From 78d74fa6ec1791bbb32e715139280825d4f4acb4 Mon Sep 17 00:00:00 2001 From: Janet Kuo Date: Mon, 30 Oct 2017 15:23:09 -0700 Subject: [PATCH] Validate apps/v1 DaemonSet selector immutable on updates --- pkg/registry/extensions/daemonset/BUILD | 1 + pkg/registry/extensions/daemonset/strategy.go | 5 +++-- .../extensions/daemonset/strategy_test.go | 20 +++++++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/pkg/registry/extensions/daemonset/BUILD b/pkg/registry/extensions/daemonset/BUILD index a368d50b07d..50b712d9861 100644 --- a/pkg/registry/extensions/daemonset/BUILD +++ b/pkg/registry/extensions/daemonset/BUILD @@ -18,6 +18,7 @@ go_library( "//pkg/api/pod:go_default_library", "//pkg/apis/extensions:go_default_library", "//pkg/apis/extensions/validation:go_default_library", + "//vendor/k8s.io/api/apps/v1:go_default_library", "//vendor/k8s.io/api/apps/v1beta2:go_default_library", "//vendor/k8s.io/api/extensions/v1beta1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/equality:go_default_library", diff --git a/pkg/registry/extensions/daemonset/strategy.go b/pkg/registry/extensions/daemonset/strategy.go index 3eb7214fc5a..a5daeb2d49a 100644 --- a/pkg/registry/extensions/daemonset/strategy.go +++ b/pkg/registry/extensions/daemonset/strategy.go @@ -19,6 +19,7 @@ package daemonset import ( "fmt" + appsv1 "k8s.io/api/apps/v1" appsv1beta2 "k8s.io/api/apps/v1beta2" extensionsv1beta1 "k8s.io/api/extensions/v1beta1" apiequality "k8s.io/apimachinery/pkg/api/equality" @@ -126,7 +127,7 @@ func (daemonSetStrategy) ValidateUpdate(ctx genericapirequest.Context, obj, old allErrs := validation.ValidateDaemonSet(obj.(*extensions.DaemonSet)) allErrs = append(allErrs, validation.ValidateDaemonSetUpdate(newDaemonSet, oldDaemonSet)...) - // Update is not allowed to set Spec.Selector for all groups/versions except extensions/v1beta1. + // Update is not allowed to set Spec.Selector for apps/v1 and apps/v1beta2 (allowed for extensions/v1beta1). // If RequestInfo is nil, it is better to revert to old behavior (i.e. allow update to set Spec.Selector) // to prevent unintentionally breaking users who may rely on the old behavior. // TODO(#50791): after extensions/v1beta1 is removed, move selector immutability check inside ValidateDaemonSetUpdate(). @@ -135,7 +136,7 @@ func (daemonSetStrategy) ValidateUpdate(ctx genericapirequest.Context, obj, old switch groupVersion { case extensionsv1beta1.SchemeGroupVersion: // no-op for compatibility - case appsv1beta2.SchemeGroupVersion: + case appsv1beta2.SchemeGroupVersion, appsv1.SchemeGroupVersion: // disallow mutation of selector allErrs = append(allErrs, apivalidation.ValidateImmutableField(newDaemonSet.Spec.Selector, oldDaemonSet.Spec.Selector, field.NewPath("spec").Child("selector"))...) default: diff --git a/pkg/registry/extensions/daemonset/strategy_test.go b/pkg/registry/extensions/daemonset/strategy_test.go index 3dca4a72cb4..50aee5545ab 100644 --- a/pkg/registry/extensions/daemonset/strategy_test.go +++ b/pkg/registry/extensions/daemonset/strategy_test.go @@ -51,6 +51,26 @@ func TestSelectorImmutability(t *testing.T) { newSelectorLabels map[string]string expectedErrorList field.ErrorList }{ + { + genericapirequest.RequestInfo{ + APIGroup: "apps", + APIVersion: "v1", + Resource: "daemonsets", + }, + map[string]string{"a": "b"}, + map[string]string{"c": "d"}, + field.ErrorList{ + &field.Error{ + Type: field.ErrorTypeInvalid, + Field: field.NewPath("spec").Child("selector").String(), + BadValue: &metav1.LabelSelector{ + MatchLabels: map[string]string{"c": "d"}, + MatchExpressions: []metav1.LabelSelectorRequirement{}, + }, + Detail: "field is immutable", + }, + }, + }, { genericapirequest.RequestInfo{ APIGroup: "apps",