github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-06 18:54:06 +00:00
Code Issues Projects Releases Wiki Activity

dra api: fix status updates

Browse Source 
Changing object meta is not supposed to be possible via status updates. For
example, it circumvents RBAC permission checks.
This commit is contained in:
Patrick Ohly 2024-03-05 21:36:43 +01:00
parent 55d1518126
commit 27df75c577
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/registry/resource/podschedulingcontext/strategy.go
View File

@ -20,6 +20,7 @@ import (
"context"
"errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime"
@ -125,6 +126,7 @@ func (podSchedulingStatusStrategy) PrepareForUpdate(ctx context.Context, obj, ol
newScheduling := obj.(*resource.PodSchedulingContext)
oldScheduling := old.(*resource.PodSchedulingContext)
newScheduling.Spec = oldScheduling.Spec
metav1.ResetObjectMetaForStatus(&newScheduling.ObjectMeta, &oldScheduling.ObjectMeta)
}
func (podSchedulingStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {

2
pkg/registry/resource/resourceclaim/strategy.go
View File

@ -20,6 +20,7 @@ import (
"context"
"errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime"
@ -125,6 +126,7 @@ func (resourceclaimStatusStrategy) PrepareForUpdate(ctx context.Context, obj, ol
newClaim := obj.(*resource.ResourceClaim)
oldClaim := old.(*resource.ResourceClaim)
newClaim.Spec = oldClaim.Spec
metav1.ResetObjectMetaForStatus(&newClaim.ObjectMeta, &oldClaim.ObjectMeta)
}
func (resourceclaimStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {