refactor: make public networking flag negatable

thde · thde · commit 44ef25404fe8 · 2025-09-24T16:57:10.000+02:00
diff --git a/create/cloudvm.go b/create/cloudvm.go
@@ -106,7 +106,7 @@ func (cmd *cloudVMCmd) newCloudVM(namespace string) (*infrastructure.CloudVirtua
 			}
 
 			b, err := io.ReadAll(file)
-			if file != nil {
+			if err != nil {
 				return nil, fmt.Errorf("error reading public keys file: %w", err)
 			}
 			keys = append(keys, string(b))
diff --git a/create/keyvaluestore.go b/create/keyvaluestore.go
@@ -15,11 +15,14 @@ import (
 
 type keyValueStoreCmd struct {
 	resourceCmd
-	Location                meta.LocationName                    `placeholder:"${keyvaluestore_location_default}" help:"Where the Key-Value Store instance is created. Available locations are: ${keyvaluestore_location_options}"`
-	MemorySize              *storage.KeyValueStoreMemorySize     `placeholder:"${keyvaluestore_memorysize_default}" help:"Available amount of memory."`
-	MaxMemoryPolicy         storage.KeyValueStoreMaxMemoryPolicy `placeholder:"${keyvaluestore_maxmemorypolicy_default}" help:"Behaviour when the memory limit is reached."`
-	AllowedCidrs            []meta.IPv4CIDR                      `placeholder:"203.0.113.1/32" help:"IP addresses allowed to connect to the public endpoint."`
-	PublicNetworkingEnabled *bool                                `help:"If public networking is \"false\", it is only possible to access the service by configuring a service connection."`
+	Location         meta.LocationName                    `placeholder:"${keyvaluestore_location_default}" help:"Where the Key-Value Store instance is created. Available locations are: ${keyvaluestore_location_options}"`
+	MemorySize       *storage.KeyValueStoreMemorySize     `placeholder:"${keyvaluestore_memorysize_default}" help:"Available amount of memory."`
+	MaxMemoryPolicy  storage.KeyValueStoreMaxMemoryPolicy `placeholder:"${keyvaluestore_maxmemorypolicy_default}" help:"Behaviour when the memory limit is reached."`
+	AllowedCidrs     []meta.IPv4CIDR                      `placeholder:"203.0.113.1/32" help:"IP addresses allowed to connect to the public endpoint."`
+	PublicNetworking *bool                                `negatable:"" help:"Enable or disable public networking. Enabled by default."`
+
+	// Deprecated Flags
+	PublicNetworkingEnabled *bool `hidden:""`
 }
 
 func (cmd *keyValueStoreCmd) Run(ctx context.Context, client *api.Client) error {
@@ -65,6 +68,11 @@ func KeyValueStoreKongVars() kong.Vars {
 func (cmd *keyValueStoreCmd) newKeyValueStore(namespace string) (*storage.KeyValueStore, error) {
 	name := getName(cmd.Name)
 
+	publicNetworking := cmd.PublicNetworking
+	if publicNetworking == nil {
+		publicNetworking = cmd.PublicNetworkingEnabled
+	}
+
 	keyValueStore := &storage.KeyValueStore{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
@@ -81,7 +89,7 @@ func (cmd *keyValueStoreCmd) newKeyValueStore(namespace string) (*storage.KeyVal
 				Location:                cmd.Location,
 				MaxMemoryPolicy:         cmd.MaxMemoryPolicy,
 				AllowedCIDRs:            cmd.AllowedCidrs,
-				PublicNetworkingEnabled: cmd.PublicNetworkingEnabled,
+				PublicNetworkingEnabled: publicNetworking,
 				MemorySize:              cmd.MemorySize,
 			},
 		},
diff --git a/create/keyvaluestore_test.go b/create/keyvaluestore_test.go
@@ -54,14 +54,51 @@ func TestKeyValueStore(t *testing.T) {
 				AllowedCIDRs: []meta.IPv4CIDR{meta.IPv4CIDR("0.0.0.0/0")},
 			},
 		},
+		{
+			name: "publicNetworking-deprecated",
+			create: keyValueStoreCmd{
+				PublicNetworkingEnabled: ptr.To(true),
+			},
+			want: storage.KeyValueStoreParameters{
+				PublicNetworkingEnabled: ptr.To(true),
+			},
+		},
 		{
 			name: "publicNetworking",
 			create: keyValueStoreCmd{
+				PublicNetworking: ptr.To(true),
+			},
+			want: storage.KeyValueStoreParameters{
 				PublicNetworkingEnabled: ptr.To(true),
 			},
+		},
+		{
+			name: "publicNetworking-disabled-deprecated",
+			create: keyValueStoreCmd{
+				PublicNetworkingEnabled: ptr.To(false),
+			},
+			want: storage.KeyValueStoreParameters{
+				PublicNetworkingEnabled: ptr.To(false),
+			},
+		},
+		{
+			name: "publicNetworking-disabled",
+			create: keyValueStoreCmd{
+				PublicNetworking: ptr.To(false),
+			},
 			want: storage.KeyValueStoreParameters{
+				PublicNetworkingEnabled: ptr.To(false),
+			},
+		},
+		{
+			name: "publicNetworking-disabled-both",
+			create: keyValueStoreCmd{
+				PublicNetworking:        ptr.To(false),
 				PublicNetworkingEnabled: ptr.To(true),
 			},
+			want: storage.KeyValueStoreParameters{
+				PublicNetworkingEnabled: ptr.To(false),
+			},
 		},
 	}
 	for _, tt := range tests {
diff --git a/create/opensearch.go b/create/opensearch.go
@@ -16,12 +16,15 @@ import (
 
 type openSearchCmd struct {
 	resourceCmd
-	Location                meta.LocationName             `placeholder:"${opensearch_location_default}" help:"Where the OpenSearch cluster is created. Available locations are: ${opensearch_location_options}"`
-	ClusterType             storage.OpenSearchClusterType `placeholder:"${opensearch_cluster_type_default}" help:"Type of cluster. Available types: ${opensearch_cluster_types}"`
-	MachineType             string                        `placeholder:"${opensearch_machine_type_default}" help:"Defines the sizing of an OpenSearch instance. Available types: ${opensearch_machine_types}"`
-	AllowedCidrs            []meta.IPv4CIDR               `placeholder:"203.0.113.1/32" help:"IP addresses allowed to connect to the public endpoint."`
-	PublicNetworkingEnabled *bool                         `help:"If public networking is \"false\", it is only possible to access the service by configuring a service connection."`
-	BucketUsers             []string                      `placeholder:"user1,user2" help:"BucketUsers specify the users who have read access to the OpenSearch snapshots bucket."`
+	Location         meta.LocationName             `placeholder:"${opensearch_location_default}" help:"Where the OpenSearch cluster is created. Available locations are: ${opensearch_location_options}"`
+	ClusterType      storage.OpenSearchClusterType `placeholder:"${opensearch_cluster_type_default}" help:"Type of cluster. Available types: ${opensearch_cluster_types}"`
+	MachineType      string                        `placeholder:"${opensearch_machine_type_default}" help:"Defines the sizing of an OpenSearch instance. Available types: ${opensearch_machine_types}"`
+	AllowedCidrs     []meta.IPv4CIDR               `placeholder:"203.0.113.1/32" help:"IP addresses allowed to connect to the public endpoint."`
+	BucketUsers      []string                      `placeholder:"user1,user2" help:"BucketUsers specify the users who have read access to the OpenSearch snapshots bucket."`
+	PublicNetworking *bool                         `negatable:"" help:"Enable or disable public networking. Enabled by default."`
+
+	// Deprecated Flags
+	PublicNetworkingEnabled *bool `hidden:"" help:"If public networking is \"false\", it is only possible to access the service by configuring a service connection."`
 }
 
 func (cmd *openSearchCmd) Run(ctx context.Context, client *api.Client) error {
@@ -70,6 +73,11 @@ func OpenSearchKongVars() kong.Vars {
 func (cmd *openSearchCmd) newOpenSearch(namespace string) (*storage.OpenSearch, error) {
 	name := getName(cmd.Name)
 
+	publicNetworking := cmd.PublicNetworking
+	if publicNetworking == nil {
+		publicNetworking = cmd.PublicNetworkingEnabled
+	}
+
 	openSearch := &storage.OpenSearch{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
@@ -88,7 +96,7 @@ func (cmd *openSearchCmd) newOpenSearch(namespace string) (*storage.OpenSearch,
 				ClusterType:             cmd.ClusterType,
 				AllowedCIDRs:            cmd.AllowedCidrs,
 				BucketUsers:             LocalReferences(cmd.BucketUsers),
-				PublicNetworkingEnabled: cmd.PublicNetworkingEnabled,
+				PublicNetworkingEnabled: publicNetworking,
 			},
 		},
 	}
diff --git a/create/opensearch_test.go b/create/opensearch_test.go
@@ -13,6 +13,7 @@ import (
 	"github.com/ninech/nctl/internal/test"
 	"github.com/stretchr/testify/require"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
 )
 
 func TestOpenSearch(t *testing.T) {
@@ -57,6 +58,52 @@ func TestOpenSearch(t *testing.T) {
 				AllowedCIDRs: []meta.IPv4CIDR{meta.IPv4CIDR("192.168.1.0/24")},
 			},
 		},
+		{
+			name: "publicNetworking-deprecated",
+			create: openSearchCmd{
+				PublicNetworkingEnabled: ptr.To(true),
+			},
+			want: storage.OpenSearchParameters{
+				PublicNetworkingEnabled: ptr.To(true),
+			},
+		},
+		{
+			name: "publicNetworking",
+			create: openSearchCmd{
+				PublicNetworking: ptr.To(true),
+			},
+			want: storage.OpenSearchParameters{
+				PublicNetworkingEnabled: ptr.To(true),
+			},
+		},
+		{
+			name: "publicNetworking-disabled-deprecated",
+			create: openSearchCmd{
+				PublicNetworkingEnabled: ptr.To(false),
+			},
+			want: storage.OpenSearchParameters{
+				PublicNetworkingEnabled: ptr.To(false),
+			},
+		},
+		{
+			name: "publicNetworking-disabled",
+			create: openSearchCmd{
+				PublicNetworking: ptr.To(false),
+			},
+			want: storage.OpenSearchParameters{
+				PublicNetworkingEnabled: ptr.To(false),
+			},
+		},
+		{
+			name: "publicNetworking-disabled-both",
+			create: openSearchCmd{
+				PublicNetworking:        ptr.To(false),
+				PublicNetworkingEnabled: ptr.To(true),
+			},
+			want: storage.OpenSearchParameters{
+				PublicNetworkingEnabled: ptr.To(false),
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
diff --git a/get/opensearch_test.go b/get/opensearch_test.go
@@ -190,7 +190,7 @@ func TestOpenSearch(t *testing.T) {
 
 			objects := []client.Object{}
 			for _, instance := range tt.instances {
-				created := test.OpenSearch(instance.name, instance.project, string(meta.LocationNineES34))
+				created := test.OpenSearch(instance.name, instance.project, meta.LocationNineES34)
 				created.Spec.ForProvider.MachineType = instance.machineType
 
 				// Set cluster health status if provided
diff --git a/internal/test/opensearch.go b/internal/test/opensearch.go
@@ -7,7 +7,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-func OpenSearch(name, project, location string) *storage.OpenSearch {
+func OpenSearch(name, project string, location meta.LocationName) *storage.OpenSearch {
 	return &storage.OpenSearch{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
@@ -21,7 +21,7 @@ func OpenSearch(name, project, location string) *storage.OpenSearch {
 				},
 			},
 			ForProvider: storage.OpenSearchParameters{
-				Location: meta.LocationName(location),
+				Location: location,
 			},
 		},
 	}
diff --git a/internal/test/redis.go b/internal/test/redis.go
@@ -7,7 +7,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-func KeyValueStore(name, project, location string) *storage.KeyValueStore {
+func KeyValueStore(name, project string, location meta.LocationName) *storage.KeyValueStore {
 	return &storage.KeyValueStore{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
@@ -21,7 +21,7 @@ func KeyValueStore(name, project, location string) *storage.KeyValueStore {
 				},
 			},
 			ForProvider: storage.KeyValueStoreParameters{
-				Location: meta.LocationName(location),
+				Location: location,
 			},
 		},
 	}
diff --git a/update/keyvaluestore.go b/update/keyvaluestore.go
@@ -13,10 +13,13 @@ import (
 
