rabbitmq
diff --git a/‎api/v1alpha1/superstream_webhook.go
+12-11 b/‎api/v1alpha1/superstream_webhook.go
+12-11
diff --git a/‎api/v1alpha1/superstream_webhook_test.go
+22-11 b/‎api/v1alpha1/superstream_webhook_test.go
+22-11
diff --git a/‎api/v1beta1/binding_webhook.go
+10-9 b/‎api/v1beta1/binding_webhook.go
+10-9
diff --git a/‎api/v1beta1/binding_webhook_test.go
+10-11 b/‎api/v1beta1/binding_webhook_test.go
+10-11
diff --git a/‎api/v1beta1/exchange_webhook.go
+11-10 b/‎api/v1beta1/exchange_webhook.go
+11-10
@@ -16,6 +16,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 func (s *SuperStream) SetupWebhookWithManager(mgr ctrl.Manager) error {
@@ -30,48 +31,48 @@ var _ webhook.Validator = &SuperStream{}
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
 // either rabbitmqClusterReference.name or rabbitmqClusterReference.connectionSecret must be provided but not both
-func (s *SuperStream) ValidateCreate() error {
+func (s *SuperStream) ValidateCreate() (admission.Warnings, error) {
 	return s.Spec.RabbitmqClusterReference.ValidateOnCreate(s.GroupResource(), s.Name)
 }
 
 // ValidateUpdate returns error type 'forbidden' for updates on superstream name, vhost and rabbitmqClusterReference
-func (s *SuperStream) ValidateUpdate(old runtime.Object) error {
+func (s *SuperStream) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	oldSuperStream, ok := old.(*SuperStream)
 	if !ok {
-		return apierrors.NewBadRequest(fmt.Sprintf("expected a superstream but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected a superstream but got a %T", old))
 	}
 
 	detailMsg := "updates on name, vhost and rabbitmqClusterReference are all forbidden"
 	if s.Spec.Name != oldSuperStream.Spec.Name {
-		return apierrors.NewForbidden(s.GroupResource(), s.Name,
+		return nil, apierrors.NewForbidden(s.GroupResource(), s.Name,
 			field.Forbidden(field.NewPath("spec", "name"), detailMsg))
 	}
 	if s.Spec.Vhost != oldSuperStream.Spec.Vhost {
-		return apierrors.NewForbidden(s.GroupResource(), s.Name,
+		return nil, apierrors.NewForbidden(s.GroupResource(), s.Name,
 			field.Forbidden(field.NewPath("spec", "vhost"), detailMsg))
 	}
 
 	if !oldSuperStream.Spec.RabbitmqClusterReference.Matches(&s.Spec.RabbitmqClusterReference) {
-		return apierrors.NewForbidden(s.GroupResource(), s.Name,
+		return nil, apierrors.NewForbidden(s.GroupResource(), s.Name,
 			field.Forbidden(field.NewPath("spec", "rabbitmqClusterReference"), detailMsg))
 	}
 
 	if !routingKeyUpdatePermitted(oldSuperStream.Spec.RoutingKeys, s.Spec.RoutingKeys) {
-		return apierrors.NewForbidden(s.GroupResource(), s.Name,
+		return nil, apierrors.NewForbidden(s.GroupResource(), s.Name,
 			field.Forbidden(field.NewPath("spec", "routingKeys"), "updates may only add to the existing list of routing keys"))
 	}
 
 	if s.Spec.Partitions < oldSuperStream.Spec.Partitions {
-		return apierrors.NewForbidden(s.GroupResource(), s.Name,
+		return nil, apierrors.NewForbidden(s.GroupResource(), s.Name,
 			field.Forbidden(field.NewPath("spec", "partitions"), "updates may only increase the partition count, and may not decrease it"))
 	}
 
-	return nil
+	return nil, nil
 }
 
 // ValidateDelete no validation on delete
-func (s *SuperStream) ValidateDelete() error {
-	return nil
+func (s *SuperStream) ValidateDelete() (admission.Warnings, error) {
+	return nil, nil
 }
 
 // routingKeyUpdatePermitted allows updates only if adding additional keys at the end of the list of keys
 
@@ -31,73 +31,84 @@ var _ = Describe("superstream webhook", func() {
 		It("does not allow both spec.rabbitmqClusterReference.name and spec.rabbitmqClusterReference.connectionSecret be configured", func() {
 			notAllowed := superstream.DeepCopy()
 			notAllowed.Spec.RabbitmqClusterReference.ConnectionSecret = &corev1.LocalObjectReference{Name: "some-secret"}
-			Expect(apierrors.IsForbidden(notAllowed.ValidateCreate())).To(BeTrue())
+			_, err := notAllowed.ValidateCreate()
+			Expect(apierrors.IsForbidden(err)).To(BeTrue())
 		})
 
 		It("spec.rabbitmqClusterReference.name and spec.rabbitmqClusterReference.connectionSecret cannot both be empty", func() {
 			notAllowed := superstream.DeepCopy()
 			notAllowed.Spec.RabbitmqClusterReference.Name = ""
 			notAllowed.Spec.RabbitmqClusterReference.ConnectionSecret = nil
-			Expect(apierrors.IsForbidden(notAllowed.ValidateCreate())).To(BeTrue())
+			_, err := notAllowed.ValidateCreate()
+			Expect(apierrors.IsForbidden(err)).To(BeTrue())
 		})
 	})
 
 	Context("ValidateUpdate", func() {
 		It("does not allow updates on superstream name", func() {
 			newSuperStream := superstream.DeepCopy()
 			newSuperStream.Spec.Name = "new-name"
-			Expect(apierrors.IsForbidden(newSuperStream.ValidateUpdate(&superstream))).To(BeTrue())
+			_, err := newSuperStream.ValidateUpdate(&superstream)
+			Expect(apierrors.IsForbidden(err)).To(BeTrue())
 		})
 
 		It("does not allow updates on superstream vhost", func() {
 			newSuperStream := superstream.DeepCopy()
 			newSuperStream.Spec.Vhost = "new-vhost"
-			Expect(apierrors.IsForbidden(newSuperStream.ValidateUpdate(&superstream))).To(BeTrue())
+			_, err := newSuperStream.ValidateUpdate(&superstream)
+			Expect(apierrors.IsForbidden(err)).To(BeTrue())
 		})
 
 		It("does not allow updates on RabbitmqClusterReference", func() {
 			newSuperStream := superstream.DeepCopy()
 			newSuperStream.Spec.RabbitmqClusterReference = topologyv1beta1.RabbitmqClusterReference{
 				Name: "new-cluster",
 			}
-			Expect(apierrors.IsForbidden(newSuperStream.ValidateUpdate(&superstream))).To(BeTrue())
+			_, err := newSuperStream.ValidateUpdate(&superstream)
+			Expect(apierrors.IsForbidden(err)).To(BeTrue())
 		})
 
 		It("does not allow updates on rabbitmqClusterReference.connectionSecret", func() {
 			newSuperStream := superstream.DeepCopy()
 			newSuperStream.Spec.RabbitmqClusterReference = topologyv1beta1.RabbitmqClusterReference{ConnectionSecret: &corev1.LocalObjectReference{Name: "a-secret"}}
-			Expect(apierrors.IsForbidden(newSuperStream.ValidateUpdate(&superstream))).To(BeTrue())
+			_, err := newSuperStream.ValidateUpdate(&superstream)
+			Expect(apierrors.IsForbidden(err)).To(BeTrue())
 		})
 
 		It("does not allow updates on superstream.spec.routingKeys", func() {
 			newSuperStream := superstream.DeepCopy()
 			newSuperStream.Spec.RoutingKeys = []string{"a1", "d6"}
-			Expect(apierrors.IsForbidden(newSuperStream.ValidateUpdate(&superstream))).To(BeTrue())
+			_, err := newSuperStream.ValidateUpdate(&superstream)
+			Expect(apierrors.IsForbidden(err)).To(BeTrue())
 		})
 
 		It("if the superstream previously had routing keys and the update only appends, the update succeeds", func() {
 			newSuperStream := superstream.DeepCopy()
 			newSuperStream.Spec.RoutingKeys = []string{"a1", "b2", "f17", "z66"}
-			Expect(newSuperStream.ValidateUpdate(&superstream)).To(Succeed())
+			_, err := newSuperStream.ValidateUpdate(&superstream)
+			Expect(err).NotTo(HaveOccurred())
 		})
 
