fix: Secret references must be sorted to ensure stable output

vshn · Jul 5, 2024 · 5dda337 · 5dda337
1 parent 6c9ed3e
commit 5dda337
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 1 deletion.
diff --git a/pkg/converter/converter.go b/pkg/converter/converter.go
@@ -314,7 +314,19 @@ func composeServiceToContainer(
 		envFrom = append(envFrom, core.EnvFromSource{SecretRef: &core.SecretEnvSource{LocalObjectReference: core.LocalObjectReference{Name: secret.Name}}})
 	}
 	env := []core.EnvVar{}
-	for key, value := range workload.AsCompose().Environment {
+
+	// We need to iterate over the Environment map in an ordered way, because otherwise the resulting secret references will have a non-deterministic order.
+	// Hence we get the keys first and sort them.
+	keys := make([]string, len(workload.AsCompose().Environment))
+	i := 0
+	for k, _ := range workload.AsCompose().Environment {
+		keys[i] = k
+		i++
+	}
+	sort.Strings(keys)
+	// Now iterate over the sorted keys
+	for _, key := range keys {
+		value := workload.AsCompose().Environment[key]
 		if value != nil && strings.HasPrefix(*value, SecretRefMagic+":") {
 			// we've encountered a reference to another secret (starting with "$_ref_:" in the compose file)
 			refValue := (*value)[len(SecretRefMagic)+1:]
@@ -326,6 +338,7 @@ func composeServiceToContainer(
 			env = append(env, core.EnvVar{Name: key, ValueFrom: &core.EnvVarSource{SecretKeyRef: &core.SecretKeySelector{LocalObjectReference: core.LocalObjectReference{Name: refStrings[0]}, Key: refStrings[1]}}})
 		}
 	}
+
 	return core.Container{
 		Name:  composeService.Name + refSlug,
 		Image: composeService.Image,

diff --git a/tests/golden/env-vars/compose.yml b/tests/golden/env-vars/compose.yml
@@ -6,3 +6,5 @@ services:
       - BAR=${BAR}
       - something_else=${BAZ}
       - "PASSWORD=$_ref_:mongodb-secret:password"
+      - "FOOREF=$_ref_:foo:fooooooo"
+      - "BARREF=$_ref_:bar:baaaaaar"
diff --git a/tests/golden/env-vars/manifests/fooBar-oasp-deployment.yaml b/tests/golden/env-vars/manifests/fooBar-oasp-deployment.yaml
@@ -32,6 +32,16 @@ spec:
             topologyKey: kubernetes.io/hostname
       containers:
       - env:
+        - name: BARREF
+          valueFrom:
+            secretKeyRef:
+              key: baaaaaar
+              name: bar
+        - name: FOOREF
+          valueFrom:
+            secretKeyRef:
+              key: fooooooo
+              name: foo
         - name: PASSWORD
           valueFrom:
             secretKeyRef: