Skip to content

Commit f74bb1a

Browse files
josvazgjosvazg
authored
CLOUDP-303356: Make container id or name immutable (#2165)
Signed-off-by: jose.vazquez <[email protected]>
1 parent 95e8cd4 commit f74bb1a

File tree

3 files changed

+116
-2
lines changed

3 files changed

+116
-2
lines changed

api/v1/atlasnetworkpeering_types.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,8 @@ type AtlasNetworkPeeringList struct {
5858
// +kubebuilder:validation:XValidation:rule="(has(self.externalProjectRef) && !has(self.projectRef)) || (!has(self.externalProjectRef) && has(self.projectRef))",message="must define only one project reference through externalProjectRef or projectRef"
5959
// +kubebuilder:validation:XValidation:rule="(has(self.externalProjectRef) && has(self.connectionSecret)) || !has(self.externalProjectRef)",message="must define a local connection secret when referencing an external project"
6060
// +kubebuilder:validation:XValidation:rule="(has(self.containerRef.name) && !has(self.containerRef.id)) || (!has(self.containerRef.name) && has(self.containerRef.id))",message="must either have a container Atlas id or Kubernetes name, but not both (or neither)"
61+
// +kubebuilder:validation:XValidation:rule="(self.containerRef.name == oldSelf.containerRef.name) || (!has(self.containerRef.name) && !has(oldSelf.containerRef.name))",message="container ref name is immutable"
62+
// +kubebuilder:validation:XValidation:rule="(self.containerRef.id == oldSelf.containerRef.id) || (!has(self.containerRef.id) && !has(oldSelf.containerRef.id))",message="container ref id is immutable"
6163
// +kubebuilder:validation:XValidation:rule="(self.id == oldSelf.id) || (!has(self.id) && !has(oldSelf.id))",message="id is immutable"
6264
type AtlasNetworkPeeringSpec struct {
6365
ProjectDualReference `json:",inline"`

