From 8425b9fe75d4415946771b96267f65f9fc1ec433 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 15 Feb 2024 14:13:26 +0100 Subject: [PATCH] use DefaultUnstructuredConverter to convert extras to unstructured Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .../identity/certificaterequest_identity.go | 27 ++++++++--------- .../certificaterequest_identity_test.go | 29 +++++++++++++++++++ 2 files changed, 43 insertions(+), 13 deletions(-) diff --git a/internal/webhook/admission/certificaterequest/identity/certificaterequest_identity.go b/internal/webhook/admission/certificaterequest/identity/certificaterequest_identity.go index b8b2e8f98..e5221801f 100644 --- a/internal/webhook/admission/certificaterequest/identity/certificaterequest_identity.go +++ b/internal/webhook/admission/certificaterequest/identity/certificaterequest_identity.go @@ -53,29 +53,30 @@ func (p *certificateRequestIdentity) Mutate(ctx context.Context, request admissi return nil } - extraValuesToGenericMap := func(m map[string]authenticationv1.ExtraValue) map[string]interface{} { - genericMap := make(map[string]interface{}, len(m)) - for k, v := range m { - arr := make([]interface{}, len(v)) - for i, val := range v { - arr[i] = val - } - genericMap[k] = []interface{}(arr) - } - return genericMap - } - for _, err := range []error{ unstructured.SetNestedField(obj.Object, request.UserInfo.UID, "spec", "uid"), unstructured.SetNestedField(obj.Object, request.UserInfo.Username, "spec", "username"), unstructured.SetNestedStringSlice(obj.Object, request.UserInfo.Groups, "spec", "groups"), - unstructured.SetNestedMap(obj.Object, extraValuesToGenericMap(request.UserInfo.Extra), "spec", "extra"), } { if err != nil { return err } } + // Overwrite the 'spec.extra' field with the request.UserInfo.Extra field. + // If the request.UserInfo.Extra field is empty, remove the 'spec.extra' field. + unstructured.RemoveNestedField(obj.Object, "spec", "extra") + if len(request.UserInfo.Extra) > 0 { + unstructuredExtra, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&request.UserInfo.Extra) + if err != nil { + return err + } + + if err := unstructured.SetNestedMap(obj.Object, unstructuredExtra, "spec", "extra"); err != nil { + return err + } + } + return nil } diff --git a/internal/webhook/admission/certificaterequest/identity/certificaterequest_identity_test.go b/internal/webhook/admission/certificaterequest/identity/certificaterequest_identity_test.go index fa982eec4..c06cf5570 100644 --- a/internal/webhook/admission/certificaterequest/identity/certificaterequest_identity_test.go +++ b/internal/webhook/admission/certificaterequest/identity/certificaterequest_identity_test.go @@ -424,6 +424,35 @@ func TestMutateCreate(t *testing.T) { }, }, }, + "should handle nil Extra values": { + req: &admissionv1.AdmissionRequest{ + Operation: admissionv1.Create, + RequestResource: correctRequestResource, + UserInfo: authenticationv1.UserInfo{ + UID: "abc", + Username: "user-1", + Groups: []string{"group-1", "group-2"}, + }, + }, + existingCR: &cmapi.CertificateRequest{ + Spec: cmapi.CertificateRequestSpec{ + UID: "1234", + Username: "user-2", + Groups: []string{"group-3", "group-4"}, + Extra: map[string][]string{ + "3": {"abc", "efg"}, + "4": {"efg", "abc"}, + }, + }, + }, + expectedCR: &cmapi.CertificateRequest{ + Spec: cmapi.CertificateRequestSpec{ + UID: "abc", + Username: "user-1", + Groups: []string{"group-1", "group-2"}, + }, + }, + }, } for name, test := range tests {