refactor: simplify auth secret handling

Author: thde

api/gitinfo/auth.go

@@ -30,28 +30,27 @@ func (a Auth) HasBasicAuth() bool {
 	return a.Username != nil && a.Password != nil
 }
 
-func (a Auth) Secret(app *apps.Application) *corev1.Secret {
-	data := map[string][]byte{}
-
-	if a.SSHPrivateKey != nil {
-		data[PrivateKeySecretKey] = []byte(*a.SSHPrivateKey)
-	} else if a.Username != nil && a.Password != nil {
-		data[UsernameSecretKey] = []byte(*a.Username)
-		data[PasswordSecretKey] = []byte(*a.Password)
-	}
-
+// NewAuthSecret returns a new secret for the given application. It can be used as
+// a key for Get/Delete operations or as a base for populating credentials.
+func NewAuthSecret(app *apps.Application) *corev1.Secret {
 	return &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      AuthSecretName(app),
 			Namespace: app.Namespace,
 		},
-		Data: data,
 	}
 }
 
-// UpdateSecret replaces the data of the secret with the data from GitAuth. Only
-// replaces fields which are non-nil.
-func (a Auth) UpdateSecret(secret *corev1.Secret) {
+// ApplyToSecret writes the Auth credentials into the given secret's Data field.
+// Only writes fields which are non-nil.
+func (a Auth) ApplyToSecret(secret *corev1.Secret) {
+	if secret.Data == nil {
+		secret.Data = make(map[string][]byte)
+	}
+	if secret.Annotations == nil {
+		secret.Annotations = make(map[string]string)
+	}
+
 	if a.SSHPrivateKey != nil {
 		secret.Data[PrivateKeySecretKey] = []byte(*a.SSHPrivateKey)
 	}
@@ -63,9 +62,6 @@ func (a Auth) UpdateSecret(secret *corev1.Secret) {
 	if a.Password != nil {
 		secret.Data[PasswordSecretKey] = []byte(*a.Password)
 	}
-	if secret.Annotations == nil {
-		secret.Annotations = make(map[string]string)
-	}
 }
 
 // Enabled returns true if any kind of credentials are set in the GitAuth

create/application.go

@@ -161,7 +161,8 @@ func (cmd *applicationCmd) Run(ctx context.Context, client *api.Client) error {
 			return fmt.Errorf("the credentials are given but they are empty: %w", err)
 		}
 
-		secret := auth.Secret(newApp)
+		secret := gitinfo.NewAuthSecret(newApp)
+		auth.ApplyToSecret(secret)
 		// for git auth we create a separate secret and then reference it in the app.
 		if err := client.Create(ctx, secret); err != nil {
 			if kerrors.IsAlreadyExists(err) {
@@ -172,7 +173,7 @@ func (cmd *applicationCmd) Run(ctx context.Context, client *api.Client) error {
 						return err
 					}
 
-					auth.UpdateSecret(secret)
+					auth.ApplyToSecret(secret)
 					if err := client.Update(ctx, secret); err != nil {
 						return err
 					}
@@ -201,7 +202,7 @@ func (cmd *applicationCmd) Run(ctx context.Context, client *api.Client) error {
 
 	if err := c.createResource(appWaitCtx); err != nil {
 		if auth.Enabled() {
-			secret := auth.Secret(newApp)
+			secret := gitinfo.NewAuthSecret(newApp)
 			if gitErr := client.Delete(ctx, secret); gitErr != nil {
 				return errors.Join(err, fmt.Errorf("unable to delete git auth secret: %w", gitErr))
 			}

