Check SA imagePullSecret length to discard comparing against generate…

…d and injected values (stolostron#1402) Signed-off-by: Philip Gough <[email protected]>
coleenquadros · Apr 15, 2024 · 4815698 · 4815698
1 parent 1cb5bad
commit 4815698
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 4 deletions.
diff --git a/go.mod b/go.mod
@@ -13,6 +13,7 @@ require (
 	github.com/gogo/protobuf v1.3.2
 	github.com/golang/protobuf v1.5.3
 	github.com/golang/snappy v0.0.4
+	github.com/google/go-cmp v0.5.9
 	github.com/hashicorp/go-version v1.3.0
 	github.com/oklog/run v1.1.0
 	github.com/onsi/ginkgo v1.16.5
@@ -90,7 +91,6 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/certificate-transparency-go v1.0.21 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.3.0 // indirect

diff --git a/operators/multiclusterobservability/controllers/placementrule/manifestwork.go b/operators/multiclusterobservability/controllers/placementrule/manifestwork.go
@@ -15,6 +15,8 @@ import (
 	"strconv"
 	"strings"
 
+	"golang.org/x/exp/slices"
+
 	rbacv1 "k8s.io/api/rbac/v1"
 
 	"gopkg.in/yaml.v2"
@@ -28,6 +30,8 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	gocmp "github.com/google/go-cmp/cmp"
+	gocmpopts "github.com/google/go-cmp/cmp/cmpopts"
 	mcoshared "github.com/stolostron/multicluster-observability-operator/operators/multiclusterobservability/api/shared"
 	mcov1beta1 "github.com/stolostron/multicluster-observability-operator/operators/multiclusterobservability/api/v1beta1"
 	mcov1beta2 "github.com/stolostron/multicluster-observability-operator/operators/multiclusterobservability/api/v1beta2"
@@ -568,9 +572,32 @@ func createUpdateResourcesForHubMetricsCollection(c client.Client, manifests []w
 					needsUpdate = true
 				}
 			case *corev1.ServiceAccount:
-				currentServiceAccount := currentObj.(*corev1.ServiceAccount)
-				if !reflect.DeepEqual(obj.ImagePullSecrets, currentServiceAccount.ImagePullSecrets) {
-					needsUpdate = true
+				// https://issues.redhat.com/browse/ACM-10967
+				// Some of these ServiceAccounts will be read from static files so they will never contain
+				// the generated Secrets as part of their corev1.ServiceAccount.ImagePullSecrets field.
+				// This checks by way of slice length if this particular ServiceAccount can be one of those.
+				if len(obj.ImagePullSecrets) < len(currentObj.(*corev1.ServiceAccount).ImagePullSecrets) {
+					for _, imagePullSecret := range obj.ImagePullSecrets {
+						if !slices.Contains(currentObj.(*corev1.ServiceAccount).ImagePullSecrets, imagePullSecret) {
+							needsUpdate = true
+							break
+						}
+					}
+				} else {
+					sortObjRef := func(a, b corev1.ObjectReference) bool {
+						return a.Name < b.Name
+					}
+
+					sortLocalObjRef := func(a, b corev1.LocalObjectReference) bool {
+						return a.Name < b.Name
+					}
+
+					cmpOptions := []gocmp.Option{gocmpopts.EquateEmpty(), gocmpopts.SortSlices(sortObjRef), gocmpopts.SortSlices(sortLocalObjRef)}
+
+					currentServiceAccount := currentObj.(*corev1.ServiceAccount)
+					if !gocmp.Equal(obj.ImagePullSecrets, currentServiceAccount.ImagePullSecrets, cmpOptions...) {
+						needsUpdate = true
+					}
 				}
 			}