From 34c5a931b272a414aed605cafac95687e0c6b859 Mon Sep 17 00:00:00 2001
From: Jeffrey Luo <jeluo@redhat.com>
Date: Wed, 22 Nov 2023 10:58:31 -0500
Subject: [PATCH] Fix bug where decoding stringdata modified the existing
 object directly

Solution: when decoding, operate on a copy of the existing object's data

Ref: https://issues.redhat.com/browse/ACM-8739
Signed-off-by: Jeffrey Luo <jeluo@redhat.com>
---
 controllers/configurationpolicy_controller.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/controllers/configurationpolicy_controller.go b/controllers/configurationpolicy_controller.go
index dcc51a73..2abd635b 100644
--- a/controllers/configurationpolicy_controller.go
+++ b/controllers/configurationpolicy_controller.go
@@ -2410,9 +2410,7 @@ func handleSingleKey(
 	}
 
 	if key == "stringData" && existingObj.GetKind() == "Secret" {
-		// override automatic conversion from stringData to data prior to evaluation
-		existingValue = existingObj.UnstructuredContent()["data"]
-
+		// override automatic conversion from stringData to data before evaluation
 		encodedValue, _, err := unstructured.NestedStringMap(existingObj.Object, "data")
 		if err != nil {
 			message := "Error accessing encoded data"
@@ -2420,6 +2418,8 @@ func handleSingleKey(
 			return message, false, mergedValue, false
 		}
 
+		existingValue = make(map[string]interface{}, len(encodedValue))
+
 		for k, value := range encodedValue {
 			decodedVal, err := base64.StdEncoding.DecodeString(value)
 			if err != nil {