// computeUpdatedSCC determines if the expected SCC looks like the actual SCC
// it does this by making the expected SCC mirror the actual SCC for items that
// we are not reconciling and performing a diff (ignoring changes to metadata).
// If a diff is produced then the expected SCC is submitted as needing an update.
func (o *ReconcileSCCOptions) computeUpdatedSCC(expected kapi.SecurityContextConstraints, actual kapi.SecurityContextConstraints) (*kapi.SecurityContextConstraints, bool) {
needsUpdate := false
// if unioning old and new groups/users then make the expected contain all
// also preserve and set priorities
if o.Union {
groupSet := sets.NewString(actual.Groups...)
groupSet.Insert(expected.Groups...)
expected.Groups = groupSet.List()
userSet := sets.NewString(actual.Users...)
userSet.Insert(expected.Users...)
expected.Users = userSet.List()
if actual.Priority != nil {
expected.Priority = actual.Priority
}
// preserve labels and annotations
expected.Labels = MergeMaps(expected.Labels, actual.Labels)
expected.Annotations = MergeMaps(expected.Annotations, actual.Annotations)
}
// sort volumes to remove variants in order
sortVolumes(&expected)
sortVolumes(&actual)
// sort users and groups to remove any variants in order when diffing
sort.StringSlice(actual.Groups).Sort()
sort.StringSlice(actual.Users).Sort()
sort.StringSlice(expected.Groups).Sort()
sort.StringSlice(expected.Users).Sort()
// compute the updated scc as follows:
// 1. start with the expected scc
// 2. take the objectmeta from the actual scc (preserves the resource version and uid)
// 3. add back the labels and annotations from the expected scc (which were already merged if unioning was desired)
updated := expected
updated.ObjectMeta = actual.ObjectMeta
updated.ObjectMeta.Labels = expected.Labels
updated.ObjectMeta.Annotations = expected.Annotations
if !kapi.Semantic.DeepEqual(updated, actual) {
needsUpdate = true
}
return &updated, needsUpdate
}
