Validate apps/v1 DaemonSet selector immutable on updates

2025-08-08 03:33:56 +00:00 · 2017-10-30 15:23:09 -07:00 · 2017-10-30 15:23:09 -07:00 · 78d74fa6ec
commit 78d74fa6ec
parent d7567cd6c7
3 changed files with 24 additions and 2 deletions
--- a/pkg/registry/extensions/daemonset/BUILD
+++ b/pkg/registry/extensions/daemonset/BUILD
@ -18,6 +18,7 @@ go_library(
        "//pkg/api/pod:go_default_library",
        "//pkg/apis/extensions:go_default_library",
        "//pkg/apis/extensions/validation:go_default_library",
+        "//vendor/k8s.io/api/apps/v1:go_default_library",
        "//vendor/k8s.io/api/apps/v1beta2:go_default_library",
        "//vendor/k8s.io/api/extensions/v1beta1:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/api/equality:go_default_library",
--- a/pkg/registry/extensions/daemonset/strategy.go
+++ b/pkg/registry/extensions/daemonset/strategy.go
@ -19,6 +19,7 @@ package daemonset
 import (
 	"fmt"

+	appsv1 "k8s.io/api/apps/v1"
 	appsv1beta2 "k8s.io/api/apps/v1beta2"
 	extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
 	apiequality "k8s.io/apimachinery/pkg/api/equality"
@ -126,7 +127,7 @@ func (daemonSetStrategy) ValidateUpdate(ctx genericapirequest.Context, obj, old
 	allErrs := validation.ValidateDaemonSet(obj.(*extensions.DaemonSet))
 	allErrs = append(allErrs, validation.ValidateDaemonSetUpdate(newDaemonSet, oldDaemonSet)...)

-	// Update is not allowed to set Spec.Selector for all groups/versions except extensions/v1beta1.
+	// Update is not allowed to set Spec.Selector for apps/v1 and apps/v1beta2 (allowed for extensions/v1beta1).
 	// If RequestInfo is nil, it is better to revert to old behavior (i.e. allow update to set Spec.Selector)
 	// to prevent unintentionally breaking users who may rely on the old behavior.
 	// TODO(#50791): after extensions/v1beta1 is removed, move selector immutability check inside ValidateDaemonSetUpdate().
@ -135,7 +136,7 @@ func (daemonSetStrategy) ValidateUpdate(ctx genericapirequest.Context, obj, old
 		switch groupVersion {
 		case extensionsv1beta1.SchemeGroupVersion:
 			// no-op for compatibility
-		case appsv1beta2.SchemeGroupVersion:
+		case appsv1beta2.SchemeGroupVersion, appsv1.SchemeGroupVersion:
 			// disallow mutation of selector
 			allErrs = append(allErrs, apivalidation.ValidateImmutableField(newDaemonSet.Spec.Selector, oldDaemonSet.Spec.Selector, field.NewPath("spec").Child("selector"))...)
 		default:
--- a/pkg/registry/extensions/daemonset/strategy_test.go
+++ b/pkg/registry/extensions/daemonset/strategy_test.go
@ -51,6 +51,26 @@ func TestSelectorImmutability(t *testing.T) {
 		newSelectorLabels map[string]string
 		expectedErrorList field.ErrorList
 	}{
+		{
+			genericapirequest.RequestInfo{
+				APIGroup:   "apps",
+				APIVersion: "v1",
+				Resource:   "daemonsets",
+			},
+			map[string]string{"a": "b"},
+			map[string]string{"c": "d"},
+			field.ErrorList{
+				&field.Error{
+					Type:  field.ErrorTypeInvalid,
+					Field: field.NewPath("spec").Child("selector").String(),
+					BadValue: &metav1.LabelSelector{
+						MatchLabels:      map[string]string{"c": "d"},
+						MatchExpressions: []metav1.LabelSelectorRequirement{},
+					},
+					Detail: "field is immutable",
+				},
+			},
+		},
 		{
 			genericapirequest.RequestInfo{
 				APIGroup:   "apps",