 		It("if the superstream previously had no routing keys but now does, the update fails", func() {
 			superstream.Spec.RoutingKeys = nil
 			newSuperStream := superstream.DeepCopy()
 			newSuperStream.Spec.RoutingKeys = []string{"a1", "b2", "f17"}
-			Expect(apierrors.IsForbidden(newSuperStream.ValidateUpdate(&superstream))).To(BeTrue())
+			_, err := newSuperStream.ValidateUpdate(&superstream)
+			Expect(apierrors.IsForbidden(err)).To(BeTrue())
 		})
 
 		It("allows superstream.spec.partitions to be increased", func() {
 			newSuperStream := superstream.DeepCopy()
 			newSuperStream.Spec.Partitions = 1000
-			Expect(newSuperStream.ValidateUpdate(&superstream)).To(Succeed())
+			_, err := newSuperStream.ValidateUpdate(&superstream)
+			Expect(err).NotTo(HaveOccurred())
 		})
 
 		It("does not allow superstream.spec.partitions to be decreased", func() {
 			newSuperStream := superstream.DeepCopy()
 			newSuperStream.Spec.Partitions = 1
-			Expect(apierrors.IsForbidden(newSuperStream.ValidateUpdate(&superstream))).To(BeTrue())
+			_, err := newSuperStream.ValidateUpdate(&superstream)
+			Expect(apierrors.IsForbidden(err)).To(BeTrue())
 		})
 	})
 })
@@ -8,6 +8,7 @@ import (
 	"reflect"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 func (b *Binding) SetupWebhookWithManager(mgr ctrl.Manager) error {
@@ -22,27 +23,27 @@ var _ webhook.Validator = &Binding{}
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
 // either rabbitmqClusterReference.name or rabbitmqClusterReference.connectionSecret must be provided but not both
-func (b *Binding) ValidateCreate() error {
+func (b *Binding) ValidateCreate() (admission.Warnings, error) {
 	return b.Spec.RabbitmqClusterReference.ValidateOnCreate(b.GroupResource(), b.Name)
 }
 
 // ValidateUpdate updates on vhost and rabbitmqClusterReference are forbidden
-func (b *Binding) ValidateUpdate(old runtime.Object) error {
+func (b *Binding) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	oldBinding, ok := old.(*Binding)
 	if !ok {
-		return apierrors.NewBadRequest(fmt.Sprintf("expected a binding but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected a binding but got a %T", old))
 	}
 
 	var allErrs field.ErrorList
 	detailMsg := "updates on vhost and rabbitmqClusterReference are all forbidden"
 
 	if b.Spec.Vhost != oldBinding.Spec.Vhost {
-		return apierrors.NewForbidden(b.GroupResource(), b.Name,
+		return nil, apierrors.NewForbidden(b.GroupResource(), b.Name,
 			field.Forbidden(field.NewPath("spec", "vhost"), detailMsg))
 	}
 
 	if !oldBinding.Spec.RabbitmqClusterReference.Matches(&b.Spec.RabbitmqClusterReference) {
-		return apierrors.NewForbidden(b.GroupResource(), b.Name,
+		return nil, apierrors.NewForbidden(b.GroupResource(), b.Name,
 			field.Forbidden(field.NewPath("spec", "rabbitmqClusterReference"), detailMsg))
 	}
 
@@ -87,12 +88,12 @@ func (b *Binding) ValidateUpdate(old runtime.Object) error {
 	}
 
 	if len(allErrs) == 0 {
-		return nil
+		return nil, nil
 	}
 
-	return apierrors.NewInvalid(GroupVersion.WithKind("Binding").GroupKind(), b.Name, allErrs)
+	return nil, apierrors.NewInvalid(GroupVersion.WithKind("Binding").GroupKind(), b.Name, allErrs)
 }
 
-func (b *Binding) ValidateDelete() error {
-	return nil
+func (b *Binding) ValidateDelete() (admission.Warnings, error) {
+	return nil, nil
 }
@@ -30,30 +30,30 @@ var _ = Describe("Binding webhook", func() {
 		It("does not allow both spec.rabbitmqClusterReference.name and spec.rabbitmqClusterReference.connectionSecret be configured", func() {
 			notAllowed := oldBinding.DeepCopy()
 			notAllowed.Spec.RabbitmqClusterReference.ConnectionSecret = &corev1.LocalObjectReference{Name: "some-secret"}
-			Expect(apierrors.IsForbidden(notAllowed.ValidateCreate())).To(BeTrue())
+			Expect(apierrors.IsForbidden(ignoreNilWarning(notAllowed.ValidateCreate()))).To(BeTrue())
 		})
 
 		It("spec.rabbitmqClusterReference.name and spec.rabbitmqClusterReference.connectionSecret cannot both be empty", func() {
 			notAllowed := oldBinding.DeepCopy()
 			notAllowed.Spec.RabbitmqClusterReference.Name = ""
 			notAllowed.Spec.RabbitmqClusterReference.ConnectionSecret = nil
-			Expect(apierrors.IsForbidden(notAllowed.ValidateCreate())).To(BeTrue())
+			Expect(apierrors.IsForbidden(ignoreNilWarning(notAllowed.ValidateCreate()))).To(BeTrue())
 		})
 	})
 
 	Context("ValidateUpdate", func() {
 		It("does not allow updates on vhost", func() {
 			newBinding := oldBinding.DeepCopy()
 			newBinding.Spec.Vhost = "/new-vhost"
-			Expect(apierrors.IsForbidden(newBinding.ValidateUpdate(&oldBinding))).To(BeTrue())
+			Expect(apierrors.IsForbidden(ignoreNilWarning(newBinding.ValidateUpdate(&oldBinding)))).To(BeTrue())
 		})
 
 		It("does not allow updates on RabbitmqClusterReference", func() {
 			newBinding := oldBinding.DeepCopy()
 			newBinding.Spec.RabbitmqClusterReference = RabbitmqClusterReference{
 				Name: "new-cluster",
 			}
-			Expect(apierrors.IsForbidden(newBinding.ValidateUpdate(&oldBinding))).To(BeTrue())
+			Expect(apierrors.IsForbidden(ignoreNilWarning(newBinding.ValidateUpdate(&oldBinding)))).To(BeTrue())
 		})
 
 		It("does not allow updates on rabbitmqClusterReference.connectionSecret", func() {
@@ -71,38 +71,37 @@ var _ = Describe("Binding webhook", func() {
 			}
 			new := connectionScr.DeepCopy()
 			new.Spec.RabbitmqClusterReference.ConnectionSecret.Name = "new-secret"
-			Expect(apierrors.IsForbidden(new.ValidateUpdate(&connectionScr))).To(BeTrue())
+			Expect(apierrors.IsForbidden(ignoreNilWarning(new.ValidateUpdate(&connectionScr)))).To(BeTrue())
 		})
 
 		It("does not allow updates on source", func() {
 			newBinding := oldBinding.DeepCopy()
 			newBinding.Spec.Source = "updated-source"
-			Expect(apierrors.IsInvalid(newBinding.ValidateUpdate(&oldBinding))).To(BeTrue())
+			Expect(apierrors.IsInvalid(ignoreNilWarning(newBinding.ValidateUpdate(&oldBinding)))).To(BeTrue())
 		})
 
 		It("does not allow updates on destination", func() {
 			newBinding := oldBinding.DeepCopy()
 			newBinding.Spec.Destination = "updated-des"
-			Expect(apierrors.IsInvalid(newBinding.ValidateUpdate(&oldBinding))).To(BeTrue())
+			Expect(apierrors.IsInvalid(ignoreNilWarning(newBinding.ValidateUpdate(&oldBinding)))).To(BeTrue())
 		})
 
 		It("does not allow updates on destination type", func() {
 			newBinding := oldBinding.DeepCopy()
 			newBinding.Spec.DestinationType = "exchange"
-			Expect(apierrors.IsInvalid(newBinding.ValidateUpdate(&oldBinding))).To(BeTrue())
+			Expect(apierrors.IsInvalid(ignoreNilWarning(newBinding.ValidateUpdate(&oldBinding)))).To(BeTrue())
 		})
 
