From f0652c1ce161472accae9f3ac8a46d88a65fd94d Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Wed, 12 May 2021 13:20:00 -0700 Subject: [PATCH] Replace all usages of strPtr() with pointer.StringPtr() --- internal/config/concierge/config.go | 19 ++--- internal/config/concierge/config_test.go | 15 ++-- internal/config/supervisor/config.go | 7 +- internal/config/supervisor/config_test.go | 6 +- internal/oidc/auth/auth_handler_test.go | 69 +++++++++---------- .../registry/credentialrequest/rest_test.go | 7 +- .../concierge_credentialrequest_test.go | 7 +- 7 files changed, 57 insertions(+), 73 deletions(-) diff --git a/internal/config/concierge/config.go b/internal/config/concierge/config.go index 610caa7e..ad6a00df 100644 --- a/internal/config/concierge/config.go +++ b/internal/config/concierge/config.go @@ -10,6 +10,7 @@ import ( "io/ioutil" "strings" + "k8s.io/utils/pointer" "sigs.k8s.io/yaml" "go.pinniped.dev/internal/constable" @@ -69,27 +70,27 @@ func FromPath(path string) (*Config, error) { func maybeSetAPIDefaults(apiConfig *APIConfigSpec) { if apiConfig.ServingCertificateConfig.DurationSeconds == nil { - apiConfig.ServingCertificateConfig.DurationSeconds = int64Ptr(aboutAYear) + apiConfig.ServingCertificateConfig.DurationSeconds = pointer.Int64Ptr(aboutAYear) } if apiConfig.ServingCertificateConfig.RenewBeforeSeconds == nil { - apiConfig.ServingCertificateConfig.RenewBeforeSeconds = int64Ptr(about9Months) + apiConfig.ServingCertificateConfig.RenewBeforeSeconds = pointer.Int64Ptr(about9Months) } } func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) { if *apiGroupSuffix == nil { - *apiGroupSuffix = stringPtr(groupsuffix.PinnipedDefaultSuffix) + *apiGroupSuffix = pointer.StringPtr(groupsuffix.PinnipedDefaultSuffix) } } func maybeSetKubeCertAgentDefaults(cfg *KubeCertAgentSpec) { if cfg.NamePrefix == nil { - cfg.NamePrefix = stringPtr("pinniped-kube-cert-agent-") + cfg.NamePrefix = pointer.StringPtr("pinniped-kube-cert-agent-") } if cfg.Image == nil { - cfg.Image = stringPtr("debian:latest") + cfg.Image = pointer.StringPtr("debian:latest") } } @@ -146,11 +147,3 @@ func validateAPI(apiConfig *APIConfigSpec) error { func validateAPIGroupSuffix(apiGroupSuffix string) error { return groupsuffix.Validate(apiGroupSuffix) } - -func int64Ptr(i int64) *int64 { - return &i -} - -func stringPtr(s string) *string { - return &s -} diff --git a/internal/config/concierge/config_test.go b/internal/config/concierge/config_test.go index 1101d2d5..d58ecb2c 100644 --- a/internal/config/concierge/config_test.go +++ b/internal/config/concierge/config_test.go @@ -9,6 +9,7 @@ import ( "testing" "github.com/stretchr/testify/require" + "k8s.io/utils/pointer" "go.pinniped.dev/internal/here" "go.pinniped.dev/internal/plog" @@ -55,7 +56,7 @@ func TestFromPath(t *testing.T) { `), wantConfig: &Config{ DiscoveryInfo: DiscoveryInfoSpec{ - URL: stringPtr("https://some.discovery/url"), + URL: pointer.StringPtr("https://some.discovery/url"), }, APIConfig: APIConfigSpec{ ServingCertificateConfig: ServingCertificateConfigSpec{ @@ -63,7 +64,7 @@ func TestFromPath(t *testing.T) { RenewBeforeSeconds: int64Ptr(2400), }, }, - APIGroupSuffix: stringPtr("some.suffix.com"), + APIGroupSuffix: pointer.StringPtr("some.suffix.com"), NamesConfig: NamesConfigSpec{ ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate", CredentialIssuer: "pinniped-config", @@ -80,8 +81,8 @@ func TestFromPath(t *testing.T) { "myLabelKey2": "myLabelValue2", }, KubeCertAgentConfig: KubeCertAgentSpec{ - NamePrefix: stringPtr("kube-cert-agent-name-prefix-"), - Image: stringPtr("kube-cert-agent-image"), + NamePrefix: pointer.StringPtr("kube-cert-agent-name-prefix-"), + Image: pointer.StringPtr("kube-cert-agent-image"), ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"}, }, LogLevel: plog.LevelDebug, @@ -106,7 +107,7 @@ func TestFromPath(t *testing.T) { DiscoveryInfo: DiscoveryInfoSpec{ URL: nil, }, - APIGroupSuffix: stringPtr("pinniped.dev"), + APIGroupSuffix: pointer.StringPtr("pinniped.dev"), APIConfig: APIConfigSpec{ ServingCertificateConfig: ServingCertificateConfigSpec{ DurationSeconds: int64Ptr(60 * 60 * 24 * 365), // about a year @@ -126,8 +127,8 @@ func TestFromPath(t *testing.T) { }, Labels: map[string]string{}, KubeCertAgentConfig: KubeCertAgentSpec{ - NamePrefix: stringPtr("pinniped-kube-cert-agent-"), - Image: stringPtr("debian:latest"), + NamePrefix: pointer.StringPtr("pinniped-kube-cert-agent-"), + Image: