Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforced immutable fields using CEL rules #5682

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Enforced immutable fields using CEL rules #5682

wants to merge 8 commits into from

Conversation

NeerajNagure
Copy link
Contributor

@NeerajNagure NeerajNagure commented May 13, 2024
edited

Description of your changes

Added CEL based comment markers to enforce immutability on every field that was previously marked as // +immutable

Fixes #4128

I have:

Need help with this checklist? See the cheat sheet.

@NeerajNagure NeerajNagure requested review from negz and a team as code owners May 13, 2024 10:31
@NeerajNagure NeerajNagure requested a review from bobh66 May 13, 2024 10:31
negz
negz reviewed May 13, 2024
View reviewed changes
Copy link
Member

@negz negz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you run make generate? It doesn't seem like the CRDs were updated with the result of the new comment marker.

Also, I'm pretty confident we have more immutable fields than this. There's probably some without // +immutable markers.

apis/apiextensions/v1/composition_revision_types.go Outdated Show resolved Hide resolved
apis/apiextensions/v1/composition_revision_types.go Outdated Show resolved Hide resolved
@NeerajNagure
Copy link
Contributor Author

@negz Also can I please know how can I find those fields that are supposed to be immutable but are not marked with //+immutable ?

@NeerajNagure NeerajNagure requested a review from negz May 14, 2024 05:48
@negz
Copy link
Member

negz commented May 14, 2024

Also can I please know how can I find those fields that are supposed to be immutable but are not marked with //+immutable ?

@NeerajNagure Unfortunately there's no easy way to do this. You'd need to be familiar enough with Crossplane's APIs to know which fields can't change. I don't think this needs to block this PR though, if we can come up with a pattern that works someone who is familiar with the APIs can copy it to the other fields that need it.

@NeerajNagure NeerajNagure requested a review from negz May 16, 2024 04:39
@NeerajNagure
Copy link
Contributor Author

@negz can you please review this?

@NeerajNagure
removed kubebuilder validation
3e97742 
Signed-off-by: Neeraj Nagure <[email protected]>
@NeerajNagure
Copy link
Contributor Author

@negz I have made the changes as suggested by you

@negz
Copy link
Member

negz commented May 23, 2024

Thanks @NeerajNagure. Could you please add some details on how you've tested this change? Adding an E2E test would be ideal.

@NeerajNagure
Copy link
Contributor Author

NeerajNagure commented May 24, 2024
edited

@negz I have added 2 e2e tests that check if its possible to update immutable fields or not (Also those e2e tests pass successfully)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bobh66 bobh66 Awaiting requested review from bobh66 bobh66 is a code owner automatically assigned from crossplane/crossplane-maintainers

@negz negz Awaiting requested review from negz negz is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enforce immutable fields using CEL rules
2 participants
@NeerajNagure @negz