From a048e2225ab465c5ede684ab7200221810e8535f Mon Sep 17 00:00:00 2001
From: Madhu Rajanna <madhupr007@gmail.com>
Date: Thu, 9 Nov 2023 11:39:25 +0100
Subject: [PATCH 1/3] replication: make parameters as immutable

mark parameters as immutable once created
which means we are not able to add/delete
or update the parameters once created.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
---
 .../v1alpha1/volumereplicationclass_types.go                   | 1 +
 ...lication.storage.openshift.io_volumereplicationclasses.yaml | 3 +++
 deploy/controller/crds.yaml                                    | 3 +++
 3 files changed, 7 insertions(+)

diff --git a/apis/replication.storage/v1alpha1/volumereplicationclass_types.go b/apis/replication.storage/v1alpha1/volumereplicationclass_types.go
index 274650310..25632a049 100644
--- a/apis/replication.storage/v1alpha1/volumereplicationclass_types.go
+++ b/apis/replication.storage/v1alpha1/volumereplicationclass_types.go
@@ -23,6 +23,7 @@ import (
 // VolumeReplicationClassSpec specifies parameters that an underlying storage system uses
 // when creating a volume replica. A specific VolumeReplicationClass is used by specifying
 // its name in a VolumeReplication object.
+// +kubebuilder:validation:XValidation:rule="has(self.parameters) == has(oldSelf.parameters)",message="parameters are immutable"
 type VolumeReplicationClassSpec struct {
 	// Provisioner is the name of storage provisioner
 	// +kubebuilder:validation:Required
diff --git a/config/crd/bases/replication.storage.openshift.io_volumereplicationclasses.yaml b/config/crd/bases/replication.storage.openshift.io_volumereplicationclasses.yaml
index 8e22bd26c..53dc81c3e 100644
--- a/config/crd/bases/replication.storage.openshift.io_volumereplicationclasses.yaml
+++ b/config/crd/bases/replication.storage.openshift.io_volumereplicationclasses.yaml
@@ -61,6 +61,9 @@ spec:
             required:
             - provisioner
             type: object
+            x-kubernetes-validations:
+            - message: parameters are immutable
+              rule: has(self.parameters) == has(oldSelf.parameters)
           status:
             description: VolumeReplicationClassStatus defines the observed state of
               VolumeReplicationClass.
diff --git a/deploy/controller/crds.yaml b/deploy/controller/crds.yaml
index ccfe94de4..25ff230b0 100644
--- a/deploy/controller/crds.yaml
+++ b/deploy/controller/crds.yaml
@@ -778,6 +778,9 @@ spec:
             required:
             - provisioner
             type: object
+            x-kubernetes-validations:
+            - message: parameters are immutable
+              rule: has(self.parameters) == has(oldSelf.parameters)
           status:
             description: VolumeReplicationClassStatus defines the observed state of
               VolumeReplicationClass.

From ffb81357ef8d66d415b65ae62838b3abd5a2438f Mon Sep 17 00:00:00 2001
From: Madhu Rajanna <madhupr007@gmail.com>
Date: Thu, 9 Nov 2023 11:43:24 +0100
Subject: [PATCH 2/3] networkfence: make parameters as immutable

mark parameters as immutable once created
which means we are not able to add/delete
or update the parameters once created.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
---
 apis/csiaddons/v1alpha1/networkfence_types.go              | 1 +
 config/crd/bases/csiaddons.openshift.io_networkfences.yaml | 3 +++
 deploy/controller/crds.yaml                                | 3 +++
 3 files changed, 7 insertions(+)

diff --git a/apis/csiaddons/v1alpha1/networkfence_types.go b/apis/csiaddons/v1alpha1/networkfence_types.go
index 8c82b692e..2bf9b478c 100644
--- a/apis/csiaddons/v1alpha1/networkfence_types.go
+++ b/apis/csiaddons/v1alpha1/networkfence_types.go
@@ -56,6 +56,7 @@ type SecretSpec struct {
 }
 
