Fixed code quality issues in ipam tls configuration.

metal3-io · Aug 14, 2023 · eb7339a · eb7339a
1 parent 2ceb2cf
commit eb7339a
Showing 1 changed file with 9 additions and 12 deletions.
diff --git a/main.go b/main.go
@@ -42,12 +42,10 @@ import (
 	// +kubebuilder:scaffold:imports
 )
 
-type TLSVersion string
-
 // Constants for TLS versions.
 const (
-	TLSVersion12 TLSVersion = "TLS12"
-	TLSVersion13 TLSVersion = "TLS13"
+	TLSVersion12 = "TLS12"
+	TLSVersion13 = "TLS13"
 )
 
 type TLSOptions struct {
@@ -72,7 +70,7 @@ var (
 	watchFilterValue     string
 	logOptions           = logs.NewOptions()
 	tlsOptions           = TLSOptions{}
-	tlsSupportedVersions = []string{"TLS12", "TLS13"}
+	tlsSupportedVersions = []string{TLSVersion12, TLSVersion13}
 )
 
 func init() {
@@ -115,7 +113,7 @@ func main() {
 
 	flag.IntVar(&restConfigBurst, "kube-api-burst", 30,
 		"Maximum number of queries that should be allowed in one burst from the controller client to the Kubernetes API server. Default 30")
-	flag.StringVar(&tlsOptions.TLSMinVersion, "tls-min-version", "TLS12",
+	flag.StringVar(&tlsOptions.TLSMinVersion, "tls-min-version", TLSVersion12,
 		"The minimum TLS version in use by the webhook server.\n"+
 			fmt.Sprintf("Possible values are %s.", strings.Join(tlsSupportedVersions, ", ")),
 	)
@@ -125,7 +123,7 @@ func main() {
 	flag.IntVar(&restConfigBurst, "kube-api-burst", 30,
 		"Maximum number of queries that should be allowed in one burst from the controller client to the Kubernetes API server. Default 30")
 
-	flag.StringVar(&tlsOptions.TLSMaxVersion, "tls-max-version", "TLS13",
+	flag.StringVar(&tlsOptions.TLSMaxVersion, "tls-max-version", TLSVersion13,
 		"The maximum TLS version in use by the webhook server.\n"+
 			fmt.Sprintf("Possible values are %s.", strings.Join(tlsSupportedVersions, ", ")),
 	)
@@ -261,8 +259,7 @@ func GetTLSOptionOverrideFuncs(options TLSOptions) ([]func(*tls.Config), error)
 		cfg.MaxVersion = tlsMaxVersion
 	})
 	// Cipher suites should not be set if empty.
-	if options.TLSMinVersion == string(TLSVersion13) &&
-		options.TLSMaxVersion == string(TLSVersion13) &&
+	if tlsMinVersion >= tls.VersionTLS13 &&
 		options.TLSCipherSuites != "" {
 		setupLog.Info("warning: Cipher suites should not be set for TLS version 1.3. Ignoring ciphers")
 		options.TLSCipherSuites = ""
@@ -296,12 +293,12 @@ func GetTLSVersion(version string) (uint16, error) {
 	var v uint16
 
 	switch version {
-	case string(TLSVersion12):
+	case TLSVersion12:
 		v = tls.VersionTLS12
-	case string(TLSVersion13):
+	case TLSVersion13:
 		v = tls.VersionTLS13
 	default:
-		return 0, fmt.Errorf("unexpected TLS version %q (must be one of: TLS12, TLS13)", version)
+		return 0, fmt.Errorf("unexpected TLS version %q (must be one of: %s)", version, strings.Join(tlsSupportedVersions, ", "))
 	}
 
 	return v, nil