From 6bb39aaf055b3e09a64d3fc978a85d18442816a3 Mon Sep 17 00:00:00 2001
From: JenTing <hsiaoairplane@gmail.com>
Date: Thu, 25 Jul 2024 02:36:55 +0800
Subject: [PATCH] enhance: skip updating k8s secret if no change (#274)

Signed-off-by: JenTing Hsiao <hsiaoairplane@gmail.com>
---
 controllers/vaultsecret_controller.go | 39 +++++++++++++++++----------
 1 file changed, 25 insertions(+), 14 deletions(-)

diff --git a/controllers/vaultsecret_controller.go b/controllers/vaultsecret_controller.go
index f54f921..826ea1f 100644
--- a/controllers/vaultsecret_controller.go
+++ b/controllers/vaultsecret_controller.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"reflect"
 	"text/template"
 	"time"
 
@@ -225,23 +226,33 @@ func (r *VaultSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 	if instance.Spec.ReconcileStrategy == "Merge" {
 		secret = mergeSecretData(secret, found)
 
-		log.Info("Updating a Secret", "Secret.Namespace", secret.Namespace, "Secret.Name", secret.Name)
-		err = r.Update(ctx, secret)
-		if err != nil {
-			log.Error(err, "Could not update secret")
-			r.updateConditions(ctx, instance, conditionReasonMergeFailed, err.Error(), metav1.ConditionFalse)
-			return ctrl.Result{}, err
+		if secret.Type == found.Type && reflect.DeepEqual(secret.Data, found.Data) &&
+			reflect.DeepEqual(secret.Labels, found.Labels) && reflect.DeepEqual(secret.Annotations, found.Annotations) {
+			log.Info("Skip updating a Secret cause data no change", "Secret.Namespace", secret.Namespace, "Secret.Name", secret.Name)
+		} else {
+			log.Info("Updating a Secret", "Secret.Namespace", secret.Namespace, "Secret.Name", secret.Name)
+			err = r.Update(ctx, secret)
+			if err != nil {
+				log.Error(err, "Could not update secret")
+				r.updateConditions(ctx, instance, conditionReasonMergeFailed, err.Error(), metav1.ConditionFalse)
+				return ctrl.Result{}, err
+			}
+			r.updateConditions(ctx, instance, conditionReasonUpdated, "Secret was updated", metav1.ConditionTrue)
 		}
-		r.updateConditions(ctx, instance, conditionReasonUpdated, "Secret was updated", metav1.ConditionTrue)
 	} else {
-		log.Info("Updating a Secret", "Secret.Namespace", secret.Namespace, "Secret.Name", secret.Name)
-		err = r.Update(ctx, secret)
-		if err != nil {
-			log.Error(err, "Could not update secret")
-			r.updateConditions(ctx, instance, conditionReasonUpdateFailed, err.Error(), metav1.ConditionFalse)
-			return ctrl.Result{}, err
+		if secret.Type == found.Type && reflect.DeepEqual(secret.Data, found.Data) &&
+			reflect.DeepEqual(secret.Labels, found.Labels) && reflect.DeepEqual(secret.Annotations, found.Annotations) {
+			log.Info("Skip updating a Secret cause no change", "Secret.Namespace", secret.Namespace, "Secret.Name", secret.Name)
+		} else {
+			log.Info("Updating a Secret", "Secret.Namespace", secret.Namespace, "Secret.Name", secret.Name)
+			err = r.Update(ctx, secret)
+			if err != nil {
+				log.Error(err, "Could not update secret")
+				r.updateConditions(ctx, instance, conditionReasonUpdateFailed, err.Error(), metav1.ConditionFalse)
+				return ctrl.Result{}, err
+			}
+			r.updateConditions(ctx, instance, conditionReasonUpdated, "Secret was updated", metav1.ConditionTrue)
 		}
-		r.updateConditions(ctx, instance, conditionReasonUpdated, "Secret was updated", metav1.ConditionTrue)
 	}
 
 	// Finally we add the vaultsecretsFinalizer to the VaultSecret. The finilizer is needed so that we can remove the