Merge pull request kubernetes-sigs#2544 from Shell32-Natsu/add-string…

…data-to-encodesecret Consider stringData when calculate secret hash
radTuti · May 28, 2020 · 0b94a14 · 0b94a14
2 parents b083187 + 4dcf810
commit 0b94a14
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/api/k8sdeps/kunstruct/hasher.go b/api/k8sdeps/kunstruct/hasher.go
@@ -78,6 +78,7 @@ func secretHash(sec *corev1.Secret) (string, error) {
 
 // encodeConfigMap encodes a ConfigMap.
 // Data, Kind, and Name are taken into account.
+// BinaryData is included if it's not empty to avoid useless key in output.
 func encodeConfigMap(cm *corev1.ConfigMap) (string, error) {
 	// json.Marshal sorts the keys in a stable order in the encoding
 	m := map[string]interface{}{"kind": "ConfigMap", "name": cm.Name, "data": cm.Data}
@@ -93,9 +94,14 @@ func encodeConfigMap(cm *corev1.ConfigMap) (string, error) {
 
 // encodeSecret encodes a Secret.
 // Data, Kind, Name, and Type are taken into account.
+// StringData is included if it's not empty to avoid useless key in output.
 func encodeSecret(sec *corev1.Secret) (string, error) {
 	// json.Marshal sorts the keys in a stable order in the encoding
-	data, err := json.Marshal(map[string]interface{}{"kind": "Secret", "type": sec.Type, "name": sec.Name, "data": sec.Data})
+	m := map[string]interface{}{"kind": "Secret", "type": sec.Type, "name": sec.Name, "data": sec.Data}
+	if len(sec.StringData) > 0 {
+		m["stringData"] = sec.StringData
+	}
+	data, err := json.Marshal(m)
 	if err != nil {
 		return "", err
 	}

diff --git a/api/k8sdeps/kunstruct/hasher_test.go b/api/k8sdeps/kunstruct/hasher_test.go
@@ -58,6 +58,10 @@ func TestSecretHash(t *testing.T) {
 		{"one key", &corev1.Secret{Type: "my-type", Data: map[string][]byte{"one": []byte("")}}, "74bd68bm66", ""},
 		// three keys (tests sorting order)
 		{"three keys", &corev1.Secret{Type: "my-type", Data: map[string][]byte{"two": []byte("2"), "one": []byte(""), "three": []byte("3")}}, "dgcb6h9tmk", ""},
+		// with stringdata
+		{"stringdata", &corev1.Secret{Type: "my-type", Data: map[string][]byte{"one": []byte("")}, StringData: map[string]string{"two": "2"}}, "ckm7f798g2", ""},
+		// empty stringdata
+		{"empty stringdata", &corev1.Secret{Type: "my-type", Data: map[string][]byte{"one": []byte("")}, StringData: map[string]string{}}, "74bd68bm66", ""},
 	}
 
 	for _, c := range cases {
@@ -125,6 +129,12 @@ func TestEncodeSecret(t *testing.T) {
 			Data: map[string][]byte{"two": []byte("2"), "one": []byte(""), "three": []byte("3")},
 		},
 			`{"data":{"one":"","three":"Mw==","two":"Mg=="},"kind":"Secret","name":"","type":"my-type"}`, ""},
+		// with stringdata
+		{"stringdata", &corev1.Secret{Type: "my-type", Data: map[string][]byte{"one": []byte("")}, StringData: map[string]string{"two": "2"}},
+			`{"data":{"one":""},"kind":"Secret","name":"","stringData":{"two":"2"},"type":"my-type"}`, ""},
+		// empty stringdata
+		{"empty stringdata", &corev1.Secret{Type: "my-type", Data: map[string][]byte{"one": []byte("")}, StringData: map[string]string{}},
+			`{"data":{"one":""},"kind":"Secret","name":"","type":"my-type"}`, ""},
 	}
 	for _, c := range cases {
 		s, err := encodeSecret(c.secret)