diff --git a/internal/kubeadm/types.go b/internal/kubeadm/types.go index ea4431d..a0b2408 100644 --- a/internal/kubeadm/types.go +++ b/internal/kubeadm/types.go @@ -22,13 +22,13 @@ func (c *Configuration) Checksum() string { kubeconfig, _ := json.Marshal(c.Kubeconfig) parameters, _ := json.Marshal(c.Parameters) - data := map[string]string{ - "InitConfiguration": string(initConfiguration), - "Kubeconfig": string(kubeconfig), - "Parameters": string(parameters), + data := map[string][]byte{ + "InitConfiguration": initConfiguration, + "Kubeconfig": kubeconfig, + "Parameters": parameters, } - return utilities.CalculateConfigMapChecksum(data) + return utilities.CalculateMapChecksum(data) } type Parameters struct { diff --git a/internal/resources/api_server_certificate.go b/internal/resources/api_server_certificate.go index 26670a9..e442a84 100644 --- a/internal/resources/api_server_certificate.go +++ b/internal/resources/api_server_certificate.go @@ -133,7 +133,7 @@ func (r *APIServerCertificate) mutate(ctx context.Context, tenantControlPlane *k if annotations == nil { annotations = map[string]string{} } - annotations[constants.Checksum] = utilities.CalculateConfigMapChecksum(r.resource.StringData) + annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) r.resource.SetAnnotations(annotations) r.resource.SetLabels(utilities.MergeMaps( diff --git a/internal/resources/api_server_kubelet_client_certificate.go b/internal/resources/api_server_kubelet_client_certificate.go index b872478..419e9a2 100644 --- a/internal/resources/api_server_kubelet_client_certificate.go +++ b/internal/resources/api_server_kubelet_client_certificate.go @@ -142,7 +142,7 @@ func (r *APIServerKubeletClientCertificate) mutate(ctx context.Context, tenantCo if annotations == nil { annotations = map[string]string{} } - annotations[constants.Checksum] = utilities.CalculateConfigMapChecksum(r.resource.StringData) + annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) r.resource.SetAnnotations(annotations) return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) diff --git a/internal/resources/ca_certificate.go b/internal/resources/ca_certificate.go index 90d7245..017e74f 100644 --- a/internal/resources/ca_certificate.go +++ b/internal/resources/ca_certificate.go @@ -128,7 +128,7 @@ func (r *CACertificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1 if annotations == nil { annotations = map[string]string{} } - annotations[constants.Checksum] = utilities.CalculateConfigMapChecksum(r.resource.StringData) + annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) r.resource.SetAnnotations(annotations) return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) diff --git a/internal/resources/datastore/datastore_certificate.go b/internal/resources/datastore/datastore_certificate.go index 3e7a7d4..9ff4204 100644 --- a/internal/resources/datastore/datastore_certificate.go +++ b/internal/resources/datastore/datastore_certificate.go @@ -89,7 +89,7 @@ func (r *Certificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1al r.resource.Data["ca.crt"] = ca - if r.resource.GetAnnotations()[constants.Checksum] == utilities.CalculateConfigMapChecksum(r.resource.StringData) { + if r.resource.GetAnnotations()[constants.Checksum] == utilities.CalculateMapChecksum(r.resource.Data) { if r.DataStore.Spec.Driver == kamajiv1alpha1.EtcdDriver { if isValid, _ := crypto.IsValidCertificateKeyPairBytes(r.resource.Data["server.crt"], r.resource.Data["server.key"]); isValid { return nil @@ -145,7 +145,7 @@ func (r *Certificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1al if annotations == nil { annotations = map[string]string{} } - annotations[constants.Checksum] = utilities.CalculateConfigMapChecksum(r.resource.StringData) + annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) r.resource.SetAnnotations(annotations) r.resource.SetLabels(utilities.MergeMaps( diff --git a/internal/resources/datastore/datastore_storage_config.go b/internal/resources/datastore/datastore_storage_config.go index eeb9c15..8373b45 100644 --- a/internal/resources/datastore/datastore_storage_config.go +++ b/internal/resources/datastore/datastore_storage_config.go @@ -80,7 +80,7 @@ func (r *Config) mutate(_ context.Context, tenantControlPlane *kamajiv1alpha1.Te savedHash, ok := r.resource.GetAnnotations()[constants.Checksum] switch { - case ok && savedHash == utilities.CalculateConfigMapChecksum(r.resource.StringData): + case ok && savedHash == utilities.CalculateMapChecksum(r.resource.Data): password = r.resource.Data["DB_PASSWORD"] default: password = []byte(uuid.New().String()) @@ -98,7 +98,7 @@ func (r *Config) mutate(_ context.Context, tenantControlPlane *kamajiv1alpha1.Te annotations = map[string]string{} } - annotations[constants.Checksum] = utilities.CalculateConfigMapChecksum(r.resource.StringData) + annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) r.resource.SetAnnotations(annotations) r.resource.SetLabels(utilities.MergeMaps( diff --git a/internal/resources/front-proxy-client-certificate.go b/internal/resources/front-proxy-client-certificate.go index 87c2725..1bde1e9 100644 --- a/internal/resources/front-proxy-client-certificate.go +++ b/internal/resources/front-proxy-client-certificate.go @@ -141,7 +141,7 @@ func (r *FrontProxyClientCertificate) mutate(ctx context.Context, tenantControlP if annotations == nil { annotations = map[string]string{} } - annotations[constants.Checksum] = utilities.CalculateConfigMapChecksum(r.resource.StringData) + annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) r.resource.SetAnnotations(annotations) return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) diff --git a/internal/resources/front_proxy_ca_certificate.go b/internal/resources/front_proxy_ca_certificate.go index dde6971..77ec9d7 100644 --- a/internal/resources/front_proxy_ca_certificate.go +++ b/internal/resources/front_proxy_ca_certificate.go @@ -127,7 +127,7 @@ func (r *FrontProxyCACertificate) mutate(ctx context.Context, tenantControlPlane if annotations == nil { annotations = map[string]string{} } - annotations[constants.Checksum] = utilities.CalculateConfigMapChecksum(r.resource.StringData) + annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) r.resource.SetAnnotations(annotations) return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) diff --git a/internal/resources/konnectivity/certificate_resource.go b/internal/resources/konnectivity/certificate_resource.go index 76dfef7..84289bb 100644 --- a/internal/resources/konnectivity/certificate_resource.go +++ b/internal/resources/konnectivity/certificate_resource.go @@ -97,7 +97,7 @@ func (r *CertificateResource) mutate(ctx context.Context, tenantControlPlane *ka return func() error { logger := log.FromContext(ctx, "resource", r.GetName()) - if checksum := tenantControlPlane.Status.Addons.Konnectivity.Certificate.Checksum; len(checksum) > 0 && checksum == utilities.CalculateConfigMapChecksum(r.resource.StringData) { + if checksum := tenantControlPlane.Status.Addons.Konnectivity.Certificate.Checksum; len(checksum) > 0 && checksum == utilities.CalculateMapChecksum(r.resource.Data) { isValid, err := crypto.IsValidCertificateKeyPairBytes(r.resource.Data[corev1.TLSCertKey], r.resource.Data[corev1.TLSPrivateKeyKey]) if err != nil { logger.Info(fmt.Sprintf("%s certificate-private_key pair is not valid: %s", konnectivityCertAndKeyBaseName, err.Error())) @@ -146,7 +146,7 @@ func (r *CertificateResource) mutate(ctx context.Context, tenantControlPlane *ka if annotations == nil { annotations = map[string]string{} } - annotations[constants.Checksum] = utilities.CalculateConfigMapChecksum(r.resource.StringData) + annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) r.resource.SetAnnotations(annotations) return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) diff --git a/internal/resources/konnectivity/egress_selector_configuration_resource.go b/internal/resources/konnectivity/egress_selector_configuration_resource.go index 02e228d..dd31130 100644 --- a/internal/resources/konnectivity/egress_selector_configuration_resource.go +++ b/internal/resources/konnectivity/egress_selector_configuration_resource.go @@ -121,7 +121,7 @@ func (r *EgressSelectorConfigurationResource) mutate(_ context.Context, tenantCo if annotations == nil { annotations = map[string]string{} } - annotations[constants.Checksum] = utilities.MD5Checksum(yamlConfiguration) + annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) } diff --git a/internal/resources/konnectivity/kubeconfig_resource.go b/internal/resources/konnectivity/kubeconfig_resource.go index f948c98..fe478ba 100644 --- a/internal/resources/konnectivity/kubeconfig_resource.go +++ b/internal/resources/konnectivity/kubeconfig_resource.go @@ -167,7 +167,7 @@ func (r *KubeconfigResource) mutate(ctx