From 74d129fa2336fbf70ec3dd6aed9b7104615e2d04 Mon Sep 17 00:00:00 2001 From: Andrew Widdersheim Date: Thu, 6 Jul 2017 13:05:29 -0400 Subject: [PATCH] Base64 encode secret string_data for comparisons During creation and patching operations, existing objects are pulled down and compared to what is about to be applied. If no differences exist than no change is necessary. Secrets have a convenience parameter of `string_data` which will take a string and do a base64 conversion replacing any keys in `data`. When the existing object is pulled down `string_data` does not exist yet might be in the object to be patched. This might result in a change that is unnecessary. Instead, before doing the comparison, encode anything in `string_data` to base64 and move it into `data` so that proper comparisons can occur. --- openshift/helper/ansible.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/openshift/helper/ansible.py b/openshift/helper/ansible.py index dd8b65df..dd785fc9 100644 --- a/openshift/helper/ansible.py +++ b/openshift/helper/ansible.py @@ -1,6 +1,7 @@ # -*- coding: utf-8 -*- from __future__ import absolute_import +import base64 import copy import json import logging @@ -203,6 +204,18 @@ def object_from_params(self, module_params, obj=None): obj.metadata.annotations['openshift.io/display-name'] = module_params['display_name'] if module_params.get('description'): obj.metadata.annotations['openshift.io/description'] = module_params['description'] + elif (self.kind.lower() == 'secret' and getattr(obj, 'string_data', None) + and hasattr(obj, 'data')): + if obj.data is None: + obj.data = {} + + # Do a base64 conversion of `string_data` and place it in + # `data` so that later comparisons to existing objects + # (if any) do not result in requiring an unnecessary change. + for key, value in obj.string_data.items(): + obj.data[key] = base64.b64encode(value) + + obj.string_data = None logger.debug("Object from params:") logger.debug(json.dumps(obj.to_dict(), indent=4))