Merge pull request #735 from jetstack/secret-immutable-VC-46158

FelixPhipps · web-flow · commit ff3d50e0c304 · 2025-10-20T15:28:37.000+01:00
Agent: Report Kubernetes Secret immutable attribute to DisCo
diff --git a/pkg/datagatherer/k8s/fieldfilter.go b/pkg/datagatherer/k8s/fieldfilter.go
@@ -25,7 +25,7 @@ var SecretSelectedFields = []FieldPath{
 	{"metadata", "creationTimestamp"},
 	{"metadata", "deletionTimestamp"},
 	{"metadata", "resourceVersion"},
-
+	{"immutable"},
 	{"type"},
 	{"data", "tls.crt"},
 	{"data", "ca.crt"},
diff --git a/pkg/datagatherer/k8s/fieldfilter_test.go b/pkg/datagatherer/k8s/fieldfilter_test.go
@@ -69,6 +69,77 @@ func TestSelect(t *testing.T) {
 		},
 	))
 
+	// Confirm select function preserves immutability
+	t.Run("secret-immutable", run_TestSelect(
+		map[string]interface{}{
+			"apiVersion": "v1",
+			"kind":       "Secret",
+			"immutable":  true,
+			"metadata": map[string]interface{}{
+				"name":      "with-immutable",
+				"namespace": "example",
+			},
+			"type": "Opaque",
+		},
+		SecretSelectedFields,
+		map[string]interface{}{
+			"apiVersion": "v1",
+			"kind":       "Secret",
+			"immutable":  true,
+			"metadata": map[string]interface{}{
+				"name":      "with-immutable",
+				"namespace": "example",
+			},
+			"type": "Opaque",
+		},
+	))
+
+	t.Run("secret-immutable-false", run_TestSelect(
+		map[string]interface{}{
+			"apiVersion": "v1",
+			"kind":       "Secret",
+			"immutable":  false,
+			"metadata": map[string]interface{}{
+				"name":      "with-immutable-false",
+				"namespace": "example",
+			},
+			"type": "Opaque",
+		},
+		SecretSelectedFields,
+		map[string]interface{}{
+			"apiVersion": "v1",
+			"kind":       "Secret",
+			"immutable":  false,
+			"metadata": map[string]interface{}{
+				"name":      "with-immutable-false",
+				"namespace": "example",
+			},
+			"type": "Opaque",
+		},
+	))
+
+	t.Run("secret-immutable-absent", run_TestSelect(
+		map[string]interface{}{
+			"apiVersion": "v1",
+			"kind":       "Secret",
+			"metadata": map[string]interface{}{
+				"name":      "immutable-absent",
+				"namespace": "example",
+			},
+			"type": "Opaque",
+		},
+		SecretSelectedFields,
+		map[string]interface{}{
+			"apiVersion": "v1",
+			"kind":       "Secret",
+			"metadata": map[string]interface{}{
+				"name":      "immutable-absent",
+				"namespace": "example",
+			},
+			"type": "Opaque",
+		},
+	))
+
 	t.Run("route", run_TestSelect(
 		map[string]interface{}{
 			"apiVersion": "v1",
