From a0f079e03cb840d16eda416137b5e924a38a41f7 Mon Sep 17 00:00:00 2001 From: Johannes Aubart Date: Tue, 27 May 2025 16:54:25 +0200 Subject: [PATCH] prevent removing clusterRef or requestRef from AccessRequest --- api/clusters/v1alpha1/accessrequest_types.go | 2 ++ .../manifests/clusters.openmcp.cloud_accessrequests.yaml | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/api/clusters/v1alpha1/accessrequest_types.go b/api/clusters/v1alpha1/accessrequest_types.go index 69de0b2..9e8545d 100644 --- a/api/clusters/v1alpha1/accessrequest_types.go +++ b/api/clusters/v1alpha1/accessrequest_types.go @@ -5,6 +5,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.clusterRef) || has(self.clusterRef)", message="clusterRef may not be removed once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.requestRef) || has(self.requestRef)", message="requestRef may not be removed once set" type AccessRequestSpec struct { // ClusterRef is the reference to the Cluster for which access is requested. // If set, requestRef will be ignored. diff --git a/api/crds/manifests/clusters.openmcp.cloud_accessrequests.yaml b/api/crds/manifests/clusters.openmcp.cloud_accessrequests.yaml index 04f82d5..b1349be 100644 --- a/api/crds/manifests/clusters.openmcp.cloud_accessrequests.yaml +++ b/api/crds/manifests/clusters.openmcp.cloud_accessrequests.yaml @@ -155,6 +155,11 @@ spec: required: - permissions type: object + x-kubernetes-validations: + - message: clusterRef may not be removed once set + rule: '!has(oldSelf.clusterRef) || has(self.clusterRef)' + - message: requestRef may not be removed once set + rule: '!has(oldSelf.requestRef) || has(self.requestRef)' status: description: AccessRequestStatus defines the observed state of AccessRequest properties: