refactor: deduplicate constants, fix secret key mismatch, add VSS pruning

- New src/constants.rs: single source for MANAGED_NS (includes monitoring) and GITEA_ADMIN_USER, imported by all modules that previously had copies - Fix checks.rs reading wrong key names from gitea-admin-credentials secret - Add VaultStaticSecret pruning in pre_apply_cleanup (H1) - Fix cert_manager_present check (was always true after canonicalize) - Add warnings for silent failures in pre_apply_cleanup - Fix os_api dead variable assignment - Set TLS private key permissions to 0600 - Redact Gitea admin password in print_urls
2026-03-20 13:29:35 +00:00
parent 503e407243
commit bcfb443757
7 changed files with 108 additions and 58 deletions
--- a/src/images.rs
+++ b/src/images.rs
@@ -7,22 +7,9 @@ use std::path::{Path, PathBuf};
 use std::process::Stdio;

 use crate::cli::BuildTarget;
+use crate::constants::{GITEA_ADMIN_USER, MANAGED_NS};
 use crate::output::{ok, step, warn};

-const GITEA_ADMIN_USER: &str = "gitea_admin";
-
-const MANAGED_NS: &[&str] = &[
-    "data",
-    "devtools",
-    "ingress",
-    "lasuite",
-    "matrix",
-    "media",
-    "ory",
-    "storage",
-    "vault-secrets-operator",
-];
-
 /// amd64-only images that need mirroring: (source, org, repo, tag).
 const AMD64_ONLY_IMAGES: &[(&str, &str, &str, &str)] = &[
    (