Skip to content

Commit 5399d20

Browse files
jackfrancisjackfrancis
committed
common funcs webhook immutable properties
1 parent 4162e0f commit 5399d20

File tree

8 files changed

+376
-208
lines changed

8 files changed

+376
-208
lines changed

.golangci.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,8 @@ linters-settings:
9494
alias: infrav1alpha4exp
9595
- pkg: sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1
9696
alias: infrav1exp
97+
- pkg: sigs.k8s.io/cluster-api-provider-azure/util/webhook
98+
alias: webhookutils
9799
gocritic:
98100
enabled-tags:
99101
- "experimental"

api/v1beta1/azurecluster_webhook.go

Lines changed: 26 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ import (
2222
apierrors "k8s.io/apimachinery/pkg/api/errors"
2323
"k8s.io/apimachinery/pkg/runtime"
2424
"k8s.io/apimachinery/pkg/util/validation/field"
25+
webhookutils "sigs.k8s.io/cluster-api-provider-azure/util/webhook"
2526
ctrl "sigs.k8s.io/controller-runtime"
2627
"sigs.k8s.io/controller-runtime/pkg/webhook"
2728
)
@@ -54,25 +55,25 @@ func (c *AzureCluster) ValidateUpdate(oldRaw runtime.Object) error {
5455
var allErrs field.ErrorList
5556
old := oldRaw.(*AzureCluster)
5657

57-
if !reflect.DeepEqual(c.Spec.ResourceGroup, old.Spec.ResourceGroup) {
58-
allErrs = append(allErrs,
59-
field.Invalid(field.NewPath("spec", "ResourceGroup"),
60-
c.Spec.ResourceGroup, "field is immutable"),
61-
)
58+
if err := webhookutils.ValidateImmutable(
59+
field.NewPath("Spec", "ResourceGroup"),
60+
old.Spec.ResourceGroup,
61+
c.Spec.ResourceGroup); err != nil {
62+
allErrs = append(allErrs, err)
6263
}
6364

64-
if !reflect.DeepEqual(c.Spec.SubscriptionID, old.Spec.SubscriptionID) {
65-
allErrs = append(allErrs,
66-
field.Invalid(field.NewPath("spec", "SubscriptionID"),
67-
c.Spec.SubscriptionID, "field is immutable"),
68-
)
65+
if err := webhookutils.ValidateImmutable(
66+
field.NewPath("Spec", "SubscriptionID"),
67+
old.Spec.SubscriptionID,
68+
c.Spec.SubscriptionID); err != nil {
69+
allErrs = append(allErrs, err)
6970
}
7071

71-
if !reflect.DeepEqual(c.Spec.Location, old.Spec.Location) {
72-
allErrs = append(allErrs,
73-
field.Invalid(field.NewPath("spec", "Location"),
74-
c.Spec.Location, "field is immutable"),
75-
)
72+
if err := webhookutils.ValidateImmutable(
73+
field.NewPath("Spec", "Location"),
74+
old.Spec.Location,
75+
c.Spec.Location); err != nil {
76+
allErrs = append(allErrs, err)
7677
}
7778

7879
if old.Spec.ControlPlaneEndpoint.Host != "" && c.Spec.ControlPlaneEndpoint.Host != old.Spec.ControlPlaneEndpoint.Host {
@@ -106,11 +107,11 @@ func (c *AzureCluster) ValidateUpdate(oldRaw runtime.Object) error {
106107
}
107108
}
108109

109-
if !reflect.DeepEqual(c.Spec.NetworkSpec.PrivateDNSZoneName, old.Spec.NetworkSpec.PrivateDNSZoneName) {
110-
allErrs = append(allErrs,
111-
field.Invalid(field.NewPath("spec", "NetworkSpec", "PrivateDNSZoneName"),
112-
c.Spec.NetworkSpec.PrivateDNSZoneName, "field is immutable"),
113-
)
110+
if err := webhookutils.ValidateImmutable(
111+
field.NewPath("Spec", "NetworkSpec", "PrivateDNSZoneName"),
112+
old.Spec.NetworkSpec.PrivateDNSZoneName,
113+
c.Spec.NetworkSpec.PrivateDNSZoneName); err != nil {
114+
allErrs = append(allErrs, err)
114115
}
115116

116117
// Allow enabling azure bastion but avoid disabling it.
@@ -121,11 +122,11 @@ func (c *AzureCluster) ValidateUpdate(oldRaw runtime.Object) error {
121122
)
122123
}
123124

124-
if !reflect.DeepEqual(c.Spec.NetworkSpec.ControlPlaneOutboundLB, old.Spec.NetworkSpec.ControlPlaneOutboundLB) {
125-
allErrs = append(allErrs,
126-
field.Invalid(field.NewPath("spec", "networkSpec", "controlPlaneOutboundLB"),
127-
c.Spec.NetworkSpec.ControlPlaneOutboundLB, "field is immutable"),
128-
)
125+
if err := webhookutils.ValidateImmutable(
126+
field.NewPath("Spec", "NetworkSpec", "ControlPlaneOutboundLB"),
127+
old.Spec.NetworkSpec.ControlPlaneOutboundLB,
128+
c.Spec.NetworkSpec.ControlPlaneOutboundLB); err != nil {
129+
allErrs = append(allErrs, err)
129130
}
130131

131132
allErrs = append(allErrs, c.validateSubnetUpdate(old)...)

api/v1beta1/azuremachine_webhook.go

Lines changed: 61 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -17,11 +17,10 @@ limitations under the License.
1717
package v1beta1
1818

1919
import (
20-
"reflect"
21-
2220
apierrors "k8s.io/apimachinery/pkg/api/errors"
2321
"k8s.io/apimachinery/pkg/runtime"
2422
"k8s.io/apimachinery/pkg/util/validation/field"
23+
webhookutils "sigs.k8s.io/cluster-api-provider-azure/util/webhook"
2524
ctrl "sigs.k8s.io/controller-runtime"
2625
"sigs.k8s.io/controller-runtime/pkg/webhook"
2726
)
@@ -60,88 +59,88 @@ func (m *AzureMachine) ValidateUpdate(oldRaw runtime.Object) error {
6059
var allErrs field.ErrorList
6160
old := oldRaw.(*AzureMachine)
6261

63-
if !reflect.DeepEqual(m.Spec.Image, old.Spec.Image) {
64-
allErrs = append(allErrs,
65-
field.Invalid(field.NewPath("spec", "image"),
66-
m.Spec.Image, "field is immutable"),
67-
)
62+
if err := webhookutils.ValidateImmutable(
63+
field.NewPath("Spec", "Image"),
64+
old.Spec.Image,
65+
m.Spec.Image); err != nil {
66+
allErrs = append(allErrs, err)
6867
}
6968

70-
if !reflect.DeepEqual(m.Spec.Identity, old.Spec.Identity) {
71-
allErrs = append(allErrs,
72-
field.Invalid(field.NewPath("spec", "identity"),
73-
m.Spec.Identity, "field is immutable"),
74-
)
69+
if err := webhookutils.ValidateImmutable(
70+
field.NewPath("Spec", "Identity"),
71+
old.Spec.Identity,
72+
m.Spec.Identity); err != nil {
73+
allErrs = append(allErrs, err)
7574
}
7675

77-
if !reflect.DeepEqual(m.Spec.UserAssignedIdentities, old.Spec.UserAssignedIdentities) {
78-
allErrs = append(allErrs,
79-
field.Invalid(field.NewPath("spec", "userAssignedIdentities"),
80-
m.Spec.UserAssignedIdentities, "field is immutable"),
81-
)
76+
if err := webhookutils.ValidateImmutable(
77+
field.NewPath("Spec", "UserAssignedIdentities"),
78+
old.Spec.UserAssignedIdentities,
79+
m.Spec.UserAssignedIdentities); err != nil {
80+
allErrs = append(allErrs, err)
8281
}
8382

84-
if !reflect.DeepEqual(m.Spec.RoleAssignmentName, old.Spec.RoleAssignmentName) {
85-
allErrs = append(allErrs,
86-
field.Invalid(field.NewPath("spec", "roleAssignmentName"),
87-
m.Spec.RoleAssignmentName, "field is immutable"),
88-
)
83+
if err := webhookutils.ValidateImmutable(
84+
field.NewPath("Spec", "RoleAssignmentName"),
85+
old.Spec.RoleAssignmentName,
86+
m.Spec.RoleAssignmentName); err != nil {
87+
allErrs = append(allErrs, err)
8988
}
9089

91-
if !reflect.DeepEqual(m.Spec.OSDisk, old.Spec.OSDisk) {
92-
allErrs = append(allErrs,
93-
field.Invalid(field.NewPath("spec", "osDisk"),
94-
m.Spec.OSDisk, "field is immutable"),
95-
)
90+
if err := webhookutils.ValidateImmutable(
91+
field.NewPath("Spec", "OSDisk"),
92+
old.Spec.OSDisk,
93+
m.Spec.OSDisk); err != nil {
94+
allErrs = append(allErrs, err)
9695
}
9796

98-
if !reflect.DeepEqual(m.Spec.DataDisks, old.Spec.DataDisks) {
99-
allErrs = append(allErrs,
100-
field.Invalid(field.NewPath("spec", "dataDisks"),
101-
m.Spec.DataDisks, "field is immutable"),
102-
)
97+
if err := webhookutils.ValidateImmutable(
98+
field.NewPath("Spec", "DataDisks"),
99+
old.Spec.DataDisks,
100+
m.Spec.DataDisks); err != nil {
101+
allErrs = append(allErrs, err)
103102
}
104103

105-
if !reflect.DeepEqual(m.Spec.SSHPublicKey, old.Spec.SSHPublicKey) {
106-
allErrs = append(allErrs,
107-
field.Invalid(field.NewPath("spec", "sshPublicKey"),
108-
m.Spec.SSHPublicKey, "field is immutable"),
109-
)
104+
if err := webhookutils.ValidateImmutable(
105+
field.NewPath("Spec", "SSHPublicKey"),
106+
old.Spec.SSHPublicKey,
107+
m.Spec.SSHPublicKey); err != nil {
108+
allErrs = append(allErrs, err)
110109
}
111110

112-
if !reflect.DeepEqual(m.Spec.AllocatePublicIP, old.Spec.AllocatePublicIP) {
113-
allErrs = append(allErrs,
114-
field.Invalid(field.NewPath("spec", "allocatePublicIP"),
115-
m.Spec.AllocatePublicIP, "field is immutable"),
116-
)
111+
if err := webhookutils.ValidateImmutable(
112+
field.NewPath("Spec", "AllocatePublicIP"),
113+
old.Spec.AllocatePublicIP,
114+
m.Spec.AllocatePublicIP); err != nil {
115+
allErrs = append(allErrs, err)
117116
}
118117

119-
if !reflect.DeepEqual(m.Spec.EnableIPForwarding, old.Spec.EnableIPForwarding) {
120-
allErrs = append(allErrs,
121-
field.Invalid(field.NewPath("spec", "enableIPForwarding"),
122-
m.Spec.EnableIPForwarding, "field is immutable"),
123-
)
118+
if err := webhookutils.ValidateImmutable(
119+
field.NewPath("Spec", "EnableIPForwarding"),
120+
old.Spec.EnableIPForwarding,
121+
m.Spec.EnableIPForwarding); err != nil {
122+
allErrs = append(allErrs, err)
124123
}
125124

126-
if !reflect.DeepEqual(m.Spec.AcceleratedNetworking, old.Spec.AcceleratedNetworking) {
127-
allErrs = append(allErrs,
128-
field.Invalid(field.NewPath("spec", "acceleratedNetworking"),
129-
m.Spec.AcceleratedNetworking, "field is immutable"),
130-
)
125+
if err := webhookutils.ValidateImmutable(
126+
field.NewPath("Spec", "AcceleratedNetworking"),
127+
old.Spec.AcceleratedNetworking,
128+
m.Spec.AcceleratedNetworking); err != nil {
129+
allErrs = append(allErrs, err)
131130
}
132131

133-
if !reflect.DeepEqual(m.Spec.SpotVMOptions, old.Spec.SpotVMOptions) {
134-
allErrs = append(allErrs,
135-
field.Invalid(field.NewPath("spec", "spotVMOptions"),
136-
m.Spec.SpotVMOptions, "field is immutable"),
137-
)
132+
if err := webhookutils.ValidateImmutable(
133+
field.NewPath("Spec", "SpotVMOptions"),
134+
old.Spec.SpotVMOptions,
135+
m.Spec.SpotVMOptions); err != nil {
136+
allErrs = append(allErrs, err)
138137
}
139138

140-
if !reflect.DeepEqual(m.Spec.SecurityProfile, old.Spec.SecurityProfile) {
141-
allErrs = append(allErrs,
142-
field.Invalid(field.NewPath("spec", "securityProfile"),
143-
m.Spec.SecurityProfile, "field is immutable"),
144-
)
139+
if err := webhookutils.ValidateImmutable(
140+
field.NewPath("Spec", "SecurityProfile"),
141+
old.Spec.SecurityProfile,
142+
m.Spec.SecurityProfile); err != nil {
143+
allErrs = append(allErrs, err)
145144
}
146145

