Use the more specific label name of "storage.pinniped.dev/type"

Instead of the less specific "storage.pinniped.dev"

Signed-off-by: Ryan Richard <richardry@vmware.com>
This commit is contained in:
Aram Price 2020-12-04 14:39:11 -08:00 committed by Ryan Richard
parent ac83633888
commit 26a8747509
7 changed files with 64 additions and 64 deletions

View File

@ -23,7 +23,7 @@ import (
//nolint:gosec // ignore lint warnings that these are credentials
const (
secretNameFormat = "pinniped-storage-%s-%s"
secretLabelKey = "storage.pinniped.dev"
secretLabelKey = "storage.pinniped.dev/type"
secretTypeFormat = "storage.pinniped.dev/%s"
secretVersion = "1"
secretDataKey = "pinniped-storage-data"

View File

@ -117,7 +117,7 @@ func TestStorage(t *testing.T) {
Name: "pinniped-storage-access-tokens-i6mhp4azwdxshgsy3s2mvedxpxuh3nudh3ot3m4xamlugj4e6qoq",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "access-tokens",
"storage.pinniped.dev/type": "access-tokens",
},
},
Data: map[string][]byte{
@ -135,7 +135,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "access-tokens",
"storage.pinniped.dev/type": "access-tokens",
},
},
Data: map[string][]byte{
@ -175,7 +175,7 @@ func TestStorage(t *testing.T) {
Name: "pinniped-storage-access-tokens-i6mhp4azwdxshgsy3s2mvedxpxuh3nudh3ot3m4xamlugj4e6qoq",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "access-tokens",
"storage.pinniped.dev/type": "access-tokens",
"label1": "value1",
"label2": "value2",
},
@ -195,7 +195,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "access-tokens",
"storage.pinniped.dev/type": "access-tokens",
"label1": "value1",
"label2": "value2",
},
@ -219,7 +219,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "pandas-are-best",
"storage.pinniped.dev/type": "pandas-are-best",
},
},
Data: map[string][]byte{
@ -254,7 +254,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "pandas-are-best",
"storage.pinniped.dev/type": "pandas-are-best",
},
},
Data: map[string][]byte{
@ -276,7 +276,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "35",
Labels: map[string]string{
"storage.pinniped.dev": "stores",
"storage.pinniped.dev/type": "stores",
},
},
Data: map[string][]byte{
@ -325,7 +325,7 @@ func TestStorage(t *testing.T) {
Name: "pinniped-storage-stores-4wssc5gzt5mlln6iux6gl7hzz3klsirisydaxn7indnpvdnrs5ba",
ResourceVersion: "35", // update at initial RV
Labels: map[string]string{
"storage.pinniped.dev": "stores",
"storage.pinniped.dev/type": "stores",
},
},
Data: map[string][]byte{
@ -343,7 +343,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "45", // final list at new RV
Labels: map[string]string{
"storage.pinniped.dev": "stores",
"storage.pinniped.dev/type": "stores",
},
},
Data: map[string][]byte{
@ -365,7 +365,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "seals",
"storage.pinniped.dev/type": "seals",
},
},
Data: map[string][]byte{
@ -399,7 +399,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "seals",
"storage.pinniped.dev/type": "seals",
"additionalLabel": "matching-value",
},
},
@ -415,7 +415,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "seals",
"storage.pinniped.dev/type": "seals",
"additionalLabel": "matching-value",
},
},
@ -431,7 +431,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "seals", // same type as above
"storage.pinniped.dev/type": "seals", // same type as above
"additionalLabel": "non-matching-value", // different value for the same label
},
},
@ -447,7 +447,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "walruses", // different type from above
"storage.pinniped.dev/type": "walruses", // different type from above
"additionalLabel": "matching-value", // same value for the same label as above
},
},
@ -463,7 +463,7 @@ func TestStorage(t *testing.T) {
},
wantActions: []coretesting.Action{
coretesting.NewListAction(secretsGVR, schema.GroupVersionKind{Group: "", Version: "v1", Kind: "Secret"}, namespace, metav1.ListOptions{
LabelSelector: "storage.pinniped.dev=seals,additionalLabel=matching-value",
LabelSelector: "storage.pinniped.dev/type=seals,additionalLabel=matching-value",
}),
coretesting.NewDeleteAction(secretsGVR, namespace, "pinniped-storage-seals-abcdywdc2dhjdbgf5jvzfyphosigvhnsh6qlse3blumogoqhqhq"),
coretesting.NewDeleteAction(secretsGVR, namespace, "pinniped-storage-seals-lvzgyywdc2dhjdbgf5jvzfyphosigvhnsh6qlse3blumogoqhqhq"),
@ -476,7 +476,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "seals", // same type as above
"storage.pinniped.dev/type": "seals", // same type as above
"additionalLabel": "non-matching-value", // different value for the same label
},
},
@ -493,7 +493,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "walruses", // different type from above
"storage.pinniped.dev/type": "walruses", // different type from above
"additionalLabel": "matching-value", // same value for the same label as above
},
},
@ -516,7 +516,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "seals",
"storage.pinniped.dev/type": "seals",
"additionalLabel": "matching-value",
},
},
@ -535,7 +535,7 @@ func TestStorage(t *testing.T) {
},
wantActions: []coretesting.Action{
coretesting.NewListAction(secretsGVR, schema.GroupVersionKind{Group: "", Version: "v1", Kind: "Secret"}, namespace, metav1.ListOptions{
LabelSelector: "storage.pinniped.dev=seals,additionalLabel=matching-value",
LabelSelector: "storage.pinniped.dev/type=seals,additionalLabel=matching-value",
}),
coretesting.NewDeleteAction(secretsGVR, namespace, "pinniped-storage-seals-lvzgyywdc2dhjdbgf5jvzfyphosigvhnsh6qlse3blumogoqhqhq"),
},
@ -546,7 +546,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "seals",
"storage.pinniped.dev/type": "seals",
"additionalLabel": "matching-value",
},
},
@ -571,9 +571,9 @@ func TestStorage(t *testing.T) {
// this list action did not use label selector additionalLabel=matching-value, so allow it to proceed without intervention
return false, nil, nil
}
requiresExactMatch, found = labelRestrictions.RequiresExactMatch("storage.pinniped.dev")
requiresExactMatch, found = labelRestrictions.RequiresExactMatch("storage.pinniped.dev/type")
if !found || requiresExactMatch != "seals" {
// this list action did not use label selector storage.pinniped.dev=seals, so allow it to proceed without intervention
// this list action did not use label selector storage.pinniped.dev/type=seals, so allow it to proceed without intervention
return false, nil, nil
}
// this list action was the one that did use the expected label selectors so cause it to error
@ -585,7 +585,7 @@ func TestStorage(t *testing.T) {
},
wantActions: []coretesting.Action{
coretesting.NewListAction(secretsGVR, schema.GroupVersionKind{Group: "", Version: "v1", Kind: "Secret"}, namespace, metav1.ListOptions{
LabelSelector: "storage.pinniped.dev=seals,additionalLabel=matching-value",
LabelSelector: "storage.pinniped.dev/type=seals,additionalLabel=matching-value",
}),
},
wantErr: `failed to list secrets for resource "seals" matching label "additionalLabel=matching-value": some listing error`,
@ -600,7 +600,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "55",
Labels: map[string]string{
"storage.pinniped.dev": "candies",
"storage.pinniped.dev/type": "candies",
},
},
Data: map[string][]byte{
@ -635,7 +635,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "55",
Labels: map[string]string{
"storage.pinniped.dev": "candies",
"storage.pinniped.dev/type": "candies",
},
},
Data: map[string][]byte{
@ -657,7 +657,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "55",
Labels: map[string]string{
"storage.pinniped.dev": "candies-are-bad",
"storage.pinniped.dev/type": "candies-are-bad",
},
},
Data: map[string][]byte{
@ -692,7 +692,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "55",
Labels: map[string]string{
"storage.pinniped.dev": "candies-are-bad",
"storage.pinniped.dev/type": "candies-are-bad",
},
},
Data: map[string][]byte{
@ -714,7 +714,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "55",
Labels: map[string]string{
"storage.pinniped.dev": "candies",
"storage.pinniped.dev/type": "candies",
},
},
Data: map[string][]byte{
@ -749,7 +749,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "55",
Labels: map[string]string{
"storage.pinniped.dev": "candies",
"storage.pinniped.dev/type": "candies",
},
},
Data: map[string][]byte{
@ -771,7 +771,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "55",
Labels: map[string]string{
"storage.pinniped.dev": "candies",
"storage.pinniped.dev/type": "candies",
},
},
Data: map[string][]byte{
@ -805,7 +805,7 @@ func TestStorage(t *testing.T) {
Namespace: namespace,
ResourceVersion: "55",
Labels: map[string]string{
"storage.pinniped.dev": "candies",
"storage.pinniped.dev/type": "candies",
},
},
Data: map[string][]byte{

