From 325ec9e30091908ad6ce973cea7c855be5877b0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lucas=20K=C3=A4ldstr=C3=B6m?= <lucas@weave.works>
Date: Thu, 16 Jul 2020 16:46:00 +0300
Subject: [PATCH] Minor review comments. Use the serializer-embedded codecs and
 document other types of secrets

---
 pkg/apis/baremetal/scheme/scheme.go   | 6 +-----
 pkg/apis/wksprovider/machine/os/os.go | 8 +++++++-
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/pkg/apis/baremetal/scheme/scheme.go b/pkg/apis/baremetal/scheme/scheme.go
index 176ceccb..53b93cc9 100644
--- a/pkg/apis/baremetal/scheme/scheme.go
+++ b/pkg/apis/baremetal/scheme/scheme.go
@@ -3,7 +3,6 @@ package scheme
 import (
 	ssv1alpha1 "github.com/bitnami-labs/sealed-secrets/pkg/apis/sealed-secrets/v1alpha1"
 	"k8s.io/apimachinery/pkg/runtime"
-	k8sserializer "k8s.io/apimachinery/pkg/runtime/serializer"
 	"k8s.io/apimachinery/pkg/util/errors"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
@@ -18,11 +17,8 @@ var (
 	// Scheme contains information about all known types, API versions, and defaulting & conversion methods
 	Scheme = runtime.NewScheme()
 
-	// Codecs provides k8s API machinery low-level codec functionality
-	Codecs = k8sserializer.NewCodecFactory(Scheme)
-
 	// Serializer provides powerful high-level encoding/decoding functionality
-	Serializer = serializer.NewSerializer(Scheme, &Codecs)
+	Serializer = serializer.NewSerializer(Scheme, nil)
 )
 
 func init() {
diff --git a/pkg/apis/wksprovider/machine/os/os.go b/pkg/apis/wksprovider/machine/os/os.go
index 998bc020..b0901a9f 100644
--- a/pkg/apis/wksprovider/machine/os/os.go
+++ b/pkg/apis/wksprovider/machine/os/os.go
@@ -826,6 +826,8 @@ func processSecret(b *plan.Builder, key *rsa.PrivateKey, configDir, secretFileNa
 	// Create the secret to decode into
 	ss := &ssv1alpha1.SealedSecret{}
 	// Decode the Sealed Secret into the object
+	// In the future, if we wish to support other kinds of secrets than SealedSecrets, we
+	// can just change this to do .Decode(fr), and switch on the type
 	if err := scheme.Serializer.Decoder().DecodeInto(fr, ss); err != nil {
 		return nil, nil, "", nil, errors.Wrapf(err, "File %q does not contain a sealed secret, couldn't decode", secretFileName)
 	}
@@ -836,7 +838,11 @@ func processSecret(b *plan.Builder, key *rsa.PrivateKey, configDir, secretFileNa
 	}
 	keys := map[string]*rsa.PrivateKey{fingerprint: key}
 
-	secret, err := ss.Unseal(scheme.Codecs, keys)
+	codecs := scheme.Serializer.Codecs()
+	if codecs == nil {
+		return nil, nil, "", nil, fmt.Errorf("codecs must not be nil")
+	}
+	secret, err := ss.Unseal(*codecs, keys)
 	if err != nil {
 		return nil, nil, "", nil, errors.Wrap(err, "Could not unseal auth secret")
 	}