-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix continuous diff for Secret stringData field #2511
Conversation
If the `stringData` field is set on a Secret resource, then Kubernetes will automatically replace it with an equivalent `data` field. This is causing a continuous diff with the updated logic from 6e329f3. This change updates the input diff logic to include this rewrite.
The test fails without this change. It looks like it was erroneously expecting refresh changes before, which covered up this regression. |
Does the PR have any schema changes?Looking good! No breaking changes found. |
This comment was marked as outdated.
This comment was marked as outdated.
@@ -65,22 +65,35 @@ func ToUnstructured(object metav1.Object) (*unstructured.Unstructured, error) { | |||
// This process normalizes semantically-equivalent resources into an identical output, which is important for diffing. | |||
// If the scheme is not defined, then return the original resource. | |||
func Normalize(uns *unstructured.Unstructured) (*unstructured.Unstructured, error) { | |||
var result *unstructured.Unstructured | |||
|
|||
if IsCRD(uns) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: preference for switch case here, but will follow up in a later PR/discussion to get this fix out ASAP.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, minor comment that we can follow up later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Leaving some remarks as I am reviewing this PR for an unrelated issue.
result, err = ToUnstructured(obj) | ||
// Return the input resource rather than an error if this operation fails. | ||
if err != nil { | ||
return uns, err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was it intentional to return the err
here? The comment seems to say otherwise.
obj, err := FromUnstructured(uns) | ||
// Return the input resource rather than an error if this operation fails. | ||
if err != nil { | ||
return uns, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was it intentional to ignore all errors, e.g. a value parsing error? For example, given creationTimestamp: invalid_value
, a time parser error is caught and ignored.
<!--Thanks for your contribution. See [CONTRIBUTING](CONTRIBUTING.md) for Pulumi's contribution guidelines. Help us merge your changes more quickly by adding more details such as labels, milestones, and reviewers.--> ### Proposed changes <!--Give us a brief description of what you've done and what it solves. --> This PR improves the handling of the read-only metadata fields of Kubernetes objects, such as `creationTimestamp` and `resourceVersion`. The provider now ignores these fields when they appear as resource inputs, to address a few quirks: 1. Unparseable values do not cause an API Server error during preview. 2. A subsequent refresh does not show a difference to the `__inputs` property. 3. The behavior is now uniform for standard resource types and for custom resource types. An integration test is provided to show that such fields are ignored as inputs, and are still available as outputs. Manual tests confirmed identical behavior for custom resource objects. ### Related issues (optional) Closes #2351 Related: - #2511 - #2445 <!--Refer to related PRs or issues: #1234, or 'Fixes #1234' or 'Closes #1234'. Or link to full URLs to issues or pull requests in other GitHub repositories. -->
Proposed changes
If the
stringData
field is set on a Secret resource, then Kubernetes will automatically replace it with an equivalentdata
field. This is causing a continuous diff with the updated logic from 6e329f3. This change updates the input diff logic to include this rewrite.Related issues (optional)
Fix #2507