PDOK
diff --git a/‎internal/webhook/v3/atom_webhook_test.go‎
Lines changed: 161 additions & 34 deletions b/‎internal/webhook/v3/atom_webhook_test.go‎
Lines changed: 161 additions & 34 deletions
diff --git a/‎internal/webhook/v3/test_data/README.md‎
Lines changed: 0 additions & 10 deletions b/‎internal/webhook/v3/test_data/README.md‎
Lines changed: 0 additions & 10 deletions
diff --git a/‎…dates/invalid/minimal-immutable-url.yaml‎ ‎…ta/creates/invalid/unknown-ownerref.yaml‎internal/webhook/v3/test_data/updates/invalid/minimal-immutable-url.yaml renamed to internal/webhook/v3/test_data/creates/invalid/unknown-ownerref.yaml
Lines changed: 2 additions & 2 deletions b/‎…dates/invalid/minimal-immutable-url.yaml‎ ‎…ta/creates/invalid/unknown-ownerref.yaml‎internal/webhook/v3/test_data/updates/invalid/minimal-immutable-url.yaml renamed to internal/webhook/v3/test_data/creates/invalid/unknown-ownerref.yaml
Lines changed: 2 additions & 2 deletions
diff --git a/‎internal/webhook/v3/test_data/updates/invalid/ingress-route-urls-removed-url.yaml‎
Lines changed: 0 additions & 62 deletions b/‎internal/webhook/v3/test_data/updates/invalid/ingress-route-urls-removed-url.yaml‎
Lines changed: 0 additions & 62 deletions
@@ -25,7 +25,14 @@ SOFTWARE.
 package v3
 
 import (
-	"errors"
+	"context"
+	"fmt"
+	v1 "github.com/pdok/smooth-operator/api/v1"
+	"github.com/pdok/smooth-operator/model"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/util/validation/field"
 	"os"
 
 	. "github.com/onsi/ginkgo/v2" //nolint:revive // ginkgo bdd
@@ -37,9 +44,11 @@ import (
 
 var _ = Describe("Atom Webhook", func() {
 	var (
-		obj       *pdoknlv3.Atom
-		oldObj    *pdoknlv3.Atom
-		validator AtomCustomValidator
+		obj         *pdoknlv3.Atom
+		oldObj      *pdoknlv3.Atom
+		validator   AtomCustomValidator
+		labelsPath  *field.Path
+		servicePath *field.Path
 	)
 
 	BeforeEach(func() {
@@ -53,6 +62,8 @@ var _ = Describe("Atom Webhook", func() {
 		Expect(obj).NotTo(BeNil(), "Expected obj to be initialized")
 		// TODO (user): Add any setup logic common to all tests
 
+		labelsPath = field.NewPath("metadata").Child("labels")
+		servicePath = field.NewPath("spec").Child("service")
 	})
 
 	AfterEach(func() {
@@ -65,7 +76,11 @@ var _ = Describe("Atom Webhook", func() {
 		})
 
 		It("Should deny creation if no labels are available", func() {
-			testCreate(validator, "invalid/no-labels.yaml", errors.New("Atom.pdok.nl \"asis-readonly-prod\" is invalid: metadata.labels: Required value: can't be empty"))
+			testCreate(validator, "invalid/no-labels.yaml", func(_ *pdoknlv3.Atom) field.ErrorList {
+				return field.ErrorList{
+					field.Required(labelsPath, "can't be empty"),
+				}
+			})
 		})
 
