Skip to content

Commit

Permalink
rename TruststoreHash to TrustBundleHash and add unit tests
Browse files Browse the repository at this point in the history 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
  • Loading branch information
@inteon
inteon committed Nov 20, 2024
1 parent 9e9918c commit d9d8cd5
Show file tree
Hide file tree
Showing 3 changed files with 123 additions and 49 deletions.
8 changes: 4 additions & 4 deletions pkg/bundle/bundle_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ func Test_Reconcile(t *testing.T) {
configMapPatch = func(name, namespace string, data map[string]string, binData map[string][]byte, key *string, additionalFormats *trustapi.AdditionalFormats) *coreapplyconfig.ConfigMapApplyConfiguration {
annotations := map[string]string{}
if key != nil {
annotations[trustapi.BundleHashAnnotationKey] = target.TruststoreHash([]byte(data[*key]), additionalFormats)
annotations[trustapi.BundleHashAnnotationKey] = target.TrustBundleHash([]byte(data[*key]), additionalFormats)
}

return coreapplyconfig.
Expand All @@ -184,7 +184,7 @@ func Test_Reconcile(t *testing.T) {
secretPatch = func(name, namespace string, data map[string]string, key *string, additionaFormats *trustapi.AdditionalFormats) *coreapplyconfig.SecretApplyConfiguration {
annotations := map[string]string{}
if key != nil {
annotations[trustapi.BundleHashAnnotationKey] = target.TruststoreHash([]byte(data[*key]), additionaFormats)
annotations[trustapi.BundleHashAnnotationKey] = target.TrustBundleHash([]byte(data[*key]), additionaFormats)
}

binaryData := map[string][]byte{}
Expand Down Expand Up @@ -213,7 +213,7 @@ func Test_Reconcile(t *testing.T) {
targetConfigMap = func(namespace string, data map[string]string, binData map[string][]byte, key *string, withOwnerRef bool, additionaFormats *trustapi.AdditionalFormats) *corev1.ConfigMap {
annotations := map[string]string{}
if key != nil {
annotations[trustapi.BundleHashAnnotationKey] = target.TruststoreHash([]byte(data[*key]), additionaFormats)
annotations[trustapi.BundleHashAnnotationKey] = target.TrustBundleHash([]byte(data[*key]), additionaFormats)
}

dataEntries := make([]string, 0, len(data))
Expand Down Expand Up @@ -250,7 +250,7 @@ func Test_Reconcile(t *testing.T) {
targetSecret = func(namespace string, data map[string]string, key *string, withOwnerRef bool, additionaFormats *trustapi.AdditionalFormats) *corev1.Secret {
annotations := map[string]string{}
if key != nil {
annotations[trustapi.BundleHashAnnotationKey] = target.TruststoreHash([]byte(data[*key]), additionaFormats)
annotations[trustapi.BundleHashAnnotationKey] = target.TrustBundleHash([]byte(data[*key]), additionaFormats)
}

dataEntries := make([]string, 0, len(data))
Expand Down
26 changes: 13 additions & 13 deletions pkg/bundle/internal/target/target.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ func (r *Reconciler) SyncConfigMap(

// Generated PKCS #12 is not deterministic - best we can do here is update if the pem cert has
// changed (hence not checking if PKCS #12 matches)
truststoreHash := TruststoreHash([]byte(resolvedBundle.Data), bundle.Spec.Target.AdditionalFormats)
trustBundleHash := TrustBundleHash([]byte(resolvedBundle.Data), bundle.Spec.Target.AdditionalFormats)
configMapData := map[string]string{
bundleTarget.ConfigMap.Key: resolvedBundle.Data,
}
Expand All @@ -115,7 +115,7 @@ func (r *Reconciler) SyncConfigMap(
// If the ConfigMap doesn't exist, create it.
if !apierrors.IsNotFound(err) {
// Exit early if no update is needed
if exit, err := r.needsUpdate(ctx, KindConfigMap, log, targetObj, bundle, truststoreHash); err != nil {
if exit, err := r.needsUpdate(ctx, KindConfigMap, log, targetObj, bundle, trustBundleHash); err != nil {
return false, err
} else if !exit {
return false, nil
Expand All @@ -124,7 +124,7 @@ func (r *Reconciler) SyncConfigMap(

configMapPatch := prepareTargetPatch(coreapplyconfig.ConfigMap(name.Name, name.Namespace), *bundle).
WithAnnotations(map[string]string{
trustapi.BundleHashAnnotationKey: truststoreHash,
trustapi.BundleHashAnnotationKey: trustBundleHash,
}).
WithData(configMapData).
WithBinaryData(configMapBinData)
Expand Down Expand Up @@ -188,7 +188,7 @@ func (r *Reconciler) SyncSecret(

// Generated PKCS #12 is not deterministic - best we can do here is update if the pem cert has
// changed (hence not checking if PKCS #12 matches)
truststoreHash := TruststoreHash([]byte(resolvedBundle.Data), bundle.Spec.Target.AdditionalFormats)
trustBundleHash := TrustBundleHash([]byte(resolvedBundle.Data), bundle.Spec.Target.AdditionalFormats)
secretData := map[string][]byte{
bundleTarget.Secret.Key: []byte(resolvedBundle.Data),
}
Expand All @@ -200,7 +200,7 @@ func (r *Reconciler) SyncSecret(
// If the Secret doesn't exist, create it.
if !apierrors.IsNotFound(err) {
// Exit early if no update is needed
if exit, err := r.needsUpdate(ctx, KindSecret, log, targetObj, bundle, truststoreHash); err != nil {
if exit, err := r.needsUpdate(ctx, KindSecret, log, targetObj, bundle, trustBundleHash); err != nil {
return false, err
} else if !exit {
return false, nil
Expand All @@ -209,7 +209,7 @@ func (r *Reconciler) SyncSecret(

secretPatch := prepareTargetPatch(coreapplyconfig.Secret(name.Name, name.Namespace), *bundle).
WithAnnotations(map[string]string{
trustapi.BundleHashAnnotationKey: truststoreHash,
trustapi.BundleHashAnnotationKey: trustBundleHash,
}).
WithData(secretData)

Expand All @@ -229,7 +229,7 @@ const (
KindSecret Kind = "Secret"
)

func (r *Reconciler) needsUpdate(ctx context.Context, kind Kind, log logr.Logger, obj *metav1.PartialObjectMetadata, bundle *trustapi.Bundle, truststoreHash string) (bool, error) {
func (r *Reconciler) needsUpdate(ctx context.Context, kind Kind, log logr.Logger, obj *metav1.PartialObjectMetadata, bundle *trustapi.Bundle, trustBundleHash string) (bool, error) {
needsUpdate := false
if !metav1.IsControlledBy(obj, bundle) {
needsUpdate = true
Expand All @@ -239,7 +239,7 @@ func (r *Reconciler) needsUpdate(ctx context.Context, kind Kind, log logr.Logger
needsUpdate = true
}

if obj.GetAnnotations()[trustapi.BundleHashAnnotationKey] != truststoreHash {
if obj.GetAnnotations()[trustapi.BundleHashAnnotationKey] != trustBundleHash {
needsUpdate = true
}

Expand Down Expand Up @@ -398,16 +398,16 @@ func (b *Data) Populate(pool *util.CertPool, formats *trustapi.AdditionalFormats
return nil
}

func TruststoreHash(data []byte, bundle *trustapi.AdditionalFormats) string {
func TrustBundleHash(data []byte, additionalFormats *trustapi.AdditionalFormats) string {
hash := sha256.New()

_, _ = hash.Write(data)

if bundle != nil && bundle.JKS != nil && bundle.JKS.Password != nil {
_, _ = hash.Write([]byte(*bundle.JKS.Password))
if additionalFormats != nil && additionalFormats.JKS != nil && additionalFormats.JKS.Password != nil {
_, _ = hash.Write([]byte(*additionalFormats.JKS.Password))
}
if bundle != nil && bundle.PKCS12 != nil && bundle.PKCS12.Password != nil {
_, _ = hash.Write([]byte(*bundle.PKCS12.Password))
if additionalFormats != nil && additionalFormats.PKCS12 != nil && additionalFormats.PKCS12.Password != nil {
_, _ = hash.Write([]byte(*additionalFormats.PKCS12.Password))
}

hashValue := [32]byte{}
Expand Down
Loading

0 comments on commit d9d8cd5

Please sign in to comment.