147146
if len(allErrs) == 0 {

exp/api/v1beta1/azuremanagedmachinepool_webhook.go

Lines changed: 10 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ import (
3232
"sigs.k8s.io/cluster-api-provider-azure/feature"
3333
azureutil "sigs.k8s.io/cluster-api-provider-azure/util/azure"
3434
"sigs.k8s.io/cluster-api-provider-azure/util/maps"
35+
webhookutils "sigs.k8s.io/cluster-api-provider-azure/util/webhook"
3536
clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
3637
"sigs.k8s.io/controller-runtime/pkg/client"
3738
)
@@ -100,7 +101,7 @@ func (m *AzureManagedMachinePool) ValidateUpdate(oldRaw runtime.Object, client c
100101
err.Error()))
101102
}
102103

103-
if err := validateStringPtrImmutable(
104+
if err := webhookutils.ValidateImmutable(
104105
field.NewPath("Spec", "OSType"),
105106
old.Spec.OSType,
106107
m.Spec.OSType); err != nil {
@@ -200,26 +201,26 @@ func (m *AzureManagedMachinePool) ValidateUpdate(oldRaw runtime.Object, client c
200201
}
201202
}
202203

203-
if !reflect.DeepEqual(m.Spec.ScaleSetPriority, old.Spec.ScaleSetPriority) {
204-
allErrs = append(allErrs,
205-
field.Invalid(field.NewPath("Spec", "ScaleSetPriority"),
206-
m.Spec.ScaleSetPriority, "field is immutable"),
207-
)
204+
if err := webhookutils.ValidateImmutable(
205+
field.NewPath("Spec", "ScaleSetPriority"),
206+
old.Spec.ScaleSetPriority,
207+
m.Spec.ScaleSetPriority); err != nil {
208+
allErrs = append(allErrs, err)
208209
}
209210

210-
if err := validateBoolPtrImmutable(
211+
if err := webhookutils.ValidateImmutable(
211212
field.NewPath("Spec", "EnableUltraSSD"),
212213
old.Spec.EnableUltraSSD,
213214
m.Spec.EnableUltraSSD); err != nil {
214215
allErrs = append(allErrs, err)
215216
}
216-
if err := validateBoolPtrImmutable(
217+
if err := webhookutils.ValidateImmutable(
217218
field.NewPath("Spec", "EnableNodePublicIP"),
218219
old.Spec.EnableNodePublicIP,
219220
m.Spec.EnableNodePublicIP); err != nil {
220221
allErrs = append(allErrs, err)
221222
}
222-
if err := validateStringPtrImmutable(
223+
if err := webhookutils.ValidateImmutable(
223224
field.NewPath("Spec", "NodePublicIPPrefixID"),
224225
old.Spec.NodePublicIPPrefixID,
225226
m.Spec.NodePublicIPPrefixID); err != nil {
@@ -373,39 +374,3 @@ func ensureStringSlicesAreEqual(a []string, b []string) bool {
373374
}
374375
return true
375376
}
376-
377-
func validateBoolPtrImmutable(path *field.Path, oldVal, newVal *bool) *field.Error {
378-
if oldVal != nil {
379-
// Prevent modification if it was already set to some value
380-
if newVal == nil {
381-
// unsetting the field is not allowed
382-
return field.Invalid(path, newVal, "field is immutable, unsetting is not allowed")
383-
}
384-
if *newVal != *oldVal {
385-
// changing the field is not allowed
386-
return field.Invalid(path, newVal, "field is immutable")
387-
}
388-
} else if newVal != nil {
389-
return field.Invalid(path, newVal, "field is immutable, setting is not allowed")
390-
}
391-
392-
return nil
393-
}
394-
395-
func validateStringPtrImmutable(path *field.Path, oldVal, newVal *string) *field.Error {
396-
if oldVal != nil {
397-
// Prevent modification if it was already set to some value
398-
if newVal == nil {
399-
// unsetting the field is not allowed
400-
return field.Invalid(path, newVal, "field is immutable, unsetting is not allowed")
401-
}
402-
if *newVal != *oldVal {
403-
// changing the field is not allowed
404-
return field.Invalid(path, newVal, "field is immutable")
405-
}
406-
} else if newVal != nil {
407-
return field.Invalid(path, newVal, "field is immutable, setting is not allowed")
408-
}
409-
410-
return nil
411-
}

0 commit comments

Comments
 (0)