp/go-multierror"
+	authv1beta1 "k8s.io/api/authentication/v1beta1"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -448,6 +450,69 @@ func (r *Disruption) IsReadyToRemoveFinalizer(finalizerDelay time.Duration) bool
 	return r.Status.CleanedAt != nil && time.Now().After(r.Status.CleanedAt.Add(finalizerDelay))
 }
 
+// CopyOwnerAnnotations copies the annotations from the owner object to the disruption.
+// This ensures that any important metadata from the owner, such as custom annotations,
+// is preserved in the newly created disruption.
+func (r *Disruption) CopyOwnerAnnotations(owner metav1.Object) {
+	if r.Annotations == nil {
+		r.Annotations = make(map[string]string)
+	}
+
+	ownerAnnotations := owner.GetAnnotations()
+	for k, v := range ownerAnnotations {
+		r.Annotations[k] = v
+	}
+}
+
+// SetScheduledAtAnnotation sets the scheduled time of the disruption in the annotations.
+func (r *Disruption) SetScheduledAtAnnotation(scheduledTime time.Time) {
+	if r.Annotations == nil {
+		r.Annotations = make(map[string]string)
+	}
+
+	scheduledAt := scheduledTime.Format(time.RFC3339)
+	r.Annotations[chaostypes.ScheduledAtAnnotation] = scheduledAt
+}
+
+// GetScheduledAtAnnotation retrieves the scheduled time from the disruption's annotations.
+// Returns an error if the annotation is not found or cannot be parsed.
+func (r *Disruption) GetScheduledAtAnnotation() (time.Time, error) {
+	scheduledAt, exists := r.Annotations[chaostypes.ScheduledAtAnnotation]
+	if !exists {
+		return time.Time{}, errors.New("scheduledAt annotation not found")
+	}
+
+	scheduledTime, err := time.Parse(time.RFC3339, scheduledAt)
+	if err != nil {
+		return time.Time{}, fmt.Errorf("unable to parse scheduledAt annotation: %w", err)
+	}
+
+	return scheduledTime, nil
+}
+
+// CopyUserInfoToAnnotations copies the user-related annotations from the owner object to the disruption.
+// Any UserInfo annotations will be overwritten when the Disruption is created, so this function ensures
+// that the parent resource's user information is preserved by storing it in separate annotations.
+func (r *Disruption) CopyUserInfoToAnnotations(owner metav1.Object) error {
+	if r.Annotations == nil {
+		r.Annotations = make(map[string]string)
+	}
+
+	ownerAnnotations := owner.GetAnnotations()
+	if userInfoJSON, exists := ownerAnnotations["UserInfo"]; exists {
+		var userInfo authv1beta1.UserInfo
+		if err := json.Unmarshal([]byte(userInfoJSON), &userInfo); err != nil {
+			return fmt.Errorf("unable to parse UserInfo annotation: %w", err)
+		}
+
+		// Set user-related annotations using the parsed UserInfo struct
+		r.Annotations[chaostypes.UserAnnotation] = userInfo.Username
+		r.Annotations[chaostypes.UserGroupsAnnotation] = strings.Join(userInfo.Groups, ",")
+	}
+
+	return nil
+}
+
 // +kubebuilder:object:root=true
 
