chore: Try to make CodeQL happy (argoproj#20094) (argoproj#20129)

* chore(common): Split const from unrelated util/clusterauth const Signed-off-by: Josh Soref <jsoref@gmail.com> * chore: Try to make CodeQL happy Signed-off-by: Josh Soref <jsoref@gmail.com> --------- Signed-off-by: Josh Soref <jsoref@gmail.com> Signed-off-by: Moleus <fafufuburr@gmail.com>
moleus · Oct 7, 2024 · 03f29f4 · 03f29f4
1 parent 63cc7b7
commit 03f29f4
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 23 deletions.
diff --git a/cmd/argocd/commands/admin/redis_initial_password.go b/cmd/argocd/commands/admin/redis_initial_password.go
@@ -45,9 +45,14 @@ func NewRedisInitialPasswordCommand() *cobra.Command {
 			namespace, _, err := clientConfig.Namespace()
 			errors.CheckError(err)
 
-			redisInitialPasswordSecretName := common.DefaultRedisInitialPasswordSecretName
-			redisInitialPasswordKey := common.DefaultRedisInitialPasswordKey
-			fmt.Printf("Checking for initial Redis password in secret %s/%s at key %s. \n", namespace, redisInitialPasswordSecretName, redisInitialPasswordKey)
+			// redisInitialCredentials is the kubernetes secret containing
+			// the redis password
+			redisInitialCredentials := common.RedisInitialCredentials
+
+			// redisInitialCredentialsKey is the key in the redisInitialCredentials
+			// secret which maps to the redis password
+			redisInitialCredentialsKey := common.RedisInitialCredentialsKey
+			fmt.Printf("Checking for initial Redis password in secret %s/%s at key %s. \n", namespace, redisInitialCredentials, redisInitialCredentialsKey)
 
 			config, err := clientConfig.ClientConfig()
 			errors.CheckError(err)
@@ -59,11 +64,11 @@ func NewRedisInitialPasswordCommand() *cobra.Command {
 			errors.CheckError(err)
 
 			data := map[string][]byte{
-				redisInitialPasswordKey: []byte(randomPassword),
+				redisInitialCredentialsKey: []byte(randomPassword),
 			}
 			secret := &corev1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
-					Name:      redisInitialPasswordSecretName,
+					Name:      redisInitialCredentials,
 					Namespace: namespace,
 				},
 				Data: data,
@@ -74,14 +79,14 @@ func NewRedisInitialPasswordCommand() *cobra.Command {
 				errors.CheckError(err)
 			}
 
-			fmt.Println("Argo CD Redis secret state confirmed: secret name argocd-redis.")
-			secret, err = kubeClientset.CoreV1().Secrets(namespace).Get(context.Background(), redisInitialPasswordSecretName, v1.GetOptions{})
+			fmt.Printf("Argo CD Redis secret state confirmed: secret name %s.\n", redisInitialCredentials)
+			secret, err = kubeClientset.CoreV1().Secrets(namespace).Get(context.Background(), redisInitialCredentials, v1.GetOptions{})
 			errors.CheckError(err)
 
-			if _, ok := secret.Data[redisInitialPasswordKey]; ok {
+			if _, ok := secret.Data[redisInitialCredentialsKey]; ok {
 				fmt.Println("Password secret is configured properly.")
 			} else {
-				err := fmt.Errorf("key %s doesn't exist in secret %s. \n", redisInitialPasswordKey, redisInitialPasswordSecretName)
+				err := fmt.Errorf("key %s doesn't exist in secret %s. \n", redisInitialCredentialsKey, redisInitialCredentials)
 				errors.CheckError(err)
 			}
 		},

diff --git a/common/common.go b/common/common.go
@@ -315,7 +315,10 @@ const (
 // Constants used by util/clusterauth package
 const (
 	ClusterAuthRequestTimeout = 10 * time.Second
-	BearerTokenTimeout        = 30 * time.Second
+)
+
+const (
+	BearerTokenTimeout = 30 * time.Second
 )
 
 const (
@@ -425,8 +428,10 @@ var PermissionDeniedAPIError = status.Error(codes.PermissionDenied, "permission
 
