Minor review comments. Use the serializer-embedded codecs and documen…

…t other types of secrets
weaveworks · Jul 31, 2020 · 325ec9e · 325ec9e
1 parent 9b6cd27
commit 325ec9e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 6 deletions.
diff --git a/pkg/apis/baremetal/scheme/scheme.go b/pkg/apis/baremetal/scheme/scheme.go
@@ -3,7 +3,6 @@ package scheme
 import (
 	ssv1alpha1 "github.com/bitnami-labs/sealed-secrets/pkg/apis/sealed-secrets/v1alpha1"
 	"k8s.io/apimachinery/pkg/runtime"
-	k8sserializer "k8s.io/apimachinery/pkg/runtime/serializer"
 	"k8s.io/apimachinery/pkg/util/errors"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
@@ -18,11 +17,8 @@ var (
 	// Scheme contains information about all known types, API versions, and defaulting & conversion methods
 	Scheme = runtime.NewScheme()
 
-	// Codecs provides k8s API machinery low-level codec functionality
-	Codecs = k8sserializer.NewCodecFactory(Scheme)
-
 	// Serializer provides powerful high-level encoding/decoding functionality
-	Serializer = serializer.NewSerializer(Scheme, &Codecs)
+	Serializer = serializer.NewSerializer(Scheme, nil)
 )
 
 func init() {

diff --git a/pkg/apis/wksprovider/machine/os/os.go b/pkg/apis/wksprovider/machine/os/os.go
@@ -826,6 +826,8 @@ func processSecret(b *plan.Builder, key *rsa.PrivateKey, configDir, secretFileNa
 	// Create the secret to decode into
 	ss := &ssv1alpha1.SealedSecret{}
 	// Decode the Sealed Secret into the object
+	// In the future, if we wish to support other kinds of secrets than SealedSecrets, we
+	// can just change this to do .Decode(fr), and switch on the type
 	if err := scheme.Serializer.Decoder().DecodeInto(fr, ss); err != nil {
 		return nil, nil, "", nil, errors.Wrapf(err, "File %q does not contain a sealed secret, couldn't decode", secretFileName)
 	}
@@ -836,7 +838,11 @@ func processSecret(b *plan.Builder, key *rsa.PrivateKey, configDir, secretFileNa
 	}
 	keys := map[string]*rsa.PrivateKey{fingerprint: key}
 
-	secret, err := ss.Unseal(scheme.Codecs, keys)
+	codecs := scheme.Serializer.Codecs()
+	if codecs == nil {
+		return nil, nil, "", nil, fmt.Errorf("codecs must not be nil")
+	}
+	secret, err := ss.Unseal(*codecs, keys)
 	if err != nil {
 		return nil, nil, "", nil, errors.Wrap(err, "Could not unseal auth secret")
 	}