 type keyValueStoreCmd struct {
 	resourceCmd
-	MemorySize              *storage.KeyValueStoreMemorySize      `placeholder:"${keyvaluestore_memorysize_default}" help:"Available amount of memory."`
-	MaxMemoryPolicy         *storage.KeyValueStoreMaxMemoryPolicy `placeholder:"${keyvaluestore_maxmemorypolicy_default}" help:"Behaviour when the memory limit is reached."`
-	AllowedCidrs            *[]meta.IPv4CIDR                      `placeholder:"203.0.113.1/32" help:"IP addresses allowed to connect to the public endpoint."`
-	PublicNetworkingEnabled *bool                                 `help:"If public networking is \"false\", it is only possible to access the service by configuring a service connection."`
+	MemorySize       *storage.KeyValueStoreMemorySize      `placeholder:"${keyvaluestore_memorysize_default}" help:"Available amount of memory."`
+	MaxMemoryPolicy  *storage.KeyValueStoreMaxMemoryPolicy `placeholder:"${keyvaluestore_maxmemorypolicy_default}" help:"Behaviour when the memory limit is reached."`
+	AllowedCidrs     *[]meta.IPv4CIDR                      `placeholder:"203.0.113.1/32" help:"IP addresses allowed to connect to the public endpoint."`
+	PublicNetworking *bool                                 `negatable:"" help:"Enable or disable public networking."`
+
+	// Deprecated Flags
+	PublicNetworkingEnabled *bool `hidden:"" help:"If public networking is \"false\", it is only possible to access the service by configuring a service connection."`
 }
 
 func (cmd *keyValueStoreCmd) Run(ctx context.Context, client *api.Client) error {
@@ -47,8 +50,13 @@ func (cmd *keyValueStoreCmd) applyUpdates(kvs *storage.KeyValueStore) error {
 	if cmd.AllowedCidrs != nil {
 		kvs.Spec.ForProvider.AllowedCIDRs = *cmd.AllowedCidrs
 	}
-	if cmd.PublicNetworkingEnabled != nil {
-		kvs.Spec.ForProvider.PublicNetworkingEnabled = cmd.PublicNetworkingEnabled
+
+	publicNetworking := cmd.PublicNetworking
+	if publicNetworking == nil {
+		publicNetworking = cmd.PublicNetworkingEnabled
+	}
+	if publicNetworking != nil {
+		kvs.Spec.ForProvider.PublicNetworkingEnabled = publicNetworking
 	}
 
 	return nil
diff --git a/update/keyvaluestore_test.go b/update/keyvaluestore_test.go
@@ -2,7 +2,6 @@ package update
 
 import (
 	"context"
-	"reflect"
 	"testing"
 
 	meta "github.com/ninech/apis/meta/v1alpha1"
@@ -91,7 +90,7 @@ func TestKeyValueStore(t *testing.T) {
 			},
 		},
 		{
-			name: "update-public-networking",
+			name: "disable-public-networking-deprecated",
 			create: storage.KeyValueStoreParameters{
 				PublicNetworkingEnabled: ptr.To(true),
 			},
@@ -100,15 +99,37 @@ func TestKeyValueStore(t *testing.T) {
 				PublicNetworkingEnabled: ptr.To(false),
 			},
 		},
+		{
+			name: "disable-public-networking",
+			create: storage.KeyValueStoreParameters{
+				PublicNetworkingEnabled: ptr.To(true),
+			},
+			update: keyValueStoreCmd{PublicNetworking: ptr.To(false)},
+			want: storage.KeyValueStoreParameters{
+				PublicNetworkingEnabled: ptr.To(false),
+			},
+		},
+		{
+			name: "disable-public-networking-both",
+			create: storage.KeyValueStoreParameters{
+				PublicNetworkingEnabled: ptr.To(true),
+			},
+			update: keyValueStoreCmd{PublicNetworking: ptr.To(false), PublicNetworkingEnabled: ptr.To(true)},
+			want: storage.KeyValueStoreParameters{
+				PublicNetworkingEnabled: ptr.To(false),
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			is := require.New(t)
+
 			tt.update.Name = "test-" + t.Name()
 
 			apiClient, err := test.SetupClient()
-			require.NoError(t, err)
+			is.NoError(err)
 
