scl_lib/api_objects/

mod.rs

// SPDX-License-Identifier: EUPL-1.2
use regex::Regex;
use serde::de::DeserializeOwned;
use serde::{Deserialize, Serialize};
use std::convert::TryFrom;
use std::fmt::{Display, Formatter};
use std::ops::Deref;
use std::sync::LazyLock;
use uuid::Uuid;

#[cfg(feature = "openapi")]
use schemars::JsonSchema;

mod controller;
mod error;
mod node;
mod router;
mod separation_context;
mod virtual_machine;
mod volume;

pub use controller::{Controller, ControllerKind, ControllerStatus};
pub use error::{Error, Result, TransitionError, ValueSpaceExhaustedError};
pub use node::{Endpoint, Node, NodeStatus, Resources};
pub use router::{AssignedDeviceNames, ForwardedPort, Router, RouterStatus};
pub use separation_context::{AvailableVlanTags, SeparationContext, VlanTag};
pub use virtual_machine::{
    BootVolume, LocalStorage, NotAssignedStatus, TargetVmStatus, TransitionInfo, VirtualMachine,
    VmCondition, VmSpec, VmStatus,
};
pub use volume::{derive_volume_file_path, Volume, VolumeStatus};

static SCL_NAME_REGEX: LazyLock<Regex> =
    LazyLock::new(|| Regex::new(r"^[a-z]([0-9a-z-]*[0-9a-z])?$").unwrap());

/// Non-empty string consisting of lowercase alphanumeric characters as
/// well as hyphens `-`. The name must start with a letter and must end
/// with an alphanumeric character The length must not exceed 63. This
/// way, `SclNames` can be used as DNS label names as specified in
/// [RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035#section-2.3.1).
#[derive(Clone, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
#[cfg_attr(feature = "openapi", derive(JsonSchema))]
#[serde(try_from = "String")]
pub struct SclName(
    #[cfg_attr(feature = "openapi", validate(length(min = 1, max = 63)))]
    #[cfg_attr(feature = "openapi", validate(regex(path = "SCL_NAME_REGEX")))]
    String,
);

impl TryFrom<String> for SclName {
    type Error = Error;

    fn try_from(value: String) -> Result<Self> {
        if value.is_empty() {
            return Err(Error::ParsingFailed(
                "SclName must not be empty".to_string(),
            ));
        }

        if value.len() > 63 {
            return Err(Error::ParsingFailed(
                "SclName length must not exceed 63".to_string(),
            ));
        }

        if SCL_NAME_REGEX.is_match(&value) {
            Ok(Self(value))
        } else {
            Err(Error::ParsingFailed(
                "SclName contains illegal characters".to_string(),
            ))
        }
    }
}

impl TryFrom<&str> for SclName {
    type Error = Error;

    fn try_from(value: &str) -> Result<Self> {
        SclName::try_from(value.to_string())
    }
}

impl Deref for SclName {
    type Target = String;

    fn deref(&self) -> &Self::Target {
        &self.0
    }
}

impl Display for SclName {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        self.0.fmt(f)
    }
}

/// This trait is implemented by all SCL API objects to provide uniform access to common properties
/// of the objects.
pub trait SclObject:
    Clone + DeserializeOwned + Eq + Ord + PartialEq + PartialOrd + Serialize
{
    /// Constant prefix to identify the objects root.
    ///
    /// The prefix is used for both API endpoint and DB key construction and must start with a
    /// `"/"`.
    const PREFIX: &'static str;

    fn uuid(&self) -> Uuid {
        let name = self.name().to_string();
        let uuid_name = match self.separation_context() {
            Some(sc) => format!("{sc}{name}"),
            None => name,
        };
        Uuid::new_v5(&Uuid::NAMESPACE_OID, uuid_name.as_bytes())
    }

    /// Returns the [SclName] of the [SclObject].
    fn name(&self) -> &SclName;

    /// Returns the `SclName` of the separation context if the SclObject is connected to one,
    /// otherwise default `None`.
    fn separation_context(&self) -> Option<&SclName> {
        None
    }

