More "op" and "opc" local variable renames
Signed-off-by: Ryan Richard <richardry@vmware.com>
This commit is contained in:
parent
32602f579b
commit
55483b726b
@ -92,7 +92,7 @@ func startControllers(
|
|||||||
kubeInformers kubeinformers.SharedInformerFactory,
|
kubeInformers kubeinformers.SharedInformerFactory,
|
||||||
pinnipedInformers pinnipedinformers.SharedInformerFactory,
|
pinnipedInformers pinnipedinformers.SharedInformerFactory,
|
||||||
) {
|
) {
|
||||||
opInformer := pinnipedInformers.Config().V1alpha1().FederationDomains()
|
federationDomainInformer := pinnipedInformers.Config().V1alpha1().FederationDomains()
|
||||||
secretInformer := kubeInformers.Core().V1().Secrets()
|
secretInformer := kubeInformers.Core().V1().Secrets()
|
||||||
|
|
||||||
// Create controller manager.
|
// Create controller manager.
|
||||||
@ -112,7 +112,7 @@ func startControllers(
|
|||||||
issuerManager,
|
issuerManager,
|
||||||
clock.RealClock{},
|
clock.RealClock{},
|
||||||
pinnipedClient,
|
pinnipedClient,
|
||||||
opInformer,
|
federationDomainInformer,
|
||||||
controllerlib.WithInformer,
|
controllerlib.WithInformer,
|
||||||
),
|
),
|
||||||
singletonWorker,
|
singletonWorker,
|
||||||
@ -123,7 +123,7 @@ func startControllers(
|
|||||||
kubeClient,
|
kubeClient,
|
||||||
pinnipedClient,
|
pinnipedClient,
|
||||||
secretInformer,
|
secretInformer,
|
||||||
opInformer,
|
federationDomainInformer,
|
||||||
controllerlib.WithInformer,
|
controllerlib.WithInformer,
|
||||||
),
|
),
|
||||||
singletonWorker,
|
singletonWorker,
|
||||||
@ -132,7 +132,7 @@ func startControllers(
|
|||||||
supervisorconfig.NewJWKSObserverController(
|
supervisorconfig.NewJWKSObserverController(
|
||||||
dynamicJWKSProvider,
|
dynamicJWKSProvider,
|
||||||
secretInformer,
|
secretInformer,
|
||||||
opInformer,
|
federationDomainInformer,
|
||||||
controllerlib.WithInformer,
|
controllerlib.WithInformer,
|
||||||
),
|
),
|
||||||
singletonWorker,
|
singletonWorker,
|
||||||
@ -142,7 +142,7 @@ func startControllers(
|
|||||||
dynamicTLSCertProvider,
|
dynamicTLSCertProvider,
|
||||||
cfg.NamesConfig.DefaultTLSCertificateSecret,
|
cfg.NamesConfig.DefaultTLSCertificateSecret,
|
||||||
secretInformer,
|
secretInformer,
|
||||||
opInformer,
|
federationDomainInformer,
|
||||||
controllerlib.WithInformer,
|
controllerlib.WithInformer,
|
||||||
),
|
),
|
||||||
singletonWorker,
|
singletonWorker,
|
||||||
@ -180,7 +180,7 @@ func startControllers(
|
|||||||
kubeClient,
|
kubeClient,
|
||||||
pinnipedClient,
|
pinnipedClient,
|
||||||
secretInformer,
|
secretInformer,
|
||||||
opInformer,
|
federationDomainInformer,
|
||||||
controllerlib.WithInformer,
|
controllerlib.WithInformer,
|
||||||
),
|
),
|
||||||
singletonWorker,
|
singletonWorker,
|
||||||
@ -203,7 +203,7 @@ func startControllers(
|
|||||||
kubeClient,
|
kubeClient,
|
||||||
pinnipedClient,
|
pinnipedClient,
|
||||||
secretInformer,
|
secretInformer,
|
||||||
opInformer,
|
federationDomainInformer,
|
||||||
controllerlib.WithInformer,
|
controllerlib.WithInformer,
|
||||||
),
|
),
|
||||||
singletonWorker,
|
singletonWorker,
|
||||||
@ -226,7 +226,7 @@ func startControllers(
|
|||||||
kubeClient,
|
kubeClient,
|
||||||
pinnipedClient,
|
pinnipedClient,
|
||||||
secretInformer,
|
secretInformer,
|
||||||
opInformer,
|
federationDomainInformer,
|
||||||
controllerlib.WithInformer,
|
controllerlib.WithInformer,
|
||||||
),
|
),
|
||||||
singletonWorker,
|
singletonWorker,
|
||||||
@ -236,7 +236,7 @@ func startControllers(
|
|||||||
dynamicUpstreamIDPProvider,
|
dynamicUpstreamIDPProvider,
|
||||||
pinnipedClient,
|
pinnipedClient,
|
||||||
pinnipedInformers.IDP().V1alpha1().OIDCIdentityProviders(),
|
pinnipedInformers.IDP().V1alpha1().OIDCIdentityProviders(),
|
||||||
kubeInformers.Core().V1().Secrets(),
|
secretInformer,
|
||||||
klogr.New()),
|
klogr.New()),
|
||||||
singletonWorker)