-			created := test.KeyValueStore(tt.update.Name, apiClient.Project, "nine-es34")
+			created := test.KeyValueStore(tt.update.Name, apiClient.Project, meta.LocationNineES34)
 			created.Spec.ForProvider = tt.create
 			if err := apiClient.Create(ctx, created); err != nil {
 				t.Fatalf("keyvaluestore create error, got: %s", err)
@@ -125,9 +146,7 @@ func TestKeyValueStore(t *testing.T) {
 				t.Fatalf("expected keyvaluestore to exist, got: %s", err)
 			}
 
-			if !reflect.DeepEqual(updated.Spec.ForProvider, tt.want) {
-				t.Fatalf("expected KeyValueStore.Spec.ForProvider = %v, got: %v", updated.Spec.ForProvider, tt.want)
-			}
+			is.Equal(tt.want, updated.Spec.ForProvider)
 		})
 	}
 }
diff --git a/update/opensearch.go b/update/opensearch.go
@@ -15,17 +15,16 @@ import (
 
 type openSearchCmd struct {
 	resourceCmd
-	MachineType             *string          `help:"Configures OpenSearch to use a specified machine type." placeholder:"nine-search-m"`
-	AllowedCidrs            *[]meta.IPv4CIDR `help:"IP addresses allowed to connect to the cluster. These restrictions do not apply for service connections." placeholder:"203.0.113.1/32"`
-	BucketUsers             *[]string        `help:"Users who have read access to the OpenSearch snapshots bucket." placeholder:"user1,user2"`
-	PublicNetworkingEnabled *bool            `help:"If public networking is \"false\", it is only possible to access the service by configuring a service connection." placeholder:"true"`
+	MachineType      *string          `help:"Configures OpenSearch to use a specified machine type." placeholder:"nine-search-m"`
+	AllowedCidrs     *[]meta.IPv4CIDR `help:"IP addresses allowed to connect to the cluster. These restrictions do not apply for service connections." placeholder:"203.0.113.1/32"`
+	BucketUsers      *[]string        `help:"Users who have read access to the OpenSearch snapshots bucket." placeholder:"user1,user2"`
+	PublicNetworking *bool            `negatable:"" help:"Enable or disable public networking."`
+
+	// Deprecated Flags
+	PublicNetworkingEnabled *bool `hidden:"" help:"If public networking is \"false\", it is only possible to access the service by configuring a service connection."`
 }
 
 func (cmd *openSearchCmd) Run(ctx context.Context, client *api.Client) error {
-	if cmd.MachineType == nil && cmd.AllowedCidrs == nil && cmd.BucketUsers == nil {
-		return fmt.Errorf("at least one parameter must be provided to update the OpenSearch cluster")
-	}
-
 	openSearch := &storage.OpenSearch{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      cmd.Name,
@@ -53,8 +52,13 @@ func (cmd *openSearchCmd) applyUpdates(os *storage.OpenSearch) error {
 	if cmd.BucketUsers != nil {
 		os.Spec.ForProvider.BucketUsers = create.LocalReferences(*cmd.BucketUsers)
 	}
-	if cmd.PublicNetworkingEnabled != nil {
-		os.Spec.ForProvider.PublicNetworkingEnabled = cmd.PublicNetworkingEnabled
+
+	publicNetworking := cmd.PublicNetworking
+	if publicNetworking == nil {
+		publicNetworking = cmd.PublicNetworkingEnabled
+	}
+	if publicNetworking != nil {
+		os.Spec.ForProvider.PublicNetworkingEnabled = publicNetworking
 	}
 
 	return nil
diff --git a/update/opensearch_test.go b/update/opensearch_test.go

Original file line number	Diff line number	Diff line change
`@@ -106,7 +106,7 @@ func (cmd cloudVMCmd) newCloudVM(namespace string) (infrastructure.CloudVirtua`
`106`	`106`	`}`
`107`	`107`
`108`	`108`	`b, err := io.ReadAll(file)`
`109`		`- if file != nil {`
	`109`	`+ if err != nil {`
`110`	`110`	`return nil, fmt.Errorf("error reading public keys file: %w", err)`
`111`	`111`	`}`
`112`	`112`	`keys = append(keys, string(b))`