From 9c0caac4febd645d4e874a8cae4812af80bd38a8 Mon Sep 17 00:00:00 2001
From: Eric Weber <eric.weber@suse.com>
Date: Mon, 18 Sep 2023 10:43:25 -0500
Subject: [PATCH] Refuse to delete known settings

Longhorn 4984

Signed-off-by: Eric Weber <eric.weber@suse.com>
---
 webhook/resources/setting/validator.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/webhook/resources/setting/validator.go b/webhook/resources/setting/validator.go
index 3261b92fc8..c2f9336600 100644
--- a/webhook/resources/setting/validator.go
+++ b/webhook/resources/setting/validator.go
@@ -1,6 +1,8 @@
 package setting
 
 import (
+	"fmt"
+
 	"k8s.io/apimachinery/pkg/runtime"
 
 	admissionregv1 "k8s.io/api/admissionregistration/v1"
@@ -32,6 +34,7 @@ func (v *settingValidator) Resource() admission.Resource {
 		OperationTypes: []admissionregv1.OperationType{
 			admissionregv1.Create,
 			admissionregv1.Update,
+			admissionregv1.Delete,
 		},
 	}
 }
@@ -44,6 +47,16 @@ func (v *settingValidator) Update(request *admission.Request, oldObj runtime.Obj
 	return v.validateSetting(newObj)
 }
 
+func (v *settingValidator) Delete(request *admission.Request, oldObj runtime.Object) error {
+	setting := oldObj.(*longhorn.Setting)
+	if _, ok := types.GetSettingDefinition(types.SettingName(setting.Name)); ok {
+		return werror.NewInvalidError(fmt.Sprintf("setting %s can be modified but not deleted", setting.Name),
+			"metadata.name")
+	}
+	// If we reach this point, the setting is either from a previous version or is otherwise erroneous. Allow deletion.
+	return nil
+}
+
 func (v *settingValidator) validateSetting(newObj runtime.Object) error {
 	setting := newObj.(*longhorn.Setting)