 // DisruptionList contains a list of Disruption

api/v1beta1/disruption_types_test.go

@@ -613,4 +613,172 @@ var _ = Describe("Disruption", func() {
 		Entry("with a disruption marked to be deleted not exceeding the timeout limit", builderstest.NewDisruptionBuilder().WithDeletion(), time.Minute*10, false),
 		Entry("with a disruption marked to be deleted exceeding the timeout limit", builderstest.NewDisruptionBuilder().WithDeletion(), time.Minute*(-1), true),
 	)
+
+	DescribeTable("CopyOwnerAnnotations", func(disruptionBuilder *builderstest.DisruptionBuilder, ownerAnnotations map[string]string, expectedAnnotations map[string]string) {
+		// Arrange
+		disruption := disruptionBuilder.Build()
+		owner := &metav1.ObjectMeta{
+			Annotations: ownerAnnotations,
+		}
+
+		// Act
+		disruption.CopyOwnerAnnotations(owner)
+
+		// Assert
+		Expect(disruption.Annotations).NotTo(BeNil())
+		Expect(disruption.Annotations).To(Equal(expectedAnnotations))
+	},
+		Entry("should copy annotations from the owner to the disruption",
+			builderstest.NewDisruptionBuilder().WithAnnotations(map[string]string{
+				"key3": "value3",
+			}),
+			map[string]string{"key1": "value1", "key2": "value2"},
+			map[string]string{"key1": "value1", "key2": "value2", "key3": "value3"}),
+		Entry("should create a new annotations map if it's nil",
+			builderstest.NewDisruptionBuilder(),
+			map[string]string{"key1": "value1", "key2": "value2"},
+			map[string]string{"key1": "value1", "key2": "value2"}),
+	)
+
+	Describe("SetScheduledAtAnnotation", func() {
+		var scheduledTime time.Time
+
+		BeforeEach(func() {
+			scheduledTime = time.Now()
+		})
+
+		It("sets the scheduled time annotation", func() {
+			// Arrange
+			disruption := builderstest.NewDisruptionBuilder().Build()
+
+			// Act
+			disruption.SetScheduledAtAnnotation(scheduledTime)
+
+			// Assert
+			Expect(disruption.Annotations).To(HaveKey(chaostypes.ScheduledAtAnnotation))
+
+			parsedTime, err := time.Parse(time.RFC3339, disruption.Annotations[chaostypes.ScheduledAtAnnotation])
+			Expect(err).NotTo(HaveOccurred())
+			Expect(parsedTime).To(BeTemporally("~", scheduledTime, time.Second))
+		})
+
+		It("creates a new annotations map if it's nil", func() {
+			// Arrange
+			disruption := builderstest.NewDisruptionBuilder().Build()
+
+			// Act
+			disruption.SetScheduledAtAnnotation(scheduledTime)
+
+			// Act
+			Expect(disruption.Annotations).NotTo(BeNil())
+			Expect(disruption.Annotations).To(HaveKey(chaostypes.ScheduledAtAnnotation))
+		})
+	})
+
+	Describe("GetScheduledAtAnnotation", func() {
+		Describe("success cases", func() {
+			It("retrieves the scheduled time annotation", func() {
+				// Arrange
+				scheduledTime := time.Now().Format(time.RFC3339)
+				disruption := builderstest.NewDisruptionBuilder().WithAnnotations(map[string]string{
+					chaostypes.ScheduledAtAnnotation: scheduledTime,
+				}).Build()
+
+				// Act
+				retrievedTime, err := disruption.GetScheduledAtAnnotation()
+
+				// Assert
+				Expect(err).NotTo(HaveOccurred())
+				Expect(retrievedTime.Format(time.RFC3339)).To(Equal(scheduledTime))
+			})
+		})
+
+		Describe("error cases", func() {
+			It("returns and error when the annotation is missing", func() {
+				// Arrange
+				disruption := builderstest.NewDisruptionBuilder().Build()
+
+				// Act
+				_, err := disruption.GetScheduledAtAnnotation()
+
+				// Assert
+				Expect(err).To(MatchError("scheduledAt annotation not found"))
+			})
+
+			It("return and error when the annotation cannot be parsed", func() {
+				// Arrange
+				disruption := builderstest.NewDisruptionBuilder().WithAnnotations(map[string]string{
+					chaostypes.ScheduledAtAnnotation: "invalid-time",
+				}).Build()
+				// Act
+				_, err := disruption.GetScheduledAtAnnotation()
+
+				// Assert
+				Expect(err).To(HaveOccurred())
+				Expect(err.Error()).To(ContainSubstring("unable to parse scheduledAt annotation"))
+			})
+		})
+	})
+
+	Describe("CopyUserInfoToAnnotations", func() {
+		var owner *metav1.ObjectMeta
+
+		BeforeEach(func() {
+			owner = &metav1.ObjectMeta{
+				Annotations: map[string]string{
+					"UserInfo": `{
+						"username": "test-user",
+						"groups": ["group1", "group2"]
+					}`,
+					"key1": "value1",
+					"key2": "value2",
+				},
+			}
+		})
+
+		Describe("success cases", func() {
+			It("copies user-related annotations from the owner", func() {
+				// Arrange
+				disruption := builderstest.NewDisruptionBuilder().Build()
+
+				// Act
+				err := disruption.CopyUserInfoToAnnotations(owner)
+
+				// Assert
+				Expect(err).NotTo(HaveOccurred())
+				Expect(disruption.Annotations).To(HaveKeyWithValue(chaostypes.UserAnnotation, "test-user"))
+				Expect(disruption.Annotations).To(HaveKeyWithValue(chaostypes.UserGroupsAnnotation, "group1,group2"))
+			})
+		})
+
+		Describe("error cases", func() {
+			It("returns an error if the UserInfo annotation is invalid JSON", func() {
+				// Arrange
+				disruption := builderstest.NewDisruptionBuilder().Build()
+				owner.SetAnnotations(map[string]string{
+					"UserInfo": "invalid-json",
+				})
+
+				// Act
+				err := disruption.CopyUserInfoToAnnotations(owner)
+
+				// Assert
+				Expect(err).To(HaveOccurred())
+				Expect(err.Error()).To(ContainSubstring("unable to parse UserInfo annotation"))
+			})
+
+			It("does nothing if the UserInfo annotation does not exist", func() {
+				// Arrange
+				disruption := builderstest.NewDisruptionBuilder().Build()
+				owner.SetAnnotations(map[string]string{})
+
+				// Act
+				err := disruption.CopyUserInfoToAnnotations(owner)
+
+				// Assert
+				Expect(err).NotTo(HaveOccurred())
+				Expect(disruption.Annotations).To(BeEmpty())
+			})
+		})
+	})
 })

