diff command

The tkseal diff PATH command is used to show the difference between the local plain_secrets.json file and the current Opaque Kubernetes secrets associated with a Tanka environment path. The underlying workflow for this command relies on three primary modules:

• Configuration,
• SecretState
• Diff

Based on the implementation plan detailed in the sources, here is the workflow and features of the tkseal diff command:

• Primary Goal: Shows what changes would be applied in the Kubernetes cluster based on the local plain_secrets.json file.

---

Branch 1: Initialization & Prerequisites (CLI Integration)

• Input Handling: ◦ Requires a PATH argument (the path to the Tanka environment directory).
• Dependency Check:
  • Must verify the existence of required CLI dependencies:
    • kubectl.
    • Grafana Tanka (tk).
    • kubeseal. ◦ If dependencies are missing, an error is raised, and the user is advised to run tkseal ready.
• User Notification:
  • Prints an informational message to the user: "This shows what would change in the cluster based on plain_secrets.json".

---

Branch 2: Secret State Management (SecretState Module)

• Purpose: Coordinates state between local files and the Kubernetes cluster.
• Path Normalization:
  • Normalizes the input path (e.g., removes trailing slashes or .jsonnet extensions).
• Local File Access (Source of Changes):
  • Defines the path to plain_secrets.json.
  • Reads plain_secrets content from the file.
  • Feature: Returns an empty string if plain_secrets.json is missing.
• Cluster Access (Target State):
  • Retrieves kube_secrets (Opaque Kubernetes secrets) by calling Secrets.for_tk_env.
  • Converts the retrieved secrets into a JSON string format. • Environment Context Delegation:
  • Retrieves the Kubernetes context from the Tanka environment.
  • Retrieves the Kubernetes namespace from the Tanka environment.

e.g. Run tk status . and see what looks the output like

Cluster: {cluster_name}
Environment:
  APIServer: https://{cluster}.kubernetes.hathitrust.org
  ApplyStrategy: server
  ContextNames: []
  DiffStrategy: server
  ExpectVersions: map[Tanka:]
  ExportJsonnetImplementation: 
  InjectLabels: false
  Namespace: {namespace_name}
  ResourceDefaults: map[Annotations:map[] Labels:map[]]
  TankaEnvLabelFromFields: []
Resources:
  NAMESPACE            OBJECTSPEC
  {namespace_name}    ConfigMap/{config_1}
  {namespace_name}    PersistentVolumeClaim/{condif_1_persVol}
  {namespace_name}    Service/{service_1}
  {namespace_name}    Deployment/{deployment_1}
  {namespace_name}    SealedSecret/{service_1_sealedSecret}```

---

Branch 3: Comparison & Output Features (Diff Module)

• Core Function: Compares two text strings (secrets) and displays differences.
• Primary Comparison Mode (plain()):
  • This is the mode executed by tkseal diff PATH.
  • Comparison Direction: Shows changes that would be made to the cluster by the local plain secrets.
  • Input Order: Compares secret_state.kube_secrets (as from_text) against secret_state.plain_secrets (as to_text).
  • Visualization: Generates a unified diff using difflib.unified_diff.
  • Feature: Specifically shows additions (+) when comparing the cluster state to the local file.
• Output Handling:
  • Feature: No Differences Message: If the generated diff is empty, it prints the message: "No differences".
• Secondary Comparison Mode (Internal Feature: pull()):
  • Although not the primary function of tkseal diff in the CLI, the Diff module supports a reverse comparison.
  • Comparison Direction: Shows changes that pulling Kubernetes secrets into the local plain_secrets.json would make.
  • Input Order: Compares secret_state.plain_secrets (as from_text) against secret_state.kube_secrets (as to_text).
  • Visualization: Specifically shows removals (-) when the local file differs from the cluster secrets in this mode