    /// Returns the API endpoint for a [SclObject].
    ///
    /// # Examples
    ///
    /// ```
    /// use scl_lib::api_objects::{Controller, SclObject, VirtualMachine, Volume};
    ///
    /// assert_eq!(VirtualMachine::api_endpoint("sc-01", "vm-01"), "/scs/sc-01/vms/vm-01");
    /// assert_eq!(Controller::api_endpoint(None, "ctrl-01"), "/controllers/ctrl-01");
    /// assert_eq!(Volume::api_endpoint("sc-01", None), "/scs/sc-01/volumes");
    /// ```
    fn api_endpoint<'a>(
        sc: impl Into<Option<&'a str>>,
        name: impl Into<Option<&'a str>>,
    ) -> String {
        let ep = match sc.into() {
            Some(sc) => format!("{}/{}{}", SeparationContext::PREFIX, sc, Self::PREFIX),
            _ => Self::PREFIX.into(),
        };
        match name.into() {
            Some(name) => format!("{}/{}", ep, name),
            None => ep,
        }
    }

    /// Returns the API endpoint of the [SclObject].
    ///
    /// # Examples
    ///
    /// ```
    /// use std::convert::TryFrom;
    /// use scl_lib::api_objects::{Controller, ControllerKind, SclName, SclObject};
    ///
    /// let ctrl = Controller::new(
    ///     SclName::try_from("ctrl-01".to_string()).unwrap(),
    ///     ControllerKind::VmController);
    ///
    /// assert_eq!(ctrl.get_api_endpoint(), "/controllers/ctrl-01");
    /// ```
    fn get_api_endpoint(&self) -> String {
        Self::api_endpoint(
            self.separation_context().map(|sc| sc.as_str()),
            self.name().as_str(),
        )
    }

    /// Returns the database key for a [SclObject].
    ///
    /// # Examples
    ///
    /// ```
    /// use scl_lib::api_objects::{Controller, SclObject, VirtualMachine, Volume};
    ///
    /// assert_eq!(VirtualMachine::db_key("sc-01", "vm-01"), "/vms/sc-01/vm-01");
    /// assert_eq!(Controller::db_key(None, "ctrl-01"), "/controllers/ctrl-01");
    /// assert_eq!(Volume::db_key("sc-01", None), "/volumes/sc-01");
    /// ```
    fn db_key<'a>(sc: impl Into<Option<&'a str>>, name: impl Into<Option<&'a str>>) -> String {
        let key = match sc.into() {
            Some(sc) => format!("{}/{}", Self::PREFIX, sc),
            _ => Self::PREFIX.into(),
        };
        match name.into() {
            Some(name) => format!("{}/{}", key, name),
            _ => key,
        }
    }

    /// Returns the database key of the [SclObject].
    ///
    /// # Examples
    ///
    /// ```
    /// use std::convert::TryFrom;
    /// use scl_lib::api_objects::{Controller, ControllerKind, SclName, SclObject};
    ///
    /// let ctrl = Controller::new(
    ///     SclName::try_from("ctrl-01".to_string()).unwrap(),
    ///     ControllerKind::VmController);
    ///
    /// assert_eq!(ctrl.get_db_key(), "/controllers/ctrl-01");
    /// ```
    fn get_db_key(&self) -> String {
        Self::db_key(
            self.separation_context().map(|sc| sc.as_str()),
            self.name().as_str(),
        )
    }

    /// Providing access to `MetaData` is essential for our optimistic concurrency control.
    fn metadata(&self) -> &MetaData;

    /// Providing access to `MetaData` is essential for our optimistic concurrency control.
    fn metadata_mut(&mut self) -> &mut MetaData;

    /// Returns all DB keys the object is referencing / depending on.
    fn referenced_db_keys(&self) -> Vec<String>;

    /// Checks if all fields (except references to other SclObjects) are legal initial fields.
    /// Should be called before a create operation.
    fn validate_fields_before_create(&self) -> Result<()>;

    /// Checks if a proposed updated is valid. Should be called before a regular (**not**
    /// related to finalizers / deletion) update operation.
    fn validate_fields_before_update(
        current_db_state: &Self,
        proposed_new_state: &Self,
    ) -> Result<()>;
}

