kubernetes-sigs
diff --git a/‎.gitignore
Lines changed: 4 additions & 0 deletions b/‎.gitignore
Lines changed: 4 additions & 0 deletions
diff --git a/‎api/v1beta2/awscluster_webhook.go
Lines changed: 8 additions & 7 deletions b/‎api/v1beta2/awscluster_webhook.go
Lines changed: 8 additions & 7 deletions
diff --git a/‎api/v1beta2/awsclustercontrolleridentity_webhook.go
Lines changed: 13 additions & 12 deletions b/‎api/v1beta2/awsclustercontrolleridentity_webhook.go
Lines changed: 13 additions & 12 deletions
diff --git a/‎api/v1beta2/awsclusterroleidentity_webhook.go
Lines changed: 12 additions & 11 deletions b/‎api/v1beta2/awsclusterroleidentity_webhook.go
Lines changed: 12 additions & 11 deletions
diff --git a/‎api/v1beta2/awsclusterstaticidentity_webhook.go
Lines changed: 11 additions & 10 deletions b/‎api/v1beta2/awsclusterstaticidentity_webhook.go
Lines changed: 11 additions & 10 deletions
diff --git a/‎api/v1beta2/awsclustertemplate_webhook.go
Lines changed: 8 additions & 7 deletions b/‎api/v1beta2/awsclustertemplate_webhook.go
Lines changed: 8 additions & 7 deletions
diff --git a/‎api/v1beta2/awsmachine_webhook.go
Lines changed: 9 additions & 8 deletions b/‎api/v1beta2/awsmachine_webhook.go
Lines changed: 9 additions & 8 deletions
@@ -39,6 +39,10 @@ kubeconfig
 # vscode
 .vscode
 
+# go.work files
+go.work
+go.work.sum
+
 # goland
 .idea
 
 
@@ -26,6 +26,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/util/annotations"
@@ -49,7 +50,7 @@ var (
 )
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSCluster) ValidateCreate() error {
+func (r *AWSCluster) ValidateCreate() (admission.Warnings, error) {
 	var allErrs field.ErrorList
 
 	allErrs = append(allErrs, r.Spec.Bastion.Validate()...)
@@ -59,23 +60,23 @@ func (r *AWSCluster) ValidateCreate() error {
 	allErrs = append(allErrs, r.validateNetwork()...)
 	allErrs = append(allErrs, r.validateControlPlaneLBIngressRules()...)
 
-	return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
+	return nil, aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSCluster) ValidateDelete() error {
-	return nil
+func (r *AWSCluster) ValidateDelete() (admission.Warnings, error) {
+	return nil, nil
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSCluster) ValidateUpdate(old runtime.Object) error {
+func (r *AWSCluster) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	var allErrs field.ErrorList
 
 	allErrs = append(allErrs, r.validateGCTasksAnnotation()...)
 
 	oldC, ok := old.(*AWSCluster)
 	if !ok {
-		return apierrors.NewBadRequest(fmt.Sprintf("expected an AWSCluster but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSCluster but got a %T", old))
 	}
 
 	if r.Spec.Region != oldC.Spec.Region {
@@ -170,7 +171,7 @@ func (r *AWSCluster) ValidateUpdate(old runtime.Object) error {
 	allErrs = append(allErrs, r.Spec.AdditionalTags.Validate()...)
 	allErrs = append(allErrs, r.Spec.S3Bucket.Validate()...)
 
-	return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
+	return nil, aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
 }
 
 // Default satisfies the defaulting webhook interface.
 
@@ -27,6 +27,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 // log is for logging in this package.
@@ -47,54 +48,54 @@ var (
 )
 
 // ValidateCreate will do any extra validation when creating an AWSClusterControllerIdentity.
-func (r *AWSClusterControllerIdentity) ValidateCreate() error {
+func (r *AWSClusterControllerIdentity) ValidateCreate() (admission.Warnings, error) {
 	// Ensures AWSClusterControllerIdentity being singleton by only allowing "default" as name
 	if r.Name != AWSClusterControllerIdentityName {
-		return field.Invalid(field.NewPath("name"),
+		return nil, field.Invalid(field.NewPath("name"),
 			r.Name, "AWSClusterControllerIdentity is a singleton and only acceptable name is default")
 	}
 
