From bc97ae06f669c17903ad3b170a71dd4fd47045c8 Mon Sep 17 00:00:00 2001
From: Tom Godkin <tomgodkin@pm.me>
Date: Tue, 27 Aug 2024 21:20:41 +0100
Subject: [PATCH] Demonstrate new slices/maps packages (#3839)

---
 pkg/controllers/crds/crds_controller.go        | 12 ++----------
 .../externalsecret_controller.go               | 18 +++++++-----------
 .../externalsecret_controller_template.go      |  5 ++---
 .../pushsecret/pushsecret_controller.go        |  5 ++---
 .../aws/parameterstore/parameterstore.go       | 10 ++++------
 pkg/provider/kubernetes/validate.go            | 16 ++++------------
 pkg/provider/vault/client_push.go              |  5 ++---
 7 files changed, 23 insertions(+), 48 deletions(-)

diff --git a/pkg/controllers/crds/crds_controller.go b/pkg/controllers/crds/crds_controller.go
index bd5ab895a..a26e95123 100644
--- a/pkg/controllers/crds/crds_controller.go
+++ b/pkg/controllers/crds/crds_controller.go
@@ -29,6 +29,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"slices"
 	"sync"
 	"time"
 
@@ -107,18 +108,9 @@ type CertInfo struct {
 	CAName   string
 }
 
-func contains(s []string, e string) bool {
-	for _, a := range s {
-		if a == e {
-			return true
-		}
-	}
-	return false
-}
-
 func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	log := r.Log.WithValues("CustomResourceDefinition", req.NamespacedName)
-	if contains(r.CrdResources, req.NamespacedName.Name) {
+	if slices.Contains(r.CrdResources, req.NamespacedName.Name) {
 		err := r.updateCRD(ctx, req)
 		if err != nil {
 			log.Error(err, "failed to inject conversion webhook")
diff --git a/pkg/controllers/externalsecret/externalsecret_controller.go b/pkg/controllers/externalsecret/externalsecret_controller.go
index 5ab1f989b..9be861a25 100644
--- a/pkg/controllers/externalsecret/externalsecret_controller.go
+++ b/pkg/controllers/externalsecret/externalsecret_controller.go
@@ -19,6 +19,8 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"maps"
+	"slices"
 	"strings"
 	"time"
 
@@ -474,11 +476,8 @@ func getManagedDataKeys(secret *v1.Secret, fieldOwner string) ([]string, error)
 		if !ok {
 			return nil
 		}
-		var keys []string
-		for k := range df {
-			keys = append(keys, k)
-		}
-		return keys
+
+		return slices.Collect(maps.Keys(df))
 	})
 }
 
@@ -639,12 +638,9 @@ func isSecretValid(existingSecret v1.Secret) bool {
 // computeDataHashAnnotation generate a hash of the secret data combining the old key with the new keys to add or override.
 func (r *Reconciler) computeDataHashAnnotation(existing, secret *v1.Secret) string {
 	data := make(map[string][]byte)
-	for k, v := range existing.Data {
-		data[k] = v
-	}
-	for k, v := range secret.Data {
-		data[k] = v
-	}
+	maps.Insert(data, maps.All(existing.Data))
+	maps.Insert(data, maps.All(secret.Data))
+
 	return utils.ObjectHash(data)
 }
 
diff --git a/pkg/controllers/externalsecret/externalsecret_controller_template.go b/pkg/controllers/externalsecret/externalsecret_controller_template.go
index fa540a645..73fb35edd 100644
--- a/pkg/controllers/externalsecret/externalsecret_controller_template.go
+++ b/pkg/controllers/externalsecret/externalsecret_controller_template.go
@@ -17,6 +17,7 @@ package externalsecret
 import (
 	"context"
 	"fmt"
+	"maps"
 
 	v1 "k8s.io/api/core/v1"
 
@@ -44,9 +45,7 @@ func (r *Reconciler) applyTemplate(ctx context.Context, es *esv1beta1.ExternalSe
 	}
 	// Merge Policy should merge secrets
 	if es.Spec.Target.Template.MergePolicy == esv1beta1.MergePolicyMerge {
-		for k, v := range dataMap {
-			secret.Data[k] = v
-		}
+		maps.Insert(secret.Data, maps.All(dataMap))
 	}
 	execute, err := template.EngineForVersion(es.Spec.Target.Template.EngineVersion)
 	if err != nil {
diff --git a/pkg/controllers/pushsecret/pushsecret_controller.go b/pkg/controllers/pushsecret/pushsecret_controller.go
index 22822a784..90db94726 100644
--- a/pkg/controllers/pushsecret/pushsecret_controller.go
+++ b/pkg/controllers/pushsecret/pushsecret_controller.go
@@ -18,6 +18,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"maps"
 	"strings"
 	"time"
 
