diff --git a/control-plane/agents/src/bin/core/pool/pool_operations.rs b/control-plane/agents/src/bin/core/pool/pool_operations.rs index ccf9a2b26..da3ac6730 100644 --- a/control-plane/agents/src/bin/core/pool/pool_operations.rs +++ b/control-plane/agents/src/bin/core/pool/pool_operations.rs @@ -16,6 +16,7 @@ use stor_port::{ transport::{CreatePool, CtrlPoolState, DestroyPool, Pool}, }, }; +use utils::dsp_created_by_key; #[async_trait::async_trait] impl ResourceLifecycle for OperationGuardArc { @@ -169,6 +170,12 @@ impl ResourceLabel for OperationGuardArc { registry: &Registry, label_key: String, ) -> Result { + if label_key == dsp_created_by_key() { + return Err(SvcError::ForbiddenUnlabelKey { + labels: label_key, + resource_kind: ResourceKind::Pool, + }); + } let cloned_pool_spec = self.lock().clone(); let spec_clone = self .start_update( diff --git a/control-plane/agents/src/common/errors.rs b/control-plane/agents/src/common/errors.rs index 0637a5ec4..7d5001cc1 100644 --- a/control-plane/agents/src/common/errors.rs +++ b/control-plane/agents/src/common/errors.rs @@ -208,6 +208,15 @@ pub enum SvcError { labels: String, resource_kind: ResourceKind, }, + #[snafu(display( + "Forbidden {}, cannot delete internal labels: {} ", + resource_kind, + labels + ))] + ForbiddenUnlabelKey { + labels: String, + resource_kind: ResourceKind, + }, #[snafu(display("Multiple nexuses not supported"))] MultipleNexuses {}, #[snafu(display("Storage Error: {}", source))] @@ -801,6 +810,12 @@ impl From for ReplyError { source, extra, }, + SvcError::ForbiddenUnlabelKey { resource_kind, .. } => ReplyError { + kind: ReplyErrorKind::InvalidArgument, + resource: resource_kind, + source, + extra, + }, SvcError::MultipleNexuses { .. } => ReplyError { kind: ReplyErrorKind::InvalidArgument, resource: ResourceKind::Unknown,