From 030c8f9353d2f8f563657db03698e4c7d9b09fe7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= Date: Mon, 30 Sep 2024 12:20:05 +0200 Subject: [PATCH] feat(konnect): add KongDataplaneCertificate (#102) --- .../kongdataplanecertificate_types.go | 89 ++++++++ .../v1alpha1/zz_generated.deepcopy.go | 122 ++++++++++ ....konghq.com_kongdataplanecertificates.yaml | 215 ++++++++++++++++++ config/crd/kustomization.yaml | 1 + docs/api-reference.md | 51 +++++ .../v1alpha1/configuration_client.go | 5 + .../fake/fake_configuration_client.go | 4 + .../fake/fake_kongdataplanecertificate.go | 147 ++++++++++++ .../v1alpha1/generated_expansion.go | 2 + .../v1alpha1/kongdataplanecertificate.go | 69 ++++++ .../kongdataplanecertificate_test.go | 66 ++++++ .../testcases/common.go | 34 +++ .../testcases/controlplaneref.go | 142 ++++++++++++ .../testcases/spec.go | 81 +++++++ 14 files changed, 1028 insertions(+) create mode 100644 api/configuration/v1alpha1/kongdataplanecertificate_types.go create mode 100644 config/crd/bases/configuration.konghq.com_kongdataplanecertificates.yaml create mode 100644 pkg/clientset/typed/configuration/v1alpha1/fake/fake_kongdataplanecertificate.go create mode 100644 pkg/clientset/typed/configuration/v1alpha1/kongdataplanecertificate.go create mode 100644 test/crdsvalidation/kongdataplanecertificate/kongdataplanecertificate_test.go create mode 100644 test/crdsvalidation/kongdataplanecertificate/testcases/common.go create mode 100644 test/crdsvalidation/kongdataplanecertificate/testcases/controlplaneref.go create mode 100644 test/crdsvalidation/kongdataplanecertificate/testcases/spec.go diff --git a/api/configuration/v1alpha1/kongdataplanecertificate_types.go b/api/configuration/v1alpha1/kongdataplanecertificate_types.go new file mode 100644 index 0000000..cec11f1 --- /dev/null +++ b/api/configuration/v1alpha1/kongdataplanecertificate_types.go @@ -0,0 +1,89 @@ +/* +Copyright 2024 Kong, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + konnectv1alpha1 "github.com/kong/kubernetes-configuration/api/konnect/v1alpha1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// KongDataplaneCertificate is the schema for KongDataplaneCertificate API which defines a KongDataplaneCertificate entity. +// +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:scope=Namespaced +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Programmed",description="The Resource is Programmed on Konnect",type=string,JSONPath=`.status.conditions[?(@.type=='Programmed')].status` +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)", message="controlPlaneRef is required once set" +// +kubebuilder:validation:XValidation:rule="!has(self.spec.controlPlaneRef) ? true : (!self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef", message="spec.controlPlaneRef is immutable when an entity is already Programmed" +// +kubebuilder:validation:XValidation:rule="(!self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.cert == self.spec.cert", message="spec.cert is immutable when an entity is already Programmed" +// +kubebuilder:validation:XValidation:rule="!has(self.spec.controlPlaneRef) ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef) ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef.__namespace__)", message="spec.controlPlaneRef cannot specify namespace for namespaced resource - it's not supported yet" +type KongDataplaneCertificate struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec KongDataplaneCertificateSpec `json:"spec"` + + // +kubebuilder:default={conditions: {{type: "Programmed", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"}}} + Status KongDataplaneCertificateStatus `json:"status,omitempty"` +} + +// KongDataplaneCertificateSpec defines the spec for a KongDataplaneCertificate. +type KongDataplaneCertificateSpec struct { + // ControlPlaneRef is a reference to a Konnect ControlPlane this KongDataplaneCertificate is associated with. + // +optional + ControlPlaneRef *ControlPlaneRef `json:"controlPlaneRef,omitempty"` + + // KongDataplaneCertificateAPISpec are the attributes of the KongDataplaneCertificate itself. + KongDataplaneCertificateAPISpec `json:",inline"` +} + +// KongDataplaneCertificateAPISpec defines the attributes of a Kong DP certificate. +type KongDataplaneCertificateAPISpec struct { + // Cert is the certificate in PEM format. Once the certificate gets programmed this field becomes immutable. + // +kubebuilder:validation:MinLength=1 + Cert string `json:"cert"` +} + +// KongDataplaneCertificateStatus defines the status for a KongDataplaneCertificate. +type KongDataplaneCertificateStatus struct { + // Konnect contains the Konnect entity status. + // +optional + Konnect *konnectv1alpha1.KonnectEntityStatusWithControlPlaneRef `json:"konnect,omitempty"` + + // Conditions describe the status of the Konnect entity. + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=8 + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// +kubebuilder:object:root=true + +// KongDataplaneCertificateList contains a list of Kong Keys. +type KongDataplaneCertificateList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []KongDataplaneCertificate `json:"items"` +} + +func init() { + SchemeBuilder.Register(&KongDataplaneCertificate{}, &KongDataplaneCertificateList{}) +} diff --git a/api/configuration/v1alpha1/zz_generated.deepcopy.go b/api/configuration/v1alpha1/zz_generated.deepcopy.go index d0d7329..6525e43 100644 --- a/api/configuration/v1alpha1/zz_generated.deepcopy.go +++ b/api/configuration/v1alpha1/zz_generated.deepcopy.go @@ -920,6 +920,128 @@ func (in *KongCustomEntityStatus) DeepCopy() *KongCustomEntityStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KongDataplaneCertificate) DeepCopyInto(out *KongDataplaneCertificate) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KongDataplaneCertificate. +func (in *KongDataplaneCertificate) DeepCopy() *KongDataplaneCertificate { + if in == nil { + return nil + } + out := new(KongDataplaneCertificate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KongDataplaneCertificate) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KongDataplaneCertificateAPISpec) DeepCopyInto(out *KongDataplaneCertificateAPISpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KongDataplaneCertificateAPISpec. +func (in *KongDataplaneCertificateAPISpec) DeepCopy() *KongDataplaneCertificateAPISpec { + if in == nil { + return nil + } + out := new(KongDataplaneCertificateAPISpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KongDataplaneCertificateList) DeepCopyInto(out *KongDataplaneCertificateList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]KongDataplaneCertificate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KongDataplaneCertificateList. +func (in *KongDataplaneCertificateList) DeepCopy() *KongDataplaneCertificateList { + if in == nil { + return nil + } + out := new(KongDataplaneCertificateList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KongDataplaneCertificateList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KongDataplaneCertificateSpec) DeepCopyInto(out *KongDataplaneCertificateSpec) { + *out = *in + if in.ControlPlaneRef != nil { + in, out := &in.ControlPlaneRef, &out.ControlPlaneRef + *out = new(ControlPlaneRef) + (*in).DeepCopyInto(*out) + } + out.KongDataplaneCertificateAPISpec = in.KongDataplaneCertificateAPISpec +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KongDataplaneCertificateSpec. +func (in *KongDataplaneCertificateSpec) DeepCopy() *KongDataplaneCertificateSpec { + if in == nil { + return nil + } + out := new(KongDataplaneCertificateSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KongDataplaneCertificateStatus) DeepCopyInto(out *KongDataplaneCertificateStatus) { + *out = *in + if in.Konnect != nil { + in, out := &in.Konnect, &out.Konnect + *out = new(konnectv1alpha1.KonnectEntityStatusWithControlPlaneRef) + **out = **in + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KongDataplaneCertificateStatus. +func (in *KongDataplaneCertificateStatus) DeepCopy() *KongDataplaneCertificateStatus { + if in == nil { + return nil + } + out := new(KongDataplaneCertificateStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KongKey) DeepCopyInto(out *KongKey) { *out = *in diff --git a/config/crd/bases/configuration.konghq.com_kongdataplanecertificates.yaml b/config/crd/bases/configuration.konghq.com_kongdataplanecertificates.yaml new file mode 100644 index 0000000..e9d93f8 --- /dev/null +++ b/config/crd/bases/configuration.konghq.com_kongdataplanecertificates.yaml @@ -0,0 +1,215 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: kongdataplanecertificates.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + kind: KongDataplaneCertificate + listKind: KongDataplaneCertificateList + plural: kongdataplanecertificates + singular: kongdataplanecertificate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The Resource is Programmed on Konnect + jsonPath: .status.conditions[?(@.type=='Programmed')].status + name: Programmed + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: KongDataplaneCertificate is the schema for KongDataplaneCertificate + API which defines a KongDataplaneCertificate entity. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KongDataplaneCertificateSpec defines the spec for a KongDataplaneCertificate. + properties: + cert: + description: Cert is the certificate in PEM format. Once the certificate + gets programmed this field becomes immutable. + minLength: 1 + type: string + controlPlaneRef: + description: ControlPlaneRef is a reference to a Konnect ControlPlane + this KongDataplaneCertificate is associated with. + properties: + konnectID: + description: |- + KonnectID is the schema for the KonnectID type. + This field is required when the Type is konnectID. + type: string + konnectNamespacedRef: + description: |- + KonnectNamespacedRef is a reference to a Konnect Control Plane entity inside the cluster. + It contains the name of the Konnect Control Plane. + This field is required when the Type is konnectNamespacedRef. + properties: + name: + description: Name is the name of the Konnect Control Plane. + type: string + namespace: + description: |- + Namespace is the namespace where the Konnect Control Plane is in. + Currently only cluster scoped resources (KongVault) are allowed to set `konnectNamespacedRef.namespace`. + type: string + required: + - name + type: object + type: + description: |- + Type can be one of: + - konnectID + - konnectNamespacedRef + enum: + - konnectID + - konnectNamespacedRef + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: when type is konnectNamespacedRef, konnectNamespacedRef + must be set + rule: 'self.type == ''konnectNamespacedRef'' ? has(self.konnectNamespacedRef) + : true' + - message: when type is konnectID, konnectID must be set + rule: 'self.type == ''konnectID'' ? has(self.konnectID) : true' + required: + - cert + type: object + status: + default: + conditions: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: KongDataplaneCertificateStatus defines the status for a KongDataplaneCertificate. + properties: + conditions: + description: Conditions describe the status of the Konnect entity. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + konnect: + description: Konnect contains the Konnect entity status. + properties: + controlPlaneID: + description: ControlPlaneID is the Konnect ID of the ControlPlane + this Route is associated with. + type: string + id: + description: |- + ID is the unique identifier of the Konnect entity as assigned by Konnect API. + If it's unset (empty string), it means the Konnect entity hasn't been created yet. + type: string + organizationID: + description: OrgID is ID of Konnect Org that this entity has been + created in. + type: string + serverURL: + description: ServerURL is the URL of the Konnect server in which + the entity exists. + type: string + type: object + type: object + required: + - spec + type: object + x-kubernetes-validations: + - message: controlPlaneRef is required once set + rule: '!has(oldSelf.spec.controlPlaneRef) || has(self.spec.controlPlaneRef)' + - message: spec.controlPlaneRef is immutable when an entity is already Programmed + rule: '!has(self.spec.controlPlaneRef) ? true : (!self.status.conditions.exists(c, + c.type == ''Programmed'' && c.status == ''True'')) ? true : oldSelf.spec.controlPlaneRef + == self.spec.controlPlaneRef' + - message: spec.cert is immutable when an entity is already Programmed + rule: '(!self.status.conditions.exists(c, c.type == ''Programmed'' && c.status + == ''True'')) ? true : oldSelf.spec.cert == self.spec.cert' + - message: spec.controlPlaneRef cannot specify namespace for namespaced resource + - it's not supported yet + rule: '!has(self.spec.controlPlaneRef) ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef) + ? true : !has(self.spec.controlPlaneRef.konnectNamespacedRef.__namespace__)' + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index d8c13b9..b1550fd 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -27,6 +27,7 @@ resources: - bases/configuration.konghq.com_kongcredentialacls.yaml - bases/configuration.konghq.com_kongcertificates.yaml - bases/configuration.konghq.com_kongsnis.yaml +- bases/configuration.konghq.com_kongdataplanecertificates.yaml - bases/konnect.konghq.com_konnectapiauthconfigurations.yaml - bases/konnect.konghq.com_konnectgatewaycontrolplanes.yaml diff --git a/docs/api-reference.md b/docs/api-reference.md index aaef124..1f3c631 100644 --- a/docs/api-reference.md +++ b/docs/api-reference.md @@ -335,6 +335,7 @@ Package v1alpha1 contains API Schema definitions for the configuration.konghq.co - [KongCredentialAPIKey](#kongcredentialapikey) - [KongCredentialBasicAuth](#kongcredentialbasicauth) - [KongCustomEntity](#kongcustomentity) +- [KongDataplaneCertificate](#kongdataplanecertificate) - [KongKey](#kongkey) - [KongKeySet](#kongkeyset) - [KongLicense](#konglicense) @@ -457,6 +458,22 @@ KongCustomEntity defines a "custom" Kong entity that KIC cannot support the enti +### KongDataplaneCertificate + + +KongDataplaneCertificate is the schema for KongDataplaneCertificate API which defines a KongDataplaneCertificate entity. + + + +| Field | Description | +| --- | --- | +| `apiVersion` _string_ | `configuration.konghq.com/v1alpha1` +| `kind` _string_ | `KongDataplaneCertificate` +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | +| `spec` _[KongDataplaneCertificateSpec](#kongdataplanecertificatespec)_ | | + + + ### KongKey @@ -643,6 +660,7 @@ _Appears in:_ - [KongCertificateSpec](#kongcertificatespec) - [KongConsumerGroupSpec](#kongconsumergroupspec) - [KongConsumerSpec](#kongconsumerspec) +- [KongDataplaneCertificateSpec](#kongdataplanecertificatespec) - [KongKeySetSpec](#kongkeysetspec) - [KongKeySpec](#kongkeyspec) - [KongPluginBindingSpec](#kongpluginbindingspec) @@ -958,6 +976,39 @@ _Appears in:_ +#### KongDataplaneCertificateAPISpec + + +KongDataplaneCertificateAPISpec defines the attributes of a Kong DP certificate. + + + +| Field | Description | +| --- | --- | +| `cert` _string_ | Cert is the certificate in PEM format. Once the certificate gets programmed this field becomes immutable. | + + +_Appears in:_ +- [KongDataplaneCertificateSpec](#kongdataplanecertificatespec) + +#### KongDataplaneCertificateSpec + + +KongDataplaneCertificateSpec defines the spec for a KongDataplaneCertificate. + + + +| Field | Description | +| --- | --- | +| `controlPlaneRef` _[ControlPlaneRef](#controlplaneref)_ | ControlPlaneRef is a reference to a Konnect ControlPlane this KongDataplaneCertificate is associated with. | +| `cert` _string_ | Cert is the certificate in PEM format. Once the certificate gets programmed this field becomes immutable. | + + +_Appears in:_ +- [KongDataplaneCertificate](#kongdataplanecertificate) + + + #### KongKeyAPISpec diff --git a/pkg/clientset/typed/configuration/v1alpha1/configuration_client.go b/pkg/clientset/typed/configuration/v1alpha1/configuration_client.go index a6bfc16..b1803af 100644 --- a/pkg/clientset/typed/configuration/v1alpha1/configuration_client.go +++ b/pkg/clientset/typed/configuration/v1alpha1/configuration_client.go @@ -35,6 +35,7 @@ type ConfigurationV1alpha1Interface interface { KongCredentialAPIKeysGetter KongCredentialBasicAuthsGetter KongCustomEntitiesGetter + KongDataplaneCertificatesGetter KongKeysGetter KongKeySetsGetter KongLicensesGetter @@ -80,6 +81,10 @@ func (c *ConfigurationV1alpha1Client) KongCustomEntities(namespace string) KongC return newKongCustomEntities(c, namespace) } +func (c *ConfigurationV1alpha1Client) KongDataplaneCertificates(namespace string) KongDataplaneCertificateInterface { + return newKongDataplaneCertificates(c, namespace) +} + func (c *ConfigurationV1alpha1Client) KongKeys(namespace string) KongKeyInterface { return newKongKeys(c, namespace) } diff --git a/pkg/clientset/typed/configuration/v1alpha1/fake/fake_configuration_client.go b/pkg/clientset/typed/configuration/v1alpha1/fake/fake_configuration_client.go index 5189c48..60907bd 100644 --- a/pkg/clientset/typed/configuration/v1alpha1/fake/fake_configuration_client.go +++ b/pkg/clientset/typed/configuration/v1alpha1/fake/fake_configuration_client.go @@ -56,6 +56,10 @@ func (c *FakeConfigurationV1alpha1) KongCustomEntities(namespace string) v1alpha return &FakeKongCustomEntities{c, namespace} } +func (c *FakeConfigurationV1alpha1) KongDataplaneCertificates(namespace string) v1alpha1.KongDataplaneCertificateInterface { + return &FakeKongDataplaneCertificates{c, namespace} +} + func (c *FakeConfigurationV1alpha1) KongKeys(namespace string) v1alpha1.KongKeyInterface { return &FakeKongKeys{c, namespace} } diff --git a/pkg/clientset/typed/configuration/v1alpha1/fake/fake_kongdataplanecertificate.go b/pkg/clientset/typed/configuration/v1alpha1/fake/fake_kongdataplanecertificate.go new file mode 100644 index 0000000..a6d95e4 --- /dev/null +++ b/pkg/clientset/typed/configuration/v1alpha1/fake/fake_kongdataplanecertificate.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Kong, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeKongDataplaneCertificates implements KongDataplaneCertificateInterface +type FakeKongDataplaneCertificates struct { + Fake *FakeConfigurationV1alpha1 + ns string +} + +var kongdataplanecertificatesResource = v1alpha1.SchemeGroupVersion.WithResource("kongdataplanecertificates") + +var kongdataplanecertificatesKind = v1alpha1.SchemeGroupVersion.WithKind("KongDataplaneCertificate") + +// Get takes name of the kongDataplaneCertificate, and returns the corresponding kongDataplaneCertificate object, and an error if there is any. +func (c *FakeKongDataplaneCertificates) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.KongDataplaneCertificate, err