create/application_test.go

@@ -150,8 +150,7 @@ func TestCreateApplication(t *testing.T) {
 			},
 			checkApp: func(t *testing.T, cmd applicationCmd, app *apps.Application) {
 				is := require.New(t)
-				auth := gitinfo.Auth{Username: cmd.Git.Username, Password: cmd.Git.Password}
-				authSecret := auth.Secret(app)
+				authSecret := gitinfo.NewAuthSecret(app)
 				if err := apiClient.Get(t.Context(), api.ObjectName(authSecret), authSecret); err != nil {
 					t.Fatal(err)
 				}
@@ -176,8 +175,7 @@ func TestCreateApplication(t *testing.T) {
 			},
 			checkApp: func(t *testing.T, cmd applicationCmd, app *apps.Application) {
 				is := require.New(t)
-				auth := gitinfo.Auth{SSHPrivateKey: cmd.Git.SSHPrivateKey}
-				authSecret := auth.Secret(app)
+				authSecret := gitinfo.NewAuthSecret(app)
 				if err := apiClient.Get(t.Context(), api.ObjectName(authSecret), authSecret); err != nil {
 					t.Fatal(err)
 				}
@@ -201,8 +199,7 @@ func TestCreateApplication(t *testing.T) {
 			},
 			checkApp: func(t *testing.T, cmd applicationCmd, app *apps.Application) {
 				is := require.New(t)
-				auth := gitinfo.Auth{SSHPrivateKey: cmd.Git.SSHPrivateKey}
-				authSecret := auth.Secret(app)
+				authSecret := gitinfo.NewAuthSecret(app)
 				if err := apiClient.Get(t.Context(), api.ObjectName(authSecret), authSecret); err != nil {
 					t.Fatal(err)
 				}
@@ -226,8 +223,7 @@ func TestCreateApplication(t *testing.T) {
 			},
 			checkApp: func(t *testing.T, cmd applicationCmd, app *apps.Application) {
 				is := require.New(t)
-				auth := gitinfo.Auth{SSHPrivateKey: ptr.To("notused")}
-				authSecret := auth.Secret(app)
+				authSecret := gitinfo.NewAuthSecret(app)
 				if err := apiClient.Get(t.Context(), api.ObjectName(authSecret), authSecret); err != nil {
 					t.Fatal(err)
 				}
@@ -251,8 +247,7 @@ func TestCreateApplication(t *testing.T) {
 			},
 			checkApp: func(t *testing.T, cmd applicationCmd, app *apps.Application) {
 				is := require.New(t)
-				auth := gitinfo.Auth{SSHPrivateKey: ptr.To("notused")}
-				authSecret := auth.Secret(app)
+				authSecret := gitinfo.NewAuthSecret(app)
 				if err := apiClient.Get(t.Context(), api.ObjectName(authSecret), authSecret); err != nil {
 					t.Fatal(err)
 				}

delete/application_test.go

@@ -214,7 +214,7 @@ func dummyApp(name, namespace string) *apps.Application {
 }
 
 func gitSecretFor(app *apps.Application) *corev1.Secret {
-	s := gitinfo.Auth{}.Secret(app)
+	s := gitinfo.NewAuthSecret(app)
 	s.TypeMeta = metav1.TypeMeta{
 		APIVersion: corev1.SchemeGroupVersion.String(),
 		Kind:       "Secret",

update/application.go

@@ -195,10 +195,10 @@ func (cmd *applicationCmd) Run(ctx context.Context, client *api.Client) error {
 		}
 
 		if auth.Enabled() {
-			secret := auth.Secret(app)
+			secret := gitinfo.NewAuthSecret(app)
 			if err := client.Get(ctx, client.Name(secret.Name), secret); err != nil {
 				if errors.IsNotFound(err) {
-					auth.UpdateSecret(secret)
+					auth.ApplyToSecret(secret)
 					if err := client.Create(ctx, secret); err != nil {
 						return err
 					}
@@ -209,7 +209,7 @@ func (cmd *applicationCmd) Run(ctx context.Context, client *api.Client) error {
 				return err
 			}
 
-			auth.UpdateSecret(secret)
+			auth.ApplyToSecret(secret)
 			if err := client.Update(ctx, secret); err != nil {
 				return err
 			}
@@ -501,12 +501,12 @@ func warnIfDockerfileNotEnabled(w format.Writer, app *apps.Application, flag str
 }
 
 func gitAuthFromApp(ctx context.Context, client *api.Client, app *apps.Application) (gitinfo.Auth, error) {
-	auth := &gitinfo.Auth{}
-	secret := auth.Secret(app)
+	secret := gitinfo.NewAuthSecret(app)
 	if err := client.Get(ctx, client.Name(secret.Name), secret); err != nil {
 		return gitinfo.Auth{}, err
 	}
+	var auth gitinfo.Auth
 	auth.UpdateFromSecret(secret)
 
-	return *auth, nil
+	return auth, nil
 }

update/application_test.go

@@ -620,7 +620,9 @@ func TestApplication(t *testing.T) {
 
 			objects := []client.Object{tc.orig}
 			if tc.gitAuth != nil {
-				objects = append(objects, tc.gitAuth.Secret(tc.orig))
+				secret := gitinfo.NewAuthSecret(tc.orig)
+				tc.gitAuth.ApplyToSecret(secret)
+				objects = append(objects, secret)
 			}
 			apiClient := test.SetupClient(t,
 				test.WithObjects(objects...),