chore: fields are immutable only when Programmed=True

Kong · Feb 13, 2025 · 0912241 · 0912241
1 parent f5c6c4f
commit 0912241
Show file tree

Hide file tree

Showing 6 changed files with 162 additions and 249 deletions.
diff --git a/api/konnect/v1alpha1/konnect_cloudgateway_network_types.go b/api/konnect/v1alpha1/konnect_cloudgateway_network_types.go
@@ -21,14 +21,20 @@ func init() {
 // +kubebuilder:printcolumn:name="State",description="The state the network is in",type=string,JSONPath=`.status.state`
 // +kubebuilder:printcolumn:name="ID",description="Konnect ID",type=string,JSONPath=`.status.id`
 // +kubebuilder:printcolumn:name="OrgID",description="Konnect Organization ID this resource belongs to.",type=string,JSONPath=`.status.organizationID`
+// +kubebuilder:validation:XValidation:rule="(!has(self.status) || !self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.name == self.spec.name",message="spec.name is immutable when an entity is already Programmed"
+// +kubebuilder:validation:XValidation:rule="(!has(self.status) || !self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.cloud_gateway_provider_account_id == self.spec.cloud_gateway_provider_account_id",message="spec.cloud_gateway_provider_account_id is immutable when an entity is already Programmed"
+// +kubebuilder:validation:XValidation:rule="(!has(self.status) || !self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.region == self.spec.region",message="spec.region is immutable when an entity is already Programmed"
+// +kubebuilder:validation:XValidation:rule="(!has(self.status) || !self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.availability_zones == self.spec.availability_zones",message="spec.availability_zones is immutable when an entity is already Programmed"
+// +kubebuilder:validation:XValidation:rule="(!has(self.status) || !self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.cidr_block == self.spec.cidr_block",message="spec.cidr_block is immutable when an entity is already Programmed"
+// +kubebuilder:validation:XValidation:rule="(!has(self.status) || !self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : (!has(self.spec.state) && !has(oldSelf.spec.state)) || self.spec.state == oldSelf.spec.state",message="spec.state is immutable when an entity is already Programmed"
 // +apireference:kgo:include
 // +kong:channels=gateway-operator
 type KonnectCloudGatewayNetwork struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
 	// Spec defines the desired state of KonnectCloudGatewayNetwork.
-	Spec KonnectCloudGatewayNetworkSpec `json:"spec,omitempty"`
+	Spec KonnectCloudGatewayNetworkSpec `json:"spec"`
 
 	// Status defines the observed state of KonnectCloudGatewayNetwork.
 	Status KonnectCloudGatewayNetworkStatus `json:"status,omitempty"`
@@ -38,25 +44,6 @@ type KonnectCloudGatewayNetwork struct {
 //
 // +apireference:kgo:include
 type KonnectCloudGatewayNetworkSpec struct {
-	// KonnectCloudGatewayNetworkAPISpec defines the desired state of the network
-	// as specified in the Konnect API contract.
-	KonnectCloudGatewayNetworkAPISpec `json:",inline"`
-
-	// +kubebuilder:validation:Required
-	KonnectConfiguration KonnectConfiguration `json:"konnect"`
-}
-
-// KonnectCloudGatewayNetworkAPISpec defines the desired state of the network
-// as specified in the Konnect API contract.
-//
-// +kubebuilder:validation:XValidation:rule="self.name == oldSelf.name", message="Network name is immutable"
-// +kubebuilder:validation:XValidation:rule="self.cloud_gateway_provider_account_id == oldSelf.cloud_gateway_provider_account_id", message="Network cloud gateway provider account ID is immutable"
-// +kubebuilder:validation:XValidation:rule="self.region == oldSelf.region", message="Network region is immutable"
-// +kubebuilder:validation:XValidation:rule="self.availability_zones == oldSelf.availability_zones", message="Network availability zones are immutable"
-// +kubebuilder:validation:XValidation:rule="self.cidr_block == oldSelf.cidr_block", message="Network CIDR block is immutable"
-// +kubebuilder:validation:XValidation:rule="(!has(self.state) && !has(oldSelf.state)) || self.state == oldSelf.state", message="Network state is immutable"
-// +apireference:kgo:include
-type KonnectCloudGatewayNetworkAPISpec struct {
 	// NOTE: These fields are extracted from sdkkonnectcomp.CreateNetworkRequest
 	// because for some reason when embedding the struct, the fields deserialization
 	// doesn't work (the embedded field is always empty).
@@ -92,6 +79,9 @@ type KonnectCloudGatewayNetworkAPISpec struct {
 	//
 	// +optional
 	State *sdkkonnectcomp.NetworkCreateState `json:"state"`
+
+	// +kubebuilder:validation:Required
+	KonnectConfiguration KonnectConfiguration `json:"konnect"`
 }
 
 // KonnectCloudGatewayNetworkStatus defines the observed state of KonnectCloudGatewayNetwork.

diff --git a/api/konnect/v1alpha1/zz_generated.deepcopy.go b/api/konnect/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/gateway-operator/konnect.konghq.com_konnectcloudgatewaynetworks.yaml b/config/crd/gateway-operator/konnect.konghq.com_konnectcloudgatewaynetworks.yaml
diff --git a/docs/konnect-api-reference.md b/docs/konnect-api-reference.md
@@ -109,27 +109,6 @@ KonnectAPIAuthType is the type of authentication used to authenticate with the K
 _Appears in:_
 - [KonnectAPIAuthConfigurationSpec](#konnectapiauthconfigurationspec)
 
-#### KonnectCloudGatewayNetworkAPISpec
-
-
-KonnectCloudGatewayNetworkAPISpec defines the desired state of the network
-as specified in the Konnect API contract.
-
-
-
-| Field | Description |
-| --- | --- |
-| `name` _string_ | Specifies the name of the network on Konnect. |
-| `cloud_gateway_provider_account_id` _string_ | Specifies the provider Account ID. |
-| `region` _string_ | Region ID for cloud provider region. |
-| `availability_zones` _string array_ | List of availability zones that the network is attached to. |
-| `cidr_block` _string_ | CIDR block configuration for the network. |
-| `state` _[NetworkCreateState](#networkcreatestate)_ | Initial state for creating a network. |
-
-
-_Appears in:_
-- [KonnectCloudGatewayNetworkSpec](#konnectcloudgatewaynetworkspec)
-
 #### KonnectCloudGatewayNetworkSpec
 
 

diff --git a/test/crdsvalidation/kongvault_test.go b/test/crdsvalidation/kongvault_test.go
@@ -29,7 +29,6 @@ func TestKongVault(t *testing.T) {
 		NewCRDValidationTestCasesGroupCPRefChange(t, obj, SupportedByKIC, ControlPlaneRefNotRequired).Run(t)
 	})
 
-	return
 	t.Run("spec", func(t *testing.T) {
 		crdsvalidation.TestCasesGroup[*configurationv1alpha1.KongVault]{
 			{
-Original file line number
+Diff line change
@@ Expand Up / @@ -29,7 +29,6 @@ func TestKongVault(t *testing.T) { @@
     		NewCRDValidationTestCasesGroupCPRefChange(t, obj, SupportedByKIC, ControlPlaneRefNotRequired).Run(t)
     	})
-    	return
     	t.Run("spec", func(t *testing.T) {
     		crdsvalidation.TestCasesGroup[*configurationv1alpha1.KongVault]{
     			{
@@ Expand Down @@