 	// Validate selector parses as Selector if AllowedNameSpaces is populated
 	if r.Spec.AllowedNamespaces != nil {
 		_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)
 		if err != nil {
-			return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
+			return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
 		}
 	}
 
-	return nil
+	return nil, nil
 }
 
 // ValidateDelete allows you to add any extra validation when deleting an AWSClusterControllerIdentity.
-func (r *AWSClusterControllerIdentity) ValidateDelete() error {
-	return nil
+func (r *AWSClusterControllerIdentity) ValidateDelete() (admission.Warnings, error) {
+	return nil, nil
 }
 
 // ValidateUpdate will do any extra validation when updating an AWSClusterControllerIdentity.
-func (r *AWSClusterControllerIdentity) ValidateUpdate(old runtime.Object) error {
+func (r *AWSClusterControllerIdentity) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	oldP, ok := old.(*AWSClusterControllerIdentity)
 	if !ok {
-		return apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterControllerIdentity but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterControllerIdentity but got a %T", old))
 	}
 
 	if !cmp.Equal(r.Spec, oldP.Spec) {
-		return errors.New("AWSClusterControllerIdentity is immutable")
+		return nil, errors.New("AWSClusterControllerIdentity is immutable")
 	}
 
 	if r.Name != oldP.Name {
-		return field.Invalid(field.NewPath("name"),
+		return nil, field.Invalid(field.NewPath("name"),
 			r.Name, "AWSClusterControllerIdentity is a singleton and only acceptable name is default")
 	}
 
 	// Validate selector parses as Selector if AllowedNameSpaces is not nil
 	if r.Spec.AllowedNamespaces != nil {
 		_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)
 		if err != nil {
-			return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selectors"), r.Spec.AllowedNamespaces.Selector, err.Error())
+			return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selectors"), r.Spec.AllowedNamespaces.Selector, err.Error())
 		}
 	}
 
-	return nil
+	return nil, nil
 }
 
 // Default will set default values for the AWSClusterControllerIdentity.
 
@@ -25,6 +25,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 // log is for logging in this package.
@@ -45,50 +46,50 @@ var (
 )
 
 // ValidateCreate will do any extra validation when creating an AWSClusterRoleIdentity.
-func (r *AWSClusterRoleIdentity) ValidateCreate() error {
+func (r *AWSClusterRoleIdentity) ValidateCreate() (admission.Warnings, error) {
 	if r.Spec.SourceIdentityRef == nil {
-		return field.Invalid(field.NewPath("spec", "sourceIdentityRef"),
+		return nil, field.Invalid(field.NewPath("spec", "sourceIdentityRef"),
 			r.Spec.SourceIdentityRef, "field cannot be set to nil")
 	}
 
 	// Validate selector parses as Selector
 	if r.Spec.AllowedNamespaces != nil {
 		_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)
 		if err != nil {
-			return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
+			return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
 		}
 	}
 
-	return nil
+	return nil, nil
 }
 
 // ValidateDelete allows you to add any extra validation when deleting an AWSClusterRoleIdentity.
-func (r *AWSClusterRoleIdentity) ValidateDelete() error {
-	return nil
+func (r *AWSClusterRoleIdentity) ValidateDelete() (admission.Warnings, error) {
+	return nil, nil
 }
 
 // ValidateUpdate will do any extra validation when updating an AWSClusterRoleIdentity.
-func (r *AWSClusterRoleIdentity) ValidateUpdate(old runtime.Object) error {
+func (r *AWSClusterRoleIdentity) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	oldP, ok := old.(*AWSClusterRoleIdentity)
 	if !ok {
-		return apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterRoleIdentity but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterRoleIdentity but got a %T", old))
 	}
 
 	// If a SourceIdentityRef is set, do not allow removal of it.
 	if oldP.Spec.SourceIdentityRef != nil && r.Spec.SourceIdentityRef == nil {
-		return field.Invalid(field.NewPath("spec", "sourceIdentityRef"),
+		return nil, field.Invalid(field.NewPath("spec", "sourceIdentityRef"),
 			r.Spec.SourceIdentityRef, "field cannot be set to nil")
 	}
 
 	// Validate selector parses as Selector
 	if r.Spec.AllowedNamespaces != nil {
 		_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)
 		if err != nil {
-			return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
+			return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
 		}
 	}
 
-	return nil
+	return nil, nil
 }
 
 // Default will set default values for the AWSClusterRoleIdentity.
 
