Remove tls in secret name variable

Author: clement0010

app/conftest.py

@@ -44,7 +44,7 @@ def k8s_apps_client_mock():
 
 
 @pytest.fixture
-def k8s_tls_secret_mock():
+def k8s_secret_mock():
     return kubernetes.client.V1Secret(
         type="kubernetes.io/tls",
         metadata=kubernetes.client.V1ObjectMeta(name="gateway-tls"),

app/handlers/tests/test_handlers_services.py

@@ -176,11 +176,11 @@ def test_kubernetes_resource_type_annotation(
         self,
         example_cluster_ip_gateway_service_body,
         k8s_core_client_mock,
-        k8s_tls_secret_mock,
+        k8s_secret_mock,
     ):
         tls_object_name = "gateway-tls"
         namespace = "custom-namespace"
-        k8s_core_client_mock.read_namespaced_secret.return_value = k8s_tls_secret_mock
+        k8s_core_client_mock.read_namespaced_secret.return_value = k8s_secret_mock
 
         with patch(
             "app.handlers.handlers_services.get_ca_cert", wraps=get_ca_cert
@@ -189,7 +189,7 @@ def test_kubernetes_resource_type_annotation(
                 example_cluster_ip_gateway_service_body, namespace
             )
 
-        get_ca_cert_mock.assert_called_once_with(k8s_tls_secret_mock)
+        get_ca_cert_mock.assert_called_once_with(k8s_secret_mock)
         k8s_core_client_mock.read_namespaced_secret.assert_called_once_with(
             namespace=namespace, name=tls_object_name
         )
@@ -258,13 +258,13 @@ def test_kubernetes_resource_with_load_balancer_service_type(
         self,
         example_load_balancer_gateway_service_body,
         k8s_core_client_mock,
-        k8s_tls_secret_mock,
+        k8s_secret_mock,
         status,
         expected,
     ):
         tls_object_name = "gateway-tls"
         namespace = "default"
-        k8s_core_client_mock.read_namespaced_secret.return_value = k8s_tls_secret_mock
+        k8s_core_client_mock.read_namespaced_secret.return_value = k8s_secret_mock
 
         with patch(
             "kopf._cogs.structs.bodies.Body.status",

app/tests/test_crds_resource.py

@@ -295,18 +295,18 @@ def test_resource_proxy_get_certificate_authority_cert_without_secret_ref():
 
 
 def test_resource_proxy_get_certificate_authority_cert_with_secret_ref(
-    k8s_core_client_mock, k8s_tls_secret_mock
+    k8s_core_client_mock, k8s_secret_mock
 ):
     proxy = ResourceProxy(
         address="proxy.default.cluster.local",
         certificate_authority_cert_secret_ref=_KubernetesObjectRef(name="gateway-tls"),
         certificate_authority_cert=None,
     )
-    k8s_core_client_mock.read_namespaced_secret.return_value = k8s_tls_secret_mock
+    k8s_core_client_mock.read_namespaced_secret.return_value = k8s_secret_mock
 
     with patch("app.crds.get_ca_cert", wraps=get_ca_cert) as get_ca_cert_mock:
         assert proxy.get_certificate_authority_cert() == VALID_CA_CERT
-        get_ca_cert_mock.assert_called_once_with(k8s_tls_secret_mock)
+        get_ca_cert_mock.assert_called_once_with(k8s_secret_mock)
 
 
 def test_network_resource_spec_to_graphql_arguments(sample_network_resource_object):

app/tests/test_utils_k8s.py

@@ -78,34 +78,25 @@ def test_reraises_non_404_exceptions(self, k8s_core_client_mock):
 
 
 class TestGetCACert:
-    def test_get_ca_cert(self, k8s_tls_secret_mock):
-        assert get_ca_cert(k8s_tls_secret_mock) == BASE64_OF_VALID_CA_CERT
+    def test_get_ca_cert(self, k8s_secret_mock):
+        assert get_ca_cert(k8s_secret_mock) == BASE64_OF_VALID_CA_CERT
 
-    def test_get_ca_cert_with_invalid_secret_type(self, k8s_tls_secret_mock):
-        k8s_tls_secret_mock.type = "kubernetes.io/token"
-
-        with pytest.raises(
-            kopf.PermanentError,
-            match=r"Kubernetes Secret object: gateway-tls type is invalid.",
-        ):
-            get_ca_cert(k8s_tls_secret_mock)
-
-    def test_get_ca_cert_with_missing_ca_cert(self, k8s_tls_secret_mock):
-        k8s_tls_secret_mock.data = {}
+    def test_get_ca_cert_with_missing_ca_cert(self, k8s_secret_mock):
+        k8s_secret_mock.data = {}
 
         with pytest.raises(
             kopf.PermanentError,
             match=r"Kubernetes Secret object: gateway-tls is missing ca.crt.",
         ):
-            get_ca_cert(k8s_tls_secret_mock)
+            get_ca_cert(k8s_secret_mock)
 
-    def test_get_ca_cert_with_invalid_ca_cert(self, k8s_tls_secret_mock):
-        k8s_tls_secret_mock.data["ca.crt"] = (
+    def test_get_ca_cert_with_invalid_ca_cert(self, k8s_secret_mock):
+        k8s_secret_mock.data["ca.crt"] = (
             "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tIE1JSUZmakNDQTJhZ0F3SUJBZ0lVQk50IC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0="
         )
 
         with pytest.raises(
             kopf.PermanentError,
             match=r"Kubernetes Secret object: gateway-tls ca.crt is invalid.",
         ):
-            get_ca_cert(k8s_tls_secret_mock)
+            get_ca_cert(k8s_secret_mock)

app/utils_k8s.py

@@ -60,22 +60,17 @@ def k8s_get_secret(namespace: str, name: str) -> kubernetes.client.V1Secret | No
 
 
 def get_ca_cert(tls_secret: kubernetes.client.V1Secret) -> str:
-    tls_secret_name = tls_secret.metadata.name
-    if tls_secret.type != "kubernetes.io/tls":
-        raise kopf.PermanentError(
-            f"Kubernetes Secret object: {tls_secret_name} type is invalid."
-        )
-
+    secret_name = tls_secret.metadata.name
     if not (ca_cert := tls_secret.data.get("ca.crt")):
         raise kopf.PermanentError(
-            f"Kubernetes Secret object: {tls_secret_name} is missing ca.crt."
+            f"Kubernetes Secret object: {secret_name} is missing ca.crt."
         )
 
     try:
         validate_pem_x509_certificate(base64.b64decode(ca_cert).decode())
     except ValueError as ex:
         raise kopf.PermanentError(
-            f"Kubernetes Secret object: {tls_secret_name} ca.crt is invalid."
+            f"Kubernetes Secret object: {secret_name} ca.crt is invalid."
         ) from ex
 
     return ca_cert