Skip to content

Commit

Permalink
chore(bors): merge pull request #853
Browse files Browse the repository at this point in the history 
853: feat(topology): restrict users from deleting created-by label on pools r=sinhaashish a=sinhaashish



Co-authored-by: sinhaashish <[email protected]>
  • Loading branch information
@sinhaashish
mayastor-bors and sinhaashish committed Sep 6, 2024
2 parents 848bcd5 + 65e5ce0 commit 423dab2
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
7 changes: 7 additions & 0 deletions control-plane/agents/src/bin/core/pool/pool_operations.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ use stor_port::{
transport::{CreatePool, CtrlPoolState, DestroyPool, Pool},
},
};
use utils::dsp_created_by_key;

#[async_trait::async_trait]
impl ResourceLifecycle for OperationGuardArc<PoolSpec> {
Expand Down Expand Up @@ -169,6 +170,12 @@ impl ResourceLabel for OperationGuardArc<PoolSpec> {
registry: &Registry,
label_key: String,
) -> Result<Self::UnlabelOutput, SvcError> {
if label_key == dsp_created_by_key() {
return Err(SvcError::ForbiddenUnlabelKey {
labels: label_key,
resource_kind: ResourceKind::Pool,
});
}
let cloned_pool_spec = self.lock().clone();
let spec_clone = self
.start_update(
Expand Down
15 changes: 15 additions & 0 deletions control-plane/agents/src/common/errors.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,15 @@ pub enum SvcError {
labels: String,
resource_kind: ResourceKind,
},
#[snafu(display(
"Forbidden {}, cannot delete internal labels: {} ",
resource_kind,
labels
))]
ForbiddenUnlabelKey {
labels: String,
resource_kind: ResourceKind,
},
#[snafu(display("Multiple nexuses not supported"))]
MultipleNexuses {},
#[snafu(display("Storage Error: {}", source))]
Expand Down Expand Up @@ -801,6 +810,12 @@ impl From<SvcError> for ReplyError {
source,
extra,
},
SvcError::ForbiddenUnlabelKey { resource_kind, .. } => ReplyError {
kind: ReplyErrorKind::InvalidArgument,
resource: resource_kind,
source,
extra,
},
SvcError::MultipleNexuses { .. } => ReplyError {
kind: ReplyErrorKind::InvalidArgument,
resource: ResourceKind::Unknown,
Expand Down

0 comments on commit 423dab2

Please sign in to comment.