@@ -25,6 +25,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 // log is for logging in this package.
@@ -45,44 +46,44 @@ var (
 )
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSClusterStaticIdentity) ValidateCreate() error {
+func (r *AWSClusterStaticIdentity) ValidateCreate() (admission.Warnings, error) {
 	// Validate selector parses as Selector
 	if r.Spec.AllowedNamespaces != nil {
 		_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)
 		if err != nil {
-			return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
+			return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
 		}
 	}
 
-	return nil
+	return nil, nil
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSClusterStaticIdentity) ValidateDelete() error {
-	return nil
+func (r *AWSClusterStaticIdentity) ValidateDelete() (admission.Warnings, error) {
+	return nil, nil
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSClusterStaticIdentity) ValidateUpdate(old runtime.Object) error {
+func (r *AWSClusterStaticIdentity) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	oldP, ok := old.(*AWSClusterStaticIdentity)
 	if !ok {
-		return apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterStaticIdentity but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterStaticIdentity but got a %T", old))
 	}
 
 	if oldP.Spec.SecretRef != r.Spec.SecretRef {
-		return field.Invalid(field.NewPath("spec", "secretRef"),
+		return nil, field.Invalid(field.NewPath("spec", "secretRef"),
 			r.Spec.SecretRef, "field cannot be updated")
 	}
 
 	// Validate selector parses as Selector
 	if r.Spec.AllowedNamespaces != nil {
 		_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)
 		if err != nil {
-			return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
+			return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())
 		}
 	}
 
-	return nil
+	return nil, nil
 }
 
 // Default should return the default AWSClusterStaticIdentity.
 
@@ -23,6 +23,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 func (r *AWSClusterTemplate) SetupWebhookWithManager(mgr ctrl.Manager) error {
@@ -43,26 +44,26 @@ func (r *AWSClusterTemplate) Default() {
 }
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSClusterTemplate) ValidateCreate() error {
+func (r *AWSClusterTemplate) ValidateCreate() (admission.Warnings, error) {
 	var allErrs field.ErrorList
 
 	allErrs = append(allErrs, r.Spec.Template.Spec.Bastion.Validate()...)
 	allErrs = append(allErrs, validateSSHKeyName(r.Spec.Template.Spec.SSHKeyName)...)
 
-	return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
+	return nil, aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSClusterTemplate) ValidateUpdate(oldRaw runtime.Object) error {
+func (r *AWSClusterTemplate) ValidateUpdate(oldRaw runtime.Object) (admission.Warnings, error) {
 	old := oldRaw.(*AWSClusterTemplate)
 
 	if !cmp.Equal(r.Spec, old.Spec) {
-		return apierrors.NewBadRequest("AWSClusterTemplate.Spec is immutable")
+		return nil, apierrors.NewBadRequest("AWSClusterTemplate.Spec is immutable")
 	}
-	return nil
+	return nil, nil
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSClusterTemplate) ValidateDelete() error {
-	return nil
+func (r *AWSClusterTemplate) ValidateDelete() (admission.Warnings, error) {
+	return nil, nil
 }
@@ -24,6 +24,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	"sigs.k8s.io/cluster-api-provider-aws/v2/feature"
 )
@@ -46,7 +47,7 @@ var (
 )
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSMachine) ValidateCreate() error {
+func (r *AWSMachine) ValidateCreate() (admission.Warnings, error) {
 	var allErrs field.ErrorList
 
 	allErrs = append(allErrs, r.validateCloudInitSecret()...)
@@ -57,20 +58,20 @@ func (r *AWSMachine) ValidateCreate() error {
 	allErrs = append(allErrs, r.validateAdditionalSecurityGroups()...)
 	allErrs = append(allErrs, r.Spec.AdditionalTags.Validate()...)
 
