convert StringData to data

If applied, will make sure that stringData is converted to Data before applying. Signed-off-by: Soule BA <[email protected]>
fluxcd · Feb 17, 2022 · 56f7b29 · 56f7b29
1 parent af165a9
commit 56f7b29
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 1 deletion.
diff --git a/ssa/manager_diff_test.go b/ssa/manager_diff_test.go
@@ -23,9 +23,10 @@ import (
 	"testing"
 	"time"
 
+	"sigs.k8s.io/yaml"
+
 	"github.com/google/go-cmp/cmp"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"sigs.k8s.io/yaml"
 )
 
 func TestDiff(t *testing.T) {
@@ -45,6 +46,7 @@ func TestDiff(t *testing.T) {
 	if err := unstructured.SetNestedField(secret.Object, false, "immutable"); err != nil {
 		t.Fatal(err)
 	}
+
 	if _, err = manager.ApplyAllStaged(ctx, objects, DefaultApplyOptions()); err != nil {
 		t.Fatal(err)
 	}
@@ -86,6 +88,49 @@ func TestDiff(t *testing.T) {
 		}
 	})
 
+	t.Run("generates diff for replaced key in stringData secret", func(t *testing.T) {
+		// create a new stringData secret
+		sec := secret.DeepCopy()
+		if err := unstructured.SetNestedField(sec.Object, generateName("diff"), "metadata", "name"); err != nil {
+			t.Fatal(err)
+		}
+
+		// copy the secret to simulate a replace of key
+		diffSecret := sec.DeepCopy()
+
+		// apply stringData conversion
+		SetNativeKindsDefaults([]*unstructured.Unstructured{sec})
+
+		if _, err = manager.Apply(ctx, sec, DefaultApplyOptions()); err != nil {
+			t.Fatal(err)
+		}
+
+		newVal := "diff-test"
+		unstructured.RemoveNestedField(diffSecret.Object, "stringData", "key")
+
+		newKey := "key.new"
+		err = unstructured.SetNestedField(diffSecret.Object, newVal, "stringData", newKey)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		// apply stringData conversion
+		SetNativeKindsDefaults([]*unstructured.Unstructured{diffSecret})
+
+		_, liveObj, mergedObj, err := manager.Diff(ctx, diffSecret, DefaultDiffOptions())
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		liveKeys := getKeys(liveObj.Object["data"].(map[string]interface{}))
+		mergedKeys := getKeys(mergedObj.Object["data"].(map[string]interface{}))
+
+		if diff := cmp.Diff(liveKeys, mergedKeys); diff != "" && len(liveKeys) != len(mergedKeys) {
+			t.Errorf("Mismatch from expected value (-want +got):\n%s", diff)
+		}
+
+	})
+
 	t.Run("masks secret values", func(t *testing.T) {
 		newVal := "diff-test"
 		err = unstructured.SetNestedField(secret.Object, newVal, "stringData", "key")
@@ -340,3 +385,12 @@ func TestHasDrifted_Metadata(t *testing.T) {
 		})
 	}
 }
+
+func getKeys(m map[string]interface{}) []string {
+	var keys []string
+	for k := range m {
+		keys = append(keys, k)
+	}
+
+	return keys
+}
diff --git a/ssa/utils.go b/ssa/utils.go
@@ -276,6 +276,7 @@ func AnyInMetadata(object *unstructured.Unstructured, metadata map[string]string
 // ContainerPort missing default TCP proto: https://github.com/kubernetes-sigs/structured-merge-diff/issues/130
 // ServicePort missing default TCP proto: https://github.com/kubernetes/kubernetes/pull/98576
 // PodSpec resources missing int to string conversion for e.g. 'cpu: 2'
+// secret.stringData key replacement add an extra key in the resulting data map: https://github.com/kubernetes/kubernetes/issues/108008
 func SetNativeKindsDefaults(objects []*unstructured.Unstructured) error {
 
 	var setProtoDefault = func(spec *corev1.PodSpec) {
@@ -326,6 +327,18 @@ func SetNativeKindsDefaults(objects []*unstructured.Unstructured) error {
 					return fmt.Errorf("%s validation error: %w", FmtUnstructured(u), err)
 				}
 				u.Object = out
+			case "Secret":
+				var s corev1.Secret
+				err := runtime.DefaultUnstructuredConverter.FromUnstructured(u.Object, &s)
+				if err != nil {
+					return fmt.Errorf("%s validation error: %w", FmtUnstructured(u), err)
+				}
+				convertStringDataToData(&s)
+				out, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&s)
+				if err != nil {
+					return fmt.Errorf("%s validation error: %w", FmtUnstructured(u), err)
+				}
+				u.Object = out
 			}
 
 		case "apps/v1":
@@ -475,3 +488,17 @@ func containsItemString(s []string, e string) bool {
 	}
 	return false
 }
+
+func convertStringDataToData(secret *corev1.Secret) {
+	// StringData overwrites Data
+	if len(secret.StringData) > 0 {
+		if secret.Data == nil {
+			secret.Data = map[string][]byte{}
+		}
+		for k, v := range secret.StringData {
+			secret.Data[k] = []byte(v)
+		}
+
+		secret.StringData = nil
+	}
+}