error) { + emptyResult := &v1alpha1.KongDataplaneCertificate{} + obj, err := c.Fake. + Invokes(testing.NewGetActionWithOptions(kongdataplanecertificatesResource, c.ns, name, options), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.KongDataplaneCertificate), err +} + +// List takes label and field selectors, and returns the list of KongDataplaneCertificates that match those selectors. +func (c *FakeKongDataplaneCertificates) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.KongDataplaneCertificateList, err error) { + emptyResult := &v1alpha1.KongDataplaneCertificateList{} + obj, err := c.Fake. + Invokes(testing.NewListActionWithOptions(kongdataplanecertificatesResource, kongdataplanecertificatesKind, c.ns, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.KongDataplaneCertificateList{ListMeta: obj.(*v1alpha1.KongDataplaneCertificateList).ListMeta} + for _, item := range obj.(*v1alpha1.KongDataplaneCertificateList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested kongDataplaneCertificates. +func (c *FakeKongDataplaneCertificates) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchActionWithOptions(kongdataplanecertificatesResource, c.ns, opts)) + +} + +// Create takes the representation of a kongDataplaneCertificate and creates it. Returns the server's representation of the kongDataplaneCertificate, and an error, if there is any. +func (c *FakeKongDataplaneCertificates) Create(ctx context.Context, kongDataplaneCertificate *v1alpha1.KongDataplaneCertificate, opts v1.CreateOptions) (result *v1alpha1.KongDataplaneCertificate, err error) { + emptyResult := &v1alpha1.KongDataplaneCertificate{} + obj, err := c.Fake. + Invokes(testing.NewCreateActionWithOptions(kongdataplanecertificatesResource, c.ns, kongDataplaneCertificate, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.KongDataplaneCertificate), err +} + +// Update takes the representation of a kongDataplaneCertificate and updates it. Returns the server's representation of the kongDataplaneCertificate, and an error, if there is any. +func (c *FakeKongDataplaneCertificates) Update(ctx context.Context, kongDataplaneCertificate *v1alpha1.KongDataplaneCertificate, opts v1.UpdateOptions) (result *v1alpha1.KongDataplaneCertificate, err error) { + emptyResult := &v1alpha1.KongDataplaneCertificate{} + obj, err := c.Fake. + Invokes(testing.NewUpdateActionWithOptions(kongdataplanecertificatesResource, c.ns, kongDataplaneCertificate, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.KongDataplaneCertificate), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeKongDataplaneCertificates) UpdateStatus(ctx context.Context, kongDataplaneCertificate *v1alpha1.KongDataplaneCertificate, opts v1.UpdateOptions) (result *v1alpha1.KongDataplaneCertificate, err error) { + emptyResult := &v1alpha1.KongDataplaneCertificate{} + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceActionWithOptions(kongdataplanecertificatesResource, "status", c.ns, kongDataplaneCertificate, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.KongDataplaneCertificate), err +} + +// Delete takes name of the kongDataplaneCertificate and deletes it. Returns an error if one occurs. +func (c *FakeKongDataplaneCertificates) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(kongdataplanecertificatesResource, c.ns, name, opts), &v1alpha1.KongDataplaneCertificate{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeKongDataplaneCertificates) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionActionWithOptions(kongdataplanecertificatesResource, c.ns, opts, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.KongDataplaneCertificateList{}) + return err +} + +// Patch applies the patch and returns the patched kongDataplaneCertificate. +func (c *FakeKongDataplaneCertificates) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.KongDataplaneCertificate, err error) { + emptyResult := &v1alpha1.KongDataplaneCertificate{} + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceActionWithOptions(kongdataplanecertificatesResource, c.ns, name, pt, data, opts, subresources...), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.KongDataplaneCertificate), err +} diff --git a/pkg/clientset/typed/configuration/v1alpha1/generated_expansion.go b/pkg/clientset/typed/configuration/v1alpha1/generated_expansion.go index af07577..f9e9915 100644 --- a/pkg/clientset/typed/configuration/v1alpha1/generated_expansion.go +++ b/pkg/clientset/typed/configuration/v1alpha1/generated_expansion.go @@ -32,6 +32,8 @@ type KongCredentialBasicAuthExpansion interface{} type KongCustomEntityExpansion interface{} +type KongDataplaneCertificateExpansion