 		It("does not allow updates on routing key", func() {
 			newBinding := oldBinding.DeepCopy()
 			newBinding.Spec.RoutingKey = "not-allowed"
-			Expect(apierrors.IsInvalid(newBinding.ValidateUpdate(&oldBinding))).To(BeTrue())
+			Expect(apierrors.IsInvalid(ignoreNilWarning(newBinding.ValidateUpdate(&oldBinding)))).To(BeTrue())
 		})
 
 		It("does not allow updates on binding arguments", func() {
 			newBinding := oldBinding.DeepCopy()
 			newBinding.Spec.Arguments = &runtime.RawExtension{Raw: []byte(`{"new":"new-value"}`)}
-			Expect(apierrors.IsInvalid(newBinding.ValidateUpdate(&oldBinding))).To(BeTrue())
+			Expect(apierrors.IsInvalid(ignoreNilWarning(newBinding.ValidateUpdate(&oldBinding)))).To(BeTrue())
 		})
 	})
-
 })
@@ -7,6 +7,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 func (r *Exchange) SetupWebhookWithManager(mgr ctrl.Manager) error {
@@ -21,34 +22,34 @@ var _ webhook.Validator = &Exchange{}
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
 // either rabbitmqClusterReference.name or rabbitmqClusterReference.connectionSecret must be provided but not both
-func (e *Exchange) ValidateCreate() error {
+func (e *Exchange) ValidateCreate() (admission.Warnings, error) {
 	return e.Spec.RabbitmqClusterReference.ValidateOnCreate(e.GroupResource(), e.Name)
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
 // returns error type 'forbidden' for updates that the controller chooses to disallow: exchange name/vhost/rabbitmqClusterReference
 // returns error type 'invalid' for updates that will be rejected by rabbitmq server: exchange types/autoDelete/durable
 // exchange.spec.arguments can be updated
-func (e *Exchange) ValidateUpdate(old runtime.Object) error {
+func (e *Exchange) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	oldExchange, ok := old.(*Exchange)
 	if !ok {
-		return apierrors.NewBadRequest(fmt.Sprintf("expected an exchange but got a %T", old))
+		return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an exchange but got a %T", old))
 	}
 
 	var allErrs field.ErrorList
 	detailMsg := "updates on name, vhost, and rabbitmqClusterReference are all forbidden"
 	if e.Spec.Name != oldExchange.Spec.Name {
-		return apierrors.NewForbidden(e.GroupResource(), e.Name,
+		return nil, apierrors.NewForbidden(e.GroupResource(), e.Name,
 			field.Forbidden(field.NewPath("spec", "name"), detailMsg))
 	}
 
 	if e.Spec.Vhost != oldExchange.Spec.Vhost {
-		return apierrors.NewForbidden(e.GroupResource(), e.Name,
+		return nil, apierrors.NewForbidden(e.GroupResource(), e.Name,
 			field.Forbidden(field.NewPath("spec", "vhost"), detailMsg))
 	}
 
 	if !oldExchange.Spec.RabbitmqClusterReference.Matches(&e.Spec.RabbitmqClusterReference) {
-		return apierrors.NewForbidden(e.GroupResource(), e.Name,
+		return nil, apierrors.NewForbidden(e.GroupResource(), e.Name,
 			field.Forbidden(field.NewPath("spec", "rabbitmqClusterReference"), detailMsg))
 	}
 
@@ -77,12 +78,12 @@ func (e *Exchange) ValidateUpdate(old runtime.Object) error {
 	}
 
 	if len(allErrs) == 0 {
-		return nil
+		return nil, nil
 	}
 
-	return apierrors.NewInvalid(GroupVersion.WithKind("Exchange").GroupKind(), e.Name, allErrs)
+	return nil, apierrors.NewInvalid(GroupVersion.WithKind("Exchange").GroupKind(), e.Name, allErrs)
 }
 