builderstest/disruption.go

@@ -234,3 +234,20 @@ func (b *DisruptionBuilder) WithInjectionStatus(status types.DisruptionInjection
 
 	return b
 }
+
+// WithAnnotations sets the specified annotations.
+func (b *DisruptionBuilder) WithAnnotations(annotations map[string]string) *DisruptionBuilder {
+	b.modifiers = append(
+		b.modifiers,
+		func() {
+			if b.ObjectMeta.Annotations == nil {
+				b.ObjectMeta.Annotations = make(map[string]string)
+			}
+
+			for k, v := range annotations {
+				b.ObjectMeta.Annotations[k] = v
+			}
+		})
+
+	return b
+}

controllers/cron_rollout_helpers.go

@@ -24,7 +24,6 @@ import (
 )
 
 const (
-	ScheduledAtAnnotation          = chaosv1beta1.GroupName + "/scheduled-at"
 	DisruptionCronNameLabel        = chaosv1beta1.GroupName + "/disruption-cron-name"
 	DisruptionRolloutNameLabel     = chaosv1beta1.GroupName + "/disruption-rollout-name"
 	TargetResourceMissingThreshold = time.Hour * 24
@@ -120,13 +119,14 @@ func createBaseDisruption(owner metav1.Object, disruptionSpec *chaosv1beta1.Disr
 }
 
 // setDisruptionAnnotations updates the annotations of a given Disruption object with those of its owner.
-// Additionally, it sets a scheduled time annotation using the provided scheduledTime.
-func setDisruptionAnnotations(disruption *chaosv1beta1.Disruption, owner metav1.Object, scheduledTime time.Time) {
-	for k, v := range owner.GetAnnotations() {
-		disruption.Annotations[k] = v
-	}
+// It sets a scheduled time annotation using the provided scheduledTime.
+// It parses the UserInfo annotation if it exists and sets user-related annotations.
+func setDisruptionAnnotations(disruption *chaosv1beta1.Disruption, owner metav1.Object, scheduledTime time.Time) error {
+	disruption.CopyOwnerAnnotations(owner)
+
+	disruption.SetScheduledAtAnnotation(scheduledTime)
 
-	disruption.Annotations[ScheduledAtAnnotation] = scheduledTime.Format(time.RFC3339)
+	return disruption.CopyUserInfoToAnnotations(owner)
 }
 
 // overwriteDisruptionSelectors updates the selectors of a given Disruption object based on the provided targetResource.
@@ -156,13 +156,15 @@ func overwriteDisruptionSelectors(ctx context.Context, cl client.Client, disrupt
 // CreateDisruptionFromTemplate constructs a Disruption object based on the provided owner, disruptionSpec, and targetResource.
 // The function sets annotations, overwrites selectors, and associates the Disruption with its owner.
 // It returns the constructed Disruption or an error if any step fails.
-func CreateDisruptionFromTemplate(ctx context.Context, cl client.Client, scheme *runtime.Scheme, owner metav1.Object, targetResource *chaosv1beta1.TargetResourceSpec, disruptionSpec *chaosv1beta1.DisruptionSpec, scheduledTime time.Time) (*chaosv1beta1.Disruption, error) {
+func CreateDisruptionFromTemplate(ctx context.Context, cl client.Client, scheme *runtime.Scheme, owner metav1.Object, targetResource *chaosv1beta1.TargetResourceSpec, disruptionSpec *chaosv1beta1.DisruptionSpec, scheduledTime time.Time, log *zap.SugaredLogger) (*chaosv1beta1.Disruption, error) {
 	disruption := createBaseDisruption(owner, disruptionSpec)
 
 	ownerNameLabel := getOwnerNameLabel(owner)
 	disruption.Labels[ownerNameLabel] = owner.GetName()
 
