Add extra type info where SecretType is used
This commit is contained in:
parent
50964c6677
commit
587cced768
@ -27,11 +27,11 @@ type SecretHelper interface {
|
|||||||
}
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// SupervisorCSRFSigningKeySecretType is corev1.Secret.Type for the Supervisor's CSRF signing key Secret.
|
// SupervisorCSRFSigningKeySecretType for the Secret storing the CSRF signing key.
|
||||||
SupervisorCSRFSigningKeySecretType = "secrets.pinniped.dev/supervisor-csrf-signing-key"
|
SupervisorCSRFSigningKeySecretType corev1.SecretType = "secrets.pinniped.dev/supervisor-csrf-signing-key"
|
||||||
|
|
||||||
// symmetricSecretType is corev1.Secret.Type of all corev1.Secret's generated by this helper.
|
// symmetricSecretType for all corev1.Secret's generated by this helper.
|
||||||
symmetricSecretType = "secrets.pinniped.dev/symmetric"
|
symmetricSecretType corev1.SecretType = "secrets.pinniped.dev/symmetric"
|
||||||
// symmetricSecretDataKey is the corev1.Secret.Data key for the symmetric key value generated by this helper.
|
// symmetricSecretDataKey is the corev1.Secret.Data key for the symmetric key value generated by this helper.
|
||||||
symmetricSecretDataKey = "key"
|
symmetricSecretDataKey = "key"
|
||||||
|
|
||||||
|
@ -41,7 +41,7 @@ const (
|
|||||||
// Note! The value for this key will contain only public key material!
|
// Note! The value for this key will contain only public key material!
|
||||||
jwksKey = "jwks"
|
jwksKey = "jwks"
|
||||||
|
|
||||||
jwksSecretTypeValue = "secrets.pinniped.dev/federation-domain-jwks"
|
jwksSecretTypeValue corev1.SecretType = "secrets.pinniped.dev/federation-domain-jwks"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -18,6 +18,7 @@ import (
|
|||||||
"github.com/coreos/go-oidc"
|
"github.com/coreos/go-oidc"
|
||||||
"github.com/go-logr/logr"
|
"github.com/go-logr/logr"
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
|
corev1 "k8s.io/api/core/v1"
|
||||||
"k8s.io/apimachinery/pkg/api/equality"
|
"k8s.io/apimachinery/pkg/api/equality"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/labels"
|
"k8s.io/apimachinery/pkg/labels"
|
||||||
@ -39,9 +40,10 @@ const (
|
|||||||
controllerName = "upstream-observer"
|
controllerName = "upstream-observer"
|
||||||
|
|
||||||
// Constants related to the client credentials Secret.
|
// Constants related to the client credentials Secret.
|
||||||
oidcClientSecretType = "secrets.pinniped.dev/oidc-client"
|
oidcClientSecretType corev1.SecretType = "secrets.pinniped.dev/oidc-client"
|
||||||
clientIDDataKey = "clientID"
|
|
||||||
clientSecretDataKey = "clientSecret"
|
clientIDDataKey = "clientID"
|
||||||
|
clientSecretDataKey = "clientSecret"
|
||||||
|
|
||||||
// Constants related to the OIDC provider discovery cache. These do not affect the cache of JWKS.
|
// Constants related to the OIDC provider discovery cache. These do not affect the cache of JWKS.
|
||||||
validatorCacheTTL = 15 * time.Minute
|
validatorCacheTTL = 15 * time.Minute
|
||||||
|
@ -130,7 +130,7 @@ func ensureValidJWKS(t *testing.T, secret *corev1.Secret) {
|
|||||||
t.Helper()
|
t.Helper()
|
||||||
|
|
||||||
// Ensure the secret has the right type.
|
// Ensure the secret has the right type.
|
||||||
require.Equal(t, "secrets.pinniped.dev/federation-domain-jwks", secret.Type)
|
require.Equal(t, corev1.SecretType("secrets.pinniped.dev/federation-domain-jwks"), secret.Type)
|
||||||
|
|
||||||
// Ensure the secret has an active key.
|
// Ensure the secret has an active key.
|
||||||
jwkData, ok := secret.Data["activeJWK"]
|
jwkData, ok := secret.Data["activeJWK"]
|
||||||
|
Loading…
Reference in New Issue
Block a user