#[derive(Clone, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
#[cfg_attr(feature = "openapi", derive(JsonSchema))]
#[serde(try_from = "i64")]
pub struct ResourceVersion(#[cfg_attr(feature = "openapi", validate(range(min = 1)))] i64);

impl ResourceVersion {
    pub fn value(&self) -> i64 {
        self.0
    }

    pub fn inc(&mut self) -> Result<()> {
        if self.0 == i64::MAX {
            return Err(ValueSpaceExhaustedError::CannotIncreaseResourceVersion.into());
        }

        self.0 += 1;
        Ok(())
    }
}

impl Default for ResourceVersion {
    fn default() -> Self {
        Self(1)
    }
}

impl TryFrom<i64> for ResourceVersion {
    type Error = Error;

    fn try_from(value: i64) -> Result<Self> {
        if value > 0 {
            Ok(Self(value))
        } else {
            Err(Error::ParsingFailed(
                "Resource version must be greater than zero".to_string(),
            ))
        }
    }
}

#[derive(Clone, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
#[cfg_attr(feature = "openapi", derive(JsonSchema))]
#[serde(rename_all = "camelCase")]
pub struct MetaData {
    pub name: SclName,
    #[serde(default)]
    pub resource_version: ResourceVersion,

    /// Will be set by the SCL API after it has received a delete request.
    /// Controllers will clean up related resources before the actual delete
    /// is performed.
    #[serde(default)]
    pub deletion_mark: Option<DeletionMark>,
}

impl MetaData {
    pub fn new(name: SclName) -> Self {
        Self {
            name,
            resource_version: ResourceVersion::default(),
            deletion_mark: None,
        }
    }

    /// Returns the value of the `name` field.
    pub fn name(&self) -> &str {
        self.name.as_str()
    }

    /// Indicates whether a safe deletion (without remaining dangling references elsewhere) should be possible.
    pub fn may_be_deleted(&self) -> bool {
        matches!(&self.deletion_mark, Some(dm) if dm.finalizers.may_be_deleted())
    }

    /// Indicates whether the object may be referenced by others. Currently, this is synonymous with
    /// the absence of a deletion mark.
    pub fn may_be_referenced(&self) -> bool {
        // Consider to move this to SclObject if object specific circumstances should be considered, too.
        self.deletion_mark.is_none()
    }

    /// Checks if all fields are legal initial fields. Should be called before a create operation.
    pub fn validate_fields_before_create(&self) -> Result<()> {
        if self.resource_version != ResourceVersion(1) {
            return Err(Error::IllegalInitialValue(
                "Illegal initial resource version!".to_string(),
            ));
        }

        if self.deletion_mark.is_some() {
            // We do not want the controllers to act on user supplied finalizers.
            return Err(Error::IllegalInitialValue(
                "The deletion mark must be initialized by the SCL API server".to_string(),
            ));
        }

        Ok(())
    }

    /// Checks if a proposed updated is valid. Should be called before a regular (not related to
    /// finalizers / deletion) update.
    pub fn validate_fields_before_regular_update(
        current_db_state: &Self,
        proposed_new_state: &Self,
    ) -> Result<()> {
        if current_db_state.deletion_mark.is_some() || proposed_new_state.deletion_mark.is_some() {
            return Err(Error::Application); // Function should not be called during finalizer updates.
        }

        if current_db_state.name != proposed_new_state.name {
            return Err(TransitionError::Other(
                "The name attribute may not be changed!".to_string(),
            )
            .into());
        }

        if current_db_state.resource_version.value() != proposed_new_state.resource_version.value()
        {
            return Err(TransitionError::Concurrency.into());
        }

        Ok(())
    }

    /// Checks if a proposed updated is valid. Should be called before a finalizer update.
    /// Does not check [SclObject] specific details related to [FinalizerId]s.
    pub fn validate_fields_before_finalizer_update(
        current_db_state: &Self,
        proposed_new_state: &Self,
    ) -> Result<()> {
        if current_db_state.name != proposed_new_state.name {
            return Err(TransitionError::Other(
                "The name attribute may not be changed!".to_string(),
            )
            .into());
        }

        if current_db_state.resource_version.value() != proposed_new_state.resource_version.value()
        {
            return Err(TransitionError::Concurrency.into());
        }

        match (
            current_db_state.deletion_mark.as_ref(),
            proposed_new_state.deletion_mark.as_ref(),
        ) {
            (Some(a), Some(b)) => {
                Finalizers::identify_removed_finalizer(&a.finalizers, &b.finalizers).map(|_| ())
            }
            _ => Err(Error::Application), // Deletion must be in progress.
        }
    }
}