 // Redis password consts
 const (
-	DefaultRedisInitialPasswordSecretName = "argocd-redis"
-	DefaultRedisInitialPasswordKey        = "auth"
+	// RedisInitialCredentials is the name for the argocd kubernetes secret which will have the redis password
+	RedisInitialCredentials = "argocd-redis"
+	// RedisInitialCredentialsKey is the key for the argocd kubernetes secret that maps to the redis password
+	RedisInitialCredentialsKey = "auth"
 )
 
 /*
@@ -435,17 +440,17 @@ SetOptionalRedisPasswordFromKubeConfig sets the optional Redis password if it ex
 We specify kubeClient as kubernetes.Interface to allow for mocking in tests, but this should be treated as a kubernetes.Clientset param.
 */
 func SetOptionalRedisPasswordFromKubeConfig(ctx context.Context, kubeClient kubernetes.Interface, namespace string, redisOptions *redis.Options) error {
-	secret, err := kubeClient.CoreV1().Secrets(namespace).Get(ctx, DefaultRedisInitialPasswordSecretName, v1.GetOptions{})
+	secret, err := kubeClient.CoreV1().Secrets(namespace).Get(ctx, RedisInitialCredentials, v1.GetOptions{})
 	if err != nil {
-		return fmt.Errorf("failed to get secret %s/%s: %w", namespace, DefaultRedisInitialPasswordSecretName, err)
+		return fmt.Errorf("failed to get secret %s/%s: %w", namespace, RedisInitialCredentials, err)
 	}
 	if secret == nil {
-		return fmt.Errorf("failed to get secret %s/%s: secret is nil", namespace, DefaultRedisInitialPasswordSecretName)
+		return fmt.Errorf("failed to get secret %s/%s: secret is nil", namespace, RedisInitialCredentials)
 	}
-	_, ok := secret.Data[DefaultRedisInitialPasswordKey]
+	_, ok := secret.Data[RedisInitialCredentialsKey]
 	if !ok {
-		return fmt.Errorf("secret %s/%s does not contain key %s", namespace, DefaultRedisInitialPasswordSecretName, DefaultRedisInitialPasswordKey)
+		return fmt.Errorf("secret %s/%s does not contain key %s", namespace, RedisInitialCredentials, RedisInitialCredentialsKey)
 	}
-	redisOptions.Password = string(secret.Data[DefaultRedisInitialPasswordKey])
+	redisOptions.Password = string(secret.Data[RedisInitialCredentialsKey])
 	return nil
 }
diff --git a/common/common_test.go b/common/common_test.go
@@ -63,24 +63,24 @@ func TestSetOptionalRedisPasswordFromKubeConfig(t *testing.T) {
 			expectedPassword: "password123",
 			expectedErr:      "",
 			secret: &corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{Name: DefaultRedisInitialPasswordSecretName},
-				Data:       map[string][]byte{DefaultRedisInitialPasswordKey: []byte("password123")},
+				ObjectMeta: metav1.ObjectMeta{Name: RedisInitialCredentials},
+				Data:       map[string][]byte{RedisInitialCredentialsKey: []byte("password123")},
 			},
 		},
 		{
 			name:             "Secret does not exist",
 			namespace:        "default",
 			expectedPassword: "",
-			expectedErr:      fmt.Sprintf("failed to get secret default/%s", DefaultRedisInitialPasswordSecretName),
+			expectedErr:      fmt.Sprintf("failed to get secret default/%s", RedisInitialCredentials),
 			secret:           nil,
 		},
 		{
 			name:             "Secret exists without correct key",
 			namespace:        "default",
 			expectedPassword: "",
-			expectedErr:      fmt.Sprintf("secret default/%s does not contain key %s", DefaultRedisInitialPasswordSecretName, DefaultRedisInitialPasswordKey),
+			expectedErr:      fmt.Sprintf("secret default/%s does not contain key %s", RedisInitialCredentials, RedisInitialCredentialsKey),
 			secret: &corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{Name: DefaultRedisInitialPasswordSecretName},
+				ObjectMeta: metav1.ObjectMeta{Name: RedisInitialCredentials},
 				Data:       map[string][]byte{},
 			},
 		},