tags immutability was implemented for redis and postgres & zookeper e…

…xternal changes handling was added

.secrets.baseline

@@ -75,6 +75,10 @@
     {
       "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
     },
+    {
+      "path": "detect_secrets.filters.common.is_baseline_file",
+      "filename": ".secrets.baseline"
+    },
     {
       "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
       "min_level": 2
@@ -377,7 +381,7 @@
         "filename": "apis/clusters/v1beta1/redis_webhook.go",
         "hashed_secret": "bc1c5ae5fd4a238d86261f422e62c489de408c22",
         "is_verified": false,
-        "line_number": 340
+        "line_number": 345
       }
     ],
     "apis/clusters/v1beta1/zookeeper_types.go": [
@@ -1170,5 +1174,5 @@
       }
     ]
   },
-  "generated_at": "2024-01-31T10:27:15Z"
+  "generated_at": "2024-02-02T08:53:13Z"
 }

apis/clusters/v1beta1/postgresql_webhook.go

@@ -368,7 +368,12 @@ func (pgs *PgSpec) validateImmutableDCsFieldsUpdate(oldSpec PgSpec) error {
 			return fmt.Errorf("cannot update immutable data centre fields: new spec: %v: old spec: %v", newDCImmutableFields, oldDCImmutableFields)
 		}
 
-		err := newDC.validateImmutableCloudProviderSettingsUpdate(oldDC.CloudProviderSettings)
+		err := validateTagsUpdate(newDC.Tags, oldDC.Tags)
+		if err != nil {
+			return err
+		}
+
+		err = newDC.validateImmutableCloudProviderSettingsUpdate(oldDC.CloudProviderSettings)
 		if err != nil {
 			return err
 		}

apis/clusters/v1beta1/redis_webhook.go

@@ -303,7 +303,12 @@ func (rs *RedisSpec) validateDCsUpdate(oldSpec RedisSpec) error {
 			return fmt.Errorf("cannot update immutable data centre fields: new spec: %v: old spec: %v", newDCImmutableFields, oldDCImmutableFields)
 		}
 
-		err := newDC.validateImmutableCloudProviderSettingsUpdate(oldDC.CloudProviderSettings)
+		err := validateTagsUpdate(newDC.Tags, oldDC.Tags)
+		if err != nil {
+			return err
+		}
+
+		err = newDC.validateImmutableCloudProviderSettingsUpdate(oldDC.CloudProviderSettings)
 		if err != nil {
 			return err
 		}

apis/clusters/v1beta1/zookeeper_types.go

@@ -123,7 +123,7 @@ func (zs *ZookeeperSpec) FromInstAPI(iZook *models.ZookeeperCluster) ZookeeperSp
 		Cluster: Cluster{
 			Name:                  iZook.Name,
 			Version:               iZook.ZookeeperVersion,
-			Description:           zs.Description,
+			Description:           iZook.Description,
 			PrivateNetworkCluster: iZook.PrivateNetworkCluster,
 			SLATier:               iZook.SLATier,
 			TwoFactorDelete:       zs.Cluster.TwoFactorDeleteFromInstAPI(iZook.TwoFactorDelete),

apis/clusters/v1beta1/zookeeper_webhook.go

@@ -112,15 +112,27 @@ func (zv *zookeeperValidator) ValidateCreate(ctx context.Context, obj runtime.Ob
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
 func (zv *zookeeperValidator) ValidateUpdate(ctx context.Context, old runtime.Object, new runtime.Object) error {
-	z, ok := new.(*Zookeeper)
+	newZookeeper, ok := new.(*Zookeeper)
 	if !ok {
 		return fmt.Errorf("cannot assert object %v to zookeeper", new.GetObjectKind())
 	}
+	oldZookeeper, ok := old.(*Zookeeper)
+	if !ok {
+		return fmt.Errorf("cannot assert object %v to zookeeper", new.GetObjectKind())
+	}
+
+	zookeeperlog.Info("validate update", "name", newZookeeper.Name)
 
-	zookeeperlog.Info("validate update", "name", z.Name)
+	if newZookeeper.Status.ID == "" {
+		return zv.ValidateCreate(ctx, newZookeeper)
+	}
+
+	if newZookeeper.Annotations[models.ExternalChangesAnnotation] == models.True {
+		return nil
+	}
 
-	if z.Status.ID == "" {
-		return zv.ValidateCreate(ctx, z)
+	if newZookeeper.Generation != oldZookeeper.Generation && !oldZookeeper.Spec.ClusterSettingsNeedUpdate(newZookeeper.Spec.Cluster) {
+		return fmt.Errorf("update is not allowed")
 	}
 
 	return nil

config/samples/clusters_v1beta1_postgresql.yaml

@@ -21,6 +21,9 @@ spec:
         - replicationMode: "SYNCHRONOUS"
       interDataCentreReplication:
         - isPrimaryDataCentre: true
+#      tags:
+#        tag: "oneTag"
+#        tag2: "twoTags"
   #    - region: "US_WEST_2"
   #      network: "10.2.0.0/16"
   #      cloudProvider: "AWS_VPC"

config/samples/clusters_v1beta1_redis.yaml

@@ -16,12 +16,12 @@ spec:
   passwordAndUserAuth: true
   privateNetworkCluster: false
   userRefs:
-      - name: redisuser-sample-1
-        namespace: default
-      - name: redisuser-sample-2
-        namespace: default
-      - name: redisuser-sample-3
-        namespace: default
+#      - name: redisuser-sample-1
+#        namespace: default
+#      - name: redisuser-sample-2
+#        namespace: default
+#      - name: redisuser-sample-3
+#        namespace: default
   #  twoFactorDelete:
   #    - email: "[email protected]"
   dataCentres:
@@ -35,6 +35,9 @@ spec:
       masterNodes: 3
       nodesNumber: 0
       replicationFactor: 0
+#      tags:
+#        tag: "oneTag"
+#        tag2: "twoTags"
 #      privateLink:
 #        - advertisedHostname: redis-sample-test.com
 #    - region: "US_WEST_2"

config/samples/clusters_v1beta1_zookeeper.yaml

@@ -3,16 +3,17 @@ kind: Zookeeper
 metadata:
   name: zookeeper-sample
 spec:
+  name: "username-zookeeper"
+#  description: "some description"
   dataCentres:
     - clientToServerEncryption: false
       cloudProvider: "AWS_VPC"
       name: "MyTestDataCentre1"
       network: "10.0.0.0/16"
-#      nodeSize: "zookeeper-developer-t3.small-20"
-      nodeSize: "zookeeper-production-m5.large-60"
+      nodeSize: "zookeeper-developer-t3.small-20"
+#      nodeSize: "zookeeper-production-m5.large-60"
       nodesNumber: 3
       region: "US_EAST_1"
-  name: "Username-zookeeper"
   privateNetworkCluster: false
   slaTier: "NON_PRODUCTION"
   version: "3.8.2"