-	return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
+	return nil, aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSMachine) ValidateUpdate(old runtime.Object) error {
+func (r *AWSMachine) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	newAWSMachine, err := runtime.DefaultUnstructuredConverter.ToUnstructured(r)
 	if err != nil {
-		return apierrors.NewInvalid(GroupVersion.WithKind("AWSMachine").GroupKind(), r.Name, field.ErrorList{
+		return nil, apierrors.NewInvalid(GroupVersion.WithKind("AWSMachine").GroupKind(), r.Name, field.ErrorList{
 			field.InternalError(nil, errors.Wrap(err, "failed to convert new AWSMachine to unstructured object")),
 		})
 	}
 	oldAWSMachine, err := runtime.DefaultUnstructuredConverter.ToUnstructured(old)
 	if err != nil {
-		return apierrors.NewInvalid(GroupVersion.WithKind("AWSMachine").GroupKind(), r.Name, field.ErrorList{
+		return nil, apierrors.NewInvalid(GroupVersion.WithKind("AWSMachine").GroupKind(), r.Name, field.ErrorList{
 			field.InternalError(nil, errors.Wrap(err, "failed to convert old AWSMachine to unstructured object")),
 		})
 	}
@@ -117,7 +118,7 @@ func (r *AWSMachine) ValidateUpdate(old runtime.Object) error {
 		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "cannot be modified"))
 	}
 
-	return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
+	return nil, aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
 }
 
 func (r *AWSMachine) validateCloudInitSecret() field.ErrorList {
@@ -226,8 +227,8 @@ func (r *AWSMachine) validateNonRootVolumes() field.ErrorList {
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
-func (r *AWSMachine) ValidateDelete() error {
-	return nil
+func (r *AWSMachine) ValidateDelete() (admission.Warnings, error) {
+	return nil, nil
 }
 
