added ratcheting validation for embedded resource and x-kubernetes-list-type validation

Signed-off-by: Paco Xu <paco.xu@daocloud.io>
2025-08-06 10:43:56 +00:00 · 2022-06-21 11:36:14 +05:30 · 2022-06-21 11:36:14 +05:30 · 400f52d491
commit 400f52d491
parent 132f29769d
1 changed files with 6 additions and 0 deletions
--- a/staging/src/k8s.io/apiextensions-apiserver/pkg/registry/customresource/status_strategy.go
+++ b/staging/src/k8s.io/apiextensions-apiserver/pkg/registry/customresource/status_strategy.go
@ -22,6 +22,7 @@ import (
 	"sigs.k8s.io/structured-merge-diff/v4/fieldpath"

 	"k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel"
+	structurallisttype "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/listtype"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
@ -97,6 +98,11 @@ func (a statusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Obj

 	v := obj.GetObjectKind().GroupVersionKind().Version

+	// ratcheting validation of x-kubernetes-list-type value map and set
+	if oldErrs := structurallisttype.ValidateListSetsAndMaps(nil, a.structuralSchemas[v], uOld.Object); len(oldErrs) == 0 {
+		errs = append(errs, structurallisttype.ValidateListSetsAndMaps(nil, a.structuralSchemas[v], uNew.Object)...)
+	}
+
 	// validate x-kubernetes-validations rules
 	if celValidator, ok := a.customResourceStrategy.celValidators[v]; ok {
 		if has, err := hasBlockingErr(errs); has {