Addressing review comments

Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
2022-12-06 18:48:23 +05:30 · 2022-12-06 18:48:23 +05:30 · f719247d2b
commit f719247d2b
parent 5aabf62585
4 changed files with 31 additions and 31 deletions
--- a/internal/controller/certificates/policies/checks.go
+++ b/internal/controller/certificates/policies/checks.go
@ -102,10 +102,10 @@ func SecretPrivateKeyMatchesSpec(input Input) (string, string, bool) {
 // as per the certificate specification
 func SecretKeystoreFormatMatchesSpec(input Input) (string, string, bool) {
 	if input.Certificate.Spec.Keystores == nil {
-		if len(input.Secret.Data[cmapi.Pkcs12SecretKey]) != 0 ||
-			len(input.Secret.Data[cmapi.Pkcs12TruststoreKey]) != 0 ||
-			len(input.Secret.Data[cmapi.JksSecretKey]) != 0 ||
-			len(input.Secret.Data[cmapi.JksTruststoreKey]) != 0 {
+		if len(input.Secret.Data[cmapi.PKCS12SecretKey]) != 0 ||
+			len(input.Secret.Data[cmapi.PKCS12TruststoreKey]) != 0 ||
+			len(input.Secret.Data[cmapi.JKSSecretKey]) != 0 ||
+			len(input.Secret.Data[cmapi.JKSTruststoreKey]) != 0 {
 			return SecretMismatch, "Keystore is not defined", true
 		}
 		return "", "", false
@ -113,38 +113,38 @@ func SecretKeystoreFormatMatchesSpec(input Input) (string, string, bool) {

 	if input.Certificate.Spec.Keystores.JKS != nil {
 		if input.Certificate.Spec.Keystores.JKS.Create {
-			if len(input.Secret.Data[cmapi.JksSecretKey]) == 0 ||
-				len(input.Secret.Data[cmapi.JksTruststoreKey]) == 0 {
+			if len(input.Secret.Data[cmapi.JKSSecretKey]) == 0 ||
+				len(input.Secret.Data[cmapi.JKSTruststoreKey]) == 0 {
 				return SecretMismatch, "JKS Keystore keys does not contain data", true
 			}
 		} else {
-			if len(input.Secret.Data[cmapi.JksSecretKey]) != 0 ||
-				len(input.Secret.Data[cmapi.JksTruststoreKey]) != 0 {
+			if len(input.Secret.Data[cmapi.JKSSecretKey]) != 0 ||
+				len(input.Secret.Data[cmapi.JKSTruststoreKey]) != 0 {
 				return SecretMismatch, "JKS Keystore create disabled", true
 			}
 		}
 	} else {
-		if len(input.Secret.Data[cmapi.JksSecretKey]) != 0 ||
-			len(input.Secret.Data[cmapi.JksTruststoreKey]) != 0 {
+		if len(input.Secret.Data[cmapi.JKSSecretKey]) != 0 ||
+			len(input.Secret.Data[cmapi.JKSTruststoreKey]) != 0 {
 			return SecretMismatch, "JKS Keystore not defined", true
 		}
 	}

 	if input.Certificate.Spec.Keystores.PKCS12 != nil {
 		if input.Certificate.Spec.Keystores.PKCS12.Create {
-			if len(input.Secret.Data[cmapi.Pkcs12SecretKey]) == 0 ||
-				len(input.Secret.Data[cmapi.Pkcs12TruststoreKey]) == 0 {
+			if len(input.Secret.Data[cmapi.PKCS12SecretKey]) == 0 ||
+				len(input.Secret.Data[cmapi.PKCS12TruststoreKey]) == 0 {
 				return SecretMismatch, "PKCS12 Keystore keys does not contain data", true
 			}
 		} else {
-			if len(input.Secret.Data[cmapi.Pkcs12SecretKey]) != 0 ||
-				len(input.Secret.Data[cmapi.Pkcs12TruststoreKey]) != 0 {
+			if len(input.Secret.Data[cmapi.PKCS12SecretKey]) != 0 ||
+				len(input.Secret.Data[cmapi.PKCS12TruststoreKey]) != 0 {
 				return SecretMismatch, "PKCS12 Keystore create disabled", true
 			}
 		}
 	} else {
-		if len(input.Secret.Data[cmapi.Pkcs12SecretKey]) != 0 ||
-			len(input.Secret.Data[cmapi.Pkcs12TruststoreKey]) != 0 {
+		if len(input.Secret.Data[cmapi.PKCS12SecretKey]) != 0 ||
+			len(input.Secret.Data[cmapi.PKCS12TruststoreKey]) != 0 {
 			return SecretMismatch, "PKCS12 Keystore not defined", true
 		}
 	}
--- a/pkg/apis/certmanager/v1/types.go
+++ b/pkg/apis/certmanager/v1/types.go
@ -235,17 +235,17 @@ const (

 // Keystore specific secret keys
 const (
-	// Pkcs12SecretKey is the name of the data entry in the Secret resource
+	// PKCS12SecretKey is the name of the data entry in the Secret resource
 	// used to store the p12 file.
-	Pkcs12SecretKey = "keystore.p12"
+	PKCS12SecretKey = "keystore.p12"
 	// Data Entry Name in the Secret resource for PKCS12 containing Certificate Authority
-	Pkcs12TruststoreKey = "truststore.p12"
+	PKCS12TruststoreKey = "truststore.p12"

-	// JksSecretKey is the name of the data entry in the Secret resource
+	// JKSSecretKey is the name of the data entry in the Secret resource
 	// used to store the jks file.
-	JksSecretKey = "keystore.jks"
+	JKSSecretKey = "keystore.jks"
 	// Data Entry Name in the Secret resource for JKS containing Certificate Authority
-	JksTruststoreKey = "truststore.jks"
+	JKSTruststoreKey = "truststore.jks"
 )

 // DefaultKeyUsages contains the default list of key usages
--- a/pkg/controller/certificates/issuing/internal/secret.go
+++ b/pkg/controller/certificates/issuing/internal/secret.go
@ -235,7 +235,7 @@ func (s *SecretsManager) setKeystores(crt *cmapi.Certificate, secret *corev1.Sec
 			return fmt.Errorf("error encoding PKCS12 bundle: %w", err)
 		}
 		// always overwrite the keystore entry for now
-		secret.Data[cmapi.Pkcs12SecretKey] = keystoreData
+		secret.Data[cmapi.PKCS12SecretKey] = keystoreData

 		if len(data.CA) > 0 {
 			truststoreData, err := encodePKCS12Truststore(string(pw), data.CA)
@ -243,7 +243,7 @@ func (s *SecretsManager) setKeystores(crt *cmapi.Certificate, secret *corev1.Sec
 				return fmt.Errorf("error encoding PKCS12 trust store bundle: %w", err)
 			}
 			// always overwrite the truststore entry
-			secret.Data[cmapi.Pkcs12TruststoreKey] = truststoreData
+			secret.Data[cmapi.PKCS12TruststoreKey] = truststoreData
 		}
 	}

@ -263,7 +263,7 @@ func (s *SecretsManager) setKeystores(crt *cmapi.Certificate, secret *corev1.Sec
 			return fmt.Errorf("error encoding JKS bundle: %w", err)
 		}
 		// always overwrite the keystore entry
-		secret.Data[cmapi.JksSecretKey] = keystoreData
+		secret.Data[cmapi.JKSSecretKey] = keystoreData

 		if len(data.CA) > 0 {
 			truststoreData, err := encodeJKSTruststore(pw, data.CA)
@ -271,7 +271,7 @@ func (s *SecretsManager) setKeystores(crt *cmapi.Certificate, secret *corev1.Sec
 				return fmt.Errorf("error encoding JKS trust store bundle: %w", err)
 			}
 			// always overwrite the keystore entry
-			secret.Data[cmapi.JksTruststoreKey] = truststoreData
+			secret.Data[cmapi.JKSTruststoreKey] = truststoreData
 		}
 	}

--- a/pkg/controller/certificates/issuing/secret_manager_test.go
+++ b/pkg/controller/certificates/issuing/secret_manager_test.go
@ -531,7 +531,7 @@ func Test_ensureSecretData(t *testing.T) {
 					corev1.TLSCertKey: testcrypto.MustCreateCert(t, pk,
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}},
 					),
-					cmapi.Pkcs12TruststoreKey: []byte("SomeData"),
+					cmapi.PKCS12TruststoreKey: []byte("SomeData"),
 				},
 			},
 			expectedAction: true,
@ -628,7 +628,7 @@ func Test_ensureSecretData(t *testing.T) {
 					corev1.TLSCertKey: testcrypto.MustCreateCert(t, pk,
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}},
 					),
-					cmapi.JksTruststoreKey: []byte("SomeData"),
+					cmapi.JKSTruststoreKey: []byte("SomeData"),
 				},
 			},
 			expectedAction: true,
@ -675,7 +675,7 @@ func Test_ensureSecretData(t *testing.T) {
 					corev1.TLSCertKey: testcrypto.MustCreateCert(t, pk,
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}},
 					),
-					cmapi.JksTruststoreKey: []byte("SomeData"),
+					cmapi.JKSTruststoreKey: []byte("SomeData"),
 				},
 			},
 			expectedAction: true,
@ -820,7 +820,7 @@ func Test_ensureSecretData(t *testing.T) {
 					corev1.TLSCertKey: testcrypto.MustCreateCert(t, pk,
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}},
 					),
-					cmapi.Pkcs12TruststoreKey: []byte("SomeData"),
+					cmapi.PKCS12TruststoreKey: []byte("SomeData"),
 				},
 			},
 			expectedAction: true,
@ -867,7 +867,7 @@ func Test_ensureSecretData(t *testing.T) {
 					corev1.TLSCertKey: testcrypto.MustCreateCert(t, pk,
 						&cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}},
 					),
-					cmapi.Pkcs12TruststoreKey: []byte("SomeData"),
+					cmapi.PKCS12TruststoreKey: []byte("SomeData"),
 				},
 			},
 			expectedAction: true,