Add extra type info where SecretType is used

2020-12-17 15:43:20 -08:00 · 2020-12-17 15:43:20 -08:00 · 587cced768
commit 587cced768
parent 50964c6677
4 changed files with 11 additions and 9 deletions
--- a/internal/controller/supervisorconfig/generator/secret_helper.go
+++ b/internal/controller/supervisorconfig/generator/secret_helper.go
@ -27,11 +27,11 @@ type SecretHelper interface {
 }

 const (
-	// SupervisorCSRFSigningKeySecretType is corev1.Secret.Type for the Supervisor's CSRF signing key Secret.
-	SupervisorCSRFSigningKeySecretType = "secrets.pinniped.dev/supervisor-csrf-signing-key"
+	// SupervisorCSRFSigningKeySecretType for the Secret storing the CSRF signing key.
+	SupervisorCSRFSigningKeySecretType corev1.SecretType = "secrets.pinniped.dev/supervisor-csrf-signing-key"

-	// symmetricSecretType is corev1.Secret.Type of all corev1.Secret's generated by this helper.
-	symmetricSecretType = "secrets.pinniped.dev/symmetric"
+	// symmetricSecretType for all corev1.Secret's generated by this helper.
+	symmetricSecretType corev1.SecretType = "secrets.pinniped.dev/symmetric"
 	// symmetricSecretDataKey is the corev1.Secret.Data key for the symmetric key value generated by this helper.
 	symmetricSecretDataKey = "key"

--- a/internal/controller/supervisorconfig/jwks_writer.go
+++ b/internal/controller/supervisorconfig/jwks_writer.go
@ -41,7 +41,7 @@ const (
 	// Note! The value for this key will contain only public key material!
 	jwksKey = "jwks"

-	jwksSecretTypeValue = "secrets.pinniped.dev/federation-domain-jwks"
+	jwksSecretTypeValue corev1.SecretType = "secrets.pinniped.dev/federation-domain-jwks"
 )

 const (
--- a/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher.go
+++ b/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher.go
@ -18,6 +18,7 @@ import (
 	"github.com/coreos/go-oidc"
 	"github.com/go-logr/logr"
 	"golang.org/x/oauth2"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/equality"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
@ -39,9 +40,10 @@ const (
 	controllerName = "upstream-observer"

 	// Constants related to the client credentials Secret.
-	oidcClientSecretType = "secrets.pinniped.dev/oidc-client"
-	clientIDDataKey      = "clientID"
-	clientSecretDataKey  = "clientSecret"
+	oidcClientSecretType corev1.SecretType = "secrets.pinniped.dev/oidc-client"
+
+	clientIDDataKey     = "clientID"
+	clientSecretDataKey = "clientSecret"

 	// Constants related to the OIDC provider discovery cache. These do not affect the cache of JWKS.
 	validatorCacheTTL = 15 * time.Minute
--- a/test/integration/supervisor_secrets_test.go
+++ b/test/integration/supervisor_secrets_test.go
@ -130,7 +130,7 @@ func ensureValidJWKS(t *testing.T, secret *corev1.Secret) {
 	t.Helper()

 	// Ensure the secret has the right type.
-	require.Equal(t, "secrets.pinniped.dev/federation-domain-jwks", secret.Type)
+	require.Equal(t, corev1.SecretType("secrets.pinniped.dev/federation-domain-jwks"), secret.Type)

 	// Ensure the secret has an active key.
 	jwkData, ok := secret.Data["activeJWK"]