diff --git a/internal/controller/certificates/policies/checks.go b/internal/controller/certificates/policies/checks.go index a2e633c9f..d2c6b27ec 100644 --- a/internal/controller/certificates/policies/checks.go +++ b/internal/controller/certificates/policies/checks.go @@ -102,10 +102,10 @@ func SecretPrivateKeyMatchesSpec(input Input) (string, string, bool) { // as per the certificate specification func SecretKeystoreFormatMatchesSpec(input Input) (string, string, bool) { if input.Certificate.Spec.Keystores == nil { - if len(input.Secret.Data[cmapi.Pkcs12SecretKey]) != 0 || - len(input.Secret.Data[cmapi.Pkcs12TruststoreKey]) != 0 || - len(input.Secret.Data[cmapi.JksSecretKey]) != 0 || - len(input.Secret.Data[cmapi.JksTruststoreKey]) != 0 { + if len(input.Secret.Data[cmapi.PKCS12SecretKey]) != 0 || + len(input.Secret.Data[cmapi.PKCS12TruststoreKey]) != 0 || + len(input.Secret.Data[cmapi.JKSSecretKey]) != 0 || + len(input.Secret.Data[cmapi.JKSTruststoreKey]) != 0 { return SecretMismatch, "Keystore is not defined", true } return "", "", false @@ -113,38 +113,38 @@ func SecretKeystoreFormatMatchesSpec(input Input) (string, string, bool) { if input.Certificate.Spec.Keystores.JKS != nil { if input.Certificate.Spec.Keystores.JKS.Create { - if len(input.Secret.Data[cmapi.JksSecretKey]) == 0 || - len(input.Secret.Data[cmapi.JksTruststoreKey]) == 0 { + if len(input.Secret.Data[cmapi.JKSSecretKey]) == 0 || + len(input.Secret.Data[cmapi.JKSTruststoreKey]) == 0 { return SecretMismatch, "JKS Keystore keys does not contain data", true } } else { - if len(input.Secret.Data[cmapi.JksSecretKey]) != 0 || - len(input.Secret.Data[cmapi.JksTruststoreKey]) != 0 { + if len(input.Secret.Data[cmapi.JKSSecretKey]) != 0 || + len(input.Secret.Data[cmapi.JKSTruststoreKey]) != 0 { return SecretMismatch, "JKS Keystore create disabled", true } } } else { - if len(input.Secret.Data[cmapi.JksSecretKey]) != 0 || - len(input.Secret.Data[cmapi.JksTruststoreKey]) != 0 { + if len(input.Secret.Data[cmapi.JKSSecretKey]) != 0 || + len(input.Secret.Data[cmapi.JKSTruststoreKey]) != 0 { return SecretMismatch, "JKS Keystore not defined", true } } if input.Certificate.Spec.Keystores.PKCS12 != nil { if input.Certificate.Spec.Keystores.PKCS12.Create { - if len(input.Secret.Data[cmapi.Pkcs12SecretKey]) == 0 || - len(input.Secret.Data[cmapi.Pkcs12TruststoreKey]) == 0 { + if len(input.Secret.Data[cmapi.PKCS12SecretKey]) == 0 || + len(input.Secret.Data[cmapi.PKCS12TruststoreKey]) == 0 { return SecretMismatch, "PKCS12 Keystore keys does not contain data", true } } else { - if len(input.Secret.Data[cmapi.Pkcs12SecretKey]) != 0 || - len(input.Secret.Data[cmapi.Pkcs12TruststoreKey]) != 0 { + if len(input.Secret.Data[cmapi.PKCS12SecretKey]) != 0 || + len(input.Secret.Data[cmapi.PKCS12TruststoreKey]) != 0 { return SecretMismatch, "PKCS12 Keystore create disabled", true } } } else { - if len(input.Secret.Data[cmapi.Pkcs12SecretKey]) != 0 || - len(input.Secret.Data[cmapi.Pkcs12TruststoreKey]) != 0 { + if len(input.Secret.Data[cmapi.PKCS12SecretKey]) != 0 || + len(input.Secret.Data[cmapi.PKCS12TruststoreKey]) != 0 { return SecretMismatch, "PKCS12 Keystore not defined", true } } diff --git a/pkg/apis/certmanager/v1/types.go b/pkg/apis/certmanager/v1/types.go index 2561bd21e..3f7310066 100644 --- a/pkg/apis/certmanager/v1/types.go +++ b/pkg/apis/certmanager/v1/types.go @@ -235,17 +235,17 @@ const ( // Keystore specific secret keys const ( - // Pkcs12SecretKey is the name of the data entry in the Secret resource + // PKCS12SecretKey is the name of the data entry in the Secret resource // used to store the p12 file. - Pkcs12SecretKey = "keystore.p12" + PKCS12SecretKey = "keystore.p12" // Data Entry Name in the Secret resource for PKCS12 containing Certificate Authority - Pkcs12TruststoreKey = "truststore.p12" + PKCS12TruststoreKey = "truststore.p12" - // JksSecretKey is the name of the data entry in the Secret