webhook: prevent delete ippool with allocated IPs (#4633)

Signed-off-by: Cyclinder Kuo <[email protected]>
spidernet-io · Feb 14, 2025 · 742781e · 742781e
1 parent c3f9fdf
commit 742781e
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/pkg/ippoolmanager/ippool_webhook.go b/pkg/ippoolmanager/ippool_webhook.go
@@ -136,5 +136,21 @@ func (iw *IPPoolWebhook) ValidateUpdate(ctx context.Context, oldObj, newObj runt
 
 // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type.
 func (iw *IPPoolWebhook) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
+	ipPool := obj.(*spiderpoolv2beta1.SpiderIPPool)
+
+	logger := WebhookLogger.Named("Validating").With(
+		zap.String("IPPoolName", ipPool.Name),
+		zap.String("Operation", "DELETE"),
+	)
+	logger.Sugar().Debugf("Request IPPool: %+v", *ipPool)
+
+	if ipPool.Status.AllocatedIPCount != nil && *ipPool.Status.AllocatedIPCount > 0 {
+		logger.Sugar().Errorf("Cannot delete an IPPool with allocated IPs")
+		return nil, apierrors.NewForbidden(
+			schema.GroupResource{Group: constant.SpiderpoolAPIGroup, Resource: "spiderippools"},
+			ipPool.Name,
+			errors.New("cannot delete an IPPool with allocated IPs"),
+		)
+	}
 	return nil, nil
 }
diff --git a/pkg/subnetmanager/subnet_webhook.go b/pkg/subnetmanager/subnet_webhook.go
@@ -135,5 +135,21 @@ func (sw *SubnetWebhook) ValidateUpdate(ctx context.Context, oldObj, newObj runt
 
 // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type.
 func (sw *SubnetWebhook) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
+	subnet := obj.(*spiderpoolv2beta1.SpiderSubnet)
+
+	logger := WebhookLogger.Named("Validating").With(
+		zap.String("SubnetName", subnet.Name),
+		zap.String("Operation", "DELETE"),
+	)
+	logger.Sugar().Debugf("Request Subnet: %+v", *subnet)
+
+	if subnet.Status.AllocatedIPCount != nil && *subnet.Status.AllocatedIPCount > 0 {
+		logger.Sugar().Errorf("Cannot delete an Subnet with allocated IPs")
+		return nil, apierrors.NewForbidden(
+			schema.GroupResource{Group: constant.SpiderpoolAPIGroup, Resource: "spidersubnets"},
+			subnet.Name,
+			errors.New("cannot delete an Subnet with allocated IPs"),
+		)
+	}
 	return nil, nil
 }