From 91d382de43dfc0e7156376037dba1c641e9173fd Mon Sep 17 00:00:00 2001 From: Alper Rifat Ulucinar Date: Thu, 6 Jun 2024 12:14:10 +0300 Subject: [PATCH] Do not prefix JSON fieldpaths starting with status.atProvider in resource.GetSensitiveParameters - If the MR API has a spec.forProvider.status field and there are sensitive attributes, then fieldpath.Paved.ExpandWildcards complains instead of expanding as an empty slice, which breaks the reconciliation. Signed-off-by: Alper Rifat Ulucinar --- pkg/resource/sensitive.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pkg/resource/sensitive.go b/pkg/resource/sensitive.go index adaff8e6..f8447b2a 100644 --- a/pkg/resource/sensitive.go +++ b/pkg/resource/sensitive.go @@ -168,17 +168,25 @@ func GetSensitiveParameters(ctx context.Context, client SecretClient, from runti return err } pavedTF := fieldpath.Pave(into) + prefixes := []string{"spec.initProvider.", "spec.forProvider."} for tfPath, jsonPath := range mapping { jp := jsonPath groups := reFieldPathSpec.FindStringSubmatch(jsonPath) if len(groups) == 3 { jp = groups[2] + } else if strings.HasPrefix(jsonPath, "status.atProvider.") { + // we will not be prefixing the JSON fieldpath expression if it starts + // with "status.atProvider" in case there is a spec.forProvider.status + // field. If there exists a spec.forProvider.status field, then the + // fieldpath.ExpandWildcards will complain instead of expanding the + // fieldpath expression as an empty slice. + prefixes = []string{""} } // spec.forProvider secret references override the spec.initProvider // references. - for _, p := range []string{"spec.initProvider.", "spec.forProvider."} { + for _, p := range prefixes { if err := storeSensitiveData(ctx, client, tfPath, p+jp, pavedTF, pavedJSON, mapping); err != nil { return err }