fix(controller): Corrects the logic of comparing sha256 has. Fixes #3519

 (#3520)

Fixed sha256 algo

Signed-off-by: dhawani <[email protected]>
Signed-off-by: dhawani <[email protected]>
Co-authored-by: dhawani <[email protected]>

utils/plugin/downloader.go

@@ -43,12 +43,17 @@ func checkPluginExists(pluginLocation string) error {
 }
 
 func checkShaOfPlugin(pluginLocation string, expectedSha256 string) (bool, error) {
-	hasher := sha256.New()
 	fileBytes, err := os.ReadFile(pluginLocation)
 	if err != nil {
 		return false, fmt.Errorf("failed to read file %s: %w", pluginLocation, err)
 	}
-	fileSha256 := fmt.Sprintf("%x", hasher.Sum(fileBytes))
+	var fileSha256 string
+	if len(expectedSha256) == 64 {
+		fileSha256 = fmt.Sprintf("%x", sha256.Sum256(fileBytes))
+	} else {
+		hasher := sha256.New()
+		fileSha256 = fmt.Sprintf("%x", hasher.Sum(fileBytes))
+	}
 	match := fileSha256 == expectedSha256
 	if !match {
 		log.Printf("expected sha256: %s, actual sha256: %s, of downloaded metric plugin (%s)", expectedSha256, fileSha256, pluginLocation)

utils/plugin/downloader_test.go

@@ -47,7 +47,7 @@ func TestPlugin(t *testing.T) {
 				Name:      "argo-rollouts-config",
 				Namespace: "argo-rollouts",
 			},
-			Data: map[string]string{"metricProviderPlugins": "\n  - name: argoproj-labs/http\n    location: https://test/plugin\n  - name: argoproj-labs/http-sha\n    location: https://test/plugin\n    sha256: 74657374e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"},
+			Data: map[string]string{"metricProviderPlugins": "\n  - name: argoproj-labs/http\n    location: https://test/plugin\n  - name: argoproj-labs/http-sha\n    location: https://test/plugin\n    sha256: 74657374e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n  - name: argoproj-labs/http-sha-correct\n    location: https://test/plugin\n    sha256: 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"},
 		}
 		client := fake.NewSimpleClientset(cm)