resource + // JKSSecretKey is the name of the data entry in the Secret resource // used to store the jks file. - JksSecretKey = "keystore.jks" + JKSSecretKey = "keystore.jks" // Data Entry Name in the Secret resource for JKS containing Certificate Authority - JksTruststoreKey = "truststore.jks" + JKSTruststoreKey = "truststore.jks" ) // DefaultKeyUsages contains the default list of key usages diff --git a/pkg/controller/certificates/issuing/internal/secret.go b/pkg/controller/certificates/issuing/internal/secret.go index 0f89f263b..1277f490a 100644 --- a/pkg/controller/certificates/issuing/internal/secret.go +++ b/pkg/controller/certificates/issuing/internal/secret.go @@ -235,7 +235,7 @@ func (s *SecretsManager) setKeystores(crt *cmapi.Certificate, secret *corev1.Sec return fmt.Errorf("error encoding PKCS12 bundle: %w", err) } // always overwrite the keystore entry for now - secret.Data[cmapi.Pkcs12SecretKey] = keystoreData + secret.Data[cmapi.PKCS12SecretKey] = keystoreData if len(data.CA) > 0 { truststoreData, err := encodePKCS12Truststore(string(pw), data.CA) @@ -243,7 +243,7 @@ func (s *SecretsManager) setKeystores(crt *cmapi.Certificate, secret *corev1.Sec return fmt.Errorf("error encoding PKCS12 trust store bundle: %w", err) } // always overwrite the truststore entry - secret.Data[cmapi.Pkcs12TruststoreKey] = truststoreData + secret.Data[cmapi.PKCS12TruststoreKey] = truststoreData } } @@ -263,7 +263,7 @@ func (s *SecretsManager) setKeystores(crt *cmapi.Certificate, secret *corev1.Sec return fmt.Errorf("error encoding JKS bundle: %w", err) } // always overwrite the keystore entry - secret.Data[cmapi.JksSecretKey] = keystoreData + secret.Data[cmapi.JKSSecretKey] = keystoreData if len(data.CA) > 0 { truststoreData, err := encodeJKSTruststore(pw, data.CA) @@ -271,7 +271,7 @@ func (s *SecretsManager) setKeystores(crt *cmapi.Certificate, secret *corev1.Sec return fmt.Errorf("error encoding JKS trust store bundle: %w", err) } // always overwrite the keystore entry - secret.Data[cmapi.JksTruststoreKey] = truststoreData + secret.Data[cmapi.JKSTruststoreKey] = truststoreData } } diff --git a/pkg/controller/certificates/issuing/secret_manager_test.go b/pkg/controller/certificates/issuing/secret_manager_test.go index 17f2abf2b..98efa95a8 100644 --- a/pkg/controller/certificates/issuing/secret_manager_test.go +++ b/pkg/controller/certificates/issuing/secret_manager_test.go @@ -531,7 +531,7 @@ func Test_ensureSecretData(t *testing.T) { corev1.TLSCertKey: testcrypto.MustCreateCert(t, pk, &cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}}, ), - cmapi.Pkcs12TruststoreKey: []byte("SomeData"), + cmapi.PKCS12TruststoreKey: []byte("SomeData"), }, }, expectedAction: true, @@ -628,7 +628,7 @@ func Test_ensureSecretData(t *testing.T) { corev1.TLSCertKey: testcrypto.MustCreateCert(t, pk, &cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}}, ), - cmapi.JksTruststoreKey: []byte("SomeData"), + cmapi.JKSTruststoreKey: []byte("SomeData"), }, }, expectedAction: true, @@ -675,7 +675,7 @@ func Test_ensureSecretData(t *testing.T) { corev1.TLSCertKey: testcrypto.MustCreateCert(t, pk, &cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}}, ), - cmapi.JksTruststoreKey: []byte("SomeData"), + cmapi.JKSTruststoreKey: []byte("SomeData"), }, }, expectedAction: true, @@ -820,7 +820,7 @@ func Test_ensureSecretData(t *testing.T) { corev1.TLSCertKey: testcrypto.MustCreateCert(t, pk, &cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}}, ), - cmapi.Pkcs12TruststoreKey: []byte("SomeData"), + cmapi.PKCS12TruststoreKey: []byte("SomeData"), }, }, expectedAction: true, @@ -867,7 +867,7 @@ func Test_ensureSecretData(t *testing.T) { corev1.TLSCertKey: testcrypto.MustCreateCert(t, pk, &cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.com"}}, ), - cmapi.Pkcs12TruststoreKey: []byte("SomeData"), + cmapi.PKCS12TruststoreKey: []byte("SomeData"), }, }, expectedAction: true,