Kong
diff --git a/‎go.mod
Lines changed: 2 additions & 2 deletions b/‎go.mod
Lines changed: 2 additions & 2 deletions
diff --git a/‎go.sum
Lines changed: 4 additions & 4 deletions b/‎go.sum
Lines changed: 4 additions & 4 deletions
diff --git a/‎tests/integration/sync_test.go
Lines changed: 298 additions & 0 deletions b/‎tests/integration/sync_test.go
Lines changed: 298 additions & 0 deletions
diff --git a/‎tests/integration/testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/acl-group-final.yaml
Lines changed: 12 additions & 0 deletions b/‎tests/integration/testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/acl-group-final.yaml
Lines changed: 12 additions & 0 deletions
diff --git a/‎tests/integration/testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/acl-group-initial.yaml
Lines changed: 12 additions & 0 deletions b/‎tests/integration/testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/acl-group-initial.yaml
Lines changed: 12 additions & 0 deletions
diff --git a/‎tests/integration/testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/basic-auth-final.yaml
Lines changed: 11 additions & 0 deletions b/‎tests/integration/testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/basic-auth-final.yaml
Lines changed: 11 additions & 0 deletions
diff --git a/‎tests/integration/testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/basic-auth-initial.yaml
Lines changed: 11 additions & 0 deletions b/‎tests/integration/testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/basic-auth-initial.yaml
Lines changed: 11 additions & 0 deletions
@@ -13,8 +13,8 @@ require (
 	github.com/fatih/color v1.18.0
 	github.com/google/go-cmp v0.7.0
 	github.com/kong/go-apiops v0.1.41
-	github.com/kong/go-database-reconciler v1.22.0
-	github.com/kong/go-kong v0.64.1
+	github.com/kong/go-database-reconciler v1.22.1
+	github.com/kong/go-kong v0.65.0
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.6
 
@@ -246,10 +246,10 @@ github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/q
 github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/kong/go-apiops v0.1.41 h1:1KXbQqyhO2E4nEnXJNqUDmHZU/LQ1U7Zoi+MAlcM2P0=
 github.com/kong/go-apiops v0.1.41/go.mod h1:sATq9Tz+ivzHKZU+tDXkRtEZnf64xroU3lgv3yXqP4I=
-github.com/kong/go-database-reconciler v1.22.0 h1:xkcGFqjk1QattePNXHI2PYtQ4qh6Ibhkj+8aMBPQLZs=
-github.com/kong/go-database-reconciler v1.22.0/go.mod h1:emf04E6FSd5y9OKCMB+kNQ0NCTauSaEeCUNRCUgymSY=
-github.com/kong/go-kong v0.64.1 h1:HQssErFchbyYoDVQL7kR8x2naaY9mFgmDu/dXF0NZSo=
-github.com/kong/go-kong v0.64.1/go.mod h1:sqdysTKrXIJ6mpxHwTwjgZhLW7jR1/puczTXHLUwJaE=
+github.com/kong/go-database-reconciler v1.22.1 h1:m3H8j9pGsR4+CSTTvBuTcSYWGL8i62tOimjzxqjQUqc=
+github.com/kong/go-database-reconciler v1.22.1/go.mod h1:Jlo4eEe0/PHd2dIkWTH9tFfShydRwRxY09dZvKZBelU=
+github.com/kong/go-kong v0.65.0 h1:dZT+hiMhy7CQsrc9W5nHv3cFJGBGTrwlZhC5MLuf9H8=
+github.com/kong/go-kong v0.65.0/go.mod h1:sqdysTKrXIJ6mpxHwTwjgZhLW7jR1/puczTXHLUwJaE=
 github.com/kong/go-slugify v1.0.0 h1:vCFAyf2sdoSlBtLcrmDWUFn0ohlpKiKvQfXZkO5vSKY=
 github.com/kong/go-slugify v1.0.0/go.mod h1:dbR2h3J2QKXQ1k0aww6cN7o4cIcwlWflr6RKRdcoaiw=
 github.com/kong/kubernetes-configuration v1.1.0 h1:zCj7QlOiZgwQ2wSNlVNR0K6Z+plXTalfihtDzLXQWzs=
 
@@ -7917,3 +7917,301 @@ func Test_Sync_Consumers_Default_Lookup_Tag(t *testing.T) {
 			require.NoError(t, err)
 		})
 }
+
+// test scope:
+//
+//   - >=2.8.0
+//   - konnect
+func Test_Sync_Avoid_Overwrite_On_Select_Tag_Mismatch_With_ID(t *testing.T) {
+	runWhenKongOrKonnect(t, ">=2.8.0")
+	setup(t)
+
+	ctx := context.Background()
+
+	tests := []struct {
+		name             string
+		initialStateFile string
+		targetStateFile  string
+		errorExpected    string
+	}{
+		{
+			name:             "ACL group",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/acl-group-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/acl-group-final.yaml",
+			errorExpected:    "error: ACL group with ID f2be545c-45c5-46e2-8acf-00ff2d899073 already exists",
+		},
+		{
+			name:             "basic-auth",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/basic-auth-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/basic-auth-final.yaml",
+			errorExpected:    "error: basic-auth credential with ID 7dd67c9c-f591-4216-9718-b320174193bb already exists",
+		},
+		{
+			name:             "hmac-auth",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/hmac-auth-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/hmac-auth-final.yaml",
+			errorExpected:    "error: hmac-auth credential with ID 172e4a82-5446-4b91-ab9f-5173478ed241 already exists",
+		},
+		{
+			name:             "jwt",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/jwt-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/jwt-final.yaml",
