From 4dcf81050ecc5f85fc4d31cfa525e89cd3ece865 Mon Sep 17 00:00:00 2001 From: Donny Xia Date: Wed, 27 May 2020 13:58:28 -0700 Subject: [PATCH] Consider stringData when calculate secret hash --- api/k8sdeps/kunstruct/hasher.go | 8 +++++++- api/k8sdeps/kunstruct/hasher_test.go | 10 ++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/api/k8sdeps/kunstruct/hasher.go b/api/k8sdeps/kunstruct/hasher.go index 6abfb4a52..35bf5eb22 100644 --- a/api/k8sdeps/kunstruct/hasher.go +++ b/api/k8sdeps/kunstruct/hasher.go @@ -78,6 +78,7 @@ func secretHash(sec *corev1.Secret) (string, error) { // encodeConfigMap encodes a ConfigMap. // Data, Kind, and Name are taken into account. +// BinaryData is included if it's not empty to avoid useless key in output. func encodeConfigMap(cm *corev1.ConfigMap) (string, error) { // json.Marshal sorts the keys in a stable order in the encoding m := map[string]interface{}{"kind": "ConfigMap", "name": cm.Name, "data": cm.Data} @@ -93,9 +94,14 @@ func encodeConfigMap(cm *corev1.ConfigMap) (string, error) { // encodeSecret encodes a Secret. // Data, Kind, Name, and Type are taken into account. +// StringData is included if it's not empty to avoid useless key in output. func encodeSecret(sec *corev1.Secret) (string, error) { // json.Marshal sorts the keys in a stable order in the encoding - data, err := json.Marshal(map[string]interface{}{"kind": "Secret", "type": sec.Type, "name": sec.Name, "data": sec.Data}) + m := map[string]interface{}{"kind": "Secret", "type": sec.Type, "name": sec.Name, "data": sec.Data} + if len(sec.StringData) > 0 { + m["stringData"] = sec.StringData + } + data, err := json.Marshal(m) if err != nil { return "", err } diff --git a/api/k8sdeps/kunstruct/hasher_test.go b/api/k8sdeps/kunstruct/hasher_test.go index 5fd83d6ff..0c43ec4d9 100644 --- a/api/k8sdeps/kunstruct/hasher_test.go +++ b/api/k8sdeps/kunstruct/hasher_test.go @@ -58,6 +58,10 @@ func TestSecretHash(t *testing.T) { {"one key", &corev1.Secret{Type: "my-type", Data: map[string][]byte{"one": []byte("")}}, "74bd68bm66", ""}, // three keys (tests sorting order) {"three keys", &corev1.Secret{Type: "my-type", Data: map[string][]byte{"two": []byte("2"), "one": []byte(""), "three": []byte("3")}}, "dgcb6h9tmk", ""}, + // with stringdata + {"stringdata", &corev1.Secret{Type: "my-type", Data: map[string][]byte{"one": []byte("")}, StringData: map[string]string{"two": "2"}}, "ckm7f798g2", ""}, + // empty stringdata + {"empty stringdata", &corev1.Secret{Type: "my-type", Data: map[string][]byte{"one": []byte("")}, StringData: map[string]string{}}, "74bd68bm66", ""}, } for _, c := range cases { @@ -125,6 +129,12 @@ func TestEncodeSecret(t *testing.T) { Data: map[string][]byte{"two": []byte("2"), "one": []byte(""), "three": []byte("3")}, }, `{"data":{"one":"","three":"Mw==","two":"Mg=="},"kind":"Secret","name":"","type":"my-type"}`, ""}, + // with stringdata + {"stringdata", &corev1.Secret{Type: "my-type", Data: map[string][]byte{"one": []byte("")}, StringData: map[string]string{"two": "2"}}, + `{"data":{"one":""},"kind":"Secret","name":"","stringData":{"two":"2"},"type":"my-type"}`, ""}, + // empty stringdata + {"empty stringdata", &corev1.Secret{Type: "my-type", Data: map[string][]byte{"one": []byte("")}, StringData: map[string]string{}}, + `{"data":{"one":""},"kind":"Secret","name":"","type":"my-type"}`, ""}, } for _, c := range cases { s, err := encodeSecret(c.secret)