use DefaultUnstructuredConverter to convert extras to unstructured

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
2024-02-15 14:13:26 +01:00 · 2024-02-15 14:13:26 +01:00 · 8425b9fe75
commit 8425b9fe75
parent 8f7af98772
2 changed files with 43 additions and 13 deletions
--- a/internal/webhook/admission/certificaterequest/identity/certificaterequest_identity.go
+++ b/internal/webhook/admission/certificaterequest/identity/certificaterequest_identity.go
@ -53,29 +53,30 @@ func (p *certificateRequestIdentity) Mutate(ctx context.Context, request admissi
 		return nil
 	}

-	extraValuesToGenericMap := func(m map[string]authenticationv1.ExtraValue) map[string]interface{} {
-		genericMap := make(map[string]interface{}, len(m))
-		for k, v := range m {
-			arr := make([]interface{}, len(v))
-			for i, val := range v {
-				arr[i] = val
-			}
-			genericMap[k] = []interface{}(arr)
-		}
-		return genericMap
-	}
-
 	for _, err := range []error{
 		unstructured.SetNestedField(obj.Object, request.UserInfo.UID, "spec", "uid"),
 		unstructured.SetNestedField(obj.Object, request.UserInfo.Username, "spec", "username"),
 		unstructured.SetNestedStringSlice(obj.Object, request.UserInfo.Groups, "spec", "groups"),
-		unstructured.SetNestedMap(obj.Object, extraValuesToGenericMap(request.UserInfo.Extra), "spec", "extra"),
 	} {
 		if err != nil {
 			return err
 		}
 	}

+	// Overwrite the 'spec.extra' field with the request.UserInfo.Extra field.
+	// If the request.UserInfo.Extra field is empty, remove the 'spec.extra' field.
+	unstructured.RemoveNestedField(obj.Object, "spec", "extra")
+	if len(request.UserInfo.Extra) > 0 {
+		unstructuredExtra, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&request.UserInfo.Extra)
+		if err != nil {
+			return err
+		}
+
+		if err := unstructured.SetNestedMap(obj.Object, unstructuredExtra, "spec", "extra"); err != nil {
+			return err
+		}
+	}
+
 	return nil
 }

--- a/internal/webhook/admission/certificaterequest/identity/certificaterequest_identity_test.go
+++ b/internal/webhook/admission/certificaterequest/identity/certificaterequest_identity_test.go
@ -424,6 +424,35 @@ func TestMutateCreate(t *testing.T) {
 				},
 			},
 		},
+		"should handle nil Extra values": {
+			req: &admissionv1.AdmissionRequest{
+				Operation:       admissionv1.Create,
+				RequestResource: correctRequestResource,
+				UserInfo: authenticationv1.UserInfo{
+					UID:      "abc",
+					Username: "user-1",
+					Groups:   []string{"group-1", "group-2"},
+				},
+			},
+			existingCR: &cmapi.CertificateRequest{
+				Spec: cmapi.CertificateRequestSpec{
+					UID:      "1234",
+					Username: "user-2",
+					Groups:   []string{"group-3", "group-4"},
+					Extra: map[string][]string{
+						"3": {"abc", "efg"},
+						"4": {"efg", "abc"},
+					},
+				},
+			},
+			expectedCR: &cmapi.CertificateRequest{
+				Spec: cmapi.CertificateRequestSpec{
+					UID:      "abc",
+					Username: "user-1",
+					Groups:   []string{"group-1", "group-2"},
+				},
+			},
+		},
 	}

 	for name, test := range tests {