 // Default implements webhook.Defaulter such that an empty CloudInit will be defined with a default
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ import (`
`27`	`27`	`"k8s.io/apimachinery/pkg/util/validation/field"`
`28`	`28`	`ctrl "sigs.k8s.io/controller-runtime"`
`29`	`29`	`"sigs.k8s.io/controller-runtime/pkg/webhook"`
	`30`	`+ "sigs.k8s.io/controller-runtime/pkg/webhook/admission"`
`30`	`31`	`)`
`31`	`32`
`32`	`33`	`// log is for logging in this package.`
`@@ -47,54 +48,54 @@ var (`
`47`	`48`	`)`
`48`	`49`
`49`	`50`	`// ValidateCreate will do any extra validation when creating an AWSClusterControllerIdentity.`
`50`		`-func (r *AWSClusterControllerIdentity) ValidateCreate() error {`
	`51`	`+func (r *AWSClusterControllerIdentity) ValidateCreate() (admission.Warnings, error) {`
`51`	`52`	`// Ensures AWSClusterControllerIdentity being singleton by only allowing "default" as name`
`52`	`53`	`if r.Name != AWSClusterControllerIdentityName {`
`53`		`- return field.Invalid(field.NewPath("name"),`
	`54`	`+ return nil, field.Invalid(field.NewPath("name"),`
`54`	`55`	`r.Name, "AWSClusterControllerIdentity is a singleton and only acceptable name is default")`
`55`	`56`	`}`
`56`	`57`
`57`	`58`	`// Validate selector parses as Selector if AllowedNameSpaces is populated`
`58`	`59`	`if r.Spec.AllowedNamespaces != nil {`
`59`	`60`	`_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)`
`60`	`61`	`if err != nil {`
`61`		`- return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())`
	`62`	`+ return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())`
`62`	`63`	`}`
`63`	`64`	`}`
`64`	`65`
`65`		`- return nil`
	`66`	`+ return nil, nil`
`66`	`67`	`}`
`67`	`68`
`68`	`69`	`// ValidateDelete allows you to add any extra validation when deleting an AWSClusterControllerIdentity.`
`69`		`-func (r *AWSClusterControllerIdentity) ValidateDelete() error {`
`70`		`- return nil`
	`70`	`+func (r *AWSClusterControllerIdentity) ValidateDelete() (admission.Warnings, error) {`
	`71`	`+ return nil, nil`
`71`	`72`	`}`
`72`	`73`
`73`	`74`	`// ValidateUpdate will do any extra validation when updating an AWSClusterControllerIdentity.`
`74`		`-func (r *AWSClusterControllerIdentity) ValidateUpdate(old runtime.Object) error {`
	`75`	`+func (r *AWSClusterControllerIdentity) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {`
`75`	`76`	`oldP, ok := old.(*AWSClusterControllerIdentity)`
`76`	`77`	`if !ok {`
`77`		`- return apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterControllerIdentity but got a %T", old))`
	`78`	`+ return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterControllerIdentity but got a %T", old))`
`78`	`79`	`}`
`79`	`80`
`80`	`81`	`if !cmp.Equal(r.Spec, oldP.Spec) {`
`81`		`- return errors.New("AWSClusterControllerIdentity is immutable")`
	`82`	`+ return nil, errors.New("AWSClusterControllerIdentity is immutable")`
`82`	`83`	`}`
`83`	`84`
`84`	`85`	`if r.Name != oldP.Name {`
`85`		`- return field.Invalid(field.NewPath("name"),`
	`86`	`+ return nil, field.Invalid(field.NewPath("name"),`
`86`	`87`	`r.Name, "AWSClusterControllerIdentity is a singleton and only acceptable name is default")`
`87`	`88`	`}`
`88`	`89`
`89`	`90`	`// Validate selector parses as Selector if AllowedNameSpaces is not nil`
`90`	`91`	`if r.Spec.AllowedNamespaces != nil {`
`91`	`92`	`_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)`
`92`	`93`	`if err != nil {`
`93`		`- return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selectors"), r.Spec.AllowedNamespaces.Selector, err.Error())`
	`94`	`+ return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selectors"), r.Spec.AllowedNamespaces.Selector, err.Error())`
`94`	`95`	`}`
`95`	`96`	`}`
`96`	`97`
`97`		`- return nil`
	`98`	`+ return nil, nil`
`98`	`99`	`}`
`99`	`100`
`100`	`101`	`// Default will set default values for the AWSClusterControllerIdentity.`
Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ import (`
`25`	`25`	`"k8s.io/apimachinery/pkg/util/validation/field"`
`26`	`26`	`ctrl "sigs.k8s.io/controller-runtime"`
`27`	`27`	`"sigs.k8s.io/controller-runtime/pkg/webhook"`
	`28`	`+ "sigs.k8s.io/controller-runtime/pkg/webhook/admission"`
`28`	`29`	`)`
`29`	`30`
`30`	`31`	`// log is for logging in this package.`
`@@ -45,50 +46,50 @@ var (`
