From 8bb078a4a83db674d04505f7e2937d6d8ef00ff2 Mon Sep 17 00:00:00 2001
From: Ole Markus With <o.with@sportradar.com>
Date: Mon, 20 Apr 2020 21:32:22 +0200
Subject: [PATCH 1/2] Load the correct certificate before deleting

---
 upup/pkg/fi/vfs_castore.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/upup/pkg/fi/vfs_castore.go b/upup/pkg/fi/vfs_castore.go
index 47fe23c37fd7d..2ae4864f7eafd 100644
--- a/upup/pkg/fi/vfs_castore.go
+++ b/upup/pkg/fi/vfs_castore.go
@@ -1009,7 +1009,7 @@ func (c *VFSCAStore) deletePrivateKey(name string, id string) (bool, error) {
 func (c *VFSCAStore) deleteCertificate(name string, id string) (bool, error) {
 	// Update the bundle
 	{
-		p := c.buildPrivateKeyPoolPath(name)
+		p := c.buildCertificatePoolPath(name)
 		ks, err := c.loadCertificates(p, false)
 		if err != nil {
 			return false, err

From 78e8d83d91fe9d7a8ccdc271683926922a80594c Mon Sep 17 00:00:00 2001
From: Ole Markus With <o.with@sportradar.com>
Date: Tue, 21 Apr 2020 09:00:27 +0200
Subject: [PATCH 2/2] Adding a test for deleting keysets

---
 upup/pkg/fi/BUILD.bazel         |  1 +
 upup/pkg/fi/vfs_castore_test.go | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/upup/pkg/fi/BUILD.bazel b/upup/pkg/fi/BUILD.bazel
index cf87f577b8121..021c74f44ae7e 100644
--- a/upup/pkg/fi/BUILD.bazel
+++ b/upup/pkg/fi/BUILD.bazel
@@ -73,6 +73,7 @@ go_test(
     ],
     embed = [":go_default_library"],
     deps = [
+        "//pkg/apis/kops:go_default_library",
         "//pkg/pki:go_default_library",
         "//util/pkg/vfs:go_default_library",
     ],
diff --git a/upup/pkg/fi/vfs_castore_test.go b/upup/pkg/fi/vfs_castore_test.go
index b14cf6b488c2f..71e95afb1eabb 100644
--- a/upup/pkg/fi/vfs_castore_test.go
+++ b/upup/pkg/fi/vfs_castore_test.go
@@ -23,6 +23,7 @@ import (
 	"testing"
 	"time"
 
+	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/pki"
 	"k8s.io/kops/util/pkg/vfs"
 )
@@ -214,4 +215,20 @@ spec:
 		}
 	}
 
+	// Check that keyset gets deleted
+	{
+		keyset := &kops.Keyset{}
+		keyset.Name = "ca"
+		keyset.Spec.Type = kops.SecretTypeKeypair
+
+		s.DeleteKeysetItem(keyset, "237054359138908419352140518924933177492")
+
+		_, err := pathMap["memfs://tests/private/ca/237054359138908419352140518924933177492.key"].ReadFile()
+		pathMap["memfs://tests/private/ca/237054359138908419352140518924933177492.key"].ReadFile()
+		if err == nil {
+			t.Fatalf("File memfs://tests/private/ca/237054359138908419352140518924933177492.key still exists")
+		}
+
+	}
+
 }