Maintain uniform aws creds field names throughout (#390)

* Maintain uniform aws creds field names * Address reviews
kanisterio · Nov 8, 2019 · 88a527d · 88a527d
1 parent 77091d2
commit 88a527d
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 22 deletions.
diff --git a/helm/profile/templates/profile.yaml b/helm/profile/templates/profile.yaml
@@ -8,8 +8,8 @@ metadata:
 type: Opaque
 data:
   {{- if .Values.aws.accessKey }}
-  access_key_id: {{ .Values.aws.accessKey | b64enc | quote }}
-  secret_access_key: {{ .Values.aws.secretKey | b64enc | quote }}
+  aws_access_key_id: {{ .Values.aws.accessKey | b64enc | quote }}
+  aws_secret_access_key: {{ .Values.aws.secretKey | b64enc | quote }}
   {{- else if .Values.gcp.projectID }}
   project_id: {{ .Values.gcp.projectID | b64enc | quote }}
   service_key: {{ .Values.gcp.serviceKey | b64enc | quote }}
@@ -36,8 +36,8 @@ credential:
   type: keyPair
   keyPair:
     {{- if .Values.aws.accessKey }}
-    idField: access_key_id
-    secretField: secret_access_key
+    idField: aws_access_key_id
+    secretField: aws_secret_access_key
     {{- else if .Values.gcp.projectID }}
     idField: project_id
     secretField: service_key

diff --git a/pkg/kanctl/profile.go b/pkg/kanctl/profile.go
@@ -50,9 +50,9 @@ const (
 	AzureStorageAccountFlag = "storage-account"
 	AzureStorageKeyFlag     = "storage-key"
 
-	idField           = "access_key_id"
-	secretField       = "secret_access_key"
-	roleField         = "role" // required only for AWS IAM role
+	idField           = secrets.AWSAccessKeyID
+	secretField       = secrets.AWSSecretAccessKey
+	roleField         = secrets.ConfigRole // required only for AWS IAM role
 	skipSSLVerifyFlag = "skip-SSL-verification"
 
 	schemaValidation      = "Validate Profile schema"

diff --git a/pkg/restic/restic_test.go b/pkg/restic/restic_test.go
@@ -23,6 +23,7 @@ import (
 	"github.com/kanisterio/kanister/pkg/apis/cr/v1alpha1"
 	"github.com/kanisterio/kanister/pkg/config"
 	"github.com/kanisterio/kanister/pkg/param"
+	"github.com/kanisterio/kanister/pkg/secrets"
 )
 
 type ResticDataSuite struct{}
@@ -153,8 +154,8 @@ func (s *ResticDataSuite) TestResticArgs(c *C) {
 					Secret: &v1.Secret{
 						Type: "secrets.kanister.io/aws",
 						Data: map[string][]byte{
-							"access_key_id":     []byte("id"),
-							"secret_access_key": []byte("secret"),
+							secrets.AWSAccessKeyID:     []byte("id"),
+							secrets.AWSSecretAccessKey: []byte("secret"),
 						},
 					},
 				},
@@ -192,9 +193,9 @@ func (s *ResticDataSuite) TestResticArgsWithAWSRole(c *C) {
 					Secret: &v1.Secret{
 						Type: "secrets.kanister.io/aws",
 						Data: map[string][]byte{
-							"access_key_id":     []byte(config.GetEnvOrSkip(c, "AWS_ACCESS_KEY_ID")),
-							"secret_access_key": []byte(config.GetEnvOrSkip(c, "AWS_SECRET_ACCESS_KEY")),
-							"role":              []byte(config.GetEnvOrSkip(c, "role")),
+							secrets.AWSAccessKeyID:     []byte(config.GetEnvOrSkip(c, "AWS_ACCESS_KEY_ID")),
+							secrets.AWSSecretAccessKey: []byte(config.GetEnvOrSkip(c, "AWS_SECRET_ACCESS_KEY")),
+							secrets.ConfigRole:         []byte(config.GetEnvOrSkip(c, "role")),
 						},
 					},
 				},
@@ -212,9 +213,9 @@ func (s *ResticDataSuite) TestResticArgsWithAWSRole(c *C) {
 					Secret: &v1.Secret{
 						Type: "secrets.kanister.io/aws",
 						Data: map[string][]byte{
-							"access_key_id":     []byte(config.GetEnvOrSkip(c, "AWS_ACCESS_KEY_ID")),
-							"secret_access_key": []byte(config.GetEnvOrSkip(c, "AWS_SECRET_ACCESS_KEY")),
-							"role":              []byte("arn:aws:iam::000000000000:role/test-fake-role"),
+							secrets.AWSAccessKeyID:     []byte(config.GetEnvOrSkip(c, "AWS_ACCESS_KEY_ID")),
+							secrets.AWSSecretAccessKey: []byte(config.GetEnvOrSkip(c, "AWS_SECRET_ACCESS_KEY")),
+							secrets.ConfigRole:         []byte("arn:aws:iam::000000000000:role/test-fake-role"),
 						},
 					},
 				},

diff --git a/pkg/secrets/aws.go b/pkg/secrets/aws.go
@@ -16,11 +16,9 @@ const (
 	AWSSecretType string = "secrets.kanister.io/aws"
 
 	// AWSAccessKeyID is the key for AWS access key ID.
-	AWSAccessKeyID string = "access_key_id"
+	AWSAccessKeyID string = "aws_access_key_id"
 	// AWSSecretAccessKey is the key for AWS secret access key.
-	AWSSecretAccessKey string = "secret_access_key"
-	// AWSSessionToken is the key for optional AWS session token.
-	AWSSessionToken string = "session_token"
+	AWSSecretAccessKey string = "aws_secret_access_key"
 	// ConfigRole represents the key for the ARN of the role which can be assumed.
 	// It is optional.
 	ConfigRole         = "role"

diff --git a/pkg/testutil/fixture.go b/pkg/testutil/fixture.go
@@ -29,6 +29,7 @@ import (
 	awsconfig "github.com/kanisterio/kanister/pkg/config/aws"
 	"github.com/kanisterio/kanister/pkg/objectstore"
 	"github.com/kanisterio/kanister/pkg/param"
+	"github.com/kanisterio/kanister/pkg/secrets"
 )
 
 const (
@@ -84,9 +85,9 @@ func s3ProfileWithSecretCredential(location crv1alpha1.Location, accessKeyID, se
 			Secret: &v1.Secret{
 				Type: "secrets.kanister.io/aws",
 				Data: map[string][]byte{
-					"access_key_id":     []byte(accessKeyID),
-					"secret_access_key": []byte(secretAccessKey),
-					"role":              []byte(role),
+					secrets.AWSAccessKeyID:     []byte(accessKeyID),
+					secrets.AWSSecretAccessKey: []byte(secretAccessKey),
+					secrets.ConfigRole:         []byte(role),
 				},
 			},
 		},