Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Update/Delete protection for Custom Resources #176

Open
zmotso opened this issue Feb 21, 2025 · 0 comments · May be fixed by #177
Open

Implement Update/Delete protection for Custom Resources #176

zmotso opened this issue Feb 21, 2025 · 0 comments · May be fixed by #177
Assignees
@zmotso
Labels
enhancement New feature or request

Comments

@zmotso
Copy link
Contributor

zmotso commented Feb 21, 2025

To enhance the security and governance of our Kubernetes resources, we need to implement an edit protection feature. This will involve enabling a specific label app.edp.epam.com/edit-protection: delete-update on the operator resources. When this label is set, it should prevent any modifications to the corresponding resources by users.

Acceptance Criteria

  1. The label app.edp.epam.com/edit-protection: delete-update must be recognized by the operator.
  2. When the label is set, any attempts to modify the corresponding resource should be blocked, and the user should be informed that the resource is protected from edits.
  3. Proper validation and tests must be implemented to ensure that the edit protection feature works as expected across all specified resource kinds.
  4. Documentation should be updated to include details about the edit protection feature, how to enable it, and its implications.
@zmotso zmotso added the enhancement New feature or request label Feb 21, 2025
@zmotso zmotso self-assigned this Feb 21, 2025
zmotso added a commit that referenced this issue Feb 24, 2025
@zmotso
feat: Add validation webhook for protected resources (#176)
5378d86 
To protect resources from deletion/updating added label
`app.edp.epam.com/edit-protection`.
The label can have values: delete update delete-update
@zmotso zmotso linked a pull request Feb 24, 2025 that will close this issue
Open
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zmotso zmotso

Labels
enhancement New feature or request
Projects
KubeRocketCI
Status: No status
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add validation webhook for protected resources epam/edp-codebase-operator
1 participant
@zmotso