Open
Conversation
- Update keyfactor-starter-workflow.yml to use @v6 - Remove duplicate workflows now covered by v6 pr-quality-checks.yml: - code-quality.yml (replaced by code-quality-csharp job) - secret-scanning.yml (replaced by secrets-scan job) - dependency-review.yml (replaced by dependency-review job) - license-compliance.yml (replaced by license-compliance job) - pr-quality-gate.yml (replaced by aggregate-results job) - Update workflows README to reflect new architecture
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned Files
|
- Add signoff_recipients input with sbailey@keyfactor.com - Add SMTP secrets for email notifications - Remove separate signoff-notification.yml (now in starter.yml)
spbsoluble
force-pushed
the
chore/cleanup
branch
from
9c1adce to
29ea793
Compare
- Wire PasswordResolver to KubeClient.cs (reduces ~170 lines of duplicate password resolution logic) - Wire StoreConfigurationParser to JobBase.cs (reduces ~60 lines of keystore defaults extraction) - Wire KeystoreOperations to Management.cs (reduces ~70 lines of alias/filename parsing) - Add SecretOperations field to KubeClient for CRUD delegation - Add new unit tests for PasswordResolver and SecretOperations Net reduction: 201 lines of code (309 removed, 108 added)
- ReadBuddyPass now uses _secretOperations.GetSecret() - CreateOrUpdateBuddyPass now uses _secretOperations.CreateOrUpdateSecret() - DeleteCertificateStoreSecret now uses _secretOperations.DeleteSecret() - GetCertificateStoreSecret now uses _secretOperations.GetSecret() - CreateOrUpdateJksSecret now uses _secretOperations.CreateOrUpdateSecret() - CreateOrUpdatePkcs12Secret now uses _secretOperations.CreateOrUpdateSecret() - DiscoverSecretsInNamespace now uses _secretOperations.ListSecrets() Net reduction: 70 lines of code (103 removed, 33 added)
Phase 7 cleanup: Replace string concatenation patterns in logging
statements with structured logging format across KubeClient.cs,
Inventory.cs, and Management.cs.
Changes:
- Convert patterns like `"value: " + x` to `"value: {Value}", x`
- Use structured logging placeholders for all dynamic values
- Improves log aggregation and search capabilities
- Follows .NET logging best practices
Phase 2: Simplify InitializeProperties - Add ResolvePamFieldWithFallback helper method to eliminate duplicate PAM resolution code - Add ApplyParsedConfiguration helper to cleanly apply parsed config - Refactor InitializeProperties to use centralized StoreConfigurationParser - Reduces ~100 lines of verbose property extraction code Phase 6: Extract CertificateOperations service - Create CertificateOperations service for certificate parsing/conversion - Move ReadDerCertificate, ReadPemCertificate, LoadCertificateChain, ConvertToPem, ExtractPrivateKeyAsPem - KubeClient delegates to CertificateOperations for certificate methods - Reduces KubeClient complexity by ~80 lines Results: - JobBase.cs: 2394 -> 2263 lines (-131) - KubeClient.cs: 2655 -> 2575 lines (-80) - New CertificateOperations.cs: 192 lines - All 712 unit tests pass on both .NET 8.0 and .NET 10.0 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
SecretOperations.GetSecret() returns null when a secret is not found, but callers expected an exception to be thrown (original behavior). This fix adds null checks in: - KubeClient.GetCertificateStoreSecret() - throws StoreNotFoundException - KubeClient.ReadBuddyPass() - throws StoreNotFoundException Also fixes HandleTlsSecret() to not wrap StoreNotFoundException in a generic Exception, allowing proper handling by the switch case catch. Exception messages use "NotFound" to match existing catch filters. Also adds test-single Makefile target for running individual tests. Fixes regression introduced in commit 73175fc. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Major refactoring to address code smells and reduce cyclomatic complexity: - Extract StorePathResolver service from JobBase.ResolveStorePath (CC 59→10) - Split InitializeProperties into InitializeKubeClient and ResolveStorePathAndApplyDefaults - Extract EnsureNamespaceAndSecretResolved helper in Inventory.cs (removes 4x30 line blocks) - Consolidate buddy password handling with ParsePasswordSecretPath helper - Remove duplicate CreateNewSecret method, use SecretOperations.BuildNewSecret - Simplify Discovery.ProcessJob with DiscoverSecretsForType and BuildKeystoreAllowedKeys helpers - Fix structured logging (string concatenation → template parameters) - Fix bug: KubeSecretType was logged as KubeSecretName Net reduction: ~545 lines (-758/+213) Test coverage: All 740 unit tests pass on net8.0 and net10.0 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…ure docs - Create CertificateChainExtractor service to consolidate certificate parsing logic from multiple Inventory.cs Handle* methods - Replace ~370 lines of duplicate PEM/DER parsing code with service calls - Refactored methods: HandleOpaqueSecretAsList, HandleTlsSecret, HandleTlsSecretWithPrivateKeyStatus, HandleOpaqueSecretWithPrivateKeyStatus - Add comprehensive architecture documentation (docs/ARCHITECTURE.md) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add ProcessSimpleSecretInventory helper for opaque/TLS secret inventory - Add ProcessKeystoreInventory helper for JKS/PKCS12 keystore inventory - Add ProcessMultiSecretInventory helper for cluster/namespace inventory - Add ProcessMultiSecretEntry helper to eliminate duplicate iteration logic - Reduce switch statement from ~350 lines to ~50 lines - Net reduction: 127 lines (316 removed, 189 added) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
spbsoluble
force-pushed
the
chore/cleanup
branch
from
807e467 to
212f214
Compare
github-actions
bot
added
the
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.