View File

@ -37,7 +37,7 @@ func TestAccessTokenStorage(t *testing.T) {
Name: "pinniped-storage-access-token-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "access-token",
"storage.pinniped.dev/type": "access-token",
"storage.pinniped.dev/request-id": "abcd-1",
},
},
@ -111,7 +111,7 @@ func TestAccessTokenStorageRevocation(t *testing.T) {
Name: "pinniped-storage-access-token-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "access-token",
"storage.pinniped.dev/type": "access-token",
"storage.pinniped.dev/request-id": "abcd-1",
},
},
@ -122,7 +122,7 @@ func TestAccessTokenStorageRevocation(t *testing.T) {
Type: "storage.pinniped.dev/access-token",
}),
coretesting.NewListAction(secretsGVR, schema.GroupVersionKind{Group: "", Version: "v1", Kind: "Secret"}, namespace, metav1.ListOptions{
LabelSelector: "storage.pinniped.dev=access-token,storage.pinniped.dev/request-id=abcd-1",
LabelSelector: "storage.pinniped.dev/type=access-token,storage.pinniped.dev/request-id=abcd-1",
}),
coretesting.NewDeleteAction(secretsGVR, namespace, "pinniped-storage-access-token-pwu5zs7lekbhnln2w4"),
}
@ -180,7 +180,7 @@ func TestWrongVersion(t *testing.T) {
Name: "pinniped-storage-access-token-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "access-token",
"storage.pinniped.dev/type": "access-token",
},
},
Data: map[string][]byte{
@ -208,7 +208,7 @@ func TestNilSessionRequest(t *testing.T) {
Name: "pinniped-storage-access-token-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "access-token",
"storage.pinniped.dev/type": "access-token",
},
},
Data: map[string][]byte{

