// computeUpdatedSCC determines if the expected SCC looks like the actual SCC // it does this by making the expected SCC mirror the actual SCC for items that // we are not reconciling and performing a diff (ignoring changes to metadata). // If a diff is produced then the expected SCC is submitted as needing an update. func (o *ReconcileSCCOptions) computeUpdatedSCC(expected kapi.SecurityContextConstraints, actual kapi.SecurityContextConstraints) (*kapi.SecurityContextConstraints, bool) { needsUpdate := false // if unioning old and new groups/users then make the expected contain all // also preserve and set priorities if o.Union { groupSet := sets.NewString(actual.Groups...) groupSet.Insert(expected.Groups...) expected.Groups = groupSet.List() userSet := sets.NewString(actual.Users...) userSet.Insert(expected.Users...) expected.Users = userSet.List() if actual.Priority != nil { expected.Priority = actual.Priority } } // sort users and groups to remove any variants in order when diffing sort.StringSlice(actual.Groups).Sort() sort.StringSlice(actual.Users).Sort() sort.StringSlice(expected.Groups).Sort() sort.StringSlice(expected.Users).Sort() // make a copy of the expected scc here so we can ignore metadata diffs. updated := expected expected.ObjectMeta = actual.ObjectMeta if !kapi.Semantic.DeepEqual(expected, actual) { needsUpdate = true } return &updated, needsUpdate }