 		It("Should create atom with ingressRouteUrls that contains the service baseUrl", func() {
@@ -76,96 +91,205 @@ var _ = Describe("Atom Webhook", func() {
 			testCreate(
 				validator,
 				"invalid/ingress-route-urls-missing-baseurl.yaml",
-				errors.New("Atom.pdok.nl \"ingress-route-urls\" is invalid: spec.ingressRouteUrls: Invalid value: \"[{http://test.com/path}]\": must contain baseURL: http://localhost:32788/rvo/wetlands/atom"),
+				func(atom *pdoknlv3.Atom) field.ErrorList {
+					return field.ErrorList{
+						field.Invalid(field.NewPath("spec").Child("ingressRouteUrls"), fmt.Sprint(atom.Spec.IngressRouteURLs), "must contain baseURL: "+atom.Spec.Service.BaseURL.String()),
+					}
+				},
+			)
+		})
+
+		It("Should deny creation if spec.service.ownerReference is not found", func() {
+			testCreate(
+				validator,
+				"invalid/unknown-ownerref.yaml",
+				func(atom *pdoknlv3.Atom) field.ErrorList {
+					return field.ErrorList{
+						field.NotFound(servicePath.Child("ownerInfoRef"), atom.Spec.Service.OwnerInfoRef),
+					}
+				},
+			)
+		})
+
+		It("Should deny creation if spec.service.ownerReference does not contain Atom info", func() {
+			// Create the OwnerInfo
+			o := v1.OwnerInfo{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "random",
+					Namespace: "services",
+				},
+			}
+
+			err := validator.Client.Create(context.TODO(), &o)
+			Expect(err).To(Not(HaveOccurred()))
+
+			testCreate(
+				validator,
+				"invalid/unknown-ownerref.yaml",
+				func(atom *pdoknlv3.Atom) field.ErrorList {
+					return field.ErrorList{
+						field.Required(servicePath.Child("ownerInfoRef"), "spec.Atom missing in random"),
+					}
+				},
 			)
 		})
 
 		It("Should create and update atom without errors or warnings", func() {
-			testUpdate(validator, "valid/minimal.yaml", "valid/minimal-service-title-changed.yaml", nil)
+			testUpdate(
+				validator,
+				"valid/minimal.yaml",
+				func(atom *pdoknlv3.Atom) {
+					atom.Spec.Service.Title = "New service title"
+				},
+				nil,
+			)
 		})
 
 		It("Should deny update atom with error label names cannot be added or deleted", func() {
 			testUpdate(
 				validator,
 				"valid/minimal.yaml",
-				"invalid/minimal-immutable-labels-key-change.yaml",
-				errors.New("Atom.pdok.nl \"asis-readonly-prod\" is invalid: [metadata.labels.pdok.nl/dataset-id: Required value: labels cannot be removed, metadata.labels.pdok.nl/dataset-idsssssssss: Forbidden: new labels cannot be added]"),
+				func(atom *pdoknlv3.Atom) {
+					labels := atom.GetLabels()
+					labels["pdok.nl/dataset-idsssssssss"] = labels["pdok.nl/dataset-ids"]
+					delete(labels, "pdok.nl/dataset-ids")
+					atom.Labels = labels
+				},
+				func(_, _ *pdoknlv3.Atom) field.ErrorList {
+					return field.ErrorList{
+						field.Forbidden(labelsPath.Child("pdok.nl/dataset-idsssssssss"), "new labels cannot be added"),
+					}
+				},
 			)
 		})
 
 		It("Should deny update atom with error label names are immutable", func() {
 			testUpdate(
 				validator,
 				"valid/minimal.yaml",
-				"invalid/minimal-immutable-labels-value-change.yaml",
-				errors.New("Atom.pdok.nl \"asis-readonly-prod\" is invalid: metadata.labels.pdok.nl/dataset-id: Invalid value: \"wetlands-changed\": immutable: should be: wetlands"),
+				func(atom *pdoknlv3.Atom) {
+					labels := atom.GetLabels()
+					labels["pdok.nl/dataset-id"] = "wetlands-changed"
+					atom.Labels = labels
+				},
+				func(old, _ *pdoknlv3.Atom) field.ErrorList {
+					return field.ErrorList{
+						field.Invalid(labelsPath.Child("pdok.nl/dataset-id"), "wetlands-changed", "immutable: should be: "+old.Labels["pdok.nl/dataset-id"]),
+					}
+				},
 			)
 		})
 
 		It("Should deny update atom with error URL are immutable", func() {
 			testUpdate(
 				validator,
 				"valid/minimal.yaml",
-				"invalid/minimal-immutable-url.yaml", errors.New("Atom.pdok.nl \"asis-readonly-prod\" is invalid: spec.service.baseUrl: Forbidden: is immutable"),
+				func(atom *pdoknlv3.Atom) {
+					// net/url.URL doesn't deepcopy...
+					oldURL := atom.Spec.Service.BaseURL.String()
+					newURL, _ := model.ParseURL(oldURL)
+					newURL.Path += "/extra"
+					atom.Spec.Service.BaseURL = model.URL{URL: newURL}
+				},
+				func(_, _ *pdoknlv3.Atom) field.ErrorList {
+					return field.ErrorList{
+						field.Forbidden(servicePath.Child("baseUrl"), "is immutable"),
+					}
+				},
 			)
 		})
 
