fix: argocd diff --local should not print data of local secrets (#4850)

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2026-05-23 17:28:44 +00:00 · 2020-11-17 09:30:35 -08:00 · 2020-11-17 09:30:35 -08:00 · 7ee951b5b8
commit 7ee951b5b8
parent be8308199c
4 changed files with 32 additions and 4 deletions
--- a/cmd/argocd/commands/app.go
+++ b/cmd/argocd/commands/app.go
@ -1228,6 +1228,11 @@ func groupObjsForDiff(resources *application.ManagedResourcesResponse, objs map[
 		}
 	}
 	for key, local := range objs {
+		if key.Kind == kube.SecretKind && key.Group == "" {
+			// Don't bother comparing secrets, argo-cd doesn't have access to k8s secret data
+			delete(objs, key)
+			continue
+		}
 		items = append(items, objKeyLiveTarget{key, nil, local})
 	}
 	return items
--- a/test/e2e/app_management_test.go
+++ b/test/e2e/app_management_test.go
@ -460,6 +460,20 @@ func TestAppWithSecrets(t *testing.T) {
 		And(func(app *Application) {
 			diffOutput := FailOnErr(RunCli("app", "diff", app.Name)).(string)
 			assert.Empty(t, diffOutput)
+		}).
+		// verify not committed secret also ignore during diffing
+		When().
+		WriteFile("secret3.yaml", `
+apiVersion: v1
+kind: Secret
+metadata:
+  name: test-secret3
+stringData:
+  username: test-username`).
+		Then().
+		And(func(app *Application) {
+			diffOutput := FailOnErr(RunCli("app", "diff", app.Name, "--local", "testdata/secrets")).(string)
+			assert.Empty(t, diffOutput)
 		})
 }

--- a/test/e2e/fixture/app/actions.go
+++ b/test/e2e/fixture/app/actions.go
@ -46,6 +46,12 @@ func (a *Actions) DeleteFile(file string) *Actions {
 	return a
 }

+func (a *Actions) WriteFile(fileName, fileContents string) *Actions {
+	a.context.t.Helper()
+	fixture.WriteFile(a.context.path+"/"+fileName, fileContents)
+	return a
+}
+
 func (a *Actions) AddFile(fileName, fileContents string) *Actions {
 	a.context.t.Helper()
 	fixture.AddFile(a.context.path+"/"+fileName, fileContents)
--- a/test/e2e/fixture/fixture.go
+++ b/test/e2e/fixture/fixture.go
@ -445,11 +445,15 @@ func Delete(path string) {
 	FailOnErr(Run(repoDirectory(), "git", "commit", "-am", "delete"))
 }

-func AddFile(path, contents string) {
-
+func WriteFile(path, contents string) {
 	log.WithFields(log.Fields{"path": path}).Info("adding")

 	CheckError(ioutil.WriteFile(filepath.Join(repoDirectory(), path), []byte(contents), 0644))
+}
+
+func AddFile(path, contents string) {
+
+	WriteFile(path, contents)

 	FailOnErr(Run(repoDirectory(), "git", "diff"))
 	FailOnErr(Run(repoDirectory(), "git", "add", "."))
@ -457,9 +461,8 @@ func AddFile(path, contents string) {
 }

 func AddSignedFile(path, contents string) {
-	log.WithFields(log.Fields{"path": path}).Info("adding")
+	WriteFile(path, contents)

-	CheckError(ioutil.WriteFile(filepath.Join(repoDirectory(), path), []byte(contents), 0644))
 	prevGnuPGHome := os.Getenv("GNUPGHOME")
 	os.Setenv("GNUPGHOME", TmpDir+"/gpg")
 	FailOnErr(Run(repoDirectory(), "git", "diff"))