[FEAT] - Additional validation of TeamRoleBindings

[IvoGoman]

Priority

None

User Story

As a Organization admin I would like to give members of my org permissions to update TeamRoleBindings, so that they can update the list of namespace under their Teams control, so that I only create the initial TRB.

Description

Updating the RoleRef of a (Cluster-)RoleBinding is not allowed, but requires recreating the binding resources. 1

This is to allow giving out the permissions to update the subjects, while avoiding that privileges are changed. Furthermore, changing the role changes can change the extend of a binding significantly. Therefore it needs to be recreated.

In the case of TeamRoleBindings only updating of a TeamRoleBindings namespaces should be supported.

Acceptance Criteria

• Validate that the RoleRef of a TeamRoleBinding may not be changed
• Validate that the Team of a TeamRoleBinding may not be changed
• Validate that an Update of a TeamRoleBinding should only allow updating the list of namespces
• Validate that an Update of a TeamRoleBinding cannot remove all namespaces

Reference Issues

No response