+			errorExpected:    "error: jwt-auth credential with ID 955382ce-98b0-4719-98ba-40ecd2db06de already exists",
+		},
+		{
+			name:             "key-auth",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/key-auth-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/key-auth-final.yaml",
+			errorExpected:    "error: key-auth credential with ID 6307cfb6-a9d9-4968-95ce-3937fcdd2359 already exists",
+		},
+		{
+			name:             "certificate",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/certificate-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/certificate-final.yaml",
+			errorExpected:    "error: certificate with ID 13c562a1-191c-4464-9b18-e5222b46035a already exists",
+		},
+		{
+			name:             "ca-certificate",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/ca-certificate-initial.yaml", //nolint:lll
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/ca-certificate-final.yaml",
+			errorExpected:    "error: CA certificate with ID b824e7c0-d116-4c03-9e27-de05c5d30083 already exists",
+		},
+		{
+			name:             "consumer",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/consumer-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/consumer-final.yaml",
+			errorExpected:    "error: consumer with ID 5a1e49a8-2536-41fa-a4e9-605bf218a4fa already exists",
+		},
+		{
+			name:             "plugin",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/plugin-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/plugin-final.yaml",
+			errorExpected:    "error: plugin with ID 5a1e49a8-2536-41fa-a4e9-605bf218a4fa already exists",
+		},
+		{
+			name:             "route",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/route-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/route-final.yaml",
+			errorExpected:    "error: route with ID 87b6a97e-f3f7-4c47-857a-7464cb9e202b already exists",
+		},
+		{
+			name:             "service",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/service-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/service-final.yaml",
+			errorExpected:    "error: service with ID 58076db2-28b6-423b-ba39-a797193017f7 already exists",
+		},
+		{
+			name:             "sni",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/sni-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/sni-final.yaml",
+			errorExpected:    "error: SNI with ID 87b6a97e-f3f7-4c47-857a-7464cb9e202b already exists",
+		},
+		{
+			name:             "upstream",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/upstream-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/upstream-final.yaml",
+			errorExpected:    "error: upstream with ID 87b6a97e-f3f7-4c47-857a-7464cb9e202b already exists",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			reset(t)
+			err := sync(ctx, tc.initialStateFile)
+			require.NoError(t, err)
+
+			err = sync(ctx, tc.targetStateFile, "--select-tag", "after")
+			require.Error(t, err)
+			assert.ErrorContains(t, err, tc.errorExpected)
+		})
+	}
+}
+
+// test scope:
+//
+//   - >=2.8.0
+//
+// Separated since oauth is not supported in konnect
+func Test_Sync_Avoid_Oauth_Overwrite_On_Select_Tag_Mismatch_With_ID(t *testing.T) {
+	runWhen(t, "kong", ">=2.8.0")
+	setup(t)
+
+	ctx := context.Background()
+
+	tests := []struct {
+		name             string
+		initialStateFile string
+		targetStateFile  string
+		errorExpected    string
+	}{
+		{
+			name:             "oauth",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/oauth-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/oauth-final.yaml",
+			errorExpected:    "error: oauth2 credential with ID f3c51133-2e0c-4049-b45d-fd9309dcba9a already exists",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			reset(t)
+			err := sync(ctx, tc.initialStateFile)
+			require.NoError(t, err)
+
+			err = sync(ctx, tc.targetStateFile, "--select-tag", "after")
+			require.Error(t, err)
+			assert.ErrorContains(t, err, tc.errorExpected)
+		})
+	}
+}
+
+// test scope:
+//   - konnect
+func Test_Sync_Avoid_Overwrite_On_Select_Tag_Mismatch_With_ID_Konnect(t *testing.T) {
+	runWhenKonnect(t)
+	setup(t)
+
+	ctx := context.Background()
+
+	tests := []struct {
+		name             string
+		initialStateFile string
+		targetStateFile  string
+		errorExpected    string
+	}{
+		{
+			name:             "partial",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/partial-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/partial-final.yaml",
+			errorExpected:    "error: partial with ID 13dc230d-d65e-439a-9f05-9fd71abfee4d already exists",
+		},
+		{
