fix: allow updating KongVault with empty CP ref (#147)

Kong · Nov 7, 2024 · 3f8c399 · 3f8c399
1 parent 6dc4a26
commit 3f8c399
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 4 deletions.
diff --git a/api/configuration/v1alpha1/kong_vault_types.go b/api/configuration/v1alpha1/kong_vault_types.go
@@ -47,7 +47,7 @@ const (
 // +kubebuilder:printcolumn:name="Programmed",type=string,JSONPath=`.status.conditions[?(@.type=="Programmed")].status`
 // +kubebuilder:validation:XValidation:rule="self.spec.prefix == oldSelf.spec.prefix", message="The spec.prefix field is immutable"
 // +kubebuilder:validation:XValidation:rule="!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)", message="controlPlaneRef is required once set"
-// +kubebuilder:validation:XValidation:rule="(!has(self.status) || !self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef", message="spec.controlPlaneRef is immutable when an entity is already Programmed"
+// +kubebuilder:validation:XValidation:rule="(!has(self.status) || !self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True') || !has(self.spec.controlPlaneRef)) ? true : oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef", message="spec.controlPlaneRef is immutable when an entity is already Programmed"
 // +apireference:kgo:include
 // +apireference:kic:include
 type KongVault struct {

diff --git a/config/crd/bases/configuration.konghq.com_kongvaults.yaml b/config/crd/bases/configuration.konghq.com_kongvaults.yaml
@@ -271,8 +271,8 @@ spec:
           rule: '!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)'
         - message: spec.controlPlaneRef is immutable when an entity is already Programmed
           rule: '(!has(self.status) || !self.status.conditions.exists(c, c.type ==
-            ''Programmed'' && c.status == ''True'')) ? true : oldSelf.spec.controlPlaneRef
-            == self.spec.controlPlaneRef'
+            ''Programmed'' && c.status == ''True'') || !has(self.spec.controlPlaneRef))
+            ? true : oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef'
     served: true
     storage: true
     subresources:

diff --git a/test/crdsvalidation/kongvault_test.go b/test/crdsvalidation/kongvault_test.go
@@ -49,7 +49,7 @@ func TestKongVault(t *testing.T) {
 				ExpectedUpdateErrorMessage: lo.ToPtr("controlPlaneRef is required once set"),
 			},
 			{
-				Name: "control plane is immutable once programmed",
+				Name: "control plane is immutable once programmed (non-empty -> non-empty)",
 				TestObject: &configurationv1alpha1.KongVault{
 					ObjectMeta: commonObjectMeta,
 					Spec: configurationv1alpha1.KongVaultSpec{
@@ -83,6 +83,64 @@ func TestKongVault(t *testing.T) {
 				},
 				ExpectedUpdateErrorMessage: lo.ToPtr("spec.controlPlaneRef is immutable when an entity is already Programmed"),
 			},
+			{
+				Name: "control plane is immutable once programmed (empty -> non-empty)",
+				TestObject: &configurationv1alpha1.KongVault{
+					ObjectMeta: commonObjectMeta,
+					Spec: configurationv1alpha1.KongVaultSpec{
+						Backend: "aws",
+						Prefix:  "aws-vault",
+					},
+					Status: configurationv1alpha1.KongVaultStatus{
+						Konnect: &konnectv1alpha1.KonnectEntityStatusWithControlPlaneRef{
+							ControlPlaneID: "konnect-1",
+						},
+						Conditions: []metav1.Condition{
+							{
+								Type:               "Programmed",
+								Status:             metav1.ConditionTrue,
+								ObservedGeneration: 1,
+								Reason:             "Programmed",
+								LastTransitionTime: metav1.Now(),
+							},
+						},
+					},
+				},
+				Update: func(v *configurationv1alpha1.KongVault) {
+					v.Spec.ControlPlaneRef = &configurationv1alpha1.ControlPlaneRef{
+						Type:      configurationv1alpha1.ControlPlaneRefKonnectID,
+						KonnectID: lo.ToPtr("konnect"),
+					}
+				},
+				ExpectedUpdateErrorMessage: lo.ToPtr("spec.controlPlaneRef is immutable when an entity is already Programmed"),
+			},
+			{
+				Name: "programmed object can be updated when no controlPlaneRef set",
+				TestObject: &configurationv1alpha1.KongVault{
+					ObjectMeta: commonObjectMeta,
+					Spec: configurationv1alpha1.KongVaultSpec{
+						Backend: "aws",
+						Prefix:  "aws-vault",
+					},
+					Status: configurationv1alpha1.KongVaultStatus{
+						Konnect: &konnectv1alpha1.KonnectEntityStatusWithControlPlaneRef{
+							ControlPlaneID: "konnect-1",
+						},
+						Conditions: []metav1.Condition{
+							{
+								Type:               "Programmed",
+								Status:             metav1.ConditionTrue,
+								ObservedGeneration: 1,
+								Reason:             "Programmed",
+								LastTransitionTime: metav1.Now(),
+							},
+						},
+					},
+				},
+				Update: func(v *configurationv1alpha1.KongVault) {
+					v.Spec.Backend = "aws-2"
+				},
+			},
 		}.Run(t)
 	})