api/v1/atlasnetworkpeering_types_test.go

Lines changed: 108 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ func TestPeeringCELChecks(t *testing.T) {
124124
old: &AtlasNetworkPeering{
125125
Spec: AtlasNetworkPeeringSpec{
126126
ContainerRef: ContainerDualReference{
127-
ID: "some-id",
127+
Name: "some-name",
128128
},
129129
AtlasNetworkPeeringConfig: AtlasNetworkPeeringConfig{
130130
ID: "some-peering-id",
@@ -134,7 +134,7 @@ func TestPeeringCELChecks(t *testing.T) {
134134
obj: &AtlasNetworkPeering{
135135
Spec: AtlasNetworkPeeringSpec{
136136
ContainerRef: ContainerDualReference{
137-
ID: "some-id",
137+
Name: "some-name",
138138
},
139139
AtlasNetworkPeeringConfig: AtlasNetworkPeeringConfig{
140140
ID: "another-peering-id",
@@ -167,6 +167,112 @@ func TestPeeringCELChecks(t *testing.T) {
167167
},
168168
},
169169
},
170+
171+
{
172+
title: "container ID changed fails",
173+
old: &AtlasNetworkPeering{
174+
Spec: AtlasNetworkPeeringSpec{
175+
ContainerRef: ContainerDualReference{
176+
ID: "some-id",
177+
},
178+
AtlasNetworkPeeringConfig: AtlasNetworkPeeringConfig{
179+
ID: "some-peering-id",
180+
},
181+
},
182+
},
183+
obj: &AtlasNetworkPeering{
184+
Spec: AtlasNetworkPeeringSpec{
185+
ContainerRef: ContainerDualReference{
186+
ID: "some-other-id",
187+
},
188+
AtlasNetworkPeeringConfig: AtlasNetworkPeeringConfig{
189+
ID: "some-peering-id",
190+
},
191+
},
192+
},
193+
expectedErrors: []string{"spec: Invalid value: \"object\": container ref id is immutable"},
194+
},
195+
196+
{
197+
title: "container name changed fails",
198+
old: &AtlasNetworkPeering{
199+
Spec: AtlasNetworkPeeringSpec{
200+
ContainerRef: ContainerDualReference{
201+
Name: "some-name",
202+
},
203+
AtlasNetworkPeeringConfig: AtlasNetworkPeeringConfig{
204+
ID: "some-peering-id",
205+
},
206+
},
207+
},
208+
obj: &AtlasNetworkPeering{
209+
Spec: AtlasNetworkPeeringSpec{
210+
ContainerRef: ContainerDualReference{
211+
Name: "some-other-name",
212+
},
213+
AtlasNetworkPeeringConfig: AtlasNetworkPeeringConfig{
214+
ID: "some-peering-id",
215+
},
216+
},
217+
},
218+
expectedErrors: []string{"spec: Invalid value: \"object\": container ref name is immutable"},
219+
},
220+
221+
{
222+
title: "change container name to id fails",
223+
old: &AtlasNetworkPeering{
224+
Spec: AtlasNetworkPeeringSpec{
225+
ContainerRef: ContainerDualReference{
226+
Name: "some-name",
227+
},
228+
AtlasNetworkPeeringConfig: AtlasNetworkPeeringConfig{
229+
ID: "some-peering-id",
230+
},
231+
},
232+
},
233+
obj: &AtlasNetworkPeering{
234+
Spec: AtlasNetworkPeeringSpec{
235+
ContainerRef: ContainerDualReference{
236+
ID: "some-id",
237+
},
238+
AtlasNetworkPeeringConfig: AtlasNetworkPeeringConfig{
239+
ID: "some-peering-id",
240+
},
241+
},
242+
},
243+
expectedErrors: []string{
244+
"spec: Invalid value: \"object\": no such key: name evaluating rule: container ref name is immutable",
245+
"spec: Invalid value: \"object\": no such key: id evaluating rule: container ref id is immutable",
246+
},
247+
},
248+
249+
{
250+
title: "change container id to name fails",
251+
old: &AtlasNetworkPeering{
252+
Spec: AtlasNetworkPeeringSpec{
253+
ContainerRef: ContainerDualReference{
254+
ID: "some-id",
255+
},
256+
AtlasNetworkPeeringConfig: AtlasNetworkPeeringConfig{
257+
ID: "some-peering-id",
258+
},
259+
},
260+
},
261+
obj: &AtlasNetworkPeering{
262+
Spec: AtlasNetworkPeeringSpec{
263+
ContainerRef: ContainerDualReference{
264+
Name: "some-name",
265+
},
266+
AtlasNetworkPeeringConfig: AtlasNetworkPeeringConfig{
267+
ID: "some-peering-id",
268+
},
269+
},
270+
},
271+
expectedErrors: []string{
272+
"spec: Invalid value: \"object\": no such key: name evaluating rule: container ref name is immutable",
273+
"spec: Invalid value: \"object\": no such key: id evaluating rule: container ref id is immutable",
274+
},
275+
},
170276
} {
171277
t.Run(tc.title, func(t *testing.T) {
172278
// inject a project to avoid other CEL validations being hit

config/crd/bases/atlas.mongodb.com_atlasnetworkpeerings.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -202,6 +202,12 @@ spec:
202202
not both (or neither)
203203
rule: (has(self.containerRef.name) && !has(self.containerRef.id)) ||
204204
(!has(self.containerRef.name) && has(self.containerRef.id))
205+
- message: container ref name is immutable
206+
rule: (self.containerRef.name == oldSelf.containerRef.name) || (!has(self.containerRef.name)
207+
&& !has(oldSelf.containerRef.name))
208+
- message: container ref id is immutable
209+
rule: (self.containerRef.id == oldSelf.containerRef.id) || (!has(self.containerRef.id)
210+
&& !has(oldSelf.containerRef.id))
205211
- message: id is immutable
206212
rule: (self.id == oldSelf.id) || (!has(self.id) && !has(oldSelf.id))
207213
status:

0 commit comments

Comments
 (0)