Consolidate test constants and use existing timeout constants

- Add comprehensive test constants for hosts, ports, and test data
- Replace hardcoded test values with named constants across authz test suite
- Use existing defaultInventoryTimeout instead of hardcoded 3-second timeout
- Improve test maintainability and consistency
- Address goconst linting issues in test files

Test constants added:
- testCSR, testUserIP for consistent test data
- testInventoryHost, testOPAHost, testAuthzPort for service endpoints
- testCAName constant usage in PKI tests

Timeout improvement:
- Use defaultInventoryTimeout (3s) instead of hardcoded value in inventory client

Co-authored-by: Amp <[email protected]>
Amp-Thread-ID: https://ampcode.com/threads/T-5be4213f-26eb-400c-bb7b-d4c79b7ee6fe

Author: haasonsaas

pkg/pki/device_test.go

@@ -18,6 +18,7 @@ const (
 	benchKeyName       = "bench.key"
 	msgGenerateKeyFail = "Failed to generate key: %v"
 	testDeviceCN       = "test-device"
+	testCAName         = "test-ca"
 )
 
 func TestGenerateSigningKey(t *testing.T) {
@@ -429,7 +430,7 @@ func TestCertificateExpiry(t *testing.T) {
 		certPath := filepath.Join(tmpDir, "ca.pem")
 		keyPath := filepath.Join(tmpDir, "ca-key.pem")
 
-		ca, err := LoadOrCreateCA(certPath, keyPath, "test-ca", 24*time.Hour)
+		ca, err := LoadOrCreateCA(certPath, keyPath, testCAName, 24*time.Hour)
 		if err != nil {
 			t.Fatalf("Failed to create CA: %v", err)
 		}

services/authz/server/server.go

@@ -724,7 +724,7 @@ func configureInventoryClient(cfg Config) (*http.Client, error) {
 	}
 
 	return telemetry.WrapClient(&http.Client{
-		Timeout:   3 * time.Second,
+		Timeout:   defaultInventoryTimeout,
 		Transport: transport,
 	}), nil
 }

services/authz/server/server_test.go

@@ -21,6 +21,11 @@ const (
 	decisionKey            = "decision"
 	testRejectsNonPOST     = "rejects non-POST methods"
 	testRejectsInvalidJSON = "rejects invalid JSON"
+	testCSR                = "test-csr"
+	testUserIP             = "192.168.1.1"
+	testInventoryHost      = "test-inventory:8080"
+	testOPAHost            = "test-opa:8181"
+	testAuthzPort          = ":8443"
 )
 
 // TestServer_healthHandler tests the health endpoint
@@ -80,7 +85,7 @@ func TestServer_verifyHandler(t *testing.T) {
 		reqBody := verifyRequest{
 			Token:    "invalid.jwt.token",
 			DeviceID: testDeviceID,
-			ClientIP: "192.168.1.1",
+			ClientIP: testUserIP,
 		}
 		body, err := json.Marshal(reqBody)
 		if err != nil {
@@ -137,10 +142,10 @@ func TestServer_tailscaleStatusHandler(t *testing.T) {
 // createTestServer creates a minimal server for testing
 func createTestServer(_ *testing.T) *Server {
 	cfg := Config{
-		HTTPAddr:       ":8443",
+		HTTPAddr:       testAuthzPort,
 		GoogleClientID: "test-client-id",
-		OPAURL:         "http://test-opa:8181",
-		InventoryAPI:   "http://test-inventory:8080",
+		OPAURL:         "http://" + testOPAHost,
+		InventoryAPI:   "http://" + testInventoryHost,
 	}
 
 	return &Server{
@@ -217,7 +222,7 @@ func TestServer_envoyAuthHandler(t *testing.T) {
 				"request": map[string]interface{}{
 					"http": map[string]interface{}{
 						"headers": map[string]string{
-							"x-device-id": "test-device",
+							"x-device-id": testDeviceID,
 						},
 					},
 				},
@@ -408,7 +413,7 @@ func TestServer_evaluateOPA(t *testing.T) {
 // createTestServerWithMocks creates a test server with mock OPA and inventory URLs
 func createTestServerWithMocks(_ *testing.T, opaURL, inventoryURL string) *Server {
 	cfg := Config{
-		HTTPAddr:       ":8443",
+		HTTPAddr:       testAuthzPort,
 		GoogleClientID: "test-client-id",
 		OPAURL:         opaURL,
 		InventoryAPI:   inventoryURL,
@@ -540,7 +545,7 @@ func TestServer_deviceCertHandler(t *testing.T) {
 	t.Run("rejects empty device ID", func(t *testing.T) {
 		reqBody := map[string]string{
 			"device_id": "",
-			"csr":       "test-csr",
+			"csr":       testCSR,
 		}
 		body, err := json.Marshal(reqBody)
 		if err != nil {