Skip to content

Commit

Permalink
Fix bug where decoding stringdata modified the existing object directly
Browse files Browse the repository at this point in the history
Solution: when decoding, operate on a copy of the existing object's data

Ref: https://issues.redhat.com/browse/ACM-8739
Signed-off-by: Jeffrey Luo <jeluo@redhat.com>
  • Loading branch information
JeffeyL authored and openshift-merge-bot[bot] committed Nov 23, 2023
1 parent a901475 commit 2d10d53
Showing 1 changed file with 8 additions and 6 deletions.
14 changes: 8 additions & 6 deletions controllers/configurationpolicy_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -2410,27 +2410,29 @@ func handleSingleKey(
}

if key == "stringData" && existingObj.GetKind() == "Secret" {
// override automatic conversion from stringData to data prior to evaluation
existingValue = existingObj.UnstructuredContent()["data"]

// override automatic conversion from stringData to data before evaluation
encodedValue, _, err := unstructured.NestedStringMap(existingObj.Object, "data")
if err != nil {
message := "Error accessing encoded data"

return message, false, mergedValue, false
}

for k, value := range encodedValue {
decodedVal, err := base64.StdEncoding.DecodeString(value)
decodedValue := make(map[string]interface{}, len(encodedValue))

for k, encoded := range encodedValue {
decoded, err := base64.StdEncoding.DecodeString(encoded)
if err != nil {
secretName := existingObj.GetName()
message := fmt.Sprintf("Error decoding secret: %s", secretName)

return message, false, mergedValue, false
}

existingValue.(map[string]interface{})[k] = string(decodedVal)
decodedValue[k] = string(decoded)
}

existingValue = decodedValue
}

// sort objects before checking equality to ensure they're in the same order
Expand Down

0 comments on commit 2d10d53

Please sign in to comment.