/jsondiff

Compute the diff between two JSON documents as a series of RFC6902 (JSON Patch) operations

Primary LanguageGoMIT LicenseMIT

jsondiff


jsondiff is a Go package for computing the diff between two JSON documents as a series of RFC6902 (JSON Patch) operations, which is particularly suitable to create the patch response of a Kubernetes Mutating Webhook for example.


Usage

First, get the latest version of the library using the following command:

$ go get github.com/wI2L/jsondiff@latest

⚠️ Requires Go1.14+, due to the usage of the package hash/maphash.

Example use cases

Kubernetes Dynamic Admission Controller

The typical use case within an application is to compare two values of the same type that represents the source and desired target of a JSON document. A concrete application of that would be to generate the patch returned by a Kubernetes dynamic admission controller to mutate a resource. Thereby, instead of generating the operations, just copy the source in order to apply the required changes and delegate the patch generation to the library.

For example, given the following corev1.Pod value that represents a Kubernetes demo pod containing a single container:

import corev1 "k8s.io/api/core/v1"

pod := corev1.Pod{
    Spec: corev1.PodSpec{
        Containers: []corev1.Container{{
            Name:  "webserver",
            Image: "nginx:latest",
            VolumeMounts: []corev1.VolumeMount{{
                Name:      "shared-data",
                MountPath: "/usr/share/nginx/html",
            }},
        }},
        Volumes: []corev1.Volume{{
            Name: "shared-data",
            VolumeSource: corev1.VolumeSource{
                EmptyDir: &corev1.EmptyDirVolumeSource{
                    Medium: corev1.StorageMediumMemory,
                },
            },
        }},
    },
}

The first step is to copy the original pod value. The corev1.Pod type defines a DeepCopy method, which is handy, but for other types, a shallow copy is discouraged, instead use a specific library, such as ulule/deepcopier. Alternatively, if you don't require to keep the original value, you can marshal it to JSON using json.Marshal to store a pre-encoded copy of the document, and mutate the value.

newPod := pod.DeepCopy()
// or
podBytes, err := json.Marshal(pod)
if err != nil {
    // handle error
}

Secondly, make some changes to the pod spec. Here we modify the image and the storage medium used by the pod's volume shared-data.

// Update the image of the webserver container.
newPod.Spec.Containers[0].Image = "nginx:1.19.5-alpine"

// Switch storage medium from memory to default.
newPod.Spec.Volumes[0].EmptyDir.Medium = corev1.StorageMediumDefault

Finally, generate the patch that represents the changes relative to the original value. Note that when the Compare or CompareOpts functions are used, the source and target parameters are first marshaled using the encoding/json package in order to obtain their final JSON representation, prior to comparing them.

import "github.com/wI2L/jsondiff"

patch, err := jsondiff.Compare(pod, newPod)
if err != nil {
    // handle error
}
b, err := json.MarshalIndent(patch, "", "    ")
if err != nil {
    // handle error
}
os.Stdout.Write(b)

The output is similar to the following:

[{
    "op": "replace",
    "path": "/spec/containers/0/image",
    "value": "nginx:1.19.5-alpine"
}, {
    "op": "remove",
    "path": "/spec/volumes/0/emptyDir/medium"
}]

The JSON patch can then be used in the response payload of you Kubernetes webhook.

Optional fields gotcha

Note that the above example is used for simplicity, but in a real-world admission controller, you should create the diff from the raw bytes of the AdmissionReview.AdmissionRequest.Object.Raw field. As pointed out by user /u/terinjokes on Reddit, due to the nature of Go structs, the "hydrated" corev1.Pod object may contain "optional fields", resulting in a patch that state added/changed values that the Kubernetes API server doesn't know about. Below is a quote of the original comment:

Optional fields being ones that are a struct type, but are not pointers to those structs. These will exist when you unmarshal from JSON, because of how Go structs work, but are not in the original JSON. Comparing between the unmarshaled and copied versions can generate add and change patches below a path not in the original JSON, and the API server will reject your patch.

A realistic usage would be similar to the following snippet:

podBytes, err := json.Marshal(pod)
if err != nil {
    // handle error
}
// req is a k8s.io/api/admission/v1.AdmissionRequest object
jsondiff.CompareJSON(req.AdmissionRequest.Object.Raw, podBytes)

Mutating the original pod object or a copy is up to you, as long as you use the raw bytes of the AdmissionReview object to generate the patch.

You can find a detailed description of that problem and its resolution in this GitHub issue.

Outdated package version

There's also one other downside to the above example. If your webhook does not have the latest version of the client-go package, or whatever package that contains the types for the resource your manipulating, all fields not known in that version will be deleted.

For example, if your webhook mutate Service resources, a user could set the field .spec.allocateLoadBalancerNodePort in Kubernetes 1.20 to disable allocating a node port for services with Type=LoadBalancer. However, if the webhook is still using the v1.19.x version of the k8s.io/api/core/v1 package that define the Service type, instead of simply ignoring this field, a remove operation will be generated for it.

Diff options

If more control over the diff behaviour is required, use the CompareOpts or CompareJSONOpts function instead. The third parameter is variadic and accept a list of functional opt-in options described below.

Note that any combination of options can be used without issues.

