return Forbidden is appropriate

openyurtio · Nov 25, 2023 · 84bd204 · 84bd204
1 parent ff7d279
commit 84bd204
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/pkg/yurtmanager/webhook/nodepool/v1beta1/nodepool_validation.go b/pkg/yurtmanager/webhook/nodepool/v1beta1/nodepool_validation.go
@@ -25,7 +25,6 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	apivalidation "k8s.io/apimachinery/pkg/api/validation"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -59,7 +58,7 @@ func (webhook *NodePoolHandler) ValidateUpdate(ctx context.Context, oldObj, newO
 	}
 
 	if allErrs := validateNodePoolSpecUpdate(&newNp.Spec, &oldNp.Spec); len(allErrs) > 0 {
-		return apierrors.NewForbidden(schema.GroupResource{Group: "", Resource: "nodepools"}, newNp.Name, allErrs)
+		return apierrors.NewForbidden(appsv1beta1.GroupVersion.WithResource("nodepools").GroupResource(), newNp.Name, allErrs)
 	}
 
 	return nil
@@ -72,7 +71,7 @@ func (webhook *NodePoolHandler) ValidateDelete(_ context.Context, obj runtime.Ob
 		return apierrors.NewBadRequest(fmt.Sprintf("expected a NodePool but got a %T", obj))
 	}
 	if allErrs := validateNodePoolDeletion(webhook.Client, np); len(allErrs) > 0 {
-		return apierrors.NewInvalid(appsv1beta1.GroupVersion.WithKind("NodePool").GroupKind(), np.Name, allErrs)
+		return apierrors.NewForbidden(appsv1beta1.GroupVersion.WithResource("nodepools").GroupResource(), np.Name, allErrs)
 	}
 
 	return nil
@@ -122,12 +121,12 @@ func validateNodePoolSpecUpdate(spec, oldSpec *appsv1beta1.NodePoolSpec) field.E
 
 	if spec.Type != oldSpec.Type {
 		return field.ErrorList([]*field.Error{
-			field.Invalid(field.NewPath("spec").Child("type"), spec.Type, "pool type can't be changed")})
+			field.NewForbidden(appsv1beta1.GroupVersion.WithResource("nodepools").GroupResource(), spec.Type, "pool type can't be changed")})
 	}
 
 	if spec.HostNetwork != oldSpec.HostNetwork {
 		return field.ErrorList([]*field.Error{
-			field.Invalid(field.NewPath("spec").Child("hostNetwork"), spec.HostNetwork, "pool hostNetwork can't be changed"),
+			field.NewForbidden(appsv1beta1.GroupVersion.WithResource("nodepools").GroupResource(), spec.HostNetwork, "pool hostNetwork can't be changed"),
 		})
 	}
 	return nil