Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow Templates deletion by the controller only #355

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Allow Templates deletion by the controller only #355

wants to merge 1 commit into from

Conversation

eromanova
Copy link
Member

@eromanova eromanova commented Sep 19, 2024
edited
Loading

The admission controller will block the removal of any Template managed by HMC or from the system namespace if the request is not triggered by the HMC controller.

Closes #329

@eromanova eromanova self-assigned this Sep 19, 2024
@eromanova eromanova force-pushed the template-validation branch 2 times, most recently from 176cb64 to f27b9ce Compare September 23, 2024 10:31
@eromanova eromanova marked this pull request as ready for review September 23, 2024 10:32
@eromanova eromanova force-pushed the template-validation branch 3 times, most recently from 104b5ec to 8fa5584 Compare September 25, 2024 07:29
@eromanova
Allow Templates deletion by the controller only
5d46cee 
The admission controller will block the removal of any Template
managed by HMC or from the system namespace if the request is not
made by the HMC controller.
Kshatrix
Kshatrix requested changes Sep 27, 2024
View reviewed changes
internal/webhook/template_webhook.go
if serviceAccountIsEqual(req, os.Getenv(ServiceAccountEnvName)) {
return true, nil
}
// Cluster-scoped ProviderTemplates and Templates from the system namespace are not allowed to be deleted
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should be ok to delete templates from the system namespace as long as they are not in-use in any templatechains

internal/webhook/template_webhook.go
if err != nil {
return false, err
}
if v.InjectUserInfo != nil {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this one only for unit tests?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kshatrix Kshatrix Kshatrix requested changes

@squizzi squizzi Awaiting requested review from squizzi squizzi is a code owner

@a13x5 a13x5 Awaiting requested review from a13x5 a13x5 is a code owner

@zerospiel zerospiel Awaiting requested review from zerospiel

Requested changes must be addressed to merge this pull request.

Assignees

@eromanova eromanova

Labels
None yet
Projects
Project 2A
Status: No status
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[admission] Restrict the manual removal of Templates managed by HMC
2 participants
@eromanova @Kshatrix