View File

@ -49,7 +49,7 @@ func TestAuthorizationCodeStorage(t *testing.T) {
Name: "pinniped-storage-authcode-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "authcode",
"storage.pinniped.dev/type": "authcode",
},
},
Data: map[string][]byte{
@ -65,7 +65,7 @@ func TestAuthorizationCodeStorage(t *testing.T) {
Name: "pinniped-storage-authcode-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "authcode",
"storage.pinniped.dev/type": "authcode",
},
},
Data: map[string][]byte{
@ -189,7 +189,7 @@ func TestWrongVersion(t *testing.T) {
Name: "pinniped-storage-authcode-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "authcode",
"storage.pinniped.dev/type": "authcode",
},
},
Data: map[string][]byte{
@ -217,7 +217,7 @@ func TestNilSessionRequest(t *testing.T) {
Name: "pinniped-storage-authcode-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "authcode",
"storage.pinniped.dev/type": "authcode",
},
},
Data: map[string][]byte{

View File

@ -36,7 +36,7 @@ func TestOpenIdConnectStorage(t *testing.T) {
Name: "pinniped-storage-oidc-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "oidc",
"storage.pinniped.dev/type": "oidc",
},
},
Data: map[string][]byte{
@ -122,7 +122,7 @@ func TestWrongVersion(t *testing.T) {
Name: "pinniped-storage-oidc-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "oidc",
"storage.pinniped.dev/type": "oidc",
},
},
Data: map[string][]byte{
@ -150,7 +150,7 @@ func TestNilSessionRequest(t *testing.T) {
Name: "pinniped-storage-oidc-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "oidc",
"storage.pinniped.dev/type": "oidc",
},
},
Data: map[string][]byte{

View File

@ -36,7 +36,7 @@ func TestPKCEStorage(t *testing.T) {
Name: "pinniped-storage-pkce-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "pkce",
"storage.pinniped.dev/type": "pkce",
},
},
Data: map[string][]byte{
@ -122,7 +122,7 @@ func TestWrongVersion(t *testing.T) {
Name: "pinniped-storage-pkce-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "pkce",
"storage.pinniped.dev/type": "pkce",
},
},
Data: map[string][]byte{
@ -150,7 +150,7 @@ func TestNilSessionRequest(t *testing.T) {
Name: "pinniped-storage-pkce-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "pkce",
"storage.pinniped.dev/type": "pkce",
},
},
Data: map[string][]byte{

View File

@ -37,7 +37,7 @@ func TestRefreshTokenStorage(t *testing.T) {
Name: "pinniped-storage-refresh-token-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "refresh-token",
"storage.pinniped.dev/type": "refresh-token",
"storage.pinniped.dev/request-id": "abcd-1",
},
},
@ -111,7 +111,7 @@ func TestRefreshTokenStorageRevocation(t *testing.T) {
Name: "pinniped-storage-refresh-token-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "refresh-token",
"storage.pinniped.dev/type": "refresh-token",
"storage.pinniped.dev/request-id": "abcd-1",
},
},
@ -122,7 +122,7 @@ func TestRefreshTokenStorageRevocation(t *testing.T) {
Type: "storage.pinniped.dev/refresh-token",
}),
coretesting.NewListAction(secretsGVR, schema.GroupVersionKind{Group: "", Version: "v1", Kind: "Secret"}, namespace, metav1.ListOptions{
LabelSelector: "storage.pinniped.dev=refresh-token,storage.pinniped.dev/request-id=abcd-1",
LabelSelector: "storage.pinniped.dev/type=refresh-token,storage.pinniped.dev/request-id=abcd-1",
}),
coretesting.NewDeleteAction(secretsGVR, namespace, "pinniped-storage-refresh-token-pwu5zs7lekbhnln2w4"),
}
@ -180,7 +180,7 @@ func TestWrongVersion(t *testing.T) {
Name: "pinniped-storage-refresh-token-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "refresh-token",
"storage.pinniped.dev/type": "refresh-token",
},
},
Data: map[string][]byte{
@ -208,7 +208,7 @@ func TestNilSessionRequest(t *testing.T) {
Name: "pinniped-storage-refresh-token-pwu5zs7lekbhnln2w4",
ResourceVersion: "",
Labels: map[string]string{
"storage.pinniped.dev": "refresh-token",
"storage.pinniped.dev/type": "refresh-token",
},
},
Data: map[string][]byte{