/// Indicates that certain work needs to be done by controllers before
/// an [SclObject] can be safely (proper shutdown, no dangling references)
/// deleted. Since SclObjects reference parent / owner SclObjects via
/// [SclName]s, the work indicated by [FinalizerId] mainly affects children
/// objects of a SclObject.
#[derive(Clone, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
#[cfg_attr(feature = "openapi", derive(JsonSchema))]
#[serde(rename_all = "camelCase")]
pub enum FinalizerId {
    /// All dependent VM API objects need to be removed before the referenced
    /// API object (depending on the case the [SeparationContext], [Node] on
    /// which the VM is running or VM [Volume]) may be deleted.
    ForceRemoveVMs,

    /// All dependent Volume API objects need to be removed before the parent
    /// [SeparationContext] API object may be removed.
    ForceRemoveVolumes,

    /// All dependent Router API objects need to be removed before the parent
    /// [SeparationContext] API object may be removed.
    ForceRemoveRouters,

    /// Network infrastructure related to the [SclObject] (e.g., network
    /// namespaces and bridge devices for [SeparationContext]s, tap devices for
    /// [VirtualMachine]s) needs to be removed up before the SclObject may be
    /// removed.
    CleanUpNetworkInfrastructure,

    /// Local volume state needs to be removed before the [Volume] API object may
    /// be deleted.
    CleanUpVolumeState,

    /// The VM needs to be removed.
    RemoveVm,
}

/// A sequence of [FinalizerId]s that should be processed in the right order,
/// one by one. Deletion may performed only if there is no FinalizerId left
/// to process.
///
/// Similar to a Stack except that no new elements can be pushed to the data
/// structure after it has been created.
///
/// # Examples
///
/// ```
/// use scl_lib::api_objects::{Finalizers, FinalizerId::*};
/// let fs = vec![ForceRemoveVMs, ForceRemoveVolumes];
/// let mut finalizers = Finalizers::from(fs);
/// assert_eq!(finalizers.take_next_finalizer(), Some(ForceRemoveVMs));
/// assert_eq!(finalizers.next_finalizer(), Some(&ForceRemoveVolumes));
/// let _ = finalizers.take_next_finalizer();
/// assert!(finalizers.may_be_deleted());
/// ```
#[derive(Clone, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
#[cfg_attr(feature = "openapi", derive(JsonSchema))]
#[serde(rename_all = "camelCase")]
pub struct Finalizers {
    inner: Vec<FinalizerId>,
}

impl Finalizers {
    /// Returns true if no finalizer remains.
    pub fn may_be_deleted(&self) -> bool {
        self.inner.is_empty()
    }

    /// Returns a reference of the next [FinalizerId] that should be processed.
    pub fn next_finalizer(&self) -> Option<&FinalizerId> {
        self.inner.last()
    }

    /// Pops the next [FinalizerId] that should be processed.
    pub fn take_next_finalizer(&mut self) -> Option<FinalizerId> {
        self.inner.pop()
    }

    /// Identifies which finalizer has been removed.
    ///
    /// The function performs a transition validation since this is a prerequisite.
    pub fn identify_removed_finalizer(
        current_state: &Self,
        proposed_new_state: &Self,
    ) -> Result<FinalizerId> {
        if proposed_new_state.inner.len() > current_state.inner.len() {
            return Err(TransitionError::Other("Finalizers may not be added!".to_string()).into());
        }

        match current_state.inner.as_slice() {
            // current_state is larger than proposed state, so `current_state.next_finalizer()`
            // will return Some.
            [elements @ .., last] if elements == proposed_new_state.inner => Ok(last.clone()),
            _ => Err(TransitionError::Other(
                "One finalizer must be removed at a time!".to_string(),
            )
            .into()),
        }
    }

