Refactor: Use secret.Data instead of secret.StringData

internal/controller/apicerts/apiservice_updater.go

@@ -64,7 +64,13 @@ func (c *apiServiceUpdaterController) Sync(ctx controllerlib.Context) error {
 	}
 
 	// Update the APIService to give it the new CA bundle.
-	if err := UpdateAPIService(ctx.Context, c.aggregatorClient, c.apiServiceName, c.namespace, certSecret.Data[CACertificateSecretKey]); err != nil {
+	if err := UpdateAPIService(
+		ctx.Context,
+		c.aggregatorClient,
+		c.apiServiceName,
+		c.namespace,
+		certSecret.Data[CACertificateSecretKey],
+	); err != nil {
 		return fmt.Errorf("could not update the API service: %w", err)
 	}
 

internal/controller/apicerts/certs_creator.go

@@ -110,9 +110,9 @@ func (c *certsCreatorController) Sync(ctx controllerlib.Context) error {
 			Namespace: c.namespace,
 			Labels:    c.certsSecretLabels,
 		},
-		StringData: map[string]string{
-			CACertificateSecretKey:           string(ca.Bundle()),
-			CACertificatePrivateKeySecretKey: string(caPrivateKeyPEM),
+		Data: map[string][]byte{
+			CACertificateSecretKey:           ca.Bundle(),
+			CACertificatePrivateKeySecretKey: caPrivateKeyPEM,
 		},
 	}
 
@@ -131,8 +131,8 @@ func (c *certsCreatorController) Sync(ctx controllerlib.Context) error {
 			return fmt.Errorf("could not PEM encode serving certificate: %w", err)
 		}
 
-		secret.StringData[tlsPrivateKeySecretKey] = string(tlsPrivateKeyPEM)
-		secret.StringData[TLSCertificateChainSecretKey] = string(tlsCertChainPEM)
+		secret.Data[tlsPrivateKeySecretKey] = tlsPrivateKeyPEM
+		secret.Data[TLSCertificateChainSecretKey] = tlsCertChainPEM
 	}
 
 	_, err = c.k8sClient.CoreV1().Secrets(c.namespace).Create(ctx.Context, &secret, metav1.CreateOptions{})

internal/controller/apicerts/certs_creator_test.go

@@ -208,15 +208,15 @@ func TestManagerControllerSync(t *testing.T) {
 					"myLabelKey1": "myLabelValue1",
 					"myLabelKey2": "myLabelValue2",
 				}, actualSecret.Labels)
-				actualCACert := actualSecret.StringData["caCertificate"]
-				actualCAPrivateKey := actualSecret.StringData["caCertificatePrivateKey"]
-				actualPrivateKey := actualSecret.StringData["tlsPrivateKey"]
-				actualCertChain := actualSecret.StringData["tlsCertificateChain"]
+				actualCACert := string(actualSecret.Data["caCertificate"])
+				actualCAPrivateKey := string(actualSecret.Data["caCertificatePrivateKey"])
+				actualPrivateKey := string(actualSecret.Data["tlsPrivateKey"])
+				actualCertChain := string(actualSecret.Data["tlsCertificateChain"])
 				r.NotEmpty(actualCACert)
 				r.NotEmpty(actualCAPrivateKey)
 				r.NotEmpty(actualPrivateKey)
 				r.NotEmpty(actualCertChain)
-				r.Len(actualSecret.StringData, 4)
+				r.Len(actualSecret.Data, 4)
 
 				validCACert := testutil.ValidateServerCertificate(t, actualCACert, actualCACert)
 				validCACert.RequireMatchesPrivateKey(actualCAPrivateKey)
@@ -247,11 +247,11 @@ func TestManagerControllerSync(t *testing.T) {
 					"myLabelKey1": "myLabelValue1",
 					"myLabelKey2": "myLabelValue2",
 				}, actualSecret.Labels)
-				actualCACert := actualSecret.StringData["caCertificate"]
-				actualCAPrivateKey := actualSecret.StringData["caCertificatePrivateKey"]
+				actualCACert := string(actualSecret.Data["caCertificate"])
+				actualCAPrivateKey := string(actualSecret.Data["caCertificatePrivateKey"])
 				r.NotEmpty(actualCACert)
 				r.NotEmpty(actualCAPrivateKey)
-				r.Len(actualSecret.StringData, 2)
+				r.Len(actualSecret.Data, 2)
 
 				validCACert := testutil.ValidateServerCertificate(t, actualCACert, actualCACert)
 				validCACert.RequireMatchesPrivateKey(actualCAPrivateKey)

internal/controller/apicerts/update_api_service.go

@@ -1,4 +1,4 @@
-// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package apicerts
@@ -14,7 +14,12 @@ import (
 )
 
 // UpdateAPIService updates the APIService's CA bundle.
-func UpdateAPIService(ctx context.Context, aggregatorClient aggregatorclient.Interface, apiServiceName, serviceNamespace string, aggregatedAPIServerCA []byte) error {
+func UpdateAPIService(
+	ctx context.Context,
+	aggregatorClient aggregatorclient.Interface,
+	apiServiceName, serviceNamespace string,
+	aggregatedAPIServerCA []byte,
+) error {
 	apiServices := aggregatorClient.ApiregistrationV1().APIServices()
 
 	if err := retry.RetryOnConflict(retry.DefaultRetry, func() error {