|
singletonWorker)
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
opKind = "FederationDomain"
|
federationDomainKind = "FederationDomain"
|
||||||
)
|
)
|
||||||
|
|
||||||
func generateSymmetricKey() ([]byte, error) {
|
func generateSymmetricKey() ([]byte, error) {
|
||||||
@ -100,5 +100,5 @@ func isFederationDomainControllee(obj metav1.Object) bool {
|
|||||||
controller := metav1.GetControllerOf(obj)
|
controller := metav1.GetControllerOf(obj)
|
||||||
return controller != nil &&
|
return controller != nil &&
|
||||||
controller.APIVersion == configv1alpha1.SchemeGroupVersion.String() &&
|
controller.APIVersion == configv1alpha1.SchemeGroupVersion.String() &&
|
||||||
controller.Kind == opKind
|
controller.Kind == federationDomainKind
|
||||||
}
|
}
|
||||||
|
@ -126,26 +126,26 @@ func (s *symmetricSecretHelper) IsValid(parent *configv1alpha1.FederationDomain,
|
|||||||
|
|
||||||
// ObserveActiveSecretAndUpdateParentFederationDomain implements SecretHelper.ObserveActiveSecretAndUpdateParentFederationDomain().
|
// ObserveActiveSecretAndUpdateParentFederationDomain implements SecretHelper.ObserveActiveSecretAndUpdateParentFederationDomain().
|
||||||
func (s *symmetricSecretHelper) ObserveActiveSecretAndUpdateParentFederationDomain(
|
func (s *symmetricSecretHelper) ObserveActiveSecretAndUpdateParentFederationDomain(
|
||||||
op *configv1alpha1.FederationDomain,
|
federationDomain *configv1alpha1.FederationDomain,
|
||||||
secret *corev1.Secret,
|
secret *corev1.Secret,
|
||||||
) *configv1alpha1.FederationDomain {
|
) *configv1alpha1.FederationDomain {
|
||||||
var cacheKey string
|
var cacheKey string
|
||||||
if op != nil {
|
if federationDomain != nil {
|
||||||
cacheKey = op.Spec.Issuer
|
cacheKey = federationDomain.Spec.Issuer
|
||||||
}
|
}
|
||||||
|
|
||||||
s.updateCacheFunc(cacheKey, secret.Data[symmetricSecretDataKey])
|
s.updateCacheFunc(cacheKey, secret.Data[symmetricSecretDataKey])
|
||||||
|
|
||||||
switch s.secretUsage {
|
switch s.secretUsage {
|
||||||
case SecretUsageTokenSigningKey:
|
case SecretUsageTokenSigningKey:
|
||||||
op.Status.Secrets.TokenSigningKey.Name = secret.Name
|
federationDomain.Status.Secrets.TokenSigningKey.Name = secret.Name
|
||||||
case SecretUsageStateSigningKey:
|
case SecretUsageStateSigningKey:
|
||||||
op.Status.Secrets.StateSigningKey.Name = secret.Name
|
federationDomain.Status.Secrets.StateSigningKey.Name = secret.Name
|
||||||
case SecretUsageStateEncryptionKey:
|
case SecretUsageStateEncryptionKey:
|
||||||
op.Status.Secrets.StateEncryptionKey.Name = secret.Name
|
federationDomain.Status.Secrets.StateEncryptionKey.Name = secret.Name
|
||||||
default:
|
default:
|
||||||
plog.Warning("unknown secret usage enum value: %d", s.secretUsage)
|
plog.Warning("unknown secret usage enum value: %d", s.secretUsage)
|
||||||
}
|
}
|
||||||
|
|
||||||
return op
|
return federationDomain
|
||||||
}
|
}
|
||||||
|
@ -28,22 +28,22 @@ func TestSymmetricSecretHelper(t *testing.T) {
|
|||||||
{
|
{
|
||||||
name: "token signing key",
|
name: "token signing key",
|
||||||
secretUsage: SecretUsageTokenSigningKey,
|
secretUsage: SecretUsageTokenSigningKey,
|
||||||
wantSetFederationDomainField: func(op *configv1alpha1.FederationDomain) string {
|
wantSetFederationDomainField: func(federationDomain *configv1alpha1.FederationDomain) string {
|
||||||
return op.Status.Secrets.TokenSigningKey.Name
|
return federationDomain.Status.Secrets.TokenSigningKey.Name
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "state signing key",
|
name: "state signing key",
|
||||||
secretUsage: SecretUsageStateSigningKey,
|
secretUsage: SecretUsageStateSigningKey,
|
||||||
wantSetFederationDomainField: func(op *configv1alpha1.FederationDomain) string {
|
wantSetFederationDomainField: func(federationDomain *configv1alpha1.FederationDomain) string {
|
||||||