-	setDisruptionAnnotations(disruption, owner, scheduledTime)
+	if err := setDisruptionAnnotations(disruption, owner, scheduledTime); err != nil {
+		log.Errorw("unable to set annotations for child disruption", "err", err, "disruptionName", disruption.Name)
+	}
 
 	if err := overwriteDisruptionSelectors(ctx, cl, disruption, targetResource, owner.GetNamespace()); err != nil {
 		return nil, err
@@ -177,18 +179,13 @@ func CreateDisruptionFromTemplate(ctx context.Context, cl client.Client, scheme
 
 // getScheduledTimeForDisruption returns the scheduled time for a particular disruption.
 func getScheduledTimeForDisruption(log *zap.SugaredLogger, disruption *chaosv1beta1.Disruption) time.Time {
-	timeRaw := disruption.Annotations[ScheduledAtAnnotation]
-	if len(timeRaw) == 0 {
-		return time.Time{}
-	}
-
-	timeParsed, err := time.Parse(time.RFC3339, timeRaw)
+	parsedTime, err := disruption.GetScheduledAtAnnotation()
 	if err != nil {
 		log.Errorw("unable to parse schedule time for child disruption", "err", err, "disruptionName", disruption.Name)
 		return time.Time{}
 	}
 
-	return timeParsed
+	return parsedTime
 }
 
 // GetMostRecentScheduleTime returns the most recent scheduled time from a list of disruptions.

controllers/disruption_cron_controller.go

@@ -170,7 +170,7 @@ func (r *DisruptionCronReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	r.log.Infow("processing current run", "currentRun", missedRun.Format(time.UnixDate))
 
 	// Create disruption for current run
-	disruption, err := CreateDisruptionFromTemplate(ctx, r.Client, r.Scheme, instance, &instance.Spec.TargetResource, &instance.Spec.DisruptionTemplate, missedRun)
+	disruption, err := CreateDisruptionFromTemplate(ctx, r.Client, r.Scheme, instance, &instance.Spec.TargetResource, &instance.Spec.DisruptionTemplate, missedRun, r.log)
 
 	if err != nil {
 		r.log.Warnw("unable to construct disruption from template", "err", err)

controllers/disruption_rollout_controller.go

@@ -136,7 +136,7 @@ func (r *DisruptionRolloutReconciler) Reconcile(ctx context.Context, req ctrl.Re
 
 	// Create disruption
 	scheduledTime := time.Now()
-	disruption, err := CreateDisruptionFromTemplate(ctx, r.Client, r.Scheme, instance, &instance.Spec.TargetResource, &instance.Spec.DisruptionTemplate, scheduledTime)
+	disruption, err := CreateDisruptionFromTemplate(ctx, r.Client, r.Scheme, instance, &instance.Spec.TargetResource, &instance.Spec.DisruptionTemplate, scheduledTime, r.log)
 
 	if err != nil {
 		r.log.Warnw("unable to construct disruption from template", "err", err)

types/types.go

@@ -120,6 +120,14 @@ const (
 	// DisruptionNamespaceLabel is the label used to identify the disruption namespace for a chaos pod. This is used to determine pod ownership.
 	DisruptionNamespaceLabel = GroupName + "/disruption-namespace"
 
+	// ScheduledAtAnnotation is the annotation key for the scheduled time of the disruption when it is created from DisruptionCron or DisruptionRollout.
+	ScheduledAtAnnotation = GroupName + "/scheduled-at"
+
+	// UserAnnotation is the annotation key that stores the username of the user who created the parent resource (DisruptionCron or DisruptionRollout).
+	UserAnnotation = GroupName + "/user"
+	// UserGroupsAnnotation is the annotation key that stores the user groups of the individual who created the parent resource (DisruptionCron or DisruptionRollout).
+	UserGroupsAnnotation = GroupName + "/user-groups"
+
 	finalizerPrefix         = "finalizer." + GroupName
 	DisruptionFinalizer     = finalizerPrefix
 	DisruptionCronFinalizer = finalizerPrefix