ACM-8739: ACM Policy that applies stringdata in a secret regression with templates #179
Conversation
|
The original 2.8 ticket is here: https://issues.redhat.com/browse/ACM-8415, I created a new ticket since this problem may also affect the most recent version. |
| encodedValue, _, err := unstructured.NestedStringMap(existingObj.Object, "data") | ||
| if err != nil { | ||
| message := "Error accessing encoded data" | ||
|
|
||
| return message, false, mergedValue, false | ||
| } | ||
|
|
||
| existingValue = make(map[string]interface{}, len(encodedValue)) | ||
|
|
There was a problem hiding this comment.
Should we change this
? because of thisThere was a problem hiding this comment.
https://github.com/open-cluster-management-io/config-policy-controller/blob/34c5a931b272a414aed605cafac95687e0c6b859/controllers/configurationpolicy_controller.go#L2382C2-L2391C4 maybe affect here if existingValue is still interface{}
|
/hold |
Solution: when decoding, operate on a copy of the existing object's data Ref: https://issues.redhat.com/browse/ACM-8739 Signed-off-by: Jeffrey Luo <jeluo@redhat.com>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JeffeyL, yiraeChristineKim The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/unhold |
openshift-merge-bot
bot
merged commit 2d10d53
into
open-cluster-management-io:main
Description: On second evaluation of a secret with stringData, the existingObject is modified while evaluating stringData for comparison. Since the order in which the keys are evaluated is varied, if the underlying object is modified first this may cause issues for future key evaluations.
Solution: when evaluating stringData, operate on a copy of the existing object's data so the actual object is not modified.
Ref: https://issues.redhat.com/browse/ACM-8739