fix: dry constants

rswanson · rswanson · commit e1ddbeb3c28e · 2025-05-29T07:29:42.000-04:00
diff --git a/pkg/aws/constants.go b/pkg/aws/constants.go
@@ -0,0 +1,43 @@
+package aws
+
+// IAM Policy version and effect constants
+const (
+	// IAMPolicyVersion is the standard IAM policy language version
+	IAMPolicyVersion = "2012-10-17"
+
+	// Policy effects
+	EffectAllow = "Allow"
+	EffectDeny  = "Deny"
+)
+
+// AWS Services
+const (
+	// EKS pod identity service
+	EKSPodsService = "pods.eks.amazonaws.com"
+	// EC2 service
+	EC2Service = "ec2.amazonaws.com"
+)
+
+// STS Actions
+const (
+	STSAssumeRoleAction = "sts:AssumeRole"
+	STSTagSessionAction = "sts:TagSession"
+)
+
+// KMS Actions
+const (
+	KMSSignAction         = "kms:Sign"
+	KMSGetPublicKeyAction = "kms:GetPublicKey"
+)
+
+// IAM statement identifiers
+const (
+	EKSAssumeRoleStatementSid = "AllowEksAuthToAssumeRoleForPodIdentity"
+)
+
+// Resource name suffixes
+const (
+	RoleSuffix                 = "-role"
+	PolicySuffix               = "-policy"
+	RolePolicyAttachmentSuffix = "-role-policy-attachment"
+)
diff --git a/pkg/aws/iam.go b/pkg/aws/iam.go
@@ -56,22 +56,22 @@ func CreateIAMResources(
 ) (*IAMResources, error) {
 	// Create IAM role with assume role policy for EKS pod identity
 	assumeRolePolicy := IAMPolicy{
-		Version: "2012-10-17",
+		Version: IAMPolicyVersion,
 		Statement: []IAMStatement{
 			{
-				Sid:    "AllowEksAuthToAssumeRoleForPodIdentity",
-				Effect: "Allow",
+				Sid:    EKSAssumeRoleStatementSid,
+				Effect: EffectAllow,
 				Principal: struct {
 					Service []string `json:"Service"`
 				}{
 					Service: []string{
-						"pods.eks.amazonaws.com",
-						"ec2.amazonaws.com",
+						EKSPodsService,
+						EC2Service,
 					},
 				},
 				Action: []string{
-					"sts:AssumeRole",
-					"sts:TagSession",
+					STSAssumeRoleAction,
+					STSTagSessionAction,
 				},
 			},
 		},
@@ -82,11 +82,11 @@ func CreateIAMResources(
 		return nil, fmt.Errorf("failed to marshal assume role policy: %w", err)
 	}
 
-	role, err := iam.NewRole(ctx, fmt.Sprintf("%s-role", name), &iam.RoleArgs{
+	role, err := iam.NewRole(ctx, fmt.Sprintf("%s%s", name, RoleSuffix), &iam.RoleArgs{
 		AssumeRolePolicy: pulumi.String(assumeRolePolicyJSON),
 		Description:      pulumi.String(fmt.Sprintf("Role for %s pod to assume", serviceName)),
 		Tags: pulumi.StringMap{
-			"Name": pulumi.String(fmt.Sprintf("%s-role", name)),
+			"Name": pulumi.String(fmt.Sprintf("%s%s", name, RoleSuffix)),
 		},
 	}, pulumi.Parent(parent))
 	if err != nil {
@@ -96,15 +96,15 @@ func CreateIAMResources(
 	// Create KMS policy for the specified key
 	policyJSON := CreateKMSPolicy(keyArn)
 
-	policy, err := iam.NewPolicy(ctx, fmt.Sprintf("%s-policy", name), &iam.PolicyArgs{
+	policy, err := iam.NewPolicy(ctx, fmt.Sprintf("%s%s", name, PolicySuffix), &iam.PolicyArgs{
 		Policy: policyJSON,
 	}, pulumi.Parent(parent))
 	if err != nil {
 		return nil, fmt.Errorf("failed to create IAM policy: %w", err)
 	}
 
 	// Attach the KMS policy to the role
-	policyAttachment, err := iam.NewRolePolicyAttachment(ctx, fmt.Sprintf("%s-role-policy-attachment", name), &iam.RolePolicyAttachmentArgs{
+	policyAttachment, err := iam.NewRolePolicyAttachment(ctx, fmt.Sprintf("%s%s", name, RolePolicyAttachmentSuffix), &iam.RolePolicyAttachmentArgs{
 		Role:      role.Name,
 		PolicyArn: policy.Arn,
 	}, pulumi.Parent(parent))
@@ -133,13 +133,13 @@ func CreateIAMResources(
 //   - kms:GetPublicKey: Allows retrieving the public key associated with the KMS key
 func CreateKMSPolicy(key pulumi.StringInput) pulumi.StringOutput {
 	policy := KMSPolicy{
-		Version: "2012-10-17",
+		Version: IAMPolicyVersion,
 		Statement: []KMSStatement{
 			{
-				Effect: "Allow",
+				Effect: EffectAllow,
 				Action: []string{
-					"kms:Sign",
-					"kms:GetPublicKey",
+					KMSSignAction,
+					KMSGetPublicKeyAction,
 				},
 				Resource: key,
 			},
diff --git a/pkg/builder/builder.go b/pkg/builder/builder.go
@@ -3,7 +3,6 @@ package builder
 
 import (
 	"fmt"
-	"strconv"
 
 	"github.com/init4tech/signet-infra-components/pkg/utils"
 	crd "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/apiextensions"
@@ -15,14 +14,7 @@ import (
 
 // parseBuilderPort converts a port string to an integer with a default fallback
 func parseBuilderPort(portStr pulumi.StringInput) pulumi.IntOutput {
-	return pulumi.All(portStr).ApplyT(func(inputs []interface{}) int {
-		portStr := inputs[0].(string)
-		if port, err := strconv.Atoi(portStr); err == nil {
-			return port
-		}
-		// Default to 8080 if there's an error parsing the port
-		return 8080
-	}).(pulumi.IntOutput)
+	return utils.ParsePortWithDefault(portStr, DefaultBuilderPort)
 }
 
 // NewBuilder creates a new builder component with the given configuration.
@@ -34,13 +26,13 @@ func NewBuilder(ctx *pulumi.Context, args BuilderComponentArgs, opts ...pulumi.R
 	component := &BuilderComponent{
 		BuilderComponentArgs: args,
 	}
-	err := ctx.RegisterComponentResource("signet:index:Builder", args.Name, component)
+	err := ctx.RegisterComponentResource(ComponentKind, args.Name, component)
 	if err != nil {
 		return nil, fmt.Errorf("failed to register component resource: %w", err)
 	}
 
 	// Create service account
-	serviceAccountName := fmt.Sprintf("%s-sa", args.Name)
+	serviceAccountName := fmt.Sprintf("%s%s", args.Name, ServiceAccountSuffix)
 	sa, err := corev1.NewServiceAccount(ctx, serviceAccountName, &corev1.ServiceAccountArgs{
 		Metadata: &metav1.ObjectMetaArgs{
 			Name:      pulumi.String(serviceAccountName),
@@ -54,7 +46,7 @@ func NewBuilder(ctx *pulumi.Context, args BuilderComponentArgs, opts ...pulumi.R
 	component.ServiceAccount = sa
 
 	// Create ConfigMap for environment variables
-	configMapName := fmt.Sprintf("%s-env", args.Name)
+	configMapName := fmt.Sprintf("%s%s", args.Name, ConfigMapSuffix)
 	configMap, err := utils.CreateConfigMap(
 		ctx,
 		configMapName,
@@ -72,7 +64,7 @@ func NewBuilder(ctx *pulumi.Context, args BuilderComponentArgs, opts ...pulumi.R
 	podLabels["app"] = pulumi.String(args.Name)
 
