diff --git a/pkg/api/openshiftcluster.go b/pkg/api/openshiftcluster.go index 14d91aea804..23ae45c7e3e 100644 --- a/pkg/api/openshiftcluster.go +++ b/pkg/api/openshiftcluster.go @@ -264,7 +264,7 @@ type ClusterProfile struct { ResourceGroupID string `json:"resourceGroupId,omitempty"` FipsValidatedModules FipsValidatedModules `json:"fipsValidatedModules,omitempty"` OIDCIssuer OIDCIssuer `json:"oidcIssuer,omitempty"` - BoundServiceAccountSigningKey SecureBytes `json:"boundServiceAccountSigningKey,omitempty"` + BoundServiceAccountSigningKey *SecureString `json:"boundServiceAccountSigningKey,omitempty"` } // FeatureProfile represents a feature profile. diff --git a/pkg/cluster/deploybaseresources.go b/pkg/cluster/deploybaseresources.go index 06b97798f54..487036a0f77 100644 --- a/pkg/cluster/deploybaseresources.go +++ b/pkg/cluster/deploybaseresources.go @@ -27,6 +27,7 @@ import ( "github.com/Azure/ARO-RP/pkg/env" "github.com/Azure/ARO-RP/pkg/util/arm" "github.com/Azure/ARO-RP/pkg/util/oidcbuilder" + "github.com/Azure/ARO-RP/pkg/util/pointerutils" "github.com/Azure/ARO-RP/pkg/util/stringutils" ) @@ -72,7 +73,7 @@ func (m *manager) createOIDC(ctx context.Context) error { m.doc, err = m.db.PatchWithLease(ctx, m.doc.Key, func(doc *api.OpenShiftClusterDocument) error { doc.OpenShiftCluster.Properties.ClusterProfile.OIDCIssuer = api.OIDCIssuer(oidcBuilder.GetEndpointUrl()) - doc.OpenShiftCluster.Properties.ClusterProfile.BoundServiceAccountSigningKey = api.SecureBytes(oidcBuilder.GetPrivateKey()) + doc.OpenShiftCluster.Properties.ClusterProfile.BoundServiceAccountSigningKey = pointerutils.ToPtr(api.SecureString(oidcBuilder.GetPrivateKey())) return nil }) diff --git a/pkg/util/oidcbuilder/oidcbuilder.go b/pkg/util/oidcbuilder/oidcbuilder.go index 48ee2452b6a..61253e97840 100644 --- a/pkg/util/oidcbuilder/oidcbuilder.go +++ b/pkg/util/oidcbuilder/oidcbuilder.go @@ -53,8 +53,8 @@ func (b *OIDCBuilder) GetEndpointUrl() string { return b.endpointURL } -func (b *OIDCBuilder) GetPrivateKey() []byte { - return b.privateKey +func (b *OIDCBuilder) GetPrivateKey() string { + return string(b.privateKey) } func (b *OIDCBuilder) GetBlobContainerURL() string { diff --git a/pkg/util/oidcbuilder/oidcbuilder_test.go b/pkg/util/oidcbuilder/oidcbuilder_test.go index bdac62d3614..e754aa43f36 100644 --- a/pkg/util/oidcbuilder/oidcbuilder_test.go +++ b/pkg/util/oidcbuilder/oidcbuilder_test.go @@ -156,7 +156,7 @@ func TestEnsureOIDCDocs(t *testing.T) { t.Fatalf("GetEndpointUrl doesn't match the original endpointURL - %s != %s (wanted)", tt.oidcbuilder.GetEndpointUrl(), tt.oidcbuilder.endpointURL) } - if !reflect.DeepEqual(tt.oidcbuilder.privateKey, tt.oidcbuilder.GetPrivateKey()) { + if !reflect.DeepEqual(string(tt.oidcbuilder.privateKey), tt.oidcbuilder.GetPrivateKey()) { t.Fatalf("GetPrivateKey doesn't match the original privateKey") } diff --git a/pkg/util/pointerutils/pointerutils.go b/pkg/util/pointerutils/pointerutils.go new file mode 100644 index 00000000000..4546e3923da --- /dev/null +++ b/pkg/util/pointerutils/pointerutils.go @@ -0,0 +1,6 @@ +package pointerutils + +// Copyright (c) Microsoft Corporation. +// Licensed under the Apache License 2.0. + +func ToPtr[T any](t T) *T { return &t } diff --git a/pkg/util/pointerutils/pointerutils_test.go b/pkg/util/pointerutils/pointerutils_test.go new file mode 100644 index 00000000000..40d707b6a7a --- /dev/null +++ b/pkg/util/pointerutils/pointerutils_test.go @@ -0,0 +1,22 @@ +package pointerutils + +// Copyright (c) Microsoft Corporation. +// Licensed under the Apache License 2.0. + +import ( + "bytes" + "testing" +) + +func TestToPtr(t *testing.T) { + input := []byte("Test String") + output := ToPtr(input) + + if output == &input { + t.Errorf("Value returned by ToPtr does not matches the expected pointer value") + } + + if !bytes.Equal(input, *output) { + t.Errorf("Input bytes doesn't match with the bytes value for the pointer returned by ToPtr") + } +}