@@ -235,9 +236,7 @@ func mergeSecretState(newMap, old esapi.SyncedPushSecretsMap) esapi.SyncedPushSe
 		if !ok {
 			out[k] = make(map[string]esapi.PushSecretData)
 		}
-		for kk, vv := range v {
-			out[k][kk] = vv
-		}
+		maps.Insert(out[k], maps.All(v))
 	}
 	return out
 }
diff --git a/pkg/provider/aws/parameterstore/parameterstore.go b/pkg/provider/aws/parameterstore/parameterstore.go
index 23d3f8f6f..842cc3e02 100644
--- a/pkg/provider/aws/parameterstore/parameterstore.go
+++ b/pkg/provider/aws/parameterstore/parameterstore.go
@@ -19,6 +19,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"slices"
 	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -239,12 +240,9 @@ func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret,
 }
 
 func isManagedByESO(tags []*ssm.Tag) bool {
-	for _, tag := range tags {
-		if *tag.Key == managedBy && *tag.Value == externalSecrets {
-			return true
-		}
-	}
-	return false
+	return slices.ContainsFunc(tags, func(tag *ssm.Tag) bool {
+		return *tag.Key == managedBy && *tag.Value == externalSecrets
+	})
 }
 
 func (pm *ParameterStore) setManagedRemoteParameter(ctx context.Context, secretRequest ssm.PutParameterInput, createManagedByTags bool) error {
diff --git a/pkg/provider/kubernetes/validate.go b/pkg/provider/kubernetes/validate.go
index 00f70607c..16c9cab21 100644
--- a/pkg/provider/kubernetes/validate.go
+++ b/pkg/provider/kubernetes/validate.go
@@ -18,6 +18,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"slices"
 
 	authv1 "k8s.io/api/authorization/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -89,20 +90,11 @@ func (c *Client) Validate() (esv1beta1.ValidationResult, error) {
 		return esv1beta1.ValidationResultUnknown, fmt.Errorf("could not verify if client is valid: %w", err)
 	}
 	for _, rev := range authReview.Status.ResourceRules {
-		if (contains("secrets", rev.Resources) || contains("*", rev.Resources)) &&
-			(contains("get", rev.Verbs) || contains("*", rev.Verbs)) &&
-			(len(rev.APIGroups) == 0 || (contains("", rev.APIGroups) || contains("*", rev.APIGroups))) {
+		if (slices.Contains(rev.Resources, "secrets") || slices.Contains(rev.Resources, "*")) &&
+			(slices.Contains(rev.Verbs, "get") || slices.Contains(rev.Verbs, "*")) &&
+			(len(rev.APIGroups) == 0 || (slices.Contains(rev.APIGroups, "") || slices.Contains(rev.APIGroups, "*"))) {
 			return esv1beta1.ValidationResultReady, nil
 		}
 	}
 	return esv1beta1.ValidationResultError, errors.New("client is not allowed to get secrets")
 }
-
-func contains(sub string, args []string) bool {
-	for _, k := range args {
-		if k == sub {
-			return true
-		}
-	}
-	return false
-}
diff --git a/pkg/provider/vault/client_push.go b/pkg/provider/vault/client_push.go
index 0ed4422f3..d36b7204b 100644
--- a/pkg/provider/vault/client_push.go
+++ b/pkg/provider/vault/client_push.go
@@ -20,6 +20,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"maps"
 
 	corev1 "k8s.io/api/core/v1"
 
@@ -107,9 +108,7 @@ func (c *client) PushSecret(ctx context.Context, secret *corev1.Secret, data esv
 				return nil
 			}
 		}
-		for k, v := range vaultSecret {
-			secretVal[k] = v
-		}
+		maps.Insert(secretVal, maps.All(vaultSecret))
 		// Secret got from vault is already on map[string]string format
 		secretVal[data.GetProperty()] = string(value)
 	} else {