 // NetworkFenceSpec defines the desired state of NetworkFence
+// +kubebuilder:validation:XValidation:rule="has(self.parameters) == has(oldSelf.parameters)",message="parameters are immutable"
 type NetworkFenceSpec struct {
 	// Driver contains  the name of CSI driver.
 	// +kubebuilder:validation:Required
diff --git a/config/crd/bases/csiaddons.openshift.io_networkfences.yaml b/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
index 3234ca5fd..32d788a37 100644
--- a/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
+++ b/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
@@ -105,6 +105,9 @@ spec:
             - driver
             - fenceState
             type: object
+            x-kubernetes-validations:
+            - message: parameters are immutable
+              rule: has(self.parameters) == has(oldSelf.parameters)
           status:
             description: NetworkFenceStatus defines the observed state of NetworkFence
             properties:
diff --git a/deploy/controller/crds.yaml b/deploy/controller/crds.yaml
index 25ff230b0..3e3777107 100644
--- a/deploy/controller/crds.yaml
+++ b/deploy/controller/crds.yaml
@@ -213,6 +213,9 @@ spec:
             - driver
             - fenceState
             type: object
+            x-kubernetes-validations:
+            - message: parameters are immutable
+              rule: has(self.parameters) == has(oldSelf.parameters)
           status:
             description: NetworkFenceStatus defines the observed state of NetworkFence
             properties:

From 2a9e1f2520edc03d59c3c89b4b73b3c9814a86d2 Mon Sep 17 00:00:00 2001
From: Madhu Rajanna <madhupr007@gmail.com>
Date: Thu, 9 Nov 2023 11:44:58 +0100
Subject: [PATCH 3/3] networkfence: make secret as immutable

mark secret as immutable once created
which means we are not able to add/delete
or update the secret once created.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
---
 apis/csiaddons/v1alpha1/networkfence_types.go              | 1 +
 config/crd/bases/csiaddons.openshift.io_networkfences.yaml | 2 ++
 deploy/controller/crds.yaml                                | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/apis/csiaddons/v1alpha1/networkfence_types.go b/apis/csiaddons/v1alpha1/networkfence_types.go
index 2bf9b478c..7f0373901 100644
--- a/apis/csiaddons/v1alpha1/networkfence_types.go
+++ b/apis/csiaddons/v1alpha1/networkfence_types.go
@@ -57,6 +57,7 @@ type SecretSpec struct {
 
 // NetworkFenceSpec defines the desired state of NetworkFence
 // +kubebuilder:validation:XValidation:rule="has(self.parameters) == has(oldSelf.parameters)",message="parameters are immutable"
+// +kubebuilder:validation:XValidation:rule="has(self.secret) == has(oldSelf.secret)",message="secret is immutable"
 type NetworkFenceSpec struct {
 	// Driver contains  the name of CSI driver.
 	// +kubebuilder:validation:Required
diff --git a/config/crd/bases/csiaddons.openshift.io_networkfences.yaml b/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
index 32d788a37..5aba29f2f 100644
--- a/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
+++ b/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
@@ -108,6 +108,8 @@ spec:
             x-kubernetes-validations:
             - message: parameters are immutable
               rule: has(self.parameters) == has(oldSelf.parameters)
+            - message: secret is immutable
+              rule: has(self.secret) == has(oldSelf.secret)
           status:
             description: NetworkFenceStatus defines the observed state of NetworkFence
             properties:
diff --git a/deploy/controller/crds.yaml b/deploy/controller/crds.yaml
index 3e3777107..8171c0adb 100644
--- a/deploy/controller/crds.yaml
+++ b/deploy/controller/crds.yaml
@@ -216,6 +216,8 @@ spec:
             x-kubernetes-validations:
             - message: parameters are immutable
               rule: has(self.parameters) == has(oldSelf.parameters)
+            - message: secret is immutable
+              rule: has(self.secret) == has(oldSelf.secret)
           status:
             description: NetworkFenceStatus defines the observed state of NetworkFence
             properties: