feat: User should not be able to change Jetstream StreamConfig (#1860)

* feat: User should not be able to change Jetstram StreamConfig Signed-off-by: Julie Vogelman <[email protected]>
argoproj · Apr 20, 2022 · 3d59207 · 3d59207
1 parent 2b9d46e
commit 3d59207
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 5 deletions.
diff --git a/controllers/eventbus/validate.go b/controllers/eventbus/validate.go
@@ -9,7 +9,7 @@ import (
 // ValidateEventBus accepts an EventBus and performs validation against it
 func ValidateEventBus(eb *v1alpha1.EventBus) error {
 	if eb.Spec.NATS == nil && eb.Spec.JetStream == nil {
-		return fmt.Errorf("invalid spec: either \"nats\" or \"jststream\" needs to be specified")
+		return fmt.Errorf("invalid spec: either \"nats\" or \"jetstream\" needs to be specified")
 	}
 	if x := eb.Spec.NATS; x != nil {
 		if x.Native != nil && x.Exotic != nil {

diff --git a/webhook/validator/eventbus.go b/webhook/validator/eventbus.go
@@ -33,6 +33,7 @@ func (eb *eventbus) ValidateCreate(ctx context.Context) *admissionv1.AdmissionRe
 	if err := eventbuscontroller.ValidateEventBus(eb.neweb); err != nil {
 		return DeniedResponse(err.Error())
 	}
+
 	return AllowedResponse()
 }
 
@@ -43,28 +44,43 @@ func (eb *eventbus) ValidateUpdate(ctx context.Context) *admissionv1.AdmissionRe
 	if err := eventbuscontroller.ValidateEventBus(eb.neweb); err != nil {
 		return DeniedResponse(err.Error())
 	}
-	if eb.neweb.Spec.NATS != nil {
+	switch {
+	case eb.neweb.Spec.NATS != nil:
 		if eb.oldeb.Spec.NATS == nil {
-			return DeniedResponse("Can not change event bus implmementation")
+			return DeniedResponse("Can not change event bus implementation")
 		}
 		oldNats := eb.oldeb.Spec.NATS
 		newNats := eb.neweb.Spec.NATS
 		if newNats.Native != nil {
 			if oldNats.Native == nil {
-				return DeniedResponse("Can not change NATS event bus implmementation from exotic to native")
+				return DeniedResponse("Can not change NATS event bus implementation from exotic to native")
 			}
 			if authChanged(oldNats.Native.Auth, newNats.Native.Auth) {
 				return DeniedResponse("\"spec.nats.native.auth\" is immutable, can not be updated")
 			}
 		} else if newNats.Exotic != nil {
 			if oldNats.Exotic == nil {
-				return DeniedResponse("Can not change NATS event bus implmementation from native to exotic")
+				return DeniedResponse("Can not change NATS event bus implementation from native to exotic")
 			}
 			if authChanged(oldNats.Exotic.Auth, newNats.Exotic.Auth) {
 				return DeniedResponse("\"spec.nats.exotic.auth\" is immutable, can not be updated")
 			}
 		}
+	case eb.neweb.Spec.JetStream != nil:
+		if eb.oldeb.Spec.JetStream == nil {
+			return DeniedResponse("Can not change event bus implementation")
+		}
+		oldJs := eb.oldeb.Spec.JetStream
+		newJs := eb.neweb.Spec.JetStream
+		if (oldJs.StreamConfig == nil && newJs.StreamConfig != nil) ||
+			(oldJs.StreamConfig != nil && newJs.StreamConfig == nil) {
+			return DeniedResponse("\"spec.jetstream.streamConfig\" is immutable, can not be updated")
+		}
+		if oldJs.StreamConfig != nil && newJs.StreamConfig != nil && *oldJs.StreamConfig != *newJs.StreamConfig {
+			return DeniedResponse("\"spec.jetstream.streamConfig\" is immutable, can not be updated, old value='%s', new value='%s'", *oldJs.StreamConfig, *newJs.StreamConfig)
+		}
 	}
+
 	return AllowedResponse()
 }