diff --git a/apis/v1beta1/vspherevm_webhook.go b/apis/v1beta1/vspherevm_webhook.go index a1bc6ff8a0..ac8948c259 100644 --- a/apis/v1beta1/vspherevm_webhook.go +++ b/apis/v1beta1/vspherevm_webhook.go @@ -103,12 +103,16 @@ func (r *VSphereVM) ValidateUpdate(old runtime.Object) (admission.Warnings, erro newVSphereVMSpec := newVSphereVM["spec"].(map[string]interface{}) oldVSphereVMSpec := oldVSphereVM["spec"].(map[string]interface{}) - // allow changes to biosUUID, bootstrapRef, thumbprint - keys := []string{"biosUUID", "bootstrapRef", "thumbprint", "powerOffMode", "guestSoftPowerOffTimeout"} + // allow changes to bootstrapRef, thumbprint, powerOffMode, guestSoftPowerOffTimeout + keys := []string{"bootstrapRef", "thumbprint", "powerOffMode", "guestSoftPowerOffTimeout"} // allow changes to os only if the old spec has empty OS field if _, ok := oldVSphereVMSpec["os"]; !ok { keys = append(keys, "os") } + // allow changes to biosUUID only to set the biosUUID once + if _, ok := oldVSphereVMSpec["biosUUID"]; !ok { + keys = append(keys, "biosUUID") + } r.deleteSpecKeys(oldVSphereVMSpec, keys) r.deleteSpecKeys(newVSphereVMSpec, keys) diff --git a/apis/v1beta1/vspherevm_webhook_test.go b/apis/v1beta1/vspherevm_webhook_test.go index 94882059bd..a22d144870 100644 --- a/apis/v1beta1/vspherevm_webhook_test.go +++ b/apis/v1beta1/vspherevm_webhook_test.go @@ -191,6 +191,12 @@ func TestVSphereVM_ValidateUpdate(t *testing.T) { vSphereVM: createVSphereVM("vsphere-vm-1", "foo.com", biosUUID, "", "BB:CC:DD:EE:FF", []string{"192.168.0.1/32"}, nil, Linux, VirtualMachinePowerOpModeSoft, nil), wantErr: false, }, + { + name: "biosUUID cannot be updated to a different value", + oldVSphereVM: createVSphereVM("vsphere-vm-1", "foo.com", "old-uuid", "", "AA:BB:CC:DD:EE", []string{"192.168.0.1/32"}, nil, Linux, VirtualMachinePowerOpModeTrySoft, &metav1.Duration{Duration: GuestSoftPowerOffDefaultTimeout}), + vSphereVM: createVSphereVM("vsphere-vm-1", "foo.com", biosUUID, "", "BB:CC:DD:EE:FF", []string{"192.168.0.1/32"}, nil, Linux, VirtualMachinePowerOpModeSoft, nil), + wantErr: true, + }, } for _, tc := range tests { t.Run(tc.name, func(t *testing.T) {