pointer.StringPtr("debian:latest"), }, }, }, diff --git a/internal/config/supervisor/config.go b/internal/config/supervisor/config.go index 24668f54..608a7719 100644 --- a/internal/config/supervisor/config.go +++ b/internal/config/supervisor/config.go @@ -10,6 +10,7 @@ import ( "io/ioutil" "strings" + "k8s.io/utils/pointer" "sigs.k8s.io/yaml" "go.pinniped.dev/internal/constable" @@ -54,7 +55,7 @@ func FromPath(path string) (*Config, error) { func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) { if *apiGroupSuffix == nil { - *apiGroupSuffix = stringPtr(groupsuffix.PinnipedDefaultSuffix) + *apiGroupSuffix = pointer.StringPtr(groupsuffix.PinnipedDefaultSuffix) } } @@ -72,7 +73,3 @@ func validateNames(names *NamesConfigSpec) error { } return nil } - -func stringPtr(s string) *string { - return &s -} diff --git a/internal/config/supervisor/config_test.go b/internal/config/supervisor/config_test.go index 7fb1acc8..72839aeb 100644 --- a/internal/config/supervisor/config_test.go +++ b/internal/config/supervisor/config_test.go @@ -8,6 +8,8 @@ import ( "os" "testing" + "k8s.io/utils/pointer" + "github.com/stretchr/testify/require" "go.pinniped.dev/internal/here" @@ -32,7 +34,7 @@ func TestFromPath(t *testing.T) { defaultTLSCertificateSecret: my-secret-name `), wantConfig: &Config{ - APIGroupSuffix: stringPtr("some.suffix.com"), + APIGroupSuffix: pointer.StringPtr("some.suffix.com"), Labels: map[string]string{ "myLabelKey1": "myLabelValue1", "myLabelKey2": "myLabelValue2", @@ -50,7 +52,7 @@ func TestFromPath(t *testing.T) { defaultTLSCertificateSecret: my-secret-name `), wantConfig: &Config{ - APIGroupSuffix: stringPtr("pinniped.dev"), + APIGroupSuffix: pointer.StringPtr("pinniped.dev"), Labels: map[string]string{}, NamesConfig: NamesConfigSpec{ DefaultTLSCertificateSecret: "my-secret-name", diff --git a/internal/oidc/auth/auth_handler_test.go b/internal/oidc/auth/auth_handler_test.go index 98da84bc..d65dbf4b 100644 --- a/internal/oidc/auth/auth_handler_test.go +++ b/internal/oidc/auth/auth_handler_test.go @@ -21,6 +21,7 @@ import ( "k8s.io/apiserver/pkg/authentication/user" "k8s.io/client-go/kubernetes/fake" v1 "k8s.io/client-go/kubernetes/typed/core/v1" + "k8s.io/utils/pointer" "go.pinniped.dev/internal/here" "go.pinniped.dev/internal/oidc" @@ -377,8 +378,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idpLister: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider).Build(), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: stringPtr(happyLDAPUsername), - customPasswordHeader: stringPtr(happyLDAPPassword), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: htmlContentType, wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp, @@ -436,8 +437,8 @@ func TestAuthorizationEndpoint(t *testing.T) { path: "/some/path", contentType: "application/x-www-form-urlencoded", body: encodeQuery(happyGetRequestQueryMap), - customUsernameHeader: stringPtr(happyLDAPUsername), - customPasswordHeader: stringPtr(happyLDAPPassword), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: htmlContentType, wantRedirectLocationRegexp: happyAuthcodeDownstreamRedirectLocationRegexp, @@ -518,8 +519,8 @@ func TestAuthorizationEndpoint(t *testing.T) { path: modifiedHappyGetRequestPath(map[string]string{ "redirect_uri": downstreamRedirectURIWithDifferentPort, // not the same port number that is registered for the client }), - customUsernameHeader: stringPtr(happyLDAPUsername), - customPasswordHeader: stringPtr(happyLDAPPassword), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: htmlContentType, wantRedirectLocationRegexp: downstreamRedirectURIWithDifferentPort + `\?code=([^&]+)&scope=openid&state=` + happyState, @@ -558,8 +559,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idpLister: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&erroringUpstreamLDAPIdentityProvider).Build(), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: stringPtr(happyLDAPUsername), - customPasswordHeader: stringPtr(happyLDAPPassword), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusBadGateway, wantContentType: htmlContentType, wantBodyString: "Bad Gateway: unexpected error during upstream authentication\n", @@ -569,8 +570,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idpLister: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider).Build(), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: stringPtr(happyLDAPUsername), - customPasswordHeader: stringPtr("wrong-password"), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), + customPasswordHeader: pointer.StringPtr("wrong-password"), wantStatus: http.StatusFound, wantContentType: "application/json; charset=utf-8", wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery), @@ -581,8 +582,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idpLister: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider).Build(), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: stringPtr("wrong-username"), - customPasswordHeader: stringPtr(happyLDAPPassword), + customUsernameHeader: pointer.StringPtr("wrong-username"), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: "application/json; charset=utf-8", wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithBadUsernamePasswordHintErrorQuery), @@ -594,7 +595,7 @@ func TestAuthorizationEndpoint(t *testing.T) { method: http.MethodGet, path: happyGetRequestPath, customUsernameHeader: nil, // do not send header - customPasswordHeader: stringPtr(happyLDAPPassword), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: "application/json; charset=utf-8", wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeAccessDeniedWithMissingUsernamePasswordHintErrorQuery), @@ -605,7 +606,7 @@ func TestAuthorizationEndpoint(t *testing.T) { idpLister: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider).Build(), method: http.MethodGet, path: happyGetRequestPath, - customUsernameHeader: stringPtr(happyLDAPUsername), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), customPasswordHeader: nil, // do not send header wantStatus: http.StatusFound, wantContentType: "application/json; charset=utf-8", @@ -635,8 +636,8 @@ func TestAuthorizationEndpoint(t *testing.T) { path: modifiedHappyGetRequestPath(map[string]string{ "redirect_uri": "http://127.0.0.1/does-not-match-what-is-configured-for-pinniped-cli-client", }), - customUsernameHeader: stringPtr(happyLDAPUsername), - customPasswordHeader: stringPtr(happyLDAPPassword), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusBadRequest, wantContentType: "application/json; charset=utf-8", wantBodyJSON: fositeInvalidRedirectURIErrorBody, @@ -709,8 +710,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idpLister: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider).Build(), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"scope": "openid tuna"}), - customUsernameHeader: stringPtr(happyLDAPUsername), - customPasswordHeader: stringPtr(happyLDAPPassword), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: "application/json; charset=utf-8", wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidScopeErrorQuery), @@ -784,8 +785,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idpLister: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider).Build(), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"code_challenge": ""}), - customUsernameHeader: stringPtr(happyLDAPUsername), - customPasswordHeader: stringPtr(happyLDAPPassword), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: "application/json; charset=utf-8", wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeErrorQuery), @@ -812,8 +813,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idpLister: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider).Build(), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "this-is-not-a-valid-pkce-alg"}), - customUsernameHeader: stringPtr(happyLDAPUsername), - customPasswordHeader: stringPtr(happyLDAPPassword), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: "application/json; charset=utf-8", wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidCodeChallengeErrorQuery), @@ -840,8 +841,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idpLister: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider).Build(), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": "plain"}), - customUsernameHeader: stringPtr(happyLDAPUsername), - customPasswordHeader: stringPtr(happyLDAPPassword), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: "application/json; charset=utf-8", wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeMethodErrorQuery), @@ -868,8 +869,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idpLister: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider).Build(), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"code_challenge_method": ""}), - customUsernameHeader: stringPtr(happyLDAPUsername), - customPasswordHeader: stringPtr(happyLDAPPassword), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: "application/json; charset=utf-8", wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeMissingCodeChallengeMethodErrorQuery), @@ -900,8 +901,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idpLister: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider).Build(), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login"}), - customUsernameHeader: stringPtr(happyLDAPUsername), - customPasswordHeader: stringPtr(happyLDAPPassword), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: "application/json; charset=utf-8", wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositePromptHasNoneAndOtherValueErrorQuery), @@ -934,8 +935,8 @@ func TestAuthorizationEndpoint(t *testing.T) { method: http.MethodGet, // The following prompt value is illegal when openid is requested, but note that openid is not requested. path: modifiedHappyGetRequestPath(map[string]string{"prompt": "none login", "scope": "email"}), - customUsernameHeader: stringPtr(happyLDAPUsername), - customPasswordHeader: stringPtr(happyLDAPPassword), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: htmlContentType, wantRedirectLocationRegexp: downstreamRedirectURI + `\?code=([^&]+)&scope=&state=` + happyState, // no scopes granted @@ -970,8 +971,8 @@ func TestAuthorizationEndpoint(t *testing.T) { idpLister: oidctestutil.NewUpstreamIDPListerBuilder().WithLDAP(&upstreamLDAPIdentityProvider).Build(), method: http.MethodGet, path: modifiedHappyGetRequestPath(map[string]string{"state": "short"}), - customUsernameHeader: stringPtr(happyLDAPUsername), - customPasswordHeader: stringPtr(happyLDAPPassword), + customUsernameHeader: pointer.StringPtr(happyLDAPUsername), + customPasswordHeader: pointer.StringPtr(happyLDAPPassword), wantStatus: http.StatusFound, wantContentType: "application/json; charset=utf-8", wantLocationHeader: urlWithQuery(downstreamRedirectURI, fositeInvalidStateErrorQuery), @@ -1331,7 +1332,3 @@ func requireEqualURLs(t *testing.T, actualURL string, expectedURL string, ignore } require.Equal(t, expectedLocationQuery, actualLocationQuery) } - -func stringPtr(s string) *string { - return &s -} diff --git a/internal/registry/credentialrequest/rest_test.go b/internal/registry/credentialrequest/rest_test.go index 9c05c2bb..78d5dd73 100644 --- a/internal/registry/credentialrequest/rest_test.go +++ b/internal/registry/credentialrequest/rest_test.go @@ -21,6 +21,7 @@ import ( genericapirequest "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" "k8s.io/klog/v2" + "k8s.io/utils/pointer" loginapi "go.pinniped.dev/generated/latest/apis/concierge/login" "go.pinniped.dev/internal/issuer" @@ -347,7 +348,7 @@ func requireSuccessfulResponseWithAuthenticationFailureMessage(t *testing.T, err require.Equal(t, response, &loginapi.TokenCredentialRequest{ Status: loginapi.TokenCredentialRequestStatus{ Credential: nil, - Message: stringPtr("authentication failed"), + Message: pointer.StringPtr("authentication failed"), }, }) } @@ -359,7 +360,3 @@ func successfulIssuer(ctrl *gomock.Controller) issuer.ClientCertIssuer { Return([]byte("test-cert"), []byte("test-key"), nil) return clientCertIssuer } - -func stringPtr(s string) *string { - return &s -} diff --git a/test/integration/concierge_credentialrequest_test.go b/test/integration/concierge_credentialrequest_test.go index 20b86347..8931859d 100644 --- a/test/integration/concierge_credentialrequest_test.go +++ b/test/integration/concierge_credentialrequest_test.go @@ -16,6 +16,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/pointer" auth1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" @@ -147,7 +148,7 @@ func TestFailedCredentialRequestWhenTheRequestIsValidButTheTokenDoesNotAuthentic require.Empty(t, response.Spec) require.Nil(t, response.Status.Credential) - require.Equal(t, stringPtr("authentication failed"), response.Status.Message) + require.Equal(t, pointer.StringPtr("authentication failed"), response.Status.Message) } func TestCredentialRequest_ShouldFailWhenRequestDoesNotIncludeToken(t *testing.T) { @@ -177,10 +178,6 @@ func TestCredentialRequest_ShouldFailWhenRequestDoesNotIncludeToken(t *testing.T require.Nil(t, response.Status.Credential) } -func stringPtr(s string) *string { - return &s -} - func getCommonName(t *testing.T, certPEM string) string { t.Helper()