+			name:             "consumer-group",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/consumer-group-initial.yaml", //nolint:lll
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/consumer-group-final.yaml",
+			errorExpected:    "error: consumer-group with ID 5a1e49a8-2536-41fa-a4e9-605bf218a4fa already exists",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			reset(t)
+			err := sync(ctx, tc.initialStateFile)
+			require.NoError(t, err)
+
+			err = sync(ctx, tc.targetStateFile, "--select-tag", "after")
+			require.Error(t, err)
+			assert.ErrorContains(t, err, tc.errorExpected)
+		})
+	}
+}
+
+// test scope:
+//
+//   - >=3.0.0
+//
+// This is necessary since vault was in beta till v3.0.0
+func Test_Sync_Avoid_Vault_Overwrite_On_Select_Tag_Mismatch_With_ID(t *testing.T) {
+	runWhenKongOrKonnect(t, ">=3.0.0")
+	setup(t)
+
+	ctx := context.Background()
+
+	tests := []struct {
+		name             string
+		initialStateFile string
+		targetStateFile  string
+		errorExpected    string
+	}{
+		{
+			name:             "vault",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/vault-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/vault-final.yaml",
+			errorExpected:    "error: vault with ID 87b6a97e-f3f7-4c47-857a-7464cb9e202b already exists",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			reset(t)
+			err := sync(ctx, tc.initialStateFile)
+			require.NoError(t, err)
+
+			err = sync(ctx, tc.targetStateFile, "--select-tag", "after")
+			require.Error(t, err)
+			assert.ErrorContains(t, err, tc.errorExpected)
+		})
+	}
+}
+
+// test scope:
+//
+//   - >=3.10.0+enterprise
+func Test_Sync_Avoid_Overwrite_for_Partial_On_Select_Tag_Mismatch_With_ID_Enterprise(t *testing.T) {
+	runWhen(t, "enterprise", ">=3.10.0")
+	setup(t)
+
+	ctx := context.Background()
+
+	tests := []struct {
+		name             string
+		initialStateFile string
+		targetStateFile  string
+		errorExpected    string
+	}{
+		{
+			name:             "partial",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/partial-initial.yaml",
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/partial-final.yaml",
+			errorExpected:    "error: partial with ID 13dc230d-d65e-439a-9f05-9fd71abfee4d already exists",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			reset(t)
+			err := sync(ctx, tc.initialStateFile)
+			require.NoError(t, err)
+
+			err = sync(ctx, tc.targetStateFile, "--select-tag", "after")
+			require.Error(t, err)
+			assert.ErrorContains(t, err, tc.errorExpected)
+		})
+	}
+}
+
+// test scope:
+//
+//   - >=2.8.0+enterprise
+func Test_Sync_Avoid_Consumer_Group_Overwrite_On_Select_Tag_Mismatch_With_ID_Enterprise(t *testing.T) {
+	runWhen(t, "enterprise", ">=2.8.0")
+	setup(t)
+
+	ctx := context.Background()
+
+	tests := []struct {
+		name             string
+		initialStateFile string
+		targetStateFile  string
+		errorExpected    string
+	}{
+		{
+			name:             "consumer-group",
+			initialStateFile: "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/consumer-group-initial.yaml", //nolint:lll
+			targetStateFile:  "testdata/sync/040-avoid-entity-rewrite-with-id-on-select-tag-mismatch/consumer-group-final.yaml",
+			errorExpected:    "error: consumer-group with ID 5a1e49a8-2536-41fa-a4e9-605bf218a4fa already exists",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			reset(t)
+			err := sync(ctx, tc.initialStateFile)
+			require.NoError(t, err)
+
+			err = sync(ctx, tc.targetStateFile, "--select-tag", "after")
+			require.Error(t, err)
+			assert.ErrorContains(t, err, tc.errorExpected)
+		})
+	}
+}
@@ -0,0 +1,12 @@
+_format_version: "3.0"
+consumers:
+- acls:
+  - group: second consumers ACL
+    id: f2be545c-45c5-46e2-8acf-00ff2d899073
+    tags:
+    - after
+  custom_id: custom_id_2
+  id: 17d847fb-7aeb-4cb7-adb5-eccdd0ff1d43
+  username: consumer2
+  tags:
+  - after
@@ -0,0 +1,12 @@
+_format_version: "3.0"
+consumers:
+- acls:
+  - group: consumers ACL
+    id: f2be545c-45c5-46e2-8acf-00ff2d899073
+    tags:
+    - before
+  custom_id: custom_id_1
+  id: 27d847fb-7aeb-4cb7-adb5-eccdd0ff1d42
+  username: consumer1
+  tags:
+  - before
@@ -0,0 +1,11 @@
+_format_version: "3.0"
+consumers:
+- basicauth_credentials:
+  - id: 7dd67c9c-f591-4216-9718-b320174193bb
+    password: 22c435b847bb2114d21b02022c796e708acefe31
+    tags:
+    - after
+    username: user2
+  custom_id: consumer-2
+  id: c4f969ef-a249-4ffb-9d2e-9c511cfa9f68
+  username: consumer2
@@ -0,0 +1,11 @@
+_format_version: "3.0"
+consumers:
+- basicauth_credentials:
+  - id: 7dd67c9c-f591-4216-9718-b320174193bb
+    password: 22c435b847bb2114d21b02022c796e708acefe31
+    tags:
+    - before
+    username: user1
+  custom_id: consumer-1
+  id: c4f969ef-a249-4ffb-9d2e-9c511cfa9f67
+  username: consumer1