// computeUpdatedSCC determines if the expected SCC looks like the actual SCC // it does this by making the expected SCC mirror the actual SCC for items that // we are not reconciling and performing a diff (ignoring changes to metadata). // If a diff is produced then the expected SCC is submitted as needing an update. func (o *ReconcileSCCOptions) computeUpdatedSCC(expected kapi.SecurityContextConstraints, actual kapi.SecurityContextConstraints) (*kapi.SecurityContextConstraints, bool) { needsUpdate := false // if unioning old and new groups/users then make the expected contain all // also preserve and set priorities if o.Union { groupSet := sets.NewString(actual.Groups...) groupSet.Insert(expected.Groups...) expected.Groups = groupSet.List() userSet := sets.NewString(actual.Users...) userSet.Insert(expected.Users...) expected.Users = userSet.List() if actual.Priority != nil { expected.Priority = actual.Priority } // preserve labels and annotations expected.Labels = MergeMaps(expected.Labels, actual.Labels) expected.Annotations = MergeMaps(expected.Annotations, actual.Annotations) } // sort volumes to remove variants in order sortVolumes(&expected) sortVolumes(&actual) // sort users and groups to remove any variants in order when diffing sort.StringSlice(actual.Groups).Sort() sort.StringSlice(actual.Users).Sort() sort.StringSlice(expected.Groups).Sort() sort.StringSlice(expected.Users).Sort() // compute the updated scc as follows: // 1. start with the expected scc // 2. take the objectmeta from the actual scc (preserves the resource version and uid) // 3. add back the labels and annotations from the expected scc (which were already merged if unioning was desired) updated := expected updated.ObjectMeta = actual.ObjectMeta updated.ObjectMeta.Labels = expected.Labels updated.ObjectMeta.Annotations = expected.Annotations if !kapi.Semantic.DeepEqual(updated, actual) { needsUpdate = true } return &updated, needsUpdate }