diff --git a/internal/controller/supervisorconfig/generator/secret_helper.go b/internal/controller/supervisorconfig/generator/secret_helper.go index 75bfd7ac..ed554421 100644 --- a/internal/controller/supervisorconfig/generator/secret_helper.go +++ b/internal/controller/supervisorconfig/generator/secret_helper.go @@ -27,11 +27,11 @@ type SecretHelper interface { } const ( - // SupervisorCSRFSigningKeySecretType is corev1.Secret.Type for the Supervisor's CSRF signing key Secret. - SupervisorCSRFSigningKeySecretType = "secrets.pinniped.dev/supervisor-csrf-signing-key" + // SupervisorCSRFSigningKeySecretType for the Secret storing the CSRF signing key. + SupervisorCSRFSigningKeySecretType corev1.SecretType = "secrets.pinniped.dev/supervisor-csrf-signing-key" - // symmetricSecretType is corev1.Secret.Type of all corev1.Secret's generated by this helper. - symmetricSecretType = "secrets.pinniped.dev/symmetric" + // symmetricSecretType for all corev1.Secret's generated by this helper. + symmetricSecretType corev1.SecretType = "secrets.pinniped.dev/symmetric" // symmetricSecretDataKey is the corev1.Secret.Data key for the symmetric key value generated by this helper. symmetricSecretDataKey = "key" diff --git a/internal/controller/supervisorconfig/jwks_writer.go b/internal/controller/supervisorconfig/jwks_writer.go index 5b77a93c..34f0b3aa 100644 --- a/internal/controller/supervisorconfig/jwks_writer.go +++ b/internal/controller/supervisorconfig/jwks_writer.go @@ -41,7 +41,7 @@ const ( // Note! The value for this key will contain only public key material! jwksKey = "jwks" - jwksSecretTypeValue = "secrets.pinniped.dev/federation-domain-jwks" + jwksSecretTypeValue corev1.SecretType = "secrets.pinniped.dev/federation-domain-jwks" ) const ( diff --git a/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher.go b/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher.go index 19b79fb4..df90a5ab 100644 --- a/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher.go +++ b/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher.go @@ -18,6 +18,7 @@ import ( "github.com/coreos/go-oidc" "github.com/go-logr/logr" "golang.org/x/oauth2" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" @@ -39,9 +40,10 @@ const ( controllerName = "upstream-observer" // Constants related to the client credentials Secret. - oidcClientSecretType = "secrets.pinniped.dev/oidc-client" - clientIDDataKey = "clientID" - clientSecretDataKey = "clientSecret" + oidcClientSecretType corev1.SecretType = "secrets.pinniped.dev/oidc-client" + + clientIDDataKey = "clientID" + clientSecretDataKey = "clientSecret" // Constants related to the OIDC provider discovery cache. These do not affect the cache of JWKS. validatorCacheTTL = 15 * time.Minute diff --git a/test/integration/supervisor_secrets_test.go b/test/integration/supervisor_secrets_test.go index 2866b340..06763435 100644 --- a/test/integration/supervisor_secrets_test.go +++ b/test/integration/supervisor_secrets_test.go @@ -130,7 +130,7 @@ func ensureValidJWKS(t *testing.T, secret *corev1.Secret) { t.Helper() // Ensure the secret has the right type. - require.Equal(t, "secrets.pinniped.dev/federation-domain-jwks", secret.Type) + require.Equal(t, corev1.SecretType("secrets.pinniped.dev/federation-domain-jwks"), secret.Type) // Ensure the secret has an active key. jwkData, ok := secret.Data["activeJWK"]