From c06bf2e3bb696016be0357c373b0c68e10602b57 Mon Sep 17 00:00:00 2001
From: Leonard Cohnen <lc@edgeless.systems>
Date: Thu, 10 Oct 2024 15:35:05 +0200
Subject: [PATCH] genpolicy: read binaryData value as String

While Kubernetes defines `binaryData` as `[]byte`,
when defined in a YAML file the raw bytes are
base64 encoded. Therefore, we need to read the YAML
value as `String` and not as `Vec<u8>`.

Fixes: #10410

Signed-off-by: Leonard Cohnen <lc@edgeless.systems>
---
 src/tools/genpolicy/src/config_map.rs                         | 4 +++-
 .../runtimeclass_workloads/k8s-policy-configmap.yaml          | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/tools/genpolicy/src/config_map.rs b/src/tools/genpolicy/src/config_map.rs
index d4468a46b2..69519bd9d3 100644
--- a/src/tools/genpolicy/src/config_map.rs
+++ b/src/tools/genpolicy/src/config_map.rs
@@ -28,8 +28,10 @@ pub struct ConfigMap {
     #[serde(skip_serializing_if = "Option::is_none")]
     pub data: Option<BTreeMap<String, String>>,
 
+    // When parsing a YAML file, binaryData is encoded as base64.
+    // Therefore, this is a BTreeMap<String, String> instead of BTreeMap<String, Vec<u8>>.
     #[serde(skip_serializing_if = "Option::is_none")]
-    pub binaryData: Option<BTreeMap<String, Vec<u8>>>,
+    pub binaryData: Option<BTreeMap<String, String>>,
 
     #[serde(skip_serializing_if = "Option::is_none")]
     immutable: Option<bool>,
diff --git a/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-configmap.yaml b/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-configmap.yaml
index 62818439f1..8dcf230e3e 100644
--- a/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-configmap.yaml
+++ b/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-configmap.yaml
@@ -11,3 +11,7 @@ data:
   data-1: value-1
   data-2: value-2
   data-3: value-3
+binaryData:
+  bin-data-1: YmluLXZhbHVlLTE=
+  bin-data-2: YmluLXZhbHVlLTI=
+  bin-data-3: YmluLXZhbHVlLTM=