context.Context, tenantControlPlane *kam if annotations == nil { annotations = map[string]string{} } - annotations[constants.Checksum] = utilities.CalculateConfigMapChecksum(r.resource.StringData) + annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) r.resource.SetLabels(utilities.MergeMaps( utilities.KamajiLabels(), map[string]string{ diff --git a/internal/resources/kubeadm_config.go b/internal/resources/kubeadm_config.go index c649fe4..4fe9288 100644 --- a/internal/resources/kubeadm_config.go +++ b/internal/resources/kubeadm_config.go @@ -109,20 +109,17 @@ func (r *KubeadmConfigResource) mutate(ctx context.Context, tenantControlPlane * if err != nil { return err } - data, err := kubeadm.GetKubeadmInitConfigurationMap(*config) - if err != nil { + if r.resource.Data, err = kubeadm.GetKubeadmInitConfigurationMap(*config); err != nil { logger.Error(err, "cannot retrieve kubeadm init configuration") return err } - r.resource.Data = data - annotations := r.resource.GetAnnotations() if annotations == nil { annotations = map[string]string{} } - annotations[constants.Checksum] = utilities.CalculateConfigMapChecksum(data) + annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) r.resource.SetAnnotations(annotations) if err := ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()); err != nil { diff --git a/internal/resources/kubeconfig.go b/internal/resources/kubeconfig.go index c25bca5..d122c52 100644 --- a/internal/resources/kubeconfig.go +++ b/internal/resources/kubeconfig.go @@ -111,10 +111,10 @@ func (r *KubeconfigResource) CreateOrUpdate(ctx context.Context, tenantControlPl } func (r *KubeconfigResource) checksum(apiServerCertificatesSecret *corev1.Secret, kubeadmChecksum string) string { - return utilities.CalculateConfigMapChecksum(map[string]string{ - "ca-cert-checksum": string(apiServerCertificatesSecret.Data[kubeadmconstants.CACertName]), - "ca-key-checksum": string(apiServerCertificatesSecret.Data[kubeadmconstants.CAKeyName]), - "kubeadmconfig": kubeadmChecksum, + return utilities.CalculateMapChecksum(map[string][]byte{ + "ca-cert-checksum": apiServerCertificatesSecret.Data[kubeadmconstants.CACertName], + "ca-key-checksum": apiServerCertificatesSecret.Data[kubeadmconstants.CAKeyName], + "kubeadmconfig": []byte(kubeadmChecksum), }) } diff --git a/internal/resources/sa_certificate.go b/internal/resources/sa_certificate.go index 95f2b09..dd9d5c6 100644 --- a/internal/resources/sa_certificate.go +++ b/internal/resources/sa_certificate.go @@ -126,7 +126,7 @@ func (r *SACertificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1 if annotations == nil { annotations = map[string]string{} } - annotations[constants.Checksum] = utilities.CalculateConfigMapChecksum(r.resource.StringData) + annotations[constants.Checksum] = utilities.CalculateMapChecksum(r.resource.Data) r.resource.SetAnnotations(annotations) return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) diff --git a/internal/utilities/checksum.go b/internal/utilities/checksum.go index 692bff1..13f03de 100644 --- a/internal/utilities/checksum.go +++ b/internal/utilities/checksum.go @@ -9,8 +9,20 @@ import ( "sort" ) -// CalculateConfigMapChecksum orders the map according to its key, and calculating the overall md5 of the values. -func CalculateConfigMapChecksum(data map[string]string) string { +// CalculateMapChecksum orders the map according to its key, and calculating the overall md5 of the values. +// It's expected to work with ConfigMap (map[string]string) and Secrets (map[string][]byte). +func CalculateMapChecksum(data any) string { + switch t := data.(type) { + case map[string]string: + return calculateMapStringString(t) + case map[string][]byte: + return calculateMapStringByte(t) + default: + return "" + } +} + +func calculateMapStringString(data map[string]string) string { keys := make([]string, 0, len(data)) for key := range data { keys = append(keys, key) @@ -27,6 +39,23 @@ func CalculateConfigMapChecksum(data map[string]string) string { return MD5Checksum([]byte(checksum)) } +func calculateMapStringByte(data map[string][]byte) string { + keys := make([]string, 0, len(data)) + for key := range data { + keys = append(keys, key) + } + + sort.Strings(keys) + + var checksum string + + for _, key := range keys { + checksum += string(data[key]) + } + + return MD5Checksum([]byte(checksum)) +} + func MD5Checksum(value []byte) string { hash := md5.Sum(value)