`45`	`46`	`)`
`46`	`47`
`47`	`48`	`// ValidateCreate will do any extra validation when creating an AWSClusterRoleIdentity.`
`48`		`-func (r *AWSClusterRoleIdentity) ValidateCreate() error {`
	`49`	`+func (r *AWSClusterRoleIdentity) ValidateCreate() (admission.Warnings, error) {`
`49`	`50`	`if r.Spec.SourceIdentityRef == nil {`
`50`		`- return field.Invalid(field.NewPath("spec", "sourceIdentityRef"),`
	`51`	`+ return nil, field.Invalid(field.NewPath("spec", "sourceIdentityRef"),`
`51`	`52`	`r.Spec.SourceIdentityRef, "field cannot be set to nil")`
`52`	`53`	`}`
`53`	`54`
`54`	`55`	`// Validate selector parses as Selector`
`55`	`56`	`if r.Spec.AllowedNamespaces != nil {`
`56`	`57`	`_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)`
`57`	`58`	`if err != nil {`
`58`		`- return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())`
	`59`	`+ return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())`
`59`	`60`	`}`
`60`	`61`	`}`
`61`	`62`
`62`		`- return nil`
	`63`	`+ return nil, nil`
`63`	`64`	`}`
`64`	`65`
`65`	`66`	`// ValidateDelete allows you to add any extra validation when deleting an AWSClusterRoleIdentity.`
`66`		`-func (r *AWSClusterRoleIdentity) ValidateDelete() error {`
`67`		`- return nil`
	`67`	`+func (r *AWSClusterRoleIdentity) ValidateDelete() (admission.Warnings, error) {`
	`68`	`+ return nil, nil`
`68`	`69`	`}`
`69`	`70`
`70`	`71`	`// ValidateUpdate will do any extra validation when updating an AWSClusterRoleIdentity.`
`71`		`-func (r *AWSClusterRoleIdentity) ValidateUpdate(old runtime.Object) error {`
	`72`	`+func (r *AWSClusterRoleIdentity) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {`
`72`	`73`	`oldP, ok := old.(*AWSClusterRoleIdentity)`
`73`	`74`	`if !ok {`
`74`		`- return apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterRoleIdentity but got a %T", old))`
	`75`	`+ return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an AWSClusterRoleIdentity but got a %T", old))`
`75`	`76`	`}`
`76`	`77`
`77`	`78`	`// If a SourceIdentityRef is set, do not allow removal of it.`
`78`	`79`	`if oldP.Spec.SourceIdentityRef != nil && r.Spec.SourceIdentityRef == nil {`
`79`		`- return field.Invalid(field.NewPath("spec", "sourceIdentityRef"),`
	`80`	`+ return nil, field.Invalid(field.NewPath("spec", "sourceIdentityRef"),`
`80`	`81`	`r.Spec.SourceIdentityRef, "field cannot be set to nil")`
`81`	`82`	`}`
`82`	`83`
`83`	`84`	`// Validate selector parses as Selector`
`84`	`85`	`if r.Spec.AllowedNamespaces != nil {`
`85`	`86`	`_, err := metav1.LabelSelectorAsSelector(&r.Spec.AllowedNamespaces.Selector)`
`86`	`87`	`if err != nil {`
`87`		`- return field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())`
	`88`	`+ return nil, field.Invalid(field.NewPath("spec", "allowedNamespaces", "selector"), r.Spec.AllowedNamespaces.Selector, err.Error())`
`88`	`89`	`}`
`89`	`90`	`}`
`90`	`91`
`91`		`- return nil`
	`92`	`+ return nil, nil`
`92`	`93`	`}`
`93`	`94`
`94`	`95`	`// Default will set default values for the AWSClusterRoleIdentity.`
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@ import (`
`23`	`23`	`"k8s.io/apimachinery/pkg/util/validation/field"`
`24`	`24`	`ctrl "sigs.k8s.io/controller-runtime"`
`25`	`25`	`"sigs.k8s.io/controller-runtime/pkg/webhook"`
	`26`	`+ "sigs.k8s.io/controller-runtime/pkg/webhook/admission"`
`26`	`27`	`)`
`27`	`28`
`28`	`29`	`func (r *AWSClusterTemplate) SetupWebhookWithManager(mgr ctrl.Manager) error {`
`@@ -43,26 +44,26 @@ func (r *AWSClusterTemplate) Default() {`
`43`	`44`	`}`
`44`	`45`
`45`	`46`	`// ValidateCreate implements webhook.Validator so a webhook will be registered for the type.`
`46`		`-func (r *AWSClusterTemplate) ValidateCreate() error {`
	`47`	`+func (r *AWSClusterTemplate) ValidateCreate() (admission.Warnings, error) {`
`47`	`48`	`var allErrs field.ErrorList`
`48`	`49`
`49`	`50`	`allErrs = append(allErrs, r.Spec.Template.Spec.Bastion.Validate()...)`
`50`	`51`	`allErrs = append(allErrs, validateSSHKeyName(r.Spec.Template.Spec.SSHKeyName)...)`
`51`	`52`
`52`		`- return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)`
	`53`	`+ return nil, aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)`
`53`	`54`	`}`
`54`	`55`
`55`	`56`	`// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.`
