fix CEL peering validation and tests

Signed-off-by: jose.vazquez <[email protected]>

api/v1/atlasnetworkpeering_types.go

@@ -56,7 +56,7 @@ type AtlasNetworkPeeringList struct {
 
 // +kubebuilder:validation:XValidation:rule="(has(self.externalProjectRef) && !has(self.projectRef)) || (!has(self.externalProjectRef) && has(self.projectRef))",message="must define only one project reference through externalProjectRef or projectRef"
 // +kubebuilder:validation:XValidation:rule="(has(self.externalProjectRef) && has(self.connectionSecret)) || !has(self.externalProjectRef)",message="must define a local connection secret when referencing an external project"
-// +kubebuilder:validation:XValidation:rule="(has(self.containerRef.name) && !has(self.containerRef.id)) || (!has(self.containerRef.name) && has(self.containerRef.id))",message="must either a container Atlas id or Kubernetes name, but not both"
+// +kubebuilder:validation:XValidation:rule="(self.containerRef.name != '' && self.containerRef.id == '') || (self.containerRef.name == '' && self.containerRef.id != '')",message="must either have a container Atlas id or Kubernetes name, but not both (or neither)"
 
 // AtlasNetworkPeeringSpec defines the desired state of AtlasNetworkPeering
 type AtlasNetworkPeeringSpec struct {
@@ -74,7 +74,7 @@ type ContainerDualReference struct {
 	// +optional
 	Name string `json:"name"`
 
-	// ID is teh Atlas identifier of the Network Container Atlas resource this Peering Connection relies on
+	// ID is the Atlas identifier of the Network Container Atlas resource this Peering Connection relies on
 	// Use either name or ID, not both.
 	// +optional
 	ID string `json:"id"`

api/v1/atlasnetworkpeering_types_test.go

@@ -0,0 +1,77 @@
+package v1
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"k8s.io/apimachinery/pkg/runtime"
+
+	"github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1/common"
+	"github.com/mongodb/mongodb-atlas-kubernetes/v2/test/helper/cel"
+)
+
+func TestPeeringCELChecks(t *testing.T) {
+	for _, tc := range []struct {
+		title          string
+		obj            *AtlasNetworkPeering
+		expectedErrors []string
+	}{
+		{
+			title: "Missing container ref in peering fails",
+			obj: &AtlasNetworkPeering{
+				Spec: AtlasNetworkPeeringSpec{},
+			},
+			expectedErrors: []string{"spec: Invalid value: \"object\": must either have a container Atlas id or Kubernetes name, but not both (or neither)"},
+		},
+
+		{
+			title: "Named container ref works",
+			obj: &AtlasNetworkPeering{
+				Spec: AtlasNetworkPeeringSpec{
+					ContainerRef: ContainerDualReference{
+						Name: "Some-name",
+					},
+				},
+			},
+		},
+
+		{
+			title: "Container id ref works",
+			obj: &AtlasNetworkPeering{
+				Spec: AtlasNetworkPeeringSpec{
+					ContainerRef: ContainerDualReference{
+						ID: "some-id",
+					},
+				},
+			},
+		},
+
+		{
+			title: "Both container id and name ref fails",
+			obj: &AtlasNetworkPeering{
+				Spec: AtlasNetworkPeeringSpec{
+					ContainerRef: ContainerDualReference{
+						Name: "Some-name",
+						ID:   "some-id",
+					},
+				},
+			},
+			expectedErrors: []string{"spec: Invalid value: \"object\": must either have a container Atlas id or Kubernetes name, but not both (or neither)"},
+		},
+	} {
+		t.Run(tc.title, func(t *testing.T) {
+			// inject a project to avoid other CEL validations being hit
+			tc.obj.Spec.ProjectRef = &common.ResourceRefNamespaced{Name: "some-project"}
+			unstructuredObject, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&tc.obj)
+			require.NoError(t, err)
+
+			crdPath := "../../config/crd/bases/atlas.mongodb.com_atlasnetworkpeerings.yaml"
+			validator, err := cel.VersionValidatorFromFile(t, crdPath, "v1")
+			assert.NoError(t, err)
+			errs := validator(unstructuredObject, nil)
+
+			require.Equal(t, tc.expectedErrors, cel.ErrorListAsStrings(errs))
+		})
+	}
+}

api/v1/project_reference_cel_test.go

@@ -56,7 +56,11 @@ var dualRefCRDs = []struct {
 		filename: "atlas.mongodb.com_atlasnetworkcontainers.yaml",
 	},
 	{
-		obj:      &AtlasNetworkPeering{},
+		obj: &AtlasNetworkPeering{
+			Spec: AtlasNetworkPeeringSpec{ // Avoid triggering peering specific validations
+				ContainerRef: ContainerDualReference{Name: "fake-ref"},
+			},
+		},
 		filename: "atlas.mongodb.com_atlasnetworkpeerings.yaml",
 	},
 }

config/crd/bases/atlas.mongodb.com_atlasnetworkpeerings.yaml

@@ -116,7 +116,7 @@ spec:
                 properties:
                   id:
                     description: |-
-                      ID is teh Atlas identifier of the Network Container Atlas resource this Peering Connection relies on
+                      ID is the Atlas identifier of the Network Container Atlas resource this Peering Connection relies on
                       Use either name or ID, not both.
                     type: string
                   name:
@@ -182,10 +182,10 @@ spec:
                 project
               rule: (has(self.externalProjectRef) && has(self.connectionSecret)) ||
                 !has(self.externalProjectRef)
-            - message: must either a container Atlas id or Kubernetes name, but not
-                both
-              rule: (has(self.containerRef.name) && !has(self.containerRef.id)) ||
-                (!has(self.containerRef.name) && has(self.containerRef.id))
+            - message: must either have a container Atlas id or Kubernetes name, but
+                not both (or neither)
+              rule: (self.containerRef.name != '' && self.containerRef.id == '') ||
+                (self.containerRef.name == '' && self.containerRef.id != '')
           status:
             description: |-
               AtlasNetworkPeeringStatus is a status for the AtlasNetworkPeering Custom resource.