Rename in preparation for refactor
This commit is contained in:
aram price
parent
6e8d564013
commit
b1ee434ddf
@ -171,7 +171,7 @@ func startControllers(
|
|||||||
rand.Reader,
|
rand.Reader,
|
||||||
func(parent *configv1alpha1.OIDCProvider, child *corev1.Secret) {
|
func(parent *configv1alpha1.OIDCProvider, child *corev1.Secret) {
|
||||||
plog.Debug("setting hmac secret", "issuer", parent.Spec.Issuer)
|
plog.Debug("setting hmac secret", "issuer", parent.Spec.Issuer)
|
||||||
secretCache.SetTokenHMACKey(parent.Spec.Issuer, child.Data[symmetricsecrethelper.SecretDataKey])
|
secretCache.SetTokenHMACKey(parent.Spec.Issuer, child.Data[symmetricsecrethelper.SymmetricSecretDataKey])
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
kubeClient,
|
kubeClient,
|
||||||
@ -189,7 +189,7 @@ func startControllers(
|
|||||||
rand.Reader,
|
rand.Reader,
|
||||||
func(parent *configv1alpha1.OIDCProvider, child *corev1.Secret) {
|
func(parent *configv1alpha1.OIDCProvider, child *corev1.Secret) {
|
||||||
plog.Debug("setting state signature key", "issuer", parent.Spec.Issuer)
|
plog.Debug("setting state signature key", "issuer", parent.Spec.Issuer)
|
||||||
secretCache.SetStateEncoderHashKey(parent.Spec.Issuer, child.Data[symmetricsecrethelper.SecretDataKey])
|
secretCache.SetStateEncoderHashKey(parent.Spec.Issuer, child.Data[symmetricsecrethelper.SymmetricSecretDataKey])
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
kubeClient,
|
kubeClient,
|
||||||
@ -207,7 +207,7 @@ func startControllers(
|
|||||||
rand.Reader,
|
rand.Reader,
|
||||||
func(parent *configv1alpha1.OIDCProvider, child *corev1.Secret) {
|
func(parent *configv1alpha1.OIDCProvider, child *corev1.Secret) {
|
||||||
plog.Debug("setting state encryption key", "issuer", parent.Spec.Issuer)
|
plog.Debug("setting state encryption key", "issuer", parent.Spec.Issuer)
|
||||||
secretCache.SetStateEncoderBlockKey(parent.Spec.Issuer, child.Data[symmetricsecrethelper.SecretDataKey])
|
secretCache.SetStateEncoderBlockKey(parent.Spec.Issuer, child.Data[symmetricsecrethelper.SymmetricSecretDataKey])
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
kubeClient,
|
kubeClient,
|
||||||
|
|||||||
@ -18,25 +18,25 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// SecretType is corev1.Secret.Type of all corev1.Secret's generated by this helper.
|
// SymmetricSecretType is corev1.Secret.Type of all corev1.Secret's generated by this helper.
|
||||||
SecretType = "secrets.pinniped.dev/symmetric"
|
SymmetricSecretType = "secrets.pinniped.dev/symmetric"
|
||||||
// SecretDataKey is the corev1.Secret.Data key for the symmetric key value generated by this helper.
|
// SymmetricSecretDataKey is the corev1.Secret.Data key for the symmetric key value generated by this helper.
|
||||||
SecretDataKey = "key"
|
SymmetricSecretDataKey = "key"
|
||||||
|
|
||||||
// keySize is the default length, in bytes, of generated keys. It is set to 32 since this
|
// symmetricKeySize is the default length, in bytes, of generated keys. It is set to 32 since this
|
||||||
// seems like reasonable entropy for our keys, and a 32-byte key will allow for AES-256
|
// seems like reasonable entropy for our keys, and a 32-byte key will allow for AES-256
|
||||||
// to be used in our codecs (see dynamiccodec.Codec).
|
// to be used in our codecs (see dynamiccodec.Codec).