 	// Create deployment
-	deploymentName := fmt.Sprintf("%s-deployment", args.Name)
+	deploymentName := fmt.Sprintf("%s%s", args.Name, DeploymentSuffix)
 	deployment, err := appsv1.NewDeployment(ctx, deploymentName, &appsv1.DeploymentArgs{
 		Metadata: &metav1.ObjectMetaArgs{
 			Name:      pulumi.String(deploymentName),
@@ -109,33 +101,24 @@ func NewBuilder(ctx *pulumi.Context, args BuilderComponentArgs, opts ...pulumi.R
 									ContainerPort: pulumi.Int(MetricsPort),
 								},
 							},
-							Resources: &corev1.ResourceRequirementsArgs{
-								Limits: pulumi.StringMap{
-									"cpu":    pulumi.String("2"),
-									"memory": pulumi.String("2Gi"),
-								},
-								Requests: pulumi.StringMap{
-									"cpu":    pulumi.String("1"),
-									"memory": pulumi.String("1Gi"),
-								},
-							},
+							Resources: utils.CreateResourceRequirements(DefaultCPULimit, DefaultMemoryLimit, DefaultCPURequest, DefaultMemoryRequest),
 							LivenessProbe: &corev1.ProbeArgs{
 								HttpGet: &corev1.HTTPGetActionArgs{
-									Path: pulumi.String("/healthcheck"),
+									Path: pulumi.String(HealthCheckPath),
 									Port: parseBuilderPort(args.BuilderEnv.BuilderPort),
 								},
-								InitialDelaySeconds: pulumi.Int(5),
-								PeriodSeconds:       pulumi.Int(1),
-								TimeoutSeconds:      pulumi.Int(1),
-								FailureThreshold:    pulumi.Int(3),
+								InitialDelaySeconds: pulumi.Int(ProbeInitialDelaySeconds),
+								PeriodSeconds:       pulumi.Int(LivenessProbePeriod),
+								TimeoutSeconds:      pulumi.Int(ProbeTimeoutSeconds),
+								FailureThreshold:    pulumi.Int(ProbeFailureThreshold),
 							},
 							ReadinessProbe: &corev1.ProbeArgs{
 								HttpGet: &corev1.HTTPGetActionArgs{
-									Path: pulumi.String("/healthcheck"),
+									Path: pulumi.String(HealthCheckPath),
 									Port: parseBuilderPort(args.BuilderEnv.BuilderPort),
 								},
-								InitialDelaySeconds: pulumi.Int(5),
-								PeriodSeconds:       pulumi.Int(10),
+								InitialDelaySeconds: pulumi.Int(ProbeInitialDelaySeconds),
+								PeriodSeconds:       pulumi.Int(ProbePeriodSeconds),
 							},
 						},
 					},
@@ -149,16 +132,16 @@ func NewBuilder(ctx *pulumi.Context, args BuilderComponentArgs, opts ...pulumi.R
 	component.Deployment = deployment
 
 	// Create service
-	serviceName := fmt.Sprintf("%s-service", args.Name)
+	serviceName := fmt.Sprintf("%s%s", args.Name, ServiceSuffix)
 	service, err := corev1.NewService(ctx, serviceName, &corev1.ServiceArgs{
 		Metadata: &metav1.ObjectMetaArgs{
 			Name:      pulumi.String(serviceName),
 			Namespace: pulumi.String(args.Namespace),
 			Labels:    utils.CreateResourceLabels(args.Name, serviceName, args.Name, nil),
 			Annotations: pulumi.StringMap{
-				"prometheus.io/scrape": pulumi.String("true"),
-				"prometheus.io/port":   pulumi.Sprintf("%d", MetricsPort),
-				"prometheus.io/path":   pulumi.String("/metrics"),
+				PrometheusScrapeAnnotation: pulumi.String("true"),
+				PrometheusPortAnnotation:   pulumi.Sprintf("%d", MetricsPort),
+				PrometheusPathAnnotation:   pulumi.String(MetricsPath),
 			},
 		},
 		Spec: &corev1.ServiceSpecArgs{
@@ -183,8 +166,8 @@ func NewBuilder(ctx *pulumi.Context, args BuilderComponentArgs, opts ...pulumi.R
 	component.Service = service
 