`56`		`-func (r *AWSClusterTemplate) ValidateUpdate(oldRaw runtime.Object) error {`
	`57`	`+func (r *AWSClusterTemplate) ValidateUpdate(oldRaw runtime.Object) (admission.Warnings, error) {`
`57`	`58`	`old := oldRaw.(*AWSClusterTemplate)`
`58`	`59`
`59`	`60`	`if !cmp.Equal(r.Spec, old.Spec) {`
`60`		`- return apierrors.NewBadRequest("AWSClusterTemplate.Spec is immutable")`
	`61`	`+ return nil, apierrors.NewBadRequest("AWSClusterTemplate.Spec is immutable")`
`61`	`62`	`}`
`62`		`- return nil`
	`63`	`+ return nil, nil`
`63`	`64`	`}`
`64`	`65`
`65`	`66`	`// ValidateDelete implements webhook.Validator so a webhook will be registered for the type.`
`66`		`-func (r *AWSClusterTemplate) ValidateDelete() error {`
`67`		`- return nil`
	`67`	`+func (r *AWSClusterTemplate) ValidateDelete() (admission.Warnings, error) {`
	`68`	`+ return nil, nil`
`68`	`69`	`}`
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ import (`
`24`	`24`	`"k8s.io/apimachinery/pkg/util/validation/field"`
`25`	`25`	`ctrl "sigs.k8s.io/controller-runtime"`
`26`	`26`	`"sigs.k8s.io/controller-runtime/pkg/webhook"`
	`27`	`+ "sigs.k8s.io/controller-runtime/pkg/webhook/admission"`
`27`	`28`
`28`	`29`	`"sigs.k8s.io/cluster-api-provider-aws/v2/feature"`
`29`	`30`	`)`
`@@ -46,7 +47,7 @@ var (`
`46`	`47`	`)`
`47`	`48`
`48`	`49`	`// ValidateCreate implements webhook.Validator so a webhook will be registered for the type.`
`49`		`-func (r *AWSMachine) ValidateCreate() error {`
	`50`	`+func (r *AWSMachine) ValidateCreate() (admission.Warnings, error) {`
`50`	`51`	`var allErrs field.ErrorList`
`51`	`52`
`52`	`53`	`allErrs = append(allErrs, r.validateCloudInitSecret()...)`
`@@ -57,20 +58,20 @@ func (r *AWSMachine) ValidateCreate() error {`
`57`	`58`	`allErrs = append(allErrs, r.validateAdditionalSecurityGroups()...)`
`58`	`59`	`allErrs = append(allErrs, r.Spec.AdditionalTags.Validate()...)`
`59`	`60`
`60`		`- return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)`
	`61`	`+ return nil, aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)`
`61`	`62`	`}`
`62`	`63`
`63`	`64`	`// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.`
`64`		`-func (r *AWSMachine) ValidateUpdate(old runtime.Object) error {`
	`65`	`+func (r *AWSMachine) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {`
`65`	`66`	`newAWSMachine, err := runtime.DefaultUnstructuredConverter.ToUnstructured(r)`
`66`	`67`	`if err != nil {`
`67`		`- return apierrors.NewInvalid(GroupVersion.WithKind("AWSMachine").GroupKind(), r.Name, field.ErrorList{`
	`68`	`+ return nil, apierrors.NewInvalid(GroupVersion.WithKind("AWSMachine").GroupKind(), r.Name, field.ErrorList{`
`68`	`69`	`field.InternalError(nil, errors.Wrap(err, "failed to convert new AWSMachine to unstructured object")),`
`69`	`70`	`})`
`70`	`71`	`}`
`71`	`72`	`oldAWSMachine, err := runtime.DefaultUnstructuredConverter.ToUnstructured(old)`
`72`	`73`	`if err != nil {`
`73`		`- return apierrors.NewInvalid(GroupVersion.WithKind("AWSMachine").GroupKind(), r.Name, field.ErrorList{`
	`74`	`+ return nil, apierrors.NewInvalid(GroupVersion.WithKind("AWSMachine").GroupKind(), r.Name, field.ErrorList{`
`74`	`75`	`field.InternalError(nil, errors.Wrap(err, "failed to convert old AWSMachine to unstructured object")),`
`75`	`76`	`})`
`76`	`77`	`}`
`@@ -117,7 +118,7 @@ func (r *AWSMachine) ValidateUpdate(old runtime.Object) error {`
`117`	`118`	`allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "cannot be modified"))`
`118`	`119`	`}`
`119`	`120`
`120`		`- return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)`
	`121`	`+ return nil, aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)`
`121`	`122`	`}`
`122`	`123`
`123`	`124`	`func (r *AWSMachine) validateCloudInitSecret() field.ErrorList {`
`@@ -226,8 +227,8 @@ func (r *AWSMachine) validateNonRootVolumes() field.ErrorList {`
`226`	`227`	`}`
`227`	`228`
`228`	`229`	`// ValidateDelete implements webhook.Validator so a webhook will be registered for the type.`
`229`		`-func (r *AWSMachine) ValidateDelete() error {`
`230`		`- return nil`
	`230`	`+func (r *AWSMachine) ValidateDelete() (admission.Warnings, error) {`
	`231`	`+ return nil, nil`
`231`	`232`	`}`
`232`	`233`
`233`	`234`	`// Default implements webhook.Defaulter such that an empty CloudInit will be defined with a default`