Fix empty Group Version Kind

bitnami-labs · Oct 27, 2022 · d1e6138 · d1e6138
1 parent a2115a0
commit d1e6138
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 9 deletions.
diff --git a/integration/controller_test.go b/integration/controller_test.go
@@ -370,12 +370,12 @@ var _ = Describe("create", func() {
 
 	Describe("Same name, wrong key", func() {
 		BeforeEach(func() {
-			// NB: weak keysize - this is just a test case
-			wrongkey, err := rsa.GenerateKey(rand.Reader, 1024)
+			// NB: weak key-size - this is just a test case
+			wrongKey, err := rsa.GenerateKey(rand.Reader, 1024)
 			Expect(err).NotTo(HaveOccurred())
 
 			fmt.Fprintf(GinkgoWriter, "Resealing with wrong key\n")
-			ss, err = ssv1alpha1.NewSealedSecret(scheme.Codecs, &wrongkey.PublicKey, s)
+			ss, err = ssv1alpha1.NewSealedSecret(scheme.Codecs, &wrongKey.PublicKey, s)
 			Expect(err).NotTo(HaveOccurred())
 		})
 

diff --git a/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go b/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go
@@ -322,10 +322,7 @@ func (s *SealedSecret) Unseal(codecs runtimeserializer.CodecFactory, privKeys ma
 	secret.SetNamespace(smeta.GetNamespace())
 	secret.SetName(smeta.GetName())
 
-	// This is sometimes empty?  Fine - we know what the answer is
-	// going to be anyway.
-	//gvk := s.GetObjectKind().GroupVersionKind()
-	gvk := SchemeGroupVersion.WithKind("SealedSecret")
+	gvk := s.GetObjectKind().GroupVersionKind()
 
 	// Refer back to owning SealedSecret
 	ownerRefs := []metav1.OwnerReference{

diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go
@@ -13,6 +13,7 @@ import (
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/kubernetes"
@@ -248,7 +249,10 @@ func (c *Controller) unseal(ctx context.Context, key string) (unsealErr error) {
 		return nil
 	}
 
-	ssecret := obj.(*ssv1alpha1.SealedSecret)
+	ssecret, err := convertSealedSecret(obj)
+	if err != nil {
+		return err
+	}
 	log.Printf("Updating %s", key)
 
 	// any exit of this function at this point will cause an update to the status subresource
@@ -311,6 +315,22 @@ func (c *Controller) unseal(ctx context.Context, key string) (unsealErr error) {
 	return nil
 }
 
+func convertSealedSecret(obj any) (*ssv1alpha1.SealedSecret, error) {
+	sealedSecret, ok := (obj).(*ssv1alpha1.SealedSecret)
+	if !ok {
+		return nil, fmt.Errorf("failed to cast %v into SealedSecret", obj)
+	}
+	if sealedSecret.APIVersion == "" || sealedSecret.Kind == "" {
+		// https://github.com/operator-framework/operator-sdk/issues/727
+		log.Printf("WARNING: Empty API version & kind, filling it...")
+		gv := schema.GroupVersion{Group: ssv1alpha1.GroupName, Version: "v1alpha1"}
+		gvk := gv.WithKind("SealedSecret")
+		sealedSecret.APIVersion = gvk.GroupVersion().String()
+		sealedSecret.Kind = gvk.Kind
+	}
+	return sealedSecret, nil
+}
+
 func (c *Controller) updateSealedSecretStatus(ssecret *ssv1alpha1.SealedSecret, unsealError error) error {
 	if !c.updateStatus {
 		klog.V(2).Infof("not updating status because updateStatus feature flag not turned on")

diff --git a/pkg/crypto/crypto.go b/pkg/crypto/crypto.go
@@ -30,7 +30,7 @@ func PublicKeyFingerprint(rp *rsa.PublicKey) (string, error) {
 }
 
 // HybridEncrypt performs a regular AES-GCM + RSA-OAEP encryption.
-// The output bytestring is:
+// The output byte string is:
 //
 //	RSA ciphertext length || RSA ciphertext || AES ciphertext
 func HybridEncrypt(rnd io.Reader, pubKey *rsa.PublicKey, plaintext, label []byte) ([]byte, error) {