From ee897b3ebebaa0d10a69a497f733ec2fb58eddee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charles.edouard@nirmata.com>
Date: Mon, 31 Jul 2023 15:17:51 +0200
Subject: [PATCH] chore: move cert.kyverno.io/managed-by label in constants
 (#7942)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 api/kyverno/constants.go | 3 ++-
 pkg/tls/renewer.go       | 6 ++----
 pkg/tls/utils.go         | 2 +-
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/api/kyverno/constants.go b/api/kyverno/constants.go
index 8cd0149b40..271e4e7eae 100644
--- a/api/kyverno/constants.go
+++ b/api/kyverno/constants.go
@@ -2,7 +2,8 @@ package kyverno
 
 const (
 	// Well known labels
-	LabelAppManagedBy = "app.kubernetes.io/managed-by"
+	LabelAppManagedBy  = "app.kubernetes.io/managed-by"
+	LabelCertManagedBy = "cert.kyverno.io/managed-by"
 	// Well known annotations
 	AnnotationAutogenControllers = "pod-policies.kyverno.io/autogen-controllers"
 	AnnotationPolicyCategory     = "policies.kyverno.io/category"
diff --git a/pkg/tls/renewer.go b/pkg/tls/renewer.go
index f8277675c3..2ce52bbc15 100644
--- a/pkg/tls/renewer.go
+++ b/pkg/tls/renewer.go
@@ -22,9 +22,7 @@ const (
 	CAValidityDuration = 365 * 24 * time.Hour
 	// TLSValidityDuration is the valid duration for TLS certificates
 	TLSValidityDuration = 150 * 24 * time.Hour
-	// managedByLabel is added to Kyverno managed secrets
-	managedByLabel = "cert.kyverno.io/managed-by"
-	rootCAKey      = "rootCA.crt"
+	rootCAKey           = "rootCA.crt"
 )
 
 type CertValidator interface {
@@ -228,7 +226,7 @@ func (c *certRenewer) writeSecret(ctx context.Context, name string, key *rsa.Pri
 				Name:      name,
 				Namespace: config.KyvernoNamespace(),
 				Labels: map[string]string{
-					managedByLabel: kyverno.ValueKyvernoApp,
+					kyverno.LabelCertManagedBy: kyverno.ValueKyvernoApp,
 				},
 			},
 			Type: corev1.SecretTypeTLS,
diff --git a/pkg/tls/utils.go b/pkg/tls/utils.go
index 30e2bb56e4..c696c09014 100644
--- a/pkg/tls/utils.go
+++ b/pkg/tls/utils.go
@@ -89,7 +89,7 @@ func isSecretManagedByKyverno(secret *corev1.Secret) bool {
 		if labels == nil {
 			return false
 		}
-		if labels[managedByLabel] != kyverno.ValueKyvernoApp {
+		if labels[kyverno.LabelCertManagedBy] != kyverno.ValueKyvernoApp {
 			return false
 		}
 	}