From 3eff4581264e7f9f561890edf94eeb406a56751d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charles.edouard@nirmata.com>
Date: Tue, 11 Apr 2023 05:34:47 +0200
Subject: [PATCH] fix: incorrect config loading when data is nil (#6818)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 pkg/config/config.go | 46 +++++++++++++++++++++++++-------------------
 1 file changed, 26 insertions(+), 20 deletions(-)

diff --git a/pkg/config/config.go b/pkg/config/config.go
index 57e8356a3b..6088fc7339 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -74,14 +74,18 @@ const (
 	MetricsPath = "/metrics"
 )
 
+// keys in config map
 const (
-	// Due to kubernetes issue, we must use next literal constants instead of deployment TypeMeta fields
-	// Issue: https://github.com/kubernetes/kubernetes/pull/63972
-	// When the issue is closed, we should use TypeMeta struct instead of this constants
-	// ClusterRoleAPIVersion define the default clusterrole resource apiVersion
-	ClusterRoleAPIVersion = "rbac.authorization.k8s.io/v1"
-	// ClusterRoleKind define the default clusterrole resource kind
-	ClusterRoleKind = "ClusterRole"
+	resourceFilters               = "resourceFilters"
+	defaultRegistry               = "defaultRegistry"
+	enableDefaultRegistryMutation = "enableDefaultRegistryMutation"
+	excludeGroups                 = "excludeGroups"
+	excludeUsernames              = "excludeUsernames"
+	excludeRoles                  = "excludeRoles"
+	excludeClusterRoles           = "excludeClusterRoles"
+	generateSuccessEvents         = "generateSuccessEvents"
+	webhooks                      = "webhooks"
+	webhookAnnotations            = "webhookAnnotations"
 )
 
 var (
@@ -287,12 +291,13 @@ func (cd *configuration) Load(cm *corev1.ConfigMap) {
 
 func (cd *configuration) load(cm *corev1.ConfigMap) {
 	logger := logger.WithValues("name", cm.Name, "namespace", cm.Namespace)
-	if cm.Data == nil {
-		return
-	}
 	cd.mux.Lock()
 	defer cd.mux.Unlock()
 	defer cd.notify()
+	data := cm.Data
+	if data == nil {
+		data = map[string]string{}
+	}
 	// reset
 	cd.defaultRegistry = "docker.io"
 	cd.enableDefaultRegistryMutation = true
@@ -305,10 +310,10 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
 	cd.webhooks = nil
 	cd.webhookAnnotations = nil
 	// load filters
-	cd.filters = parseKinds(cm.Data["resourceFilters"])
+	cd.filters = parseKinds(data[resourceFilters])
 	logger.Info("filters configured", "filters", cd.filters)
 	// load defaultRegistry
-	defaultRegistry, ok := cm.Data["defaultRegistry"]
+	defaultRegistry, ok := data[defaultRegistry]
 	if !ok {
 		logger.Info("defaultRegistry not set")
 	} else {
@@ -321,7 +326,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
 		}
 	}
 	// load enableDefaultRegistryMutation
-	enableDefaultRegistryMutation, ok := cm.Data["enableDefaultRegistryMutation"]
+	enableDefaultRegistryMutation, ok := data[enableDefaultRegistryMutation]
 	if !ok {
 		logger.Info("enableDefaultRegistryMutation not set")
 	} else {
@@ -335,7 +340,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
 		}
 	}
 	// load excludeGroupRole
-	excludedGroups, ok := cm.Data["excludeGroups"]
+	excludedGroups, ok := data[excludeGroups]
 	if !ok {
 		logger.Info("excludeGroups not set")
 	} else {
@@ -343,7 +348,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
 		logger.Info("excludedGroups configured", "excludeGroups", cd.excludedGroups)
 	}
 	// load excludeUsername
-	excludedUsernames, ok := cm.Data["excludeUsernames"]
+	excludedUsernames, ok := data[excludeUsernames]
 	if !ok {
 		logger.Info("excludeUsernames not set")
 	} else {
@@ -351,7 +356,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
 		logger.Info("excludedUsernames configured", "excludeUsernames", cd.excludedUsernames)
 	}
 	// load excludeRoles
-	excludedRoles, ok := cm.Data["excludeRoles"]
+	excludedRoles, ok := data[excludeRoles]
 	if !ok {
 		logger.Info("excludeRoles not set")
 	} else {
@@ -359,7 +364,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
 		logger.Info("excludedRoles configured", "excludeRoles", cd.excludedRoles)
 	}
 	// load excludeClusterRoles
-	excludedClusterRoles, ok := cm.Data["excludeClusterRoles"]
+	excludedClusterRoles, ok := data[excludeClusterRoles]
 	if !ok {
 		logger.Info("excludeClusterRoles not set")
 	} else {
@@ -367,7 +372,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
 		logger.Info("excludedClusterRoles configured", "excludeClusterRoles", cd.excludedClusterRoles)
 	}
 	// load generateSuccessEvents
-	generateSuccessEvents, ok := cm.Data["generateSuccessEvents"]
+	generateSuccessEvents, ok := data[generateSuccessEvents]
 	if !ok {
 		logger.Info("generateSuccessEvents not set")
 	} else {
@@ -381,7 +386,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
 		}
 	}
 	// load webhooks
-	webhooks, ok := cm.Data["webhooks"]
+	webhooks, ok := data[webhooks]
 	if !ok {
 		logger.Info("webhooks not set")
 	} else {
@@ -395,7 +400,7 @@ func (cd *configuration) load(cm *corev1.ConfigMap) {
 		}
 	}
 	// load webhook annotations
-	webhookAnnotations, ok := cm.Data["webhookAnnotations"]
+	webhookAnnotations, ok := data[webhookAnnotations]
 	if !ok {
 		logger.Info("webhookAnnotations not set")
 	} else {
@@ -424,6 +429,7 @@ func (cd *configuration) unload() {
 	cd.generateSuccessEvents = false
 	cd.webhooks = nil
 	cd.webhookAnnotations = nil
+	logger.Info("configuration unloaded")
 }
 
 func (cd *configuration) notify() {