 		It("Should deny update atom as ingressRouteURLs cannot be removed", func() {
 			testUpdate(
 				validator,
 				"valid/ingress-route-urls.yaml",
-				"invalid/ingress-route-urls-removed-url.yaml",
-				errors.New("Atom.pdok.nl \"ingress-route-urls\" is invalid: spec.ingressRouteUrls: Invalid value: \"[{http://localhost:32788/rvo/wetlands/atom}]\": urls cannot be removed, missing: {http://localhost:32788/other/path}"),
+				func(atom *pdoknlv3.Atom) {
+					atom.Spec.IngressRouteURLs = atom.Spec.IngressRouteURLs[:len(atom.Spec.IngressRouteURLs)-1]
+				},
+				func(_, new *pdoknlv3.Atom) field.ErrorList {
+					return field.ErrorList{
+						field.Invalid(field.NewPath("spec").Child("ingressRouteUrls"), fmt.Sprint(new.Spec.IngressRouteURLs), "urls cannot be removed, missing: {http://localhost:32788/other/path}"),
+					}
+				},
 			)
 		})
 
 		It("Should deny update atom when the service baseUrl is changed and the old value is not added to the ingressRouteUrls", func() {
 			testUpdate(
 				validator,
 				"valid/minimal.yaml",
-				"invalid/minimal-service-url-changed-ingress-route-urls-missing-old.yaml",
-				errors.New("Atom.pdok.nl \"asis-readonly-prod\" is invalid: spec.ingressRouteUrls: Invalid value: \"[{http://localhost:32788/new/path}]\": must contain baseURL: http://localhost:32788/rvo/wetlands/atom"),
+				func(atom *pdoknlv3.Atom) {
+					newURL, _ := model.ParseURL("http://localhost:32788/new/path")
+
+					atom.Spec.IngressRouteURLs = model.IngressRouteURLs{{URL: model.URL{URL: newURL}}}
+					atom.Spec.Service.BaseURL = model.URL{URL: newURL}
+				},
+				func(_, new *pdoknlv3.Atom) field.ErrorList {
+					return field.ErrorList{
+						field.Invalid(field.NewPath("spec").Child("ingressRouteUrls"), fmt.Sprint(new.Spec.IngressRouteURLs), "must contain baseURL: http://localhost:32788/rvo/wetlands/atom"),
+					}
+				},
 			)
 		})
 
 		It("Should deny update atom when the service baseUrl is changed and the new value is not added to the ingressRouteUrls", func() {
 			testUpdate(
 				validator,
 				"valid/minimal.yaml",
-				"invalid/minimal-service-url-changed-ingress-route-urls-missing-new.yaml",
-				errors.New("Atom.pdok.nl \"asis-readonly-prod\" is invalid: spec.ingressRouteUrls: Invalid value: \"[{http://localhost:32788/rvo/wetlands/atom}]\": must contain baseURL: http://localhost:32788/new/path"),
+				func(atom *pdoknlv3.Atom) {
+					oldURL := atom.Spec.Service.BaseURL
+					newURL, _ := model.ParseURL("http://localhost:32788/new/path")
+
+					atom.Spec.IngressRouteURLs = model.IngressRouteURLs{{URL: oldURL}}
+					atom.Spec.Service.BaseURL = model.URL{URL: newURL}
+				},
+				func(_, new *pdoknlv3.Atom) field.ErrorList {
+					return field.ErrorList{
+						field.Invalid(field.NewPath("spec").Child("ingressRouteUrls"), fmt.Sprint(new.Spec.IngressRouteURLs), "must contain baseURL: http://localhost:32788/new/path"),
+					}
+				},
 			)
 		})
 
