-
Notifications
You must be signed in to change notification settings - Fork 228
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release-4.1] Bug 1734622: resourceapply: don't log secret data #472
[release-4.1] Bug 1734622: resourceapply: don't log secret data #472
Conversation
/assign @enj |
0cc90de
to
03e1162
Compare
@@ -196,6 +196,10 @@ func ApplyConfigMap(client coreclientv1.ConfigMapsGetter, recorder events.Record | |||
|
|||
// ApplySecret merges objectmeta, requires data | |||
func ApplySecret(client coreclientv1.SecretsGetter, recorder events.Recorder, required *corev1.Secret) (*corev1.Secret, bool, error) { | |||
if len(required.StringData) > 0 { | |||
return nil, false, fmt.Errorf("Secret.stringData is not supported") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because it's normalized by the server to Data
, and we would have to add that normalization here before the DeepEqual. Not impossible, just not done.
safeExisting := existing.DeepCopy() | ||
|
||
for s := range safeExisting.Data { | ||
safeExisting.Data[s] = []byte("OLD") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe we want OLD
, NEW
and MODIFIED
as the states to track?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what do you mean with 3 states? We only have two.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ic what you mean. But note that we create a patch below. We cannot have OLD and NEW for all fields, only those which changed.
03e1162
to
2798694
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: enj, sttts The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/cherrypick release-4.1 |
@enj: once the present PR merges, I will cherry-pick it on top of release-4.1 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@enj: new pull request created: #495 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retitle [release-4.1] Bug 1734622: resourceapply: don't log secret data |
/bugzilla 1734622 |
@sttts: All pull requests linked via external trackers have merged. The Bugzilla bug has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@enj This one was for master branch, not release-4.1. What am I missing? |
resourceapply: don't log secret data
Log OLD and NEW instead if a data value changed.
Reject
stringData
because we don't support that right now (could be added if needed, but not in this PR).