|
||||||
keySize = 32
|
symmetricKeySize = 32
|
||||||
)
|
)
|
||||||
|
|
||||||
type helper struct {
|
type secretHelper struct {
|
||||||
namePrefix string
|
namePrefix string
|
||||||
labels map[string]string
|
labels map[string]string
|
||||||
rand io.Reader
|
rand io.Reader
|
||||||
notifyFunc func(parent *configv1alpha1.OIDCProvider, child *corev1.Secret)
|
notifyFunc func(parent *configv1alpha1.OIDCProvider, child *corev1.Secret)
|
||||||
}
|
}
|
||||||
|
|
||||||
var _ generator.SecretHelper = &helper{}
|
var _ generator.SecretHelper = &secretHelper{}
|
||||||
|
|
||||||
// New returns a SecretHelper that has been parameterized with common symmetric secret generation
|
// New returns a SecretHelper that has been parameterized with common symmetric secret generation
|
||||||
// knobs.
|
// knobs.
|
||||||
@ -46,7 +46,7 @@ func New(
|
|||||||
rand io.Reader,
|
rand io.Reader,
|
||||||
notifyFunc func(parent *configv1alpha1.OIDCProvider, child *corev1.Secret),
|
notifyFunc func(parent *configv1alpha1.OIDCProvider, child *corev1.Secret),
|
||||||
) generator.SecretHelper {
|
) generator.SecretHelper {
|
||||||
return &helper{
|
return &secretHelper{
|
||||||
namePrefix: namePrefix,
|
namePrefix: namePrefix,
|
||||||
labels: labels,
|
labels: labels,
|
||||||
rand: rand,
|
rand: rand,
|
||||||
@ -54,11 +54,11 @@ func New(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *helper) Name() string { return s.namePrefix }
|
func (s *secretHelper) Name() string { return s.namePrefix }
|
||||||
|
|
||||||
// Generate implements SecretHelper.Generate().
|
// Generate implements SecretHelper.Generate().
|
||||||
func (s *helper) Generate(parent *configv1alpha1.OIDCProvider) (*corev1.Secret, error) {
|
func (s *secretHelper) Generate(parent *configv1alpha1.OIDCProvider) (*corev1.Secret, error) {
|
||||||
key := make([]byte, keySize)
|
key := make([]byte, symmetricKeySize)
|
||||||
if _, err := s.rand.Read(key); err != nil {
|
if _, err := s.rand.Read(key); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -76,28 +76,28 @@ func (s *helper) Generate(parent *configv1alpha1.OIDCProvider) (*corev1.Secret,
|
|||||||
}),
|
}),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Type: SecretType,
|
Type: SymmetricSecretType,
|
||||||
Data: map[string][]byte{
|
Data: map[string][]byte{
|
||||||
SecretDataKey: key,
|
SymmetricSecretDataKey: key,
|
||||||
},
|
},
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsValid implements SecretHelper.IsValid().
|
// IsValid implements SecretHelper.IsValid().
|
||||||
func (s *helper) IsValid(parent *configv1alpha1.OIDCProvider, child *corev1.Secret) bool {
|
func (s *secretHelper) IsValid(parent *configv1alpha1.OIDCProvider, child *corev1.Secret) bool {
|
||||||
if !metav1.IsControlledBy(child, parent) {
|
if !metav1.IsControlledBy(child, parent) {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
if child.Type != SecretType {
|
if child.Type != SymmetricSecretType {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
key, ok := child.Data[SecretDataKey]
|
key, ok := child.Data[SymmetricSecretDataKey]
|
||||||
if !ok {
|
if !ok {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if len(key) != keySize {
|
if len(key) != symmetricKeySize {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -105,6 +105,6 @@ func (s *helper) IsValid(parent *configv1alpha1.OIDCProvider, child *corev1.Secr
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Notify implements SecretHelper.Notify().
|
// Notify implements SecretHelper.Notify().
|
||||||
func (s *helper) Notify(parent *configv1alpha1.OIDCProvider, child *corev1.Secret) {
|
func (s *secretHelper) Notify(parent *configv1alpha1.OIDCProvider, child *corev1.Secret) {
|
||||||
s.notifyFunc(parent, child)
|
s.notifyFunc(parent, child)
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user