feat: Add fuzz test, promote ApigeeInstance to v1beta1

apis/apigee/v1alpha1/environmentgroup_identity.go

@@ -19,7 +19,7 @@ import (
 	"fmt"
 	"strings"
 
-	refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1alpha1"
+	refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )

apis/apigee/v1alpha1/environmentgroup_types.go

@@ -15,7 +15,7 @@
 package v1alpha1
 
 import (
-	refv1alpha1 "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1alpha1"
+	refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/k8s/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -24,7 +24,7 @@ var ApigeeEnvgroupGVK = GroupVersion.WithKind("ApigeeEnvgroup")
 
 type Parent struct {
 	// +required
-	OrganizationRef *refv1alpha1.ApigeeOrganizationRef `json:"organizationRef"`
+	OrganizationRef *refs.ApigeeOrganizationRef `json:"organizationRef"`
 }
 
 // ApigeeEnvgroupSpec defines the desired state of ApigeeEnvgroup

apis/apigee/v1alpha1/instance_identity.go

@@ -20,7 +20,7 @@ import (
 	"strings"
 
 	"github.com/GoogleCloudPlatform/k8s-config-connector/apis/common"
-	refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1alpha1"
+	refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 

apis/apigee/v1alpha1/instance_types.go

@@ -15,8 +15,7 @@
 package v1alpha1
 
 import (
-	refsv1alpha1 "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1alpha1"
-	refsv1beta1 "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1"
+	refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/k8s/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -39,7 +38,7 @@ type AccessLoggingConfig struct {
 type ApigeeInstanceSpec struct {
 	// Reference to parent Apigee Organization.
 	// +required
-	OrganizationRef *refsv1alpha1.ApigeeOrganizationRef `json:"organizationRef"`
+	OrganizationRef *refs.ApigeeOrganizationRef `json:"organizationRef"`
 
 	// The ApigeeInstance name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
@@ -58,7 +57,7 @@ type ApigeeInstanceSpec struct {
 
 	// Customer Managed Encryption Key (CMEK) used for disk and volume encryption. If not specified, a Google-Managed encryption key will be used.
 	// +kcc:proto:field=mockgcp.cloud.apigee.v1.GoogleCloudApigeeV1Instance.disk_encryption_key_name
-	DiskEncryptionKMSCryptoKeyRef *refsv1beta1.KMSCryptoKeyRef `json:"diskEncryptionKMSCryptoKeyRef,omitempty"`
+	DiskEncryptionKMSCryptoKeyRef *refs.KMSCryptoKeyRef `json:"diskEncryptionKMSCryptoKeyRef,omitempty"`
 
 	// Optional. Display name for the instance.
 	// +kcc:proto:field=mockgcp.cloud.apigee.v1.GoogleCloudApigeeV1Instance.display_name

apis/apigee/v1beta1/environmentgroup_identity.go

@@ -19,7 +19,7 @@ import (
 	"fmt"
 	"strings"
 
-	refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1alpha1"
+	refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )

apis/apigee/v1beta1/environmentgroup_types.go

@@ -15,7 +15,7 @@
 package v1beta1
 
 import (
-	refv1alpha1 "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1alpha1"
+	refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/k8s/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -24,7 +24,7 @@ var ApigeeEnvgroupGVK = GroupVersion.WithKind("ApigeeEnvgroup")
 
 type Parent struct {
 	// +required
-	OrganizationRef *refv1alpha1.ApigeeOrganizationRef `json:"organizationRef"`
+	OrganizationRef *refs.ApigeeOrganizationRef `json:"organizationRef"`
 }
 
 // ApigeeEnvgroupSpec defines the desired state of ApigeeEnvgroup

apis/apigee/v1beta1/instance_identity.go

@@ -0,0 +1,112 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1beta1
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/GoogleCloudPlatform/k8s-config-connector/apis/common"
+	refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// InstanceIdentity defines the resource reference to ApigeeInstance, which "External" field
+// holds the GCP identifier for the KRM object.
+type InstanceIdentity struct {
+	parent *InstanceParent
+	id     string
+}
+
+func (i *InstanceIdentity) String() string {
+	return i.parent.String() + "/instances/" + i.id
+}
+
+func (i *InstanceIdentity) ID() string {
+	return i.id
+}
+
+func (i *InstanceIdentity) Parent() *InstanceParent {
+	return i.parent
+}
+
+type InstanceParent struct {
+	OrganizationID string
+}
+
+func (p *InstanceParent) String() string {
+	return "organizations/" + p.OrganizationID
+}
+
+// New builds a InstanceIdentity from the Config Connector Instance object.
+func NewApigeeInstanceIdentity(ctx context.Context, reader client.Reader, obj *ApigeeInstance) (*InstanceIdentity, error) {
+
+	// Get Parent
+	orgExternal, err := obj.Spec.OrganizationRef.NormalizedExternal(ctx, reader, obj.GetNamespace())
+	if err != nil {
+		return nil, err
+	}
+	if orgExternal == "" {
+		return nil, fmt.Errorf("cannot resolve organization")
+	}
+	orgID, err := refs.ParseApigeeOrganizationExternal(orgExternal)
+	if err != nil {
+		return nil, err
+	}
+	// Get desired ID
+	resourceID := common.ValueOf(obj.Spec.ResourceID)
+	if resourceID == "" {
+		resourceID = obj.GetName()
+	}
+	if resourceID == "" {
+		return nil, fmt.Errorf("cannot resolve resource ID")
+	}
+
+	// Use approved External
+	externalRef := common.ValueOf(obj.Status.ExternalRef)
+	if externalRef != "" {
+		// Validate desired with actual
+		actualParent, actualResourceID, err := ParseInstanceExternal(externalRef)
+		if err != nil {
+			return nil, err
+		}
+		if actualParent.OrganizationID != orgID {
+			return nil, fmt.Errorf("spec.organizationRef changed, expect %s, got %s", actualParent.OrganizationID, orgID)
+		}
+		if actualResourceID != resourceID {
+			return nil, fmt.Errorf("cannot reset `metadata.name` or `spec.resourceID` to %s, since it has already assigned to %s",
+				resourceID, actualResourceID)
+		}
+	}
+	return &InstanceIdentity{
+		parent: &InstanceParent{
+			OrganizationID: orgID,
+		},
+		id: resourceID,
+	}, nil
+}
+
+func ParseInstanceExternal(external string) (parent *InstanceParent, resourceID string, err error) {
+	tokens := strings.Split(external, "/")
+	if len(tokens) != 4 || tokens[0] != "organizations" || tokens[2] != "instances" {
+		return nil, "", fmt.Errorf("format of ApigeeInstance external=%q was not known (use organizations/{{organizationID}}/instances/{{instanceID}})", external)
+	}
+	parent = &InstanceParent{
+		OrganizationID: tokens[1],
+	}
+	resourceID = tokens[3]
+	return parent, resourceID, nil
+}

apis/apigee/v1beta1/instance_reference.go

@@ -0,0 +1,83 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1beta1
+
+import (
+	"context"
+	"fmt"
+
+	refsv1beta1 "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1"
+	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/k8s"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+var _ refsv1beta1.ExternalNormalizer = &InstanceRef{}
+
+// InstanceRef defines the resource reference to ApigeeInstance, which "External" field
+// holds the GCP identifier for the KRM object.
+type InstanceRef struct {
+	// A reference to an externally managed ApigeeInstance resource.
+	// Should be in the format "organizations/{{organizationID}}/instances/{{instanceID}}".
+	External string `json:"external,omitempty"`
+
+	// The name of a ApigeeInstance resource.
+	Name string `json:"name,omitempty"`
+
+	// The namespace of a ApigeeInstance resource.
+	Namespace string `json:"namespace,omitempty"`
+}
+
+// NormalizedExternal provision the "External" value for other resource that depends on ApigeeInstance.
+// If the "External" is given in the other resource's spec.ApigeeInstanceRef, the given value will be used.
+// Otherwise, the "Name" and "Namespace" will be used to query the actual ApigeeInstance object from the cluster.
+func (r *InstanceRef) NormalizedExternal(ctx context.Context, reader client.Reader, otherNamespace string) (string, error) {
+	if r.External != "" && r.Name != "" {
+		return "", fmt.Errorf("cannot specify both name and external on %s reference", ApigeeInstanceGVK.Kind)
+	}
+	// From given External
+	if r.External != "" {
+		if _, _, err := ParseInstanceExternal(r.External); err != nil {
+			return "", err
+		}
+		return r.External, nil
+	}
+
+	// From the Config Connector object
+	if r.Namespace == "" {
+		r.Namespace = otherNamespace
+	}
+	key := types.NamespacedName{Name: r.Name, Namespace: r.Namespace}
+	u := &unstructured.Unstructured{}
+	u.SetGroupVersionKind(ApigeeInstanceGVK)
+	if err := reader.Get(ctx, key, u); err != nil {
+		if apierrors.IsNotFound(err) {
+			return "", k8s.NewReferenceNotFoundError(u.GroupVersionKind(), key)
+		}
+		return "", fmt.Errorf("reading referenced %s %s: %w", ApigeeInstanceGVK, key, err)
+	}
+	// Get external from status.externalRef. This is the most trustworthy place.
+	actualExternalRef, _, err := unstructured.NestedString(u.Object, "status", "externalRef")
+	if err != nil {
+		return "", fmt.Errorf("reading status.externalRef: %w", err)
+	}
+	if actualExternalRef == "" {
+		return "", k8s.NewReferenceNotReadyError(u.GroupVersionKind(), key)
+	}
+	r.External = actualExternalRef
+	return r.External, nil
+}