From 16ad92574df60c5d4ff960d84609f0bc23a374e2 Mon Sep 17 00:00:00 2001
From: Amine <hilalyamine@gmail.com>
Date: Mon, 11 Nov 2024 09:15:31 -0800
Subject: [PATCH] feat: make ResourceGroup schema.kind and schema.apiVersion
 immutable

Add CEL validation rules to prevent modifications to the schema `kind` and
`apiVersion` fields after a `ResourceGroup` is created. This ensures schema
stability and  prevents potential issues that could arise from changing
these fundamental identity fields.
---
 api/v1alpha1/resource_group.go               | 2 ++
 config/crd/bases/kro.run_resourcegroups.yaml | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/api/v1alpha1/resource_group.go b/api/v1alpha1/resource_group.go
index b00ef053..fff41f8d 100644
--- a/api/v1alpha1/resource_group.go
+++ b/api/v1alpha1/resource_group.go
@@ -52,11 +52,13 @@ type Schema struct {
 	// and create the CRD for the resourcegroup.
 	//
 	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="kind is immutable"
 	Kind string `json:"kind,omitempty"`
 	// The APIVersion of the resourcegroup. This is used to generate
 	// and create the CRD for the resourcegroup.
 	//
 	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="apiVersion is immutable"
 	APIVersion string `json:"apiVersion,omitempty"`
 	// The spec of the resourcegroup. Typically, this is the spec of
 	// the CRD that the resourcegroup is managing. This is adhering
diff --git a/config/crd/bases/kro.run_resourcegroups.yaml b/config/crd/bases/kro.run_resourcegroups.yaml
index ccc43eca..0cf83251 100644
--- a/config/crd/bases/kro.run_resourcegroups.yaml
+++ b/config/crd/bases/kro.run_resourcegroups.yaml
@@ -100,11 +100,17 @@ spec:
                       The APIVersion of the resourcegroup. This is used to generate
                       and create the CRD for the resourcegroup.
                     type: string
+                    x-kubernetes-validations:
+                    - message: apiVersion is immutable
+                      rule: self == oldSelf
                   kind:
                     description: |-
                       The kind of the resourcegroup. This is used to generate
                       and create the CRD for the resourcegroup.
                     type: string
+                    x-kubernetes-validations:
+                    - message: kind is immutable
+                      rule: self == oldSelf
                   spec:
                     description: |-
                       The spec of the resourcegroup. Typically, this is the spec of