return op.Status.Secrets.StateSigningKey.Name
|
return federationDomain.Status.Secrets.StateSigningKey.Name
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "state encryption key",
|
name: "state encryption key",
|
||||||
secretUsage: SecretUsageStateEncryptionKey,
|
secretUsage: SecretUsageStateEncryptionKey,
|
||||||
wantSetFederationDomainField: func(op *configv1alpha1.FederationDomain) string {
|
wantSetFederationDomainField: func(federationDomain *configv1alpha1.FederationDomain) string {
|
||||||
return op.Status.Secrets.StateEncryptionKey.Name
|
return federationDomain.Status.Secrets.StateEncryptionKey.Name
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -145,8 +145,8 @@ func TestSymmetricSecretHelperIsValid(t *testing.T) {
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "child not owned by parent",
|
name: "child not owned by parent",
|
||||||
parent: func(op *configv1alpha1.FederationDomain) {
|
parent: func(federationDomain *configv1alpha1.FederationDomain) {
|
||||||
op.UID = "wrong"
|
federationDomain.UID = "wrong"
|
||||||
},
|
},
|
||||||
want: false,
|
want: false,
|
||||||
},
|
},
|
||||||
|
@ -100,8 +100,8 @@ type controller struct {
|
|||||||
cache IDPCache
|
cache IDPCache
|
||||||
log logr.Logger
|
log logr.Logger
|
||||||
client pinnipedclientset.Interface
|
client pinnipedclientset.Interface
|
||||||
providers idpinformers.OIDCIdentityProviderInformer
|
oidcIdentityProviderInformer idpinformers.OIDCIdentityProviderInformer
|
||||||
secrets corev1informers.SecretInformer
|
secretInformer corev1informers.SecretInformer
|
||||||
validatorCache interface {
|
validatorCache interface {
|
||||||
getProvider(*v1alpha1.OIDCIdentityProviderSpec) (*oidc.Provider, *http.Client)
|
getProvider(*v1alpha1.OIDCIdentityProviderSpec) (*oidc.Provider, *http.Client)
|
||||||
putProvider(*v1alpha1.OIDCIdentityProviderSpec, *oidc.Provider, *http.Client)
|
putProvider(*v1alpha1.OIDCIdentityProviderSpec, *oidc.Provider, *http.Client)
|
||||||
@ -112,29 +112,29 @@ type controller struct {
|
|||||||
func New(
|
func New(
|
||||||
idpCache IDPCache,
|
idpCache IDPCache,
|
||||||
client pinnipedclientset.Interface,
|
client pinnipedclientset.Interface,
|
||||||
providers idpinformers.OIDCIdentityProviderInformer,
|
oidcIdentityProviderInformer idpinformers.OIDCIdentityProviderInformer,
|
||||||
secrets corev1informers.SecretInformer,
|
secretInformer corev1informers.SecretInformer,
|
||||||
log logr.Logger,
|
log logr.Logger,
|
||||||
) controllerlib.Controller {
|
) controllerlib.Controller {
|
||||||
c := controller{
|
c := controller{
|
||||||
cache: idpCache,
|
cache: idpCache,
|
||||||
log: log.WithName(controllerName),
|
log: log.WithName(controllerName),
|
||||||
client: client,
|
client: client,
|
||||||
providers: providers,
|
oidcIdentityProviderInformer: oidcIdentityProviderInformer,
|
||||||
secrets: secrets,
|
secretInformer: secretInformer,
|
||||||
validatorCache: &lruValidatorCache{cache: cache.NewExpiring()},
|
validatorCache: &lruValidatorCache{cache: cache.NewExpiring()},
|
||||||
}
|
}
|
||||||
filter := pinnipedcontroller.MatchAnythingFilter(pinnipedcontroller.SingletonQueue())
|
filter := pinnipedcontroller.MatchAnythingFilter(pinnipedcontroller.SingletonQueue())
|
||||||
return controllerlib.New(
|
return controllerlib.New(
|
||||||
controllerlib.Config{Name: controllerName, Syncer: &c},
|
controllerlib.Config{Name: controllerName, Syncer: &c},
|
||||||
controllerlib.WithInformer(providers, filter, controllerlib.InformerOption{}),
|
controllerlib.WithInformer(oidcIdentityProviderInformer, filter, controllerlib.InformerOption{}),
|
||||||
controllerlib.WithInformer(secrets, filter, controllerlib.InformerOption{}),
|
controllerlib.WithInformer(secretInformer, filter, controllerlib.InformerOption{}),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Sync implements controllerlib.Syncer.