interface{} + type KongKeyExpansion interface{} type KongKeySetExpansion interface{} diff --git a/pkg/clientset/typed/configuration/v1alpha1/kongdataplanecertificate.go b/pkg/clientset/typed/configuration/v1alpha1/kongdataplanecertificate.go new file mode 100644 index 0000000..dd97d28 --- /dev/null +++ b/pkg/clientset/typed/configuration/v1alpha1/kongdataplanecertificate.go @@ -0,0 +1,69 @@ +/* +Copyright 2021 Kong, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + + v1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" + scheme "github.com/kong/kubernetes-configuration/pkg/clientset/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// KongDataplaneCertificatesGetter has a method to return a KongDataplaneCertificateInterface. +// A group's client should implement this interface. +type KongDataplaneCertificatesGetter interface { + KongDataplaneCertificates(namespace string) KongDataplaneCertificateInterface +} + +// KongDataplaneCertificateInterface has methods to work with KongDataplaneCertificate resources. +type KongDataplaneCertificateInterface interface { + Create(ctx context.Context, kongDataplaneCertificate *v1alpha1.KongDataplaneCertificate, opts v1.CreateOptions) (*v1alpha1.KongDataplaneCertificate, error) + Update(ctx context.Context, kongDataplaneCertificate *v1alpha1.KongDataplaneCertificate, opts v1.UpdateOptions) (*v1alpha1.KongDataplaneCertificate, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + UpdateStatus(ctx context.Context, kongDataplaneCertificate *v1alpha1.KongDataplaneCertificate, opts v1.UpdateOptions) (*v1alpha1.KongDataplaneCertificate, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.KongDataplaneCertificate, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.KongDataplaneCertificateList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.KongDataplaneCertificate, err error) + KongDataplaneCertificateExpansion +} + +// kongDataplaneCertificates implements KongDataplaneCertificateInterface +type kongDataplaneCertificates struct { + *gentype.ClientWithList[*v1alpha1.KongDataplaneCertificate, *v1alpha1.KongDataplaneCertificateList] +} + +// newKongDataplaneCertificates returns a KongDataplaneCertificates +func newKongDataplaneCertificates(c *ConfigurationV1alpha1Client, namespace string) *kongDataplaneCertificates { + return &kongDataplaneCertificates{ + gentype.NewClientWithList[*v1alpha1.KongDataplaneCertificate, *v1alpha1.KongDataplaneCertificateList]( + "kongdataplanecertificates", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.KongDataplaneCertificate { return &v1alpha1.KongDataplaneCertificate{} }, + func() *v1alpha1.KongDataplaneCertificateList { return &v1alpha1.KongDataplaneCertificateList{} }), + } +} diff --git a/test/crdsvalidation/kongdataplanecertificate/kongdataplanecertificate_test.go b/test/crdsvalidation/kongdataplanecertificate/kongdataplanecertificate_test.go new file mode 100644 index 0000000..ae15a21 --- /dev/null +++ b/test/crdsvalidation/kongdataplanecertificate/kongdataplanecertificate_test.go @@ -0,0 +1,66 @@ +package kongtarget + +import ( + "context" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/client/config" + + configurationv1alpha1client "github.com/kong/kubernetes-configuration/pkg/clientset/typed/configuration/v1alpha1" + "github.com/kong/kubernetes-configuration/test/crdsvalidation/kongdataplanecertificate/testcases" +) + +func TestKongDataplaneCertificate(t *testing.T) { + ctx := context.Background() + cfg, err := config.GetConfig() + require.NoError(t, err, "error loading Kubernetes config") + cl, err := configurationv1alpha1client.NewForConfig(cfg) + require.NoError(t, err, "error creating configurationv1alpha1 client") + + for _, tcsGroup := range testcases.TestCases { + t.Run(tcsGroup.Name, func(t *testing.T) { + for _, tc := range tcsGroup.TestCases { + t.Run(tc.Name, func(t *testing.T) { + cl := cl.KongDataplaneCertificates(tc.KongDataplaneCertificate.Namespace) + entity, err := cl.Create(ctx, &tc.KongDataplaneCertificate, metav1.CreateOptions{}) + if err == nil { + t.Cleanup(func() { + assert.NoError(t, client.IgnoreNotFound(cl.Delete(ctx, entity.Name, metav1.DeleteOptions{}))) + }) + } + + if tc.ExpectedErrorMessage == nil { + assert.NoError(t, err) + + // If the status has to be updated, update it. + if tc.KongDataplaneCertificateStatus != nil { + entity.Status = *tc.KongDataplaneCertificateStatus + entity, err = cl.UpdateStatus(ctx, entity, metav1.UpdateOptions{}) + assert.NoError(t, err) + } + + // Update the object and check if the update is allowed. + if tc.Update != nil { + tc.Update(entity) + _, err := cl.Update(ctx, entity, metav1.UpdateOptions{}) + if tc.ExpectedUpdateErrorMessage != nil { + require.Error(t, err) + assert.Contains(t, err.Error(), *tc.ExpectedUpdateErrorMessage) + } else { + assert.NoError(t, err) + } + } + } else { + require.Error(t, err) + require.ErrorContains(t, err, *tc.ExpectedErrorMessage) + } + }) + } + }) + } + +} diff --git a/test/crdsvalidation/kongdataplanecertificate/testcases/common.go b/test/crdsvalidation/kongdataplanecertificate/testcases/common.go new file mode 100644 index 0000000..fbfa974 --- /dev/null +++ b/test/crdsvalidation/kongdataplanecertificate/testcases/common.go @@ -0,0 +1,34 @@ +package testcases + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" +) + +// testCase is a test case related to KongDataplaneCertificate validation. +type testCase struct { + Name string + KongDataplaneCertificate configurationv1alpha1.KongDataplaneCertificate + KongDataplaneCertificateStatus *configurationv1alpha1.KongDataplaneCertificateStatus + Update func(*configurationv1alpha1.KongDataplaneCertificate) + ExpectedErrorMessage *string + ExpectedUpdateErrorMessage *string +} + +type testCasesGroup struct { + Name string + TestCases []testCase +} + +// TestCases is a collection of all test cases groups related to KongDataplaneCertificate validation. +var TestCases = []testCasesGroup{} + +func init() { + TestCases = append(TestCases, spec, cpRef) +} + +var commonObjectMeta = metav1.ObjectMeta{ + GenerateName: "test-kongdataplanecertificate-", + Namespace: "default", +} diff --git a/test/crdsvalidation/kongdataplanecertificate/testcases/controlplaneref.go b/test/crdsvalidation/kongdataplanecertificate/testcases/controlplaneref.go new file mode 100644 index 0000000..e92a1e4 --- /dev/null +++ b/test/crdsvalidation/kongdataplanecertificate/testcases/controlplaneref.go @@ -0,0 +1,142 @@ +package testcases + +import ( + "github.com/samber/lo" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" +) + +var cpRef = testCasesGroup{ + Name: "controlPlaneRef", + TestCases: []testCase{ + { + Name: "konnectNamespacedRef reference is valid", + KongDataplaneCertificate: configurationv1alpha1.KongDataplaneCertificate{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongDataplaneCertificateSpec{ + ControlPlaneRef: &configurationv1alpha1.ControlPlaneRef{ + Type: configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef, + KonnectNamespacedRef: &configurationv1alpha1.KonnectNamespacedRef{ + Name: "test-konnect-control-plane", + }, + }, + KongDataplaneCertificateAPISpec: configurationv1alpha1.KongDataplaneCertificateAPISpec{ + Cert: "cert", + }, + }, + }, + }, + { + Name: "not providing konnectNamespacedRef when type is konnectNamespacedRef yields an error", + KongDataplaneCertificate: configurationv1alpha1.KongDataplaneCertificate{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongDataplaneCertificateSpec{ + ControlPlaneRef: &configurationv1alpha1.ControlPlaneRef{ + Type: configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef, + }, + KongDataplaneCertificateAPISpec: configurationv1alpha1.KongDataplaneCertificateAPISpec{ + Cert: "cert", + }, + }, + }, + ExpectedErrorMessage: lo.ToPtr("when type is konnectNamespacedRef, konnectNamespacedRef must be set"), + }, + { + Name: "not providing konnectID when type is konnectID yields an error", + KongDataplaneCertificate: configurationv1alpha1.KongDataplaneCertificate{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongDataplaneCertificateSpec{ + ControlPlaneRef: &configurationv1alpha1.ControlPlaneRef{ + Type: configurationv1alpha1.ControlPlaneRefKonnectID, + }, + KongDataplaneCertificateAPISpec: configurationv1alpha1.KongDataplaneCertificateAPISpec{ + Cert: "cert", + }, + }, + }, + ExpectedErrorMessage: lo.ToPtr("when type is konnectID, konnectID must be set"), + }, + { + Name: "konnectNamespacedRef reference name cannot be changed when an entity is Programmed", + KongDataplaneCertificate: configurationv1alpha1.KongDataplaneCertificate{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongDataplaneCertificateSpec{ + ControlPlaneRef: &configurationv1alpha1.ControlPlaneRef{ + Type: configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef, + KonnectNamespacedRef: &configurationv1alpha1.KonnectNamespacedRef{ + Name: "test-konnect-control-plane", + }, + }, + KongDataplaneCertificateAPISpec: configurationv1alpha1.KongDataplaneCertificateAPISpec{ + Cert: "cert", + }, + }, + }, + KongDataplaneCertificateStatus: &configurationv1alpha1.KongDataplaneCertificateStatus{ + Conditions: []metav1.Condition{ + { + Type: "Programmed", + Status: metav1.ConditionTrue, + Reason: "Programmed", + LastTransitionTime: metav1.Now(), + }, + }, + }, + Update: func(ks *configurationv1alpha1.KongDataplaneCertificate) { + ks.Spec.ControlPlaneRef.KonnectNamespacedRef.Name = "new-konnect-control-plane" + }, + ExpectedUpdateErrorMessage: lo.ToPtr("spec.controlPlaneRef is immutable when an entity is already Programmed"), + }, + { + Name: "konnectNamespacedRef reference type cannot be changed when an entity is Programmed", + KongDataplaneCertificate: configurationv1alpha1.KongDataplaneCertificate{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongDataplaneCertificateSpec{ + ControlPlaneRef: &configurationv1alpha1.ControlPlaneRef{ + Type: configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef, + KonnectNamespacedRef: &configurationv1alpha1.KonnectNamespacedRef{ + Name: "test-konnect-control-plane", + }, + }, + KongDataplaneCertificateAPISpec: configurationv1alpha1.KongDataplaneCertificateAPISpec{ + Cert: "cert", + }, + }, + }, + KongDataplaneCertificateStatus: &configurationv1alpha1.KongDataplaneCertificateStatus{ + Conditions: []metav1.Condition{ + { + Type: "Programmed", + Status: metav1.ConditionTrue, + Reason: "Programmed", + LastTransitionTime: metav1.Now(), + }, + }, + }, + Update: func(ks *configurationv1alpha1.KongDataplaneCertificate) { + ks.Spec.ControlPlaneRef.Type = configurationv1alpha1.ControlPlaneRefKonnectID + }, + ExpectedUpdateErrorMessage: lo.ToPtr("spec.controlPlaneRef is immutable when an entity is already Programmed"), + }, + { + Name: "konnectNamespaced reference cannot set namespace as it's not supported yet", + KongDataplaneCertificate: configurationv1alpha1.KongDataplaneCertificate{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongDataplaneCertificateSpec{ + ControlPlaneRef: &configurationv1alpha1.ControlPlaneRef{ + Type: configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef, + KonnectNamespacedRef: &configurationv1alpha1.KonnectNamespacedRef{ + Name: "test-konnect-control-plane", + Namespace: "default", + }, + }, + KongDataplaneCertificateAPISpec: configurationv1alpha1.KongDataplaneCertificateAPISpec{ + Cert: "cert", + }, + }, + }, + ExpectedErrorMessage: lo.ToPtr("spec.controlPlaneRef cannot specify namespace for namespaced resource - it's not supported yet"), + }, + }, +} diff --git a/test/crdsvalidation/kongdataplanecertificate/testcases/spec.go b/test/crdsvalidation/kongdataplanecertificate/testcases/spec.go new file mode 100644 index 0000000..af48512 --- /dev/null +++ b/test/crdsvalidation/kongdataplanecertificate/testcases/spec.go @@ -0,0 +1,81 @@ +package testcases + +import ( + "github.com/samber/lo" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" +) + +var spec = testCasesGroup{ + Name: "spec", + TestCases: []testCase{ + { + Name: "valid KongDataplaneCertificate", + KongDataplaneCertificate: configurationv1alpha1.KongDataplaneCertificate{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongDataplaneCertificateSpec{ + KongDataplaneCertificateAPISpec: configurationv1alpha1.KongDataplaneCertificateAPISpec{ + Cert: "cert", + }, + }, + }, + }, + { + Name: "cert is required", + KongDataplaneCertificate: configurationv1alpha1.KongDataplaneCertificate{ + ObjectMeta: commonObjectMeta, + }, + ExpectedErrorMessage: lo.ToPtr("spec.cert in body should be at least 1 chars long"), + }, + { + Name: "cert can be altered before programmed", + KongDataplaneCertificate: configurationv1alpha1.KongDataplaneCertificate{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongDataplaneCertificateSpec{ + KongDataplaneCertificateAPISpec: configurationv1alpha1.KongDataplaneCertificateAPISpec{ + Cert: "cert", + }, + }, + }, + KongDataplaneCertificateStatus: &configurationv1alpha1.KongDataplaneCertificateStatus{ + Conditions: []metav1.Condition{ + { + Type: "Programmed", + Status: metav1.ConditionFalse, + Reason: "Pending", + LastTransitionTime: metav1.Now(), + }, + }, + }, + Update: func(k *configurationv1alpha1.KongDataplaneCertificate) { + k.Spec.Cert = "cert2" + }, + }, + { + Name: "cert becomes immutable after programmed", + KongDataplaneCertificate: configurationv1alpha1.KongDataplaneCertificate{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongDataplaneCertificateSpec{ + KongDataplaneCertificateAPISpec: configurationv1alpha1.KongDataplaneCertificateAPISpec{ + Cert: "cert", + }, + }, + }, + KongDataplaneCertificateStatus: &configurationv1alpha1.KongDataplaneCertificateStatus{ + Conditions: []metav1.Condition{ + { + Type: "Programmed", + Status: metav1.ConditionTrue, + Reason: "Programmed", + LastTransitionTime: metav1.Now(), + }, + }, + }, + Update: func(k *configurationv1alpha1.KongDataplaneCertificate) { + k.Spec.Cert = "cert2" + }, + ExpectedUpdateErrorMessage: lo.ToPtr("spec.cert is immutable when an entity is already Programmed"), + }, + }, +}