From 84bd20403b513cb81282b0fc3ee65ba121cba2a5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E9=BE=99=E5=B3=B0?= <lilongfeng@inspur.com>
Date: Sat, 25 Nov 2023 11:17:37 +0800
Subject: [PATCH] return Forbidden is appropriate

---
 .../webhook/nodepool/v1beta1/nodepool_validation.go      | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/pkg/yurtmanager/webhook/nodepool/v1beta1/nodepool_validation.go b/pkg/yurtmanager/webhook/nodepool/v1beta1/nodepool_validation.go
index 4ce8f5f86dd..f3661a4e109 100644
--- a/pkg/yurtmanager/webhook/nodepool/v1beta1/nodepool_validation.go
+++ b/pkg/yurtmanager/webhook/nodepool/v1beta1/nodepool_validation.go
@@ -25,7 +25,6 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	apivalidation "k8s.io/apimachinery/pkg/api/validation"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -59,7 +58,7 @@ func (webhook *NodePoolHandler) ValidateUpdate(ctx context.Context, oldObj, newO
 	}
 
 	if allErrs := validateNodePoolSpecUpdate(&newNp.Spec, &oldNp.Spec); len(allErrs) > 0 {
-		return apierrors.NewForbidden(schema.GroupResource{Group: "", Resource: "nodepools"}, newNp.Name, allErrs)
+		return apierrors.NewForbidden(appsv1beta1.GroupVersion.WithResource("nodepools").GroupResource(), newNp.Name, allErrs)
 	}
 
 	return nil
@@ -72,7 +71,7 @@ func (webhook *NodePoolHandler) ValidateDelete(_ context.Context, obj runtime.Ob
 		return apierrors.NewBadRequest(fmt.Sprintf("expected a NodePool but got a %T", obj))
 	}
 	if allErrs := validateNodePoolDeletion(webhook.Client, np); len(allErrs) > 0 {
-		return apierrors.NewInvalid(appsv1beta1.GroupVersion.WithKind("NodePool").GroupKind(), np.Name, allErrs)
+		return apierrors.NewForbidden(appsv1beta1.GroupVersion.WithResource("nodepools").GroupResource(), np.Name, allErrs)
 	}
 
 	return nil
@@ -122,12 +121,12 @@ func validateNodePoolSpecUpdate(spec, oldSpec *appsv1beta1.NodePoolSpec) field.E
 
 	if spec.Type != oldSpec.Type {
 		return field.ErrorList([]*field.Error{
-			field.Invalid(field.NewPath("spec").Child("type"), spec.Type, "pool type can't be changed")})
+			field.NewForbidden(appsv1beta1.GroupVersion.WithResource("nodepools").GroupResource(), spec.Type, "pool type can't be changed")})
 	}
 
 	if spec.HostNetwork != oldSpec.HostNetwork {
 		return field.ErrorList([]*field.Error{
-			field.Invalid(field.NewPath("spec").Child("hostNetwork"), spec.HostNetwork, "pool hostNetwork can't be changed"),
+			field.NewForbidden(appsv1beta1.GroupVersion.WithResource("nodepools").GroupResource(), spec.HostNetwork, "pool hostNetwork can't be changed"),
 		})
 	}
 	return nil