@@ -17,6 +17,10 @@ limitations under the License.
1717package v1alpha4
1818
1919import (
20+ "reflect"
21+
22+ "github.com/pkg/errors"
23+ apierrors "k8s.io/apimachinery/pkg/api/errors"
2024 "k8s.io/apimachinery/pkg/runtime"
2125 "k8s.io/apimachinery/pkg/util/validation/field"
2226 "sigs.k8s.io/controller-runtime/pkg/builder"
@@ -34,8 +38,8 @@ func (r *OpenStackCluster) SetupWebhookWithManager(mgr manager.Manager) error {
3438 Complete ()
3539}
3640
37- // +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1alpha4-openstackcluster,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=openstackcluster ,versions=v1alpha4,name=validation.openstackcluster.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1beta1
38- // +kubebuilder:webhook:verbs=create;update,path=/mutate-infrastructure-cluster-x-k8s-io-v1alpha4-openstackcluster,mutating=true,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=openstackcluster ,versions=v1alpha4,name=default.openstackcluster.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1beta1
41+ // +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1alpha4-openstackcluster,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=openstackclusters ,versions=v1alpha4,name=validation.openstackcluster.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1beta1
42+ // +kubebuilder:webhook:verbs=create;update,path=/mutate-infrastructure-cluster-x-k8s-io-v1alpha4-openstackcluster,mutating=true,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=openstackclusters ,versions=v1alpha4,name=default.openstackcluster.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1beta1
3943
4044var (
4145 _ webhook.Defaulter = & OpenStackCluster {}
@@ -64,10 +68,34 @@ func (r *OpenStackCluster) ValidateCreate() error {
6468func (r * OpenStackCluster ) ValidateUpdate (old runtime.Object ) error {
6569 var allErrs field.ErrorList
6670
71+ newOpenStackCluster , err := runtime .DefaultUnstructuredConverter .ToUnstructured (r )
72+ if err != nil {
73+ return apierrors .NewInvalid (GroupVersion .WithKind ("OpenStackCluster" ).GroupKind (), r .Name , field.ErrorList {
74+ field .InternalError (nil , errors .Wrap (err , "failed to convert new OpenStackCluster to unstructured object" )),
75+ })
76+ }
77+ oldOpenStackCluster , err := runtime .DefaultUnstructuredConverter .ToUnstructured (old )
78+ if err != nil {
79+ return apierrors .NewInvalid (GroupVersion .WithKind ("OpenStackCluster" ).GroupKind (), r .Name , field.ErrorList {
80+ field .InternalError (nil , errors .Wrap (err , "failed to convert old OpenStackCluster to unstructured object" )),
81+ })
82+ }
83+
6784 if r .Spec .IdentityRef != nil && r .Spec .IdentityRef .Kind != defaultIdentityRefKind {
6885 allErrs = append (allErrs , field .Forbidden (field .NewPath ("spec" , "identityRef" , "kind" ), "must be a Secret" ))
6986 }
7087
88+ newOpenStackClusterSpec := newOpenStackCluster ["spec" ].(map [string ]interface {})
89+ oldOpenStackClusterSpec := oldOpenStackCluster ["spec" ].(map [string ]interface {})
90+
91+ // allow changes to ControlPlaneEndpoint
92+ delete (oldOpenStackClusterSpec , "controlPlaneEndpoint" )
93+ delete (newOpenStackClusterSpec , "controlPlaneEndpoint" )
94+
95+ if ! reflect .DeepEqual (oldOpenStackClusterSpec , newOpenStackClusterSpec ) {
96+ allErrs = append (allErrs , field .Forbidden (field .NewPath ("spec" ), "cannot be modified" ))
97+ }
98+
7199 return aggregateObjErrors (r .GroupVersionKind ().GroupKind (), r .Name , allErrs )
72100}
73101
0 commit comments