    /// Provides an iterator over the finalizers.
    pub fn iter(&self) -> std::slice::Iter<'_, FinalizerId> {
        self.inner.iter()
    }
}

impl From<Vec<FinalizerId>> for Finalizers {
    fn from(mut vec: Vec<FinalizerId>) -> Self {
        vec.reverse();
        Self { inner: vec }
    }
}

/// Indicates an on-going deletion process.
#[derive(Clone, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
#[cfg_attr(feature = "openapi", derive(JsonSchema))]
#[serde(rename_all = "camelCase")]
pub struct DeletionMark {
    pub finalizers: Finalizers,
    // requested_by: String,
    // created_on: String
}

/// Common event classification
#[derive(Clone, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
#[cfg_attr(feature = "openapi", derive(JsonSchema))]
#[serde(rename_all = "camelCase")]
#[serde(bound = "T: Serialize, for<'de2> T: Deserialize<'de2>")]
pub enum SclEvent<T: SclObject> {
    /// A new `SclObject` has been created. The payload will contain the new object data.
    Created(T),
    /// An `SclObject` has been updated. The payload will contain the new object state.
    Updated(T),
    /// An `SclObject` has been deleted. The payload will contain the last version of the object.
    Deleted(T),
    /// Non `SclObject` related general information. The payload contains an informative message.
    Info(String),
}

/// Data type for wrapping additional informational messages
#[derive(Clone, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
#[cfg_attr(feature = "openapi", derive(JsonSchema))]
#[serde(rename_all = "camelCase")]
pub struct SclInfo {
    pub message: String,
}

impl SclInfo {
    /// Constructs a [SclInfo] from a [&str] slice.
    pub fn new(msg: &str) -> Self {
        Self {
            message: msg.into(),
        }
    }
}

#[derive(Clone, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
#[cfg_attr(feature = "openapi", derive(JsonSchema))]
#[serde(try_from = "&str")]
pub struct Url(#[cfg_attr(feature = "openapi", validate(url))] String);

impl<'a> TryFrom<&'a str> for Url {
    type Error = Error;

    fn try_from(value: &'a str) -> std::result::Result<Self, Self::Error> {
        reqwest::Url::try_from(value)
            .map_err(|_e| TransitionError::Other("URL validation failed".to_string()))?;
        Ok(Self(value.to_string()))
    }
}

/// Returns a reference to the underlying string.
impl AsRef<str> for Url {
    fn as_ref(&self) -> &str {
        &self.0
    }
}

#[cfg(test)]
mod test {
    use super::*;
    use serde_json;
    use std::fs;
    use std::path::Path;

    /// Recursively traverses a directory and parses all JSON files into datatype `T`
    pub fn parse_json_dir<T: serde::de::DeserializeOwned>(dir: &Path) -> Vec<T> {
        let mut ts = vec![];
        if dir.is_dir() {
            for entry in fs::read_dir(dir).unwrap() {
                let path = entry.unwrap().path();
                if path.is_dir() {
                    ts.append(&mut parse_json_dir::<T>(&path));
                } else {
                    let data = fs::read_to_string(path).unwrap();
                    let t = serde_json::from_str::<T>(&data).unwrap();
                    ts.push(t);
                }
            }
        }

        ts
    }

    #[test]
    fn scl_names() {
        // Result Ok
        assert!(SclName::try_from("a").is_ok());
        assert!(SclName::try_from("a-a").is_ok());
        assert!(SclName::try_from("aa").is_ok());
        assert!(SclName::try_from("a234").is_ok());
        // Result Err
        assert!(SclName::try_from("").is_err());
        assert!(SclName::try_from("a-").is_err());
        assert!(SclName::try_from("-a").is_err());
        assert!(SclName::try_from("A-a").is_err());
        assert!(SclName::try_from("a+ü4").is_err());
        assert!(SclName::try_from("A234").is_err());
        assert!(SclName::try_from("a".repeat(64)).is_err());
    }

    #[test]
    fn resource_version() {
        let mut rv = ResourceVersion(i64::MAX);
        assert!(rv.inc().is_err());

        assert!(ResourceVersion::try_from(-1).is_err());
        assert!(ResourceVersion::try_from(0).is_err());
        assert!(ResourceVersion::try_from(1).is_ok());
        let v = ResourceVersion::default().value();
        assert!(ResourceVersion::try_from(v).is_ok());
    }

