From 2a9e1f2520edc03d59c3c89b4b73b3c9814a86d2 Mon Sep 17 00:00:00 2001
From: Madhu Rajanna <madhupr007@gmail.com>
Date: Thu, 9 Nov 2023 11:44:58 +0100
Subject: [PATCH] networkfence: make secret as immutable

mark secret as immutable once created
which means we are not able to add/delete
or update the secret once created.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
---
 apis/csiaddons/v1alpha1/networkfence_types.go              | 1 +
 config/crd/bases/csiaddons.openshift.io_networkfences.yaml | 2 ++
 deploy/controller/crds.yaml                                | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/apis/csiaddons/v1alpha1/networkfence_types.go b/apis/csiaddons/v1alpha1/networkfence_types.go
index 2bf9b478c..7f0373901 100644
--- a/apis/csiaddons/v1alpha1/networkfence_types.go
+++ b/apis/csiaddons/v1alpha1/networkfence_types.go
@@ -57,6 +57,7 @@ type SecretSpec struct {
 
 // NetworkFenceSpec defines the desired state of NetworkFence
 // +kubebuilder:validation:XValidation:rule="has(self.parameters) == has(oldSelf.parameters)",message="parameters are immutable"
+// +kubebuilder:validation:XValidation:rule="has(self.secret) == has(oldSelf.secret)",message="secret is immutable"
 type NetworkFenceSpec struct {
 	// Driver contains  the name of CSI driver.
 	// +kubebuilder:validation:Required
diff --git a/config/crd/bases/csiaddons.openshift.io_networkfences.yaml b/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
index 32d788a37..5aba29f2f 100644
--- a/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
+++ b/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
@@ -108,6 +108,8 @@ spec:
             x-kubernetes-validations:
             - message: parameters are immutable
               rule: has(self.parameters) == has(oldSelf.parameters)
+            - message: secret is immutable
+              rule: has(self.secret) == has(oldSelf.secret)
           status:
             description: NetworkFenceStatus defines the observed state of NetworkFence
             properties:
diff --git a/deploy/controller/crds.yaml b/deploy/controller/crds.yaml
index 3e3777107..8171c0adb 100644
--- a/deploy/controller/crds.yaml
+++ b/deploy/controller/crds.yaml
@@ -216,6 +216,8 @@ spec:
             x-kubernetes-validations:
             - message: parameters are immutable
               rule: has(self.parameters) == has(oldSelf.parameters)
+            - message: secret is immutable
+              rule: has(self.secret) == has(oldSelf.secret)
           status:
             description: NetworkFenceStatus defines the observed state of NetworkFence
             properties: