fix: make xr.spec.writeConnectionSecretToRef the highest priority for v2 XR connection details

Signed-off-by: Jared Watts <[email protected]>

Author: jbw976

README.md

@@ -184,8 +184,14 @@ Crossplane documentation.
 
 ### Setting name/namespace
 
-You can control the name and namespace of this connection secret in a few ways,
-in order of precedence:
+For v2 XRs, you can control the name and namespace of this connection secret in
+a few ways, in order of precedence:
+
+**XR reference:**
+
+If you've manually included a `spec.writeConnectionSecretToRef` in your XR's
+schema, this function will use that reference. This can be useful for maintaining
+consistency with existing XR configurations.
 
 **Function `input`:**
 
@@ -201,12 +207,6 @@ input:
     namespace: production
 ```
 
-**XR reference:**
-
-If you've manually included a `spec.writeConnectionSecretToRef` in your XR's
-schema, this function will use that reference. This can be useful for maintaining
-consistency with existing XR configurations.
-
 **Default auto generated**
 
 If none of the above options are provided, the function generates a name based
@@ -217,9 +217,9 @@ namespace for cluster scoped XRs if you want connection secret functionality.
 
 ### Patching secret name/namespace
 
-You can also use patches to dynamically construct the secret name or namespace
-from XR fields. This is useful when you want the secret name to include
-environment-specific information or other metadata:
+For v2 XRs, you can also use patches to dynamically construct the secret name or
+namespace from XR fields. This is useful when you want the secret name to
+include environment-specific information or other metadata:
 
 ```yaml
 writeConnectionSecretToRef:

connection.go

@@ -143,25 +143,25 @@ func getConnectionSecretRef(xr *resource.Composite, input *v1beta1.WriteConnecti
 // getBaseConnectionSecretRef determines the base connection secret reference
 // without any patches. This reference is generated with the following
 // precedence:
-//  1. input.writeConnectionSecretToRef - if name or namespace is provided
-//     then the whole ref will be used
-//  2. xr.writeConnectionSecretToRef - this is no longer automatically added
+//  1. xr.spec.writeConnectionSecretToRef - this is no longer automatically added
 //     to v2 XR schemas, but the community has been adding it manually, so if
 //     it's present we will use it.
+//  2. function input.writeConnectionSecretToRef - if name or namespace is provided
+//     then the whole ref will be used
 //  3. generate the reference from scratch, based on the XR name and namespace
 func getBaseConnectionSecretRef(xr *resource.Composite, input *v1beta1.WriteConnectionSecretToRef) xpv1.SecretReference {
-	// Use the input values if at least one of name or namespace has been provided
-	if input != nil && (input.Name != "" || input.Namespace != "") {
-		return xpv1.SecretReference{Name: input.Name, Namespace: input.Namespace}
-	}
-
 	// Check if XR author manually added writeConnectionSecretToRef to the XR's
 	// schema and just use that if it exists
 	xrRef := xr.Resource.GetWriteConnectionSecretToReference()
 	if xrRef != nil {
 		return *xrRef
 	}
 
+	// Use the input values if at least one of name or namespace has been provided
+	if input != nil && (input.Name != "" || input.Namespace != "") {
+		return xpv1.SecretReference{Name: input.Name, Namespace: input.Namespace}
+	}
+
 	// Nothing has been provided, so generate a default name using the name of the XR
 	return xpv1.SecretReference{
 		Name:      xr.Resource.GetName() + "-connection",

connection_test.go

@@ -156,8 +156,32 @@ func TestGetConnectionSecretRef(t *testing.T) {
 		args   args
 		want   want
 	}{
-		"InputProvided": {
-			reason: "Should use the provided name and namespace from function input when provided",
+		"XRRefProvidedNoInput": {
+			reason: "Should use the XR's writeConnectionSecretToRef when no input is provided",
+			args: args{
+				xr: &resource.Composite{
+					Resource: func() *composite.Unstructured {
+						xr := composite.New()
+						_ = json.Unmarshal([]byte(`{
+							"apiVersion":"example.org/v1",
+							"kind":"XR",
+							"metadata":{"uid":"test-uid-456"},
+							"spec":{"writeConnectionSecretToRef":{"name":"xr-secret","namespace":"xr-namespace"}}
+						}`), xr)
+						return xr
+					}(),
+				},
+				input: nil,
+			},
+			want: want{
+				ref: xpv1.SecretReference{
+					Name:      "xr-secret",
+					Namespace: "xr-namespace",
+				},
+			},
+		},
+		"InputProvidedNoXRRef": {
+			reason: "Should use the provided name and namespace from function input when no XR ref is provided",
 			args: args{
 				xr: &resource.Composite{
 					Resource: func() *composite.Unstructured {
@@ -182,8 +206,8 @@ func TestGetConnectionSecretRef(t *testing.T) {
 				},
 			},
 		},
-		"XRHasWriteConnectionSecretToRef": {
-			reason: "Should use the XR's writeConnectionSecretToRef when no input is provided",
+		"XRRefAndInputProvided": {
+			reason: "Should use the XR's writeConnectionSecretToRef even when function input is provided",
 			args: args{
 				xr: &resource.Composite{
 					Resource: func() *composite.Unstructured {
@@ -197,7 +221,10 @@ func TestGetConnectionSecretRef(t *testing.T) {
 						return xr
 					}(),
 				},
-				input: nil,
+				input: &v1beta1.WriteConnectionSecretToRef{
+					Name:      "my-custom-secret",
+					Namespace: "custom-namespace",
+				},
 			},
 			want: want{
 				ref: xpv1.SecretReference{