Operations factorization

By default, when computing the difference between two JSON documents, the package does not produce move or copy operations. To enable the factorization of value removals and additions as moves and copies, you should use the functional option Factorize(). Factorization reduces the number of operations generated, which inevitably reduce the size of the patch once it is marshaled as JSON.

For instance, given the following document:

{
    "a": [1, 2, 3],
    "b": { "foo": "bar" }
}

In order to obtain this updated version:

{
    "a": [1, 2, 3],
    "c": [1, 2, 3],
    "d": { "foo": "bar" }
}

The package generates the following patch:

[
    { "op": "remove", "path": "/b" },
    { "op": "add", "path": "/c", "value": [1, 2, 3] },
    { "op": "add", "path": "/d", "value": { "foo": "bar" } }
]

If we take the previous example and generate the patch with factorization enabled, we then get a different patch, containing copy and move operations instead:

[
    { "op": "copy", "from": "/a", "path": "/c" },
    { "op": "move", "from": "/b", "path": "/d" }
]

Operations rationalization

The default method used to compare two JSON documents is a recursive comparison. This produce one or more operations for each difference found. On the other hand, in certain situations, it might be beneficial to replace a set of operations representing several changes inside a JSON node by a single replace operation targeting the parent node.

For that purpose, you can use the Rationalize() option. It uses a simple weight function to decide which patch is best (it marshals both sets of operations to JSON and looks at the length of bytes to keep the smaller footprint).

Let's illustrate that with the following document:

{
    "a": { "b": { "c": { "1": 1, "2": 2, "3": 3 } } }
}

In order to obtain this updated version:

{
    "a": { "b": { "c": { "x": 1, "y": 2, "z": 3 } } }
}

The expected output is one remove/add operation combo for each children field of the object located at path a.b.c:

[
    { "op": "remove", "path": "/a/b/c/1" },
    { "op": "remove", "path": "/a/b/c/2" },
    { "op": "remove", "path": "/a/b/c/3" },
    { "op": "add", "path": "/a/b/c/x", "value": 1 },
    { "op": "add", "path": "/a/b/c/y", "value": 2 },
    { "op": "add", "path": "/a/b/c/z", "value": 3 }
]

If we also enable factorization, as seen above, we can reduce the number of operations by half:

[
    { "op": "move", "from": "/a/b/c/1", "path": "/a/b/c/x" },
    { "op": "move", "from": "/a/b/c/2", "path": "/a/b/c/y" },
    { "op": "move", "from": "/a/b/c/3", "path": "/a/b/c/z" }
]

And finally, with rationalization enabled, those operations are replaced with a single replace of the parent object:

[
    { "op": "replace", "path": "/a/b/c", "value": { "x": 1, "y": 2, "z": 3 } }
]

Invertible patch

Using the functional option Invertible(), it is possible to instruct the diff generator to precede each remove and replace operation with a test operation. Such patches can be inverted to return a patched document to its original form.

However, note that it comes with one limitation. copy operations cannot be inverted, as they are ambiguous (the reverse of a copy is a remove, which could then become either an add or a copy). As such, using this option disable the generation of copy operations (if option Factorize() is used) and replace them with add, albeit potentially at the cost of increased patch size.

For example, let's generate the diff between those two JSON documents:

{
    "a": "1",
    "b": "2"
}
{
    "a": "3",
    "c": "4"
}

The patch is similar to the following:

[
    { "op": "test", "path": "/a", "value": "1" },
    { "op": "replace", "path": "/a", "value": "3" },
    { "op": "test", "path": "/b", "value": "2" },
    { "op": "remove", "path": "/b" },
    { "op": "add", "path": "/c", "value": "4" }
]

As you can see, the remove and replace operations are preceded with a test operation which assert/verify the value of the previous path. On the other hand, the add operation can be reverted to a remove operation directly and doesn't need to be preceded by a test.

Finally, as a side example, if we were to use the Rationalize() option in the context of the previous example, the output would be shorter, but the generated patch would still remain invertible:

[
    { "op": "test", "path": "", "value": { "a": "1", "b": "2" } },
    { "op": "replace", "path": "", "value": { "a": "3", "c": "4" } }
]

Benchmarks

Performance is not the primary target of the package, instead it strives for correctness. A simple benchmark that compare the performance of available options is provided to give a rough estimate of the cost of each option. You can find the JSON documents used by this benchmark in the directory testdata/bench.

If you'd like to run the benchmark yourself, use the following command:

go get github.com/cespare/prettybench
go test -bench=. | prettybench

Results

The benchmark was run 10x (statistics computed with benchstat) on a MacBook Pro 13", with the following specs:

OS : macOS Catalina (10.15.7)
CPU: 1.4 GHz Intel Core i5
Mem: 16GB 2133 MHz
Go : go version go1.17 darwin/amd64
Tag: v0.1.1
Output
name                            time/op
CompareJSONOpts/default-8       24.8µs ± 1%
CompareJSONOpts/invertible-8    25.6µs ± 0%
CompareJSONOpts/factorize-8     29.5µs ± 1%
CompareJSONOpts/rationalize-8   76.6µs ± 1%
CompareJSONOpts/factor+ratio-8  81.4µs ± 1%
CompareJSONOpts/all-options-8    106µs ± 1%

Credits

This package has been inspired by existing implementations of JSON Patch for various languages:

License

jsondiff is licensed under the MIT license. See the LICENSE file.