    #[test]
    fn metadata_may_be_deleted() {
        let mut metadata = MetaData::new(SclName::try_from("example").unwrap());
        assert!(!metadata.may_be_deleted());
        metadata.deletion_mark = Some(DeletionMark {
            finalizers: Finalizers::from(vec![FinalizerId::ForceRemoveVMs]),
        });
        assert!(!metadata.may_be_deleted());
        metadata.deletion_mark = Some(DeletionMark {
            finalizers: Finalizers::from(vec![]),
        });
        assert!(metadata.may_be_deleted());
    }

    #[test]
    fn metadata_may_be_referenced() {
        let mut metadata = MetaData::new(SclName::try_from("example").unwrap());
        assert!(metadata.may_be_referenced());
        metadata.deletion_mark = Some(DeletionMark {
            finalizers: Finalizers::from(vec![FinalizerId::ForceRemoveVMs]),
        });
        assert!(!metadata.may_be_referenced());
    }

    #[test]
    fn test_identify_removed_finalizer() {
        use FinalizerId::*;
        let state_0 =
            Finalizers::from(vec![ForceRemoveVMs, ForceRemoveVolumes, ForceRemoveRouters]);
        let state_1 = Finalizers::from(vec![ForceRemoveVolumes, ForceRemoveRouters]);
        let state_2 = Finalizers::from(vec![ForceRemoveRouters]);
        let state_3 = Finalizers::from(vec![]);
        let state_1_wrong_items = Finalizers::from(vec![ForceRemoveRouters, ForceRemoveVolumes]);

        assert_eq!(
            Finalizers::identify_removed_finalizer(&state_0, &state_1),
            Ok(ForceRemoveVMs)
        );
        assert_eq!(
            Finalizers::identify_removed_finalizer(&state_1, &state_2),
            Ok(ForceRemoveVolumes)
        );
        assert_eq!(
            Finalizers::identify_removed_finalizer(&state_2, &state_3),
            Ok(ForceRemoveRouters)
        );
        assert!(Finalizers::identify_removed_finalizer(&state_0, &state_0).is_err());
        assert!(Finalizers::identify_removed_finalizer(&state_0, &state_3).is_err());
        assert!(Finalizers::identify_removed_finalizer(&state_0, &state_1_wrong_items).is_err());
        assert!(Finalizers::identify_removed_finalizer(&state_3, &state_2).is_err());
        assert!(Finalizers::identify_removed_finalizer(&state_3, &state_3).is_err());
    }

    #[test]
    fn scl_objects_can_be_parsed_as_metadata() {
        // This is required for the deletion process / finalizer reduction to work.
        //   The data models do not have a "kind" member (unlike k8s) that tells us,
        //   how we should parse something. But everything can be parsed as metadata
        //   if it has a metadata member that is "flattened" during de/serialization.
        let _ms = parse_json_dir::<MetaData>(Path::new("../test/sample_json/"));
    }

    #[test]
    fn url_parsing() {
        assert!(Url::try_from("foo").is_err());
        assert!(Url::try_from("bar.org").is_err());
        assert!(Url::try_from("http://baz.org").is_ok());
    }

    #[test]
    fn validate_metadata_fields_before_create() {
        let mut m = MetaData::new(SclName::try_from("example").unwrap());
        assert!(m.validate_fields_before_create().is_ok());
        assert_eq!(m.resource_version, ResourceVersion(1));
        m.resource_version.inc().unwrap();
        assert!(m.validate_fields_before_create().is_err());

        let mut m = MetaData::new(SclName::try_from("example").unwrap());
        m.deletion_mark = Some(DeletionMark {
            finalizers: Finalizers::from(vec![]),
        });
        assert!(m.validate_fields_before_create().is_err());
    }

    #[test]
    fn validate_metadata_fields_before_regular_update() {
        let m = MetaData::new(SclName::try_from("example").unwrap());

        let mut n = m.clone();
        n.resource_version.inc().unwrap();
        assert!(MetaData::validate_fields_before_regular_update(&m, &n).is_err());

        let mut n = m.clone();
        n.name = SclName::try_from("changed").unwrap();
        assert!(MetaData::validate_fields_before_regular_update(&m, &n).is_err());

        let mut n = m.clone();
        n.deletion_mark = Some(DeletionMark {
            finalizers: Finalizers::from(vec![]),
        });
        assert!(MetaData::validate_fields_before_regular_update(&m, &n).is_err());
    }

    #[test]
    fn validate_metadata_fields_before_finalizer_update() {
        let m = MetaData {
            name: SclName::try_from("example").unwrap(),
            resource_version: Default::default(),
            deletion_mark: Some(DeletionMark {
                finalizers: Finalizers::from(vec![FinalizerId::ForceRemoveVMs]),
            }),
        };

        let n = MetaData {
            deletion_mark: Some(DeletionMark {
                finalizers: Finalizers::from(vec![]),
            }),
            ..m.clone()
        };

        assert!(MetaData::validate_fields_before_finalizer_update(&m, &m).is_err());
        assert!(MetaData::validate_fields_before_finalizer_update(&m, &n).is_ok());

        let mut o = n.clone();
        o.resource_version.inc().unwrap();
        assert!(MetaData::validate_fields_before_finalizer_update(&m, &o).is_err());

        let mut o = n.clone();
        o.name = SclName::try_from("changed").unwrap();
        assert!(MetaData::validate_fields_before_finalizer_update(&m, &o).is_err());

        let mut o = n;
        o.deletion_mark = None;
        assert!(MetaData::validate_fields_before_finalizer_update(&m, &o).is_err());
    }

    /// Checks that metadata create validation is performed for a valid [SclObject].
    pub fn detect_invalid_metadata_create_mutations<T: SclObject>(t: &T) {
        #[allow(clippy::type_complexity)]
        let invalid_mutations: Vec<Box<dyn Fn(&mut MetaData)>> = vec![
            Box::new(|t| t.resource_version = ResourceVersion::try_from(2).unwrap()),
            Box::new(|t| {
                t.deletion_mark = Some(DeletionMark {
                    finalizers: Finalizers::from(vec![]),
                })
            }),
        ];

        for transformation in invalid_mutations {
            let mut t_clone = t.clone();
            transformation(t_clone.metadata_mut());
            assert!(t_clone.validate_fields_before_create().is_err());
        }
    }

    /// Checks that metadata update validation is performed for a valid [SclObject].
    pub fn detect_invalid_metadata_update_mutations<T: SclObject>(t: &T) {
        #[allow(clippy::type_complexity)]
        let invalid_mutations: Vec<Box<dyn Fn(&mut MetaData)>> = vec![
            Box::new(|t| t.resource_version.inc().unwrap()),
            Box::new(|t| t.name = SclName::try_from("changed").unwrap()),
            Box::new(|t| {
                t.deletion_mark = Some(DeletionMark {
                    finalizers: Finalizers::from(vec![]),
                })
            }),
        ];

        for transformation in invalid_mutations {
            let mut t_clone = t.clone();
            let metadata = t_clone.metadata_mut();
            transformation(metadata);
            assert!(T::validate_fields_before_update(t, &t_clone).is_err())
        }
    }

    /// Applies every mutation to an isolated clone of `t` and asserts that
    /// `T::validate_fields_before_create` returns an error.
    #[allow(clippy::type_complexity)]
    pub fn detect_invalid_create_mutations<T: SclObject>(
        t: &T,
        mutations: Vec<Box<dyn Fn(&mut T)>>,
    ) {
        for mutation in mutations {
            let mut t_clone = t.clone();
            mutation(&mut t_clone);
            assert!(T::validate_fields_before_create(&t_clone).is_err())
        }
    }

    /// Applies every mutation to an isolated clone of `proposed` and asserts that
    /// `T::validate_fields_before_update` with `current` and the mutated `proposed` returns an error.
    #[allow(clippy::type_complexity)]
    pub fn detect_invalid_update_mutations<T: SclObject>(
        current: &T,
        proposed: &T,
        transformations: Vec<Box<dyn Fn(&mut T)>>,
    ) {
        for transformation in transformations {
            let mut proposed_clone = proposed.clone();
            transformation(&mut proposed_clone);
            assert!(T::validate_fields_before_update(current, &proposed_clone).is_err())
        }
    }
}