diff --git a/internal/controller/identityprovider/idpcache/cache.go b/internal/controller/identityprovider/idpcache/cache.go index d9ffa614..cea71f14 100644 --- a/internal/controller/identityprovider/idpcache/cache.go +++ b/internal/controller/identityprovider/idpcache/cache.go @@ -7,6 +7,7 @@ package idpcache import ( "context" "fmt" + "sort" "sync" "k8s.io/apiserver/pkg/authentication/authenticator" @@ -68,6 +69,14 @@ func (c *Cache) Keys() []Key { result = append(result, key.(Key)) return true }) + + // Sort the results for consistency. + sort.Slice(result, func(i, j int) bool { + return result[i].APIGroup < result[j].APIGroup || + result[i].Kind < result[j].Kind || + result[i].Namespace < result[j].Namespace || + result[i].Name < result[j].Name + }) return result } diff --git a/internal/controller/identityprovider/idpcache/cache_test.go b/internal/controller/identityprovider/idpcache/cache_test.go index e400ff0e..83c49313 100644 --- a/internal/controller/identityprovider/idpcache/cache_test.go +++ b/internal/controller/identityprovider/idpcache/cache_test.go @@ -6,6 +6,7 @@ package idpcache import ( "context" "fmt" + "math/rand" "testing" "time" @@ -46,6 +47,24 @@ func TestCache(t *testing.T) { cache.Delete(key) } require.Zero(t, len(cache.Keys())) + + // Fill the cache back up with a fixed set of keys, but inserted in shuffled order. + keysInExpectedOrder := []Key{ + {APIGroup: "a", Kind: "a", Namespace: "a", Name: "a"}, + {APIGroup: "b", Kind: "a", Namespace: "a", Name: "a"}, + {APIGroup: "b", Kind: "b", Namespace: "a", Name: "a"}, + {APIGroup: "b", Kind: "b", Namespace: "b", Name: "a"}, + {APIGroup: "b", Kind: "b", Namespace: "b", Name: "b"}, + } + for tries := 0; tries < 10; tries++ { + cache := New() + for _, i := range rand.Perm(len(keysInExpectedOrder)) { + cache.Store(keysInExpectedOrder[i], nil) + } + + // Expect that they come back out in sorted order. + require.Equal(t, keysInExpectedOrder, cache.Keys()) + } } func TestAuthenticateTokenCredentialRequest(t *testing.T) {