From 060b90b45bbebf11820bee6de75aaadbb2171928 Mon Sep 17 00:00:00 2001
From: Roo Thorp <roo.thorp@mongodb.com>
Date: Thu, 16 Jan 2025 09:38:57 +0000
Subject: [PATCH] changes per reviews

---
 api/v1/atlasdeployment_types.go               |  7 ++++
 .../atlas.mongodb.com_atlasdeployments.yaml   | 10 ++++++
 internal/controller/validate/deployment.go    | 36 +++++++++++++------
 test/helper/contract/ako.go                   | 15 ++++----
 4 files changed, 52 insertions(+), 16 deletions(-)

diff --git a/api/v1/atlasdeployment_types.go b/api/v1/atlasdeployment_types.go
index d4a34d9aeb..259d36ecbc 100644
--- a/api/v1/atlasdeployment_types.go
+++ b/api/v1/atlasdeployment_types.go
@@ -542,6 +542,7 @@ func (c *AtlasDeployment) ProjectDualRef() *ProjectDualReference {
 
 type FlexSpec struct {
 	// Human-readable label that identifies the instance.
+	// +required
 	Name string `json:"name"`
 
 	// List that contains key-value pairs between 1 to 255 characters in length for tagging and categorizing the instance.
@@ -552,19 +553,25 @@ type FlexSpec struct {
 	// Flag that indicates whether termination protection is enabled on the cluster.
 	// If set to true, MongoDB Cloud won't delete the cluster. If set to false, MongoDB Cloud will delete the cluster.
 	// +kubebuilder:default:=false
+	// +optional
 	TerminationProtectionEnabled bool `json:"terminationProtectionEnabled,omitempty"`
 
 	// Group of cloud provider settings that configure the provisioned MongoDB flex cluster.
+	// +required
 	ProviderSettings *FlexProviderSettings `json:"providerSettings"`
 }
 
 type FlexProviderSettings struct {
 	// Cloud service provider on which MongoDB Atlas provisions the flex cluster.
 	// +kubebuilder:validation:Enum=AWS;GCP;AZURE
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Backing Provider cannot be modified after cluster creation"
+	// +required
 	BackingProviderName string `json:"backingProviderName,omitempty"`
 
 	// Human-readable label that identifies the geographic location of your MongoDB flex cluster.
 	// The region you choose can affect network latency for clients accessing your databases.
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Region Name cannot be modified after cluster creation"
+	// +required
 	RegionName string `json:"regionName,omitempty"`
 }
 
diff --git a/config/crd/bases/atlas.mongodb.com_atlasdeployments.yaml b/config/crd/bases/atlas.mongodb.com_atlasdeployments.yaml
index 705e3e4976..10f08c3958 100644
--- a/config/crd/bases/atlas.mongodb.com_atlasdeployments.yaml
+++ b/config/crd/bases/atlas.mongodb.com_atlasdeployments.yaml
@@ -646,11 +646,21 @@ spec:
                         - GCP
                         - AZURE
                         type: string
+                        x-kubernetes-validations:
+                        - message: Backing Provider cannot be modified after cluster
+                            creation
+                          rule: self == oldSelf
                       regionName:
                         description: |-
                           Human-readable label that identifies the geographic location of your MongoDB flex cluster.
                           The region you choose can affect network latency for clients accessing your databases.
                         type: string
+                        x-kubernetes-validations:
+                        - message: Region Name cannot be modified after cluster creation
+                          rule: self == oldSelf
+                    required:
+                    - backingProviderName
+                    - regionName
                     type: object
                   tags:
                     description: List that contains key-value pairs between 1 to 255
diff --git a/internal/controller/validate/deployment.go b/internal/controller/validate/deployment.go
index 496abbc93b..1abad1e415 100644
--- a/internal/controller/validate/deployment.go
+++ b/internal/controller/validate/deployment.go
@@ -11,27 +11,43 @@ import (
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1/provider"
 )
 