|
// Sync implements controllerlib.Syncer.
|
||||||
func (c *controller) Sync(ctx controllerlib.Context) error {
|
func (c *controller) Sync(ctx controllerlib.Context) error {
|
||||||
actualUpstreams, err := c.providers.Lister().List(labels.Everything())
|
actualUpstreams, err := c.oidcIdentityProviderInformer.Lister().List(labels.Everything())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to list OIDCIdentityProviders: %w", err)
|
return fmt.Errorf("failed to list OIDCIdentityProviders: %w", err)
|
||||||
}
|
}
|
||||||
@ -196,7 +196,7 @@ func (c *controller) validateSecret(upstream *v1alpha1.OIDCIdentityProvider, res
|
|||||||
secretName := upstream.Spec.Client.SecretName
|
secretName := upstream.Spec.Client.SecretName
|
||||||
|
|
||||||
// Fetch the Secret from informer cache.
|
// Fetch the Secret from informer cache.
|
||||||
secret, err := c.secrets.Lister().Secrets(upstream.Namespace).Get(secretName)
|
secret, err := c.secretInformer.Lister().Secrets(upstream.Namespace).Get(secretName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return &v1alpha1.Condition{
|
return &v1alpha1.Condition{
|
||||||
Type: typeClientCredsValid,
|
Type: typeClientCredsValid,
|
||||||
|
@ -27,46 +27,46 @@ func TestSupervisorSecrets(t *testing.T) {
|
|||||||
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
|
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
// Create our OP under test.
|
// Create our FederationDomain under test.
|
||||||
op := library.CreateTestFederationDomain(ctx, t, "", "", "")
|
federationDomain := library.CreateTestFederationDomain(ctx, t, "", "", "")
|
||||||
|
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
secretName func(op *configv1alpha1.FederationDomain) string
|
secretName func(federationDomain *configv1alpha1.FederationDomain) string
|
||||||
ensureValid func(t *testing.T, secret *corev1.Secret)
|
ensureValid func(t *testing.T, secret *corev1.Secret)
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
name: "csrf cookie signing key",
|
name: "csrf cookie signing key",
|
||||||
secretName: func(op *configv1alpha1.FederationDomain) string {
|
secretName: func(federationDomain *configv1alpha1.FederationDomain) string {
|
||||||
return env.SupervisorAppName + "-key"
|
return env.SupervisorAppName + "-key"
|
||||||
},
|
},
|
||||||
ensureValid: ensureValidSymmetricKey,
|
ensureValid: ensureValidSymmetricKey,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "jwks",
|
name: "jwks",
|
||||||
secretName: func(op *configv1alpha1.FederationDomain) string {
|
secretName: func(federationDomain *configv1alpha1.FederationDomain) string {
|
||||||
return op.Status.Secrets.JWKS.Name
|
return federationDomain.Status.Secrets.JWKS.Name
|
||||||
},
|
},
|
||||||
ensureValid: ensureValidJWKS,
|
ensureValid: ensureValidJWKS,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "hmac signing secret",
|
name: "hmac signing secret",
|
||||||
secretName: func(op *configv1alpha1.FederationDomain) string {
|
secretName: func(federationDomain *configv1alpha1.FederationDomain) string {
|
||||||
return op.Status.Secrets.TokenSigningKey.Name
|
return federationDomain.Status.Secrets.TokenSigningKey.Name
|
||||||
},
|
},
|
||||||
ensureValid: ensureValidSymmetricKey,
|
ensureValid: ensureValidSymmetricKey,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "state signature secret",
|
name: "state signature secret",
|
||||||
secretName: func(op *configv1alpha1.FederationDomain) string {
|
secretName: func(federationDomain *configv1alpha1.FederationDomain) string {
|
||||||
return op.Status.Secrets.StateSigningKey.Name
|
return federationDomain.Status.Secrets.StateSigningKey.Name
|
||||||
},
|
},
|
||||||
ensureValid: ensureValidSymmetricKey,
|
ensureValid: ensureValidSymmetricKey,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "state encryption secret",
|
name: "state encryption secret",
|
||||||
secretName: func(op *configv1alpha1.FederationDomain) string {
|
secretName: func(federationDomain *configv1alpha1.FederationDomain) string {
|
||||||
return op.Status.Secrets.StateEncryptionKey.Name
|
return federationDomain.Status.Secrets.StateEncryptionKey.Name
|
||||||
},
|
},
|
||||||
ensureValid: ensureValidSymmetricKey,
|
ensureValid: ensureValidSymmetricKey,
|
||||||
},
|
},
|
||||||
@ -74,24 +74,24 @@ func TestSupervisorSecrets(t *testing.T) {
|
|||||||
for _, test := range tests {
|
for _, test := range tests {
|
||||||
test := test
|
test := test
|
||||||
t.Run(test.name, func(t *testing.T) {
|
t.Run(test.name, func(t *testing.T) {
|
||||||
// Ensure a secret is created with the OP's JWKS.