 	// Create pod monitor
-	podMonitorName := fmt.Sprintf("%s-pod-monitor", args.Name)
-	_, err = crd.NewCustomResource(ctx, fmt.Sprintf("%s-svcmon", args.Name), &crd.CustomResourceArgs{
+	podMonitorName := fmt.Sprintf("%s%s", args.Name, PodMonitorSuffix)
+	_, err = crd.NewCustomResource(ctx, fmt.Sprintf("%s%s", args.Name, ServiceMonitorSuffix), &crd.CustomResourceArgs{
 		ApiVersion: pulumi.String("monitoring.coreos.com/v1"),
 		Kind:       pulumi.String("PodMonitor"),
 		Metadata: &metav1.ObjectMetaArgs{
diff --git a/pkg/builder/constants.go b/pkg/builder/constants.go
@@ -0,0 +1,52 @@
+package builder
+
+// Resource defaults
+const (
+	// Port defaults
+	DefaultBuilderPort = 8080
+	MetricsPort        = 9000
+
+	// Deployment defaults
+	DefaultReplicas = 1
+
+	// Resource allocation defaults
+	DefaultCPULimit      = "2"
+	DefaultMemoryLimit   = "2Gi"
+	DefaultCPURequest    = "1"
+	DefaultMemoryRequest = "1Gi"
+
+	// Component kind
+	ComponentKind = "signet:index:Builder"
+)
+
+// Resource name suffixes
+const (
+	ServiceSuffix        = "-service"
+	DeploymentSuffix     = "-deployment"
+	ServiceAccountSuffix = "-sa"
+	ConfigMapSuffix      = "-env"
+	PodMonitorSuffix     = "-pod-monitor"
+	ServiceMonitorSuffix = "-svcmon"
+)
+
+// Health check paths
+const (
+	HealthCheckPath = "/healthcheck"
+	MetricsPath     = "/metrics"
+)
+
+// Probe settings
+const (
+	ProbeInitialDelaySeconds = 5
+	ProbePeriodSeconds       = 10
+	LivenessProbePeriod      = 1
+	ProbeTimeoutSeconds      = 1
+	ProbeFailureThreshold    = 3
+)
+
+// Prometheus annotations
+const (
+	PrometheusScrapeAnnotation = "prometheus.io/scrape"
+	PrometheusPortAnnotation   = "prometheus.io/port"
+	PrometheusPathAnnotation   = "prometheus.io/path"
+)
diff --git a/pkg/builder/types.go b/pkg/builder/types.go
@@ -7,14 +7,6 @@ import (
 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 )
 
-const (
-	// Service ports
-	MetricsPort = 9000
-
-	// Deployment settings
-	DefaultReplicas = 1
-)
-
 // AppLabels represents the Kubernetes labels to be applied to the builder resources.
 type AppLabels struct {
 	Labels pulumi.StringMap
diff --git a/pkg/quincey/constants.go b/pkg/quincey/constants.go
@@ -0,0 +1,57 @@
+package quincey
+
+// Resource defaults
+const (
+	// Port defaults
+	DefaultQuinceyPort = 8080
+	DefaultMetricsPort = 9000
+
+	// Deployment defaults
+	DefaultReplicas = 1
+
+	// Component kind
+	ComponentKind = "signet:index:Quincey"
+)
+
+// Resource names and identifiers
+const (
+	// ServiceName is the name of the Quincey service
+	ServiceName = "quincey-server"
+	// AppLabel is the label used to identify Quincey resources
+	AppLabel = "quincey-server"
+	// ComponentName is the name of this component
+	ComponentName = "quincey"
+)
+
+// Resource name suffixes
+const (
+	ServiceSuffix        = "-service"
+	DeploymentSuffix     = "-deployment"
+	ServiceAccountSuffix = "-sa"
+	ConfigMapSuffix      = "-configmap"
+	VirtualServiceSuffix = "-vservice"
+	RequestAuthSuffix    = "-request-auth"
+	AuthPolicySuffix     = "-auth-policy"
+)
+
+// Service types
+const (
+	ServiceTypeClusterIP = "ClusterIP"
+)
+
+// Istio API versions and kinds
+const (
+	IstioNetworkingAPIVersion = "networking.istio.io/v1alpha3"
+	IstioSecurityAPIVersion   = "security.istio.io/v1beta1"
+	VirtualServiceKind        = "VirtualService"
+	RequestAuthenticationKind = "RequestAuthentication"
+	AuthorizationPolicyKind   = "AuthorizationPolicy"
+)
+
+// JWT and OAuth constants
+const (
+	JWTTokenHeader     = "authorization"
+	JWTTokenPrefix     = "Bearer "
+	OAuthIssuerClaim   = "iss"
+	DefaultAppSelector = "signet"
+)
diff --git a/pkg/quincey/quincey.go b/pkg/quincey/quincey.go
diff --git a/pkg/quincey/types.go b/pkg/quincey/types.go
diff --git a/pkg/utils/env.go b/pkg/utils/env.go