+const (
+	DeploymentSet = 1 << iota
+	ServerlessSet
+	FlexSet
+)
+
+func deploymentSpecMask(atlasDeployment *akov2.AtlasDeployment) int {
+	mask := 0
+	if atlasDeployment.Spec.DeploymentSpec != nil {
+		mask = mask + DeploymentSet
+	}
+	if atlasDeployment.Spec.ServerlessSpec != nil {
+		mask = mask + ServerlessSet
+	}
+	if atlasDeployment.Spec.FlexSpec != nil {
+		mask = mask + FlexSet
+	}
+	return mask
+}
+
 func AtlasDeployment(atlasDeployment *akov2.AtlasDeployment, isGov bool, regionUsageRestrictions string) error {
-	isRegularDeployment := atlasDeployment.Spec.DeploymentSpec != nil
-	isServerlessDeployment := atlasDeployment.Spec.ServerlessSpec != nil
-	isFlexDeployment := atlasDeployment.Spec.FlexSpec != nil
 	var err error
 	var tagsSpec []*akov2.TagSpec
-
-	switch {
-	case !isRegularDeployment && !isServerlessDeployment && !isFlexDeployment:
+	switch deploymentSpecMask(atlasDeployment) {
+	case 0:
 		return errors.New("expected exactly one of spec.deploymentSpec or spec.serverlessSpec or spec.flexSpec to be present, but none were")
-	case isRegularDeployment && !isServerlessDeployment && !isFlexDeployment:
+	case DeploymentSet:
 		tagsSpec = atlasDeployment.Spec.DeploymentSpec.Tags
 		err = regularDeployment(atlasDeployment.Spec.DeploymentSpec, isGov, regionUsageRestrictions)
-	case !isRegularDeployment && isServerlessDeployment && !isFlexDeployment:
+	case ServerlessSet:
 		tagsSpec = atlasDeployment.Spec.ServerlessSpec.Tags
 		err = serverlessDeployment(atlasDeployment.Spec.ServerlessSpec)
-	case !isRegularDeployment && !isServerlessDeployment && isFlexDeployment:
+	case FlexSet:
 		tagsSpec = atlasDeployment.Spec.FlexSpec.Tags
 		err = flexDeployment(atlasDeployment.Spec.FlexSpec)
 	default:
-		return errors.New("expected exactly one of spec.deploymentSpec or spec.serverlessSpec or spec.flexSpec to be present, but none were")
+		return errors.New("expected exactly one of spec.deploymentSpec or spec.serverlessSpec or spec.flexSpec to be present, but multiple were")
 	}
 
 	if err != nil {
diff --git a/test/helper/contract/ako.go b/test/helper/contract/ako.go
index 88eb79869e..efc3109a35 100644
--- a/test/helper/contract/ako.go
+++ b/test/helper/contract/ako.go
@@ -24,9 +24,7 @@ func DefaultAtlasProject(name string) client.Object {
 }
 
 func newVersionedClient(ctx context.Context) (*admin.APIClient, error) {
-	domain := os.Getenv("MCLI_OPS_MANAGER_URL")
-	pubKey := os.Getenv("MCLI_PUBLIC_API_KEY")
-	prvKey := os.Getenv("MCLI_PRIVATE_API_KEY")
+	domain, pubKey, prvKey := getEnvSecrets()
 	client, err := atlas.NewClient(domain, pubKey, prvKey)
 	if err != nil {
 		return nil, fmt.Errorf("failed to setup Atlas Client: %w", err)
@@ -47,9 +45,7 @@ func mustCreateVersionedAtlasClient(ctx context.Context) *admin.APIClient {
 }
 
 func mustCreateVersionedAtlasClientSet(ctx context.Context) *atlas.ClientSet {
-	domain := os.Getenv("MCLI_OPS_MANAGER_URL")
-	pubKey := os.Getenv("MCLI_PUBLIC_API_KEY")
-	prvKey := os.Getenv("MCLI_PRIVATE_API_KEY")
+	domain, pubKey, prvKey := getEnvSecrets()
 	c2024, err := adminv20241113001.NewClient(
 		adminv20241113001.UseBaseURL(domain),
 		adminv20241113001.UseDigestAuth(pubKey, prvKey),
@@ -83,3 +79,10 @@ func globalSecret(namespace string) client.Object {
 		},
 	}
 }
+
+func getEnvSecrets() (string, string, string) {
+	domain := os.Getenv("MCLI_OPS_MANAGER_URL")
+	pubKey := os.Getenv("MCLI_PUBLIC_API_KEY")
+	prvKey := os.Getenv("MCLI_PRIVATE_API_KEY")
+	return domain, pubKey, prvKey
+}