-func (e *Exchange) ValidateDelete() error {
-	return nil
+func (e *Exchange) ValidateDelete() (admission.Warnings, error) {
+	return nil, nil
 }
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ import (`
`8`	`8`	`"reflect"`
`9`	`9`	`ctrl "sigs.k8s.io/controller-runtime"`
`10`	`10`	`"sigs.k8s.io/controller-runtime/pkg/webhook"`
	`11`	`+ "sigs.k8s.io/controller-runtime/pkg/webhook/admission"`
`11`	`12`	`)`
`12`	`13`
`13`	`14`	`func (b *Binding) SetupWebhookWithManager(mgr ctrl.Manager) error {`
`@@ -22,27 +23,27 @@ var _ webhook.Validator = &Binding{}`
`22`	`23`
`23`	`24`	`// ValidateCreate implements webhook.Validator so a webhook will be registered for the type`
`24`	`25`	`// either rabbitmqClusterReference.name or rabbitmqClusterReference.connectionSecret must be provided but not both`
`25`		`-func (b *Binding) ValidateCreate() error {`
	`26`	`+func (b *Binding) ValidateCreate() (admission.Warnings, error) {`
`26`	`27`	`return b.Spec.RabbitmqClusterReference.ValidateOnCreate(b.GroupResource(), b.Name)`
`27`	`28`	`}`
`28`	`29`
`29`	`30`	`// ValidateUpdate updates on vhost and rabbitmqClusterReference are forbidden`
`30`		`-func (b *Binding) ValidateUpdate(old runtime.Object) error {`
	`31`	`+func (b *Binding) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {`
`31`	`32`	`oldBinding, ok := old.(*Binding)`
`32`	`33`	`if !ok {`
`33`		`- return apierrors.NewBadRequest(fmt.Sprintf("expected a binding but got a %T", old))`
	`34`	`+ return nil, apierrors.NewBadRequest(fmt.Sprintf("expected a binding but got a %T", old))`
`34`	`35`	`}`
`35`	`36`
`36`	`37`	`var allErrs field.ErrorList`
`37`	`38`	`detailMsg := "updates on vhost and rabbitmqClusterReference are all forbidden"`
`38`	`39`
`39`	`40`	`if b.Spec.Vhost != oldBinding.Spec.Vhost {`
`40`		`- return apierrors.NewForbidden(b.GroupResource(), b.Name,`
	`41`	`+ return nil, apierrors.NewForbidden(b.GroupResource(), b.Name,`
`41`	`42`	`field.Forbidden(field.NewPath("spec", "vhost"), detailMsg))`
`42`	`43`	`}`
`43`	`44`
`44`	`45`	`if !oldBinding.Spec.RabbitmqClusterReference.Matches(&b.Spec.RabbitmqClusterReference) {`
`45`		`- return apierrors.NewForbidden(b.GroupResource(), b.Name,`
	`46`	`+ return nil, apierrors.NewForbidden(b.GroupResource(), b.Name,`
`46`	`47`	`field.Forbidden(field.NewPath("spec", "rabbitmqClusterReference"), detailMsg))`
`47`	`48`	`}`
`48`	`49`
`@@ -87,12 +88,12 @@ func (b *Binding) ValidateUpdate(old runtime.Object) error {`
`87`	`88`	`}`
`88`	`89`
`89`	`90`	`if len(allErrs) == 0 {`
`90`		`- return nil`
	`91`	`+ return nil, nil`
`91`	`92`	`}`
`92`	`93`
`93`		`- return apierrors.NewInvalid(GroupVersion.WithKind("Binding").GroupKind(), b.Name, allErrs)`
	`94`	`+ return nil, apierrors.NewInvalid(GroupVersion.WithKind("Binding").GroupKind(), b.Name, allErrs)`
`94`	`95`	`}`
`95`	`96`
`96`		`-func (b *Binding) ValidateDelete() error {`
`97`		`- return nil`
	`97`	`+func (b *Binding) ValidateDelete() (admission.Warnings, error) {`
	`98`	`+ return nil, nil`
`98`	`99`	`}`
Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@ import (`
`7`	`7`	`"k8s.io/apimachinery/pkg/util/validation/field"`
`8`	`8`	`ctrl "sigs.k8s.io/controller-runtime"`
`9`	`9`	`"sigs.k8s.io/controller-runtime/pkg/webhook"`
