mirror of
https://github.com/lukaszraczylo/kubemirror.git
synced 2026-06-23 04:21:50 +00:00
fix: hash drift, transformer leak guard, prod logger, ctx-aware wait
M7: extractUnstructuredContent only hashed 'spec' when present, dropping all other top-level content fields. Resources with both spec and data (or any non-spec content) silently drifted until the next 10m resync. Now hashes every non-Kubernetes-managed top-level field, matching the fields updateUnstructuredMirror copies. M6: when a source has a transform annotation, also hash the source's labels and annotations (filtered of kubemirror.raczylo.com/* keys to avoid the controller's own bookkeeping churning the hash). Templates read these via TransformContext; without this a label change wouldn't re-render the transformed mirror. H3: text/template.Execute is not context-aware, so applyTemplateRule's timeout cancels the select but leaks the executor goroutine. Added a process-wide semaphore (cap 64) so a runaway template can't spawn an unbounded number of stuck goroutines on every reconcile. M4: zap dev mode (DPanic-on-error, console output, stacktraces on warning) was hardcoded on. Defaulted to production; --zap-devel flag remains for opt-in. M5: WaitForInitialDiscovery was anchored on context.Background() with its own WithTimeout, so SIGTERM during startup couldn't abort the wait. Now anchors on signalCtx.
This commit is contained in:
@@ -641,3 +641,76 @@ func BenchmarkNeedsSync(b *testing.B) {
|
||||
_, _ = NeedsSync(source, target, annotations)
|
||||
}
|
||||
}
|
||||
func TestComputeContentHash_Unstructured_HashesAllNonMetaFields(t *testing.T) {
|
||||
// Regression (M7): the previous implementation only hashed `spec` when it
|
||||
// was present, dropping any other top-level content (data, type, custom
|
||||
// CRD fields). Drift to those fields was invisible until the next resync.
|
||||
objSpecOnly := &unstructured.Unstructured{Object: map[string]interface{}{
|
||||
"apiVersion": "v1",
|
||||
"kind": "Custom",
|
||||
"spec": map[string]interface{}{"field": "v1"},
|
||||
"data": map[string]interface{}{"k": "v1"},
|
||||
}}
|
||||
objSpecAndDifferentData := &unstructured.Unstructured{Object: map[string]interface{}{
|
||||
"apiVersion": "v1",
|
||||
"kind": "Custom",
|
||||
"spec": map[string]interface{}{"field": "v1"},
|
||||
"data": map[string]interface{}{"k": "v2"}, // only data differs
|
||||
}}
|
||||
|
||||
h1, err := ComputeContentHash(objSpecOnly)
|
||||
require.NoError(t, err)
|
||||
h2, err := ComputeContentHash(objSpecAndDifferentData)
|
||||
require.NoError(t, err)
|
||||
assert.NotEqual(t, h1, h2, "data field must contribute to hash even when spec exists")
|
||||
}
|
||||
|
||||
func TestComputeContentHash_Unstructured_TransformIncludesLabelsAndAnnotations(t *testing.T) {
|
||||
// Regression (M6): templates can read source labels/annotations via
|
||||
// TransformContext. When a transform annotation is present, label /
|
||||
// annotation changes must therefore re-hash so NeedsSync re-renders.
|
||||
make := func(label, annot string) *unstructured.Unstructured {
|
||||
return &unstructured.Unstructured{Object: map[string]interface{}{
|
||||
"apiVersion": "v1",
|
||||
"kind": "ConfigMap",
|
||||
"metadata": map[string]interface{}{
|
||||
"labels": map[string]interface{}{"app": label},
|
||||
"annotations": map[string]interface{}{constants.AnnotationTransform: "rules: []", "tier": annot},
|
||||
},
|
||||
"data": map[string]interface{}{"k": "v"},
|
||||
}}
|
||||
}
|
||||
|
||||
base, err := ComputeContentHash(make("v1", "prod"))
|
||||
require.NoError(t, err)
|
||||
|
||||
labelChanged, err := ComputeContentHash(make("v2", "prod"))
|
||||
require.NoError(t, err)
|
||||
assert.NotEqual(t, base, labelChanged, "label change must re-hash when transform is present")
|
||||
|
||||
annotChanged, err := ComputeContentHash(make("v1", "stage"))
|
||||
require.NoError(t, err)
|
||||
assert.NotEqual(t, base, annotChanged, "annotation change must re-hash when transform is present")
|
||||
}
|
||||
|
||||
func TestComputeContentHash_Unstructured_LabelChangesIgnoredWithoutTransform(t *testing.T) {
|
||||
// Counterpart to the above: when there is NO transform annotation, label
|
||||
// changes must NOT churn the hash — that would cause unnecessary mirror
|
||||
// re-writes for plain (non-transformed) mirrors.
|
||||
make := func(label string) *unstructured.Unstructured {
|
||||
return &unstructured.Unstructured{Object: map[string]interface{}{
|
||||
"apiVersion": "v1",
|
||||
"kind": "ConfigMap",
|
||||
"metadata": map[string]interface{}{
|
||||
"labels": map[string]interface{}{"app": label},
|
||||
},
|
||||
"data": map[string]interface{}{"k": "v"},
|
||||
}}
|
||||
}
|
||||
|
||||
h1, err := ComputeContentHash(make("v1"))
|
||||
require.NoError(t, err)
|
||||
h2, err := ComputeContentHash(make("v2"))
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, h1, h2, "label changes must not re-hash without a transform annotation")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user