|
// Ensure a secret is created with the FederationDomain's JWKS.
|
||||||
var updatedOP *configv1alpha1.FederationDomain
|
var updatedFederationDomain *configv1alpha1.FederationDomain
|
||||||
var err error
|
var err error
|
||||||
assert.Eventually(t, func() bool {
|
assert.Eventually(t, func() bool {
|
||||||
updatedOP, err = supervisorClient.
|
updatedFederationDomain, err = supervisorClient.
|
||||||
ConfigV1alpha1().
|
ConfigV1alpha1().
|
||||||
FederationDomains(env.SupervisorNamespace).
|
FederationDomains(env.SupervisorNamespace).
|
||||||
Get(ctx, op.Name, metav1.GetOptions{})
|
Get(ctx, federationDomain.Name, metav1.GetOptions{})
|
||||||
return err == nil && test.secretName(updatedOP) != ""
|
return err == nil && test.secretName(updatedFederationDomain) != ""
|
||||||
}, time.Second*10, time.Millisecond*500)
|
}, time.Second*10, time.Millisecond*500)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.NotEmpty(t, test.secretName(updatedOP))
|
require.NotEmpty(t, test.secretName(updatedFederationDomain))
|
||||||
|
|
||||||
// Ensure the secret actually exists.
|
// Ensure the secret actually exists.
|
||||||
secret, err := kubeClient.
|
secret, err := kubeClient.
|
||||||
CoreV1().
|
CoreV1().
|
||||||
Secrets(env.SupervisorNamespace).
|
Secrets(env.SupervisorNamespace).
|
||||||
Get(ctx, test.secretName(updatedOP), metav1.GetOptions{})
|
Get(ctx, test.secretName(updatedFederationDomain), metav1.GetOptions{})
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
// Ensure that the secret was labelled.
|
// Ensure that the secret was labelled.
|
||||||
@ -107,13 +107,13 @@ func TestSupervisorSecrets(t *testing.T) {
|
|||||||
err = kubeClient.
|
err = kubeClient.
|
||||||
CoreV1().
|
CoreV1().
|
||||||
Secrets(env.SupervisorNamespace).
|
Secrets(env.SupervisorNamespace).
|
||||||
Delete(ctx, test.secretName(updatedOP), metav1.DeleteOptions{})
|
Delete(ctx, test.secretName(updatedFederationDomain), metav1.DeleteOptions{})
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
assert.Eventually(t, func() bool {
|
assert.Eventually(t, func() bool {
|
||||||
secret, err = kubeClient.
|
secret, err = kubeClient.
|
||||||
CoreV1().
|
CoreV1().
|
||||||
Secrets(env.SupervisorNamespace).
|
Secrets(env.SupervisorNamespace).
|
||||||
Get(ctx, test.secretName(updatedOP), metav1.GetOptions{})
|
Get(ctx, test.secretName(updatedFederationDomain), metav1.GetOptions{})
|
||||||
return err == nil
|
return err == nil
|
||||||
}, time.Second*10, time.Millisecond*500)
|
}, time.Second*10, time.Millisecond*500)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
@ -123,7 +123,7 @@ func TestSupervisorSecrets(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
// Upon deleting the OP, the secret is deleted (we test this behavior in our uninstall tests).
|
// Upon deleting the FederationDomain, the secret is deleted (we test this behavior in our uninstall tests).
|
||||||
}
|
}
|
||||||
|
|
||||||
func ensureValidJWKS(t *testing.T, secret *corev1.Secret) {
|
func ensureValidJWKS(t *testing.T, secret *corev1.Secret) {
|
||||||
|
Loading…
Reference in New Issue
Block a user