Skip to content

Instantly share code, notes, and snippets.

@moolen

moolen/0001-fix-remove-data-hash-annotations.patch

Created September 8, 2021 19:44
Show Gist options
  • Save moolen/65ebe907dca0da8ac87caf027a6d6cf7 to your computer and use it in GitHub Desktop.
Save moolen/65ebe907dca0da8ac87caf027a6d6cf7 to your computer and use it in GitHub Desktop.
Download ZIP
fix #349 e2e tests
Raw
0001-fix-remove-data-hash-annotations.patch
From 81090ac5c02790e56a945b93863222a64075d99e Mon Sep 17 00:00:00 2001
From: Moritz Johner <[email protected]>
Date: Wed, 8 Sep 2021 21:41:22 +0200
Subject: [PATCH] fix: remove data-hash annotations
---
.../v1alpha1/externalsecret_types.go | 5 +++++
e2e/framework/eso.go | 7 +++++++
.../externalsecret/externalsecret_controller.go | 5 ++---
.../externalsecret_controller_template.go | 4 ++--
.../externalsecret_controller_test.go | 14 +++++++-------
5 files changed, 23 insertions(+), 12 deletions(-)
diff --git a/apis/externalsecrets/v1alpha1/externalsecret_types.go b/apis/externalsecrets/v1alpha1/externalsecret_types.go
index 3f1e89f..1b0911c 100644
--- a/apis/externalsecrets/v1alpha1/externalsecret_types.go
+++ b/apis/externalsecrets/v1alpha1/externalsecret_types.go
@@ -207,6 +207,11 @@ type ExternalSecret struct {
Status ExternalSecretStatus `json:"status,omitempty"`
}
+const (
+ // AnnotationDataHash is used to ensure consistency
+ AnnotationDataHash = "reconcile.external-secrets.io/data-hash"
+)
+
// +kubebuilder:object:root=true
// ExternalSecretList contains a list of ExternalSecret resources.
diff --git a/e2e/framework/eso.go b/e2e/framework/eso.go
index b17d489..e7fe4a5 100644
--- a/e2e/framework/eso.go
+++ b/e2e/framework/eso.go
@@ -19,6 +19,7 @@ import (
"encoding/json"
"time"
+ esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
v1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/types"
@@ -52,6 +53,12 @@ func equalSecrets(exp, ts *v1.Secret) bool {
return false
}
+ // secret contains data hash property which must be ignored
+ delete(ts.ObjectMeta.Annotations, esv1alpha1.AnnotationDataHash)
+ if len(ts.ObjectMeta.Annotations) == 0 {
+ ts.ObjectMeta.Annotations = nil
+ }
+
expAnnotations, _ := json.Marshal(exp.ObjectMeta.Annotations)
tsAnnotations, _ := json.Marshal(ts.ObjectMeta.Annotations)
if !bytes.Equal(expAnnotations, tsAnnotations) {
diff --git a/pkg/controllers/externalsecret/externalsecret_controller.go b/pkg/controllers/externalsecret/externalsecret_controller.go
index c7b8c87..73cbfbc 100644
--- a/pkg/controllers/externalsecret/externalsecret_controller.go
+++ b/pkg/controllers/externalsecret/externalsecret_controller.go
@@ -40,8 +40,7 @@ import (
)
const (
- requeueAfter = time.Second * 30
- annotationDataHash = "reconcile.external-secrets.io/data-hash"
+ requeueAfter = time.Second * 30
errGetES = "could not get ExternalSecret"
errReconcileES = "could not reconcile ExternalSecret"
@@ -323,7 +322,7 @@ func isSecretValid(existingSecret v1.Secret) bool {
}
// if the calculated hash is different from the calculation, then it's invalid
- if existingSecret.Annotations[annotationDataHash] != utils.ObjectHash(existingSecret.Data) {
+ if existingSecret.Annotations[esv1alpha1.AnnotationDataHash] != utils.ObjectHash(existingSecret.Data) {
return false
}
return true
diff --git a/pkg/controllers/externalsecret/externalsecret_controller_template.go b/pkg/controllers/externalsecret/externalsecret_controller_template.go
index 0739abf..b20e416 100644
--- a/pkg/controllers/externalsecret/externalsecret_controller_template.go
+++ b/pkg/controllers/externalsecret/externalsecret_controller_template.go
@@ -40,7 +40,7 @@ func (r *Reconciler) applyTemplate(ctx context.Context, es *esv1alpha1.ExternalS
// no template: copy data and return
if es.Spec.Target.Template == nil {
secret.Data = dataMap
- secret.Annotations[annotationDataHash] = utils.ObjectHash(secret.Data)
+ secret.Annotations[esv1alpha1.AnnotationDataHash] = utils.ObjectHash(secret.Data)
return nil
}
@@ -68,7 +68,7 @@ func (r *Reconciler) applyTemplate(ctx context.Context, es *esv1alpha1.ExternalS
secret.Data[k] = v
}
}
- secret.Annotations[annotationDataHash] = utils.ObjectHash(secret.Data)
+ secret.Annotations[esv1alpha1.AnnotationDataHash] = utils.ObjectHash(secret.Data)
return nil
}
diff --git a/pkg/controllers/externalsecret/externalsecret_controller_test.go b/pkg/controllers/externalsecret/externalsecret_controller_test.go
index 03bc5e0..f70e899 100644
--- a/pkg/controllers/externalsecret/externalsecret_controller_test.go
+++ b/pkg/controllers/externalsecret/externalsecret_controller_test.go
@@ -99,7 +99,7 @@ var _ = Describe("Kind=secret existence logic", func() {
ObjectMeta: metav1.ObjectMeta{
UID: "xxx",
Annotations: map[string]string{
- annotationDataHash: "xxxxxx",
+ esv1alpha1.AnnotationDataHash: "xxxxxx",
},
},
},
@@ -111,7 +111,7 @@ var _ = Describe("Kind=secret existence logic", func() {
ObjectMeta: metav1.ObjectMeta{
UID: "xxx",
Annotations: map[string]string{
- annotationDataHash: "caa0155759a6a9b3b6ada5a6883ee2bb",
+ esv1alpha1.AnnotationDataHash: "caa0155759a6a9b3b6ada5a6883ee2bb",
},
},
Data: map[string][]byte{
@@ -297,7 +297,7 @@ var _ = Describe("ExternalSecret controller", func() {
Expect(hasFieldOwnership(
secret.ObjectMeta,
"external-secrets",
- fmt.Sprintf("{\"f:data\":{\"f:targetProperty\":{}},\"f:metadata\":{\"f:annotations\":{\"f:%s\":{}}}}", annotationDataHash)),
+ fmt.Sprintf("{\"f:data\":{\"f:targetProperty\":{}},\"f:metadata\":{\"f:annotations\":{\"f:%s\":{}}}}", esv1alpha1.AnnotationDataHash)),
).To(BeTrue())
Expect(hasFieldOwnership(secret.ObjectMeta, "fake.manager", "{\"f:data\":{\".\":{},\"f:pre-existing-key\":{}},\"f:type\":{}}")).To(BeTrue())
}
@@ -806,7 +806,7 @@ var _ = Describe("ExternalSecret controller", func() {
const secretVal = "someValue"
fakeProvider.WithGetSecret([]byte(secretVal), nil)
tc.checkSecret = func(es *esv1alpha1.ExternalSecret, secret *v1.Secret) {
- Expect(secret.Annotations[annotationDataHash]).To(Equal("9d30b95ca81e156f9454b5ef3bfcc6ee"))
+ Expect(secret.Annotations[esv1alpha1.AnnotationDataHash]).To(Equal("9d30b95ca81e156f9454b5ef3bfcc6ee"))
}
}
@@ -818,13 +818,13 @@ var _ = Describe("ExternalSecret controller", func() {
fakeProvider.WithGetSecretMap(fakeData, nil)
tc.externalSecret.Spec.RefreshInterval = &metav1.Duration{Duration: time.Minute * 10}
tc.checkSecret = func(es *esv1alpha1.ExternalSecret, secret *v1.Secret) {
- oldHash := secret.Annotations[annotationDataHash]
+ oldHash := secret.Annotations[esv1alpha1.AnnotationDataHash]
oldResourceVersion := secret.ResourceVersion
Expect(oldHash).NotTo(BeEmpty())
cleanSecret := secret.DeepCopy()
secret.Data["new"] = []byte("value")
- secret.ObjectMeta.Annotations[annotationDataHash] = "thisiswronghash"
+ secret.ObjectMeta.Annotations[esv1alpha1.AnnotationDataHash] = "thisiswronghash"
Expect(k8sClient.Patch(context.Background(), secret, client.MergeFrom(cleanSecret))).To(Succeed())
var refreshedSecret v1.Secret
@@ -839,7 +839,7 @@ var _ = Describe("ExternalSecret controller", func() {
}
// refreshed secret should have a different generation (sign that it was updated), but since
// the secret source is the same (not changed), the hash should be reverted to an old value
- return refreshedSecret.ResourceVersion != oldResourceVersion && refreshedSecret.Annotations[annotationDataHash] == oldHash
+ return refreshedSecret.ResourceVersion != oldResourceVersion && refreshedSecret.Annotations[esv1alpha1.AnnotationDataHash] == oldHash
}, timeout, interval).Should(BeTrue())
}
}
--
2.33.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment