From 342d9af3093e410495fe89322a9218aba3e57c2f Mon Sep 17 00:00:00 2001
From: khewonc <39867936+khewonc@users.noreply.github.com>
Date: Tue, 22 Oct 2024 11:10:10 -0400
Subject: [PATCH] Fix secret equality checking (#1471)

* Fix secret equality checking

* Remove stringdata checking

* Add back in verify-licenses
---
 pkg/equality/equality.go      | 12 ++---
 pkg/equality/equality_test.go | 92 +++++++++++++++++++++++++++++++++++
 2 files changed, 95 insertions(+), 9 deletions(-)

diff --git a/pkg/equality/equality.go b/pkg/equality/equality.go
index de6db0595..aa4fce456 100644
--- a/pkg/equality/equality.go
+++ b/pkg/equality/equality.go
@@ -149,16 +149,10 @@ func IsEqualAPIService(objA, objB client.Object) bool {
 
 // IsEqualSecrets return true if the two Secrets are equal
 func IsEqualSecrets(a, b client.Object) bool {
-	sA, okA := a.(*corev1.ConfigMap)
-	sB, okB := b.(*corev1.ConfigMap)
+	sA, okA := a.(*corev1.Secret)
+	sB, okB := b.(*corev1.Secret)
 	if okA && okB && sA != nil && sB != nil {
-		if !apiutils.IsEqualStruct(sA.Data, sB.Data) {
-			return false
-		}
-		if !apiutils.IsEqualStruct(sA.BinaryData, sA.BinaryData) {
-			return false
-		}
-		return true
+		return apiutils.IsEqualStruct(sA.Data, sB.Data)
 	}
 	return false
 }
diff --git a/pkg/equality/equality_test.go b/pkg/equality/equality_test.go
index 37fe5294d..6a07dc4b2 100644
--- a/pkg/equality/equality_test.go
+++ b/pkg/equality/equality_test.go
@@ -9,7 +9,9 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 func TestIsEqualOperatorAnnotations(t *testing.T) {
@@ -160,3 +162,93 @@ func TestIsEqualOperatorLabels(t *testing.T) {
 		})
 	}
 }
+func TestIsEqualSecrets(t *testing.T) {
+	tests := []struct {
+		name string
+		objA client.Object
+		objB client.Object
+		want bool
+	}{
+		{
+			name: "objs equal",
+			objA: &corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "secret-foo",
+				},
+				Data: map[string][]byte{
+					"foo": {1, 2, 3},
+				},
+			},
+			objB: &corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "secret-foo",
+				},
+				Data: map[string][]byte{
+					"foo": {1, 2, 3},
+				},
+			},
+			want: true,
+		},
+		{
+			name: "objs not equal",
+			objA: &corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "secret-foo",
+				},
+				Data: map[string][]byte{
+					"foo": {1, 2, 3},
+				},
+			},
+			objB: &corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "secret-foo",
+				},
+				Data: map[string][]byte{
+					"foo": {3, 2, 1},
+				},
+			},
+			want: false,
+		},
+		{
+			name: "objs not equal, but data and stringdata equal",
+			objA: &corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "secret-foo",
+				},
+				Type: corev1.SecretTypeBasicAuth,
+				Data: map[string][]byte{
+					"foo": {1, 2, 3},
+				},
+			},
+			objB: &corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "secret-foo",
+				},
+				Type: corev1.SecretTypeBootstrapToken,
+				Data: map[string][]byte{
+					"foo": {1, 2, 3},
+				},
+			},
+			want: true,
+		},
+		{
+			name: "objs not secrets",
+			objA: &corev1.ConfigMap{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "secret-foo",
+				},
+			},
+			objB: &corev1.ConfigMap{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "secret-foo",
+				},
+			},
+			want: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, tt.want, IsEqualSecrets(tt.objA, tt.objB))
+		})
+	}
+}