	`10`	`+ "sigs.k8s.io/controller-runtime/pkg/webhook/admission"`
`10`	`11`	`)`
`11`	`12`
`12`	`13`	`func (r *Exchange) SetupWebhookWithManager(mgr ctrl.Manager) error {`
`@@ -21,34 +22,34 @@ var _ webhook.Validator = &Exchange{}`
`21`	`22`
`22`	`23`	`// ValidateCreate implements webhook.Validator so a webhook will be registered for the type`
`23`	`24`	`// either rabbitmqClusterReference.name or rabbitmqClusterReference.connectionSecret must be provided but not both`
`24`		`-func (e *Exchange) ValidateCreate() error {`
	`25`	`+func (e *Exchange) ValidateCreate() (admission.Warnings, error) {`
`25`	`26`	`return e.Spec.RabbitmqClusterReference.ValidateOnCreate(e.GroupResource(), e.Name)`
`26`	`27`	`}`
`27`	`28`
`28`	`29`	`// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type`
`29`	`30`	`// returns error type 'forbidden' for updates that the controller chooses to disallow: exchange name/vhost/rabbitmqClusterReference`
`30`	`31`	`// returns error type 'invalid' for updates that will be rejected by rabbitmq server: exchange types/autoDelete/durable`
`31`	`32`	`// exchange.spec.arguments can be updated`
`32`		`-func (e *Exchange) ValidateUpdate(old runtime.Object) error {`
	`33`	`+func (e *Exchange) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {`
`33`	`34`	`oldExchange, ok := old.(*Exchange)`
`34`	`35`	`if !ok {`
`35`		`- return apierrors.NewBadRequest(fmt.Sprintf("expected an exchange but got a %T", old))`
	`36`	`+ return nil, apierrors.NewBadRequest(fmt.Sprintf("expected an exchange but got a %T", old))`
`36`	`37`	`}`
`37`	`38`
`38`	`39`	`var allErrs field.ErrorList`
`39`	`40`	`detailMsg := "updates on name, vhost, and rabbitmqClusterReference are all forbidden"`
`40`	`41`	`if e.Spec.Name != oldExchange.Spec.Name {`
`41`		`- return apierrors.NewForbidden(e.GroupResource(), e.Name,`
	`42`	`+ return nil, apierrors.NewForbidden(e.GroupResource(), e.Name,`
`42`	`43`	`field.Forbidden(field.NewPath("spec", "name"), detailMsg))`
`43`	`44`	`}`
`44`	`45`
`45`	`46`	`if e.Spec.Vhost != oldExchange.Spec.Vhost {`
`46`		`- return apierrors.NewForbidden(e.GroupResource(), e.Name,`
	`47`	`+ return nil, apierrors.NewForbidden(e.GroupResource(), e.Name,`
`47`	`48`	`field.Forbidden(field.NewPath("spec", "vhost"), detailMsg))`
`48`	`49`	`}`
`49`	`50`
`50`	`51`	`if !oldExchange.Spec.RabbitmqClusterReference.Matches(&e.Spec.RabbitmqClusterReference) {`
`51`		`- return apierrors.NewForbidden(e.GroupResource(), e.Name,`
	`52`	`+ return nil, apierrors.NewForbidden(e.GroupResource(), e.Name,`
`52`	`53`	`field.Forbidden(field.NewPath("spec", "rabbitmqClusterReference"), detailMsg))`
`53`	`54`	`}`
`54`	`55`
`@@ -77,12 +78,12 @@ func (e *Exchange) ValidateUpdate(old runtime.Object) error {`
`77`	`78`	`}`
`78`	`79`
`79`	`80`	`if len(allErrs) == 0 {`
`80`		`- return nil`
	`81`	`+ return nil, nil`
`81`	`82`	`}`
`82`	`83`
`83`		`- return apierrors.NewInvalid(GroupVersion.WithKind("Exchange").GroupKind(), e.Name, allErrs)`
	`84`	`+ return nil, apierrors.NewInvalid(GroupVersion.WithKind("Exchange").GroupKind(), e.Name, allErrs)`
`84`	`85`	`}`
`85`	`86`
`86`		`-func (e *Exchange) ValidateDelete() error {`
`87`		`- return nil`
	`87`	`+func (e *Exchange) ValidateDelete() (admission.Warnings, error) {`
	`88`	`+ return nil, nil`
`88`	`89`	`}`