 		It("Should create and update atom with changed service url if ingressRouteUrls is filled correctly", func() {
-			testUpdate(validator, "valid/minimal.yaml", "valid/minimal-service-url-changed.yaml", nil)
+			testUpdate(
+				validator,
+				"valid/minimal.yaml",
+				func(atom *pdoknlv3.Atom) {
+					oldURL := atom.Spec.Service.BaseURL
+					newURL, _ := model.ParseURL("http://localhost:32788/new/path")
+
+					atom.Spec.IngressRouteURLs = model.IngressRouteURLs{{URL: oldURL}, {URL: model.URL{URL: newURL}}}
+					atom.Spec.Service.BaseURL = model.URL{URL: newURL}
+				},
+				nil,
+			)
 		})
 	})
 })
 
-func testUpdate(validator AtomCustomValidator, createFile, updateFile string, expectedError error) {
+func testUpdate(validator AtomCustomValidator, createFile string, updateFn func(atom *pdoknlv3.Atom), errFn func(atomOld, atomNew *pdoknlv3.Atom) field.ErrorList) {
 	atomOld := testCreate(validator, createFile, nil)
 
 	By("Simulating an (in)valid update scenario")
-	input, err := os.ReadFile("test_data/updates/" + updateFile)
-	Expect(err).NotTo(HaveOccurred())
-	atomNew := &pdoknlv3.Atom{}
-	err = yaml.Unmarshal(input, atomNew)
-	Expect(err).NotTo(HaveOccurred())
-	Expect(atomOld.GetName()).To(Equal(atomNew.GetName()))
-	warnings, errorsUpdate := validator.ValidateUpdate(ctx, atomOld, atomNew)
+	atomNew := atomOld.DeepCopy()
+	updateFn(atomNew)
+
+	warnings, err := validator.ValidateUpdate(ctx, atomOld, atomNew)
 
 	Expect(len(warnings)).To(Equal(0))
 
-	if expectedError == nil {
-		Expect(errorsUpdate).To(Not(HaveOccurred()))
+	if errFn == nil {
+		Expect(err).To(Not(HaveOccurred()))
 	} else {
-		Expect(errorsUpdate).To(HaveOccurred())
-		Expect(expectedError.Error()).To(Equal(errorsUpdate.Error()))
+		Expect(err).To(HaveOccurred())
+		Expect(
+			apierrors.NewInvalid(schema.GroupKind{Group: "pdok.nl", Kind: "Atom"}, atomNew.Name, errFn(atomOld, atomNew)).Error(),
+		).To(Equal(err.Error()))
 	}
 }
 
-func testCreate(validator AtomCustomValidator, createFile string, expectedError error) *pdoknlv3.Atom {
+func testCreate(validator AtomCustomValidator, createFile string, errFn func(atom *pdoknlv3.Atom) field.ErrorList) *pdoknlv3.Atom {
 	By("simulating a (in)valid creation scenario")
 	input, err := os.ReadFile("test_data/creates/" + createFile)
 	Expect(err).NotTo(HaveOccurred())
@@ -175,10 +299,13 @@ func testCreate(validator AtomCustomValidator, createFile string, expectedError
 	warnings, err := validator.ValidateCreate(ctx, atom)
 	Expect(len(warnings)).To(Equal(0))
 
-	if expectedError == nil {
+	if errFn == nil {
 		Expect(err).To(Not(HaveOccurred()))
 	} else {
-		Expect(expectedError.Error()).To(Equal(err.Error()))
+		Expect(err).To(HaveOccurred())
+		Expect(
+			apierrors.NewInvalid(schema.GroupKind{Group: "pdok.nl", Kind: "Atom"}, atom.Name, errFn(atom)).Error(),
+		).To(Equal(err.Error()))
 	}
 
 	return atom
 
@@ -13,7 +13,7 @@ metadata:
   namespace: services
 spec:
   service:
-    baseUrl: http://localhost:32788/rvo44444/wetlands/atom
+    baseUrl: http://localhost:32788/rvo/wetlands/atom
     datasetFeeds:
       - author:
           email: [email protected]
@@ -48,7 +48,7 @@ spec:
         technicalName: wetlands
         title: wetlands
     lang: nl
-    ownerInfoRef: pdok
+    ownerInfoRef: random
     rights: https://creativecommons.org/publicdomain/zero/1.0/deed.nl
     serviceMetadataLinks:
       metadataIdentifier: 2751ba40-5100-4186-81be-b7fdee95b49c