Allow adding sections of plan to hash via annotation (#155)

Donnie Adams · web-flow · commit c56ed00e3e4a · 2021-09-24T18:36:39.000-07:00
Previously, only the latestVersion, serviceAccountName, and secrets were
used in the hash value to track updates. This meant that updating other
parts of the plan (like environment variables) would not automatically
trigger an update.

After this change, if the plan has an annotation
(upgrade.cattle.io/digest) with a value of a comma-delimited string of
pieces of the plan, they will be included in the hash and tracked for
updates.
diff --git a/pkg/apis/upgrade.cattle.io/constants.go b/pkg/apis/upgrade.cattle.io/constants.go
@@ -6,6 +6,12 @@ const (
 	// AnnotationTTLSecondsAfterFinished is used to store a fallback value for job.spec.ttlSecondsAfterFinished
 	AnnotationTTLSecondsAfterFinished = GroupName + `/ttl-seconds-after-finished`
 
+	// AnnotationIncludeInDigest is used to determine parts of the plan to include in the hash for upgrading
+	// The value should be a comma-delimited string corresponding to the sections of the plan.
+	// For example, a value of "spec.concurrency,spec.upgrade.envs" will include
+	// spec.concurrency and spec.upgrade.envs from the plan in the hash to track for upgrades.
+	AnnotationIncludeInDigest = GroupName + `/digest`
+
 	// LabelController is the name of the upgrade controller.
 	LabelController = GroupName + `/controller`
 
diff --git a/pkg/upgrade/plan/plan.go b/pkg/upgrade/plan/plan.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/sha256"
 	"fmt"
+	stdhash "hash"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -14,6 +15,7 @@ import (
 	upgradeapi "github.com/rancher/system-upgrade-controller/pkg/apis/upgrade.cattle.io"
 	upgradeapiv1 "github.com/rancher/system-upgrade-controller/pkg/apis/upgrade.cattle.io/v1"
 	"github.com/rancher/wrangler/pkg/crd"
+	"github.com/rancher/wrangler/pkg/data"
 	corectlv1 "github.com/rancher/wrangler/pkg/generated/controllers/core/v1"
 	"github.com/rancher/wrangler/pkg/schemas/openapi"
 	"github.com/sirupsen/logrus"
@@ -61,6 +63,10 @@ func DigestStatus(plan *upgradeapiv1.Plan, secretCache corectlv1.SecretCache) (u
 		h := sha256.New224()
 		h.Write([]byte(plan.Status.LatestVersion))
 		h.Write([]byte(plan.Spec.ServiceAccountName))
+		if err := addToHashFromAnnotation(h, plan); err != nil {
+			return plan.Status, err
+		}
+
 		for _, s := range plan.Spec.Secrets {
 			secret, err := secretCache.Get(plan.Namespace, s.Name)
 			if err != nil {
@@ -77,6 +83,23 @@ func DigestStatus(plan *upgradeapiv1.Plan, secretCache corectlv1.SecretCache) (u
 	return plan.Status, nil
 }
 
+func addToHashFromAnnotation(h stdhash.Hash, plan *upgradeapiv1.Plan) error {
+	if plan.Annotations[upgradeapi.AnnotationIncludeInDigest] == "" {
+		return nil
+	}
+
+	dataMap, err := data.Convert(plan)
+	if err != nil {
+		return err
+	}
+
+	for _, entry := range strings.Split(plan.Annotations[upgradeapi.AnnotationIncludeInDigest], ",") {
+		h.Write([]byte(dataMap.String(strings.Split(entry, ".")...)))
+	}
+
+	return nil
+}
+
 func MungeVersion(version string) string {
 	return strings.ReplaceAll(version, `+`, `-`)
 }
