Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PKI code cleanup #9106

Merged
merged 3 commits into from
May 13, 2020
Merged

PKI code cleanup #9106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e0c32a3
Remove dead code
johngmyers May 10, 2020
ae667a9
Make funcs private and remove dead code
johngmyers May 10, 2020
649062a
Remove deprecated CertificatePool method
johngmyers May 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion hack/.packages
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,6 @@ k8s.io/kops/upup/pkg/fi/cloudup/terraform
k8s.io/kops/upup/pkg/fi/cloudup/vsphere
k8s.io/kops/upup/pkg/fi/cloudup/vspheretasks
k8s.io/kops/upup/pkg/fi/fitasks
k8s.io/kops/upup/pkg/fi/k8sapi
k8s.io/kops/upup/pkg/fi/loader
k8s.io/kops/upup/pkg/fi/nodeup
k8s.io/kops/upup/pkg/fi/nodeup/cloudinit
Expand Down
4 changes: 0 additions & 4 deletions nodeup/pkg/model/kube_apiserver_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,10 +86,6 @@ func (k fakeKeyStore) MirrorTo(basedir vfs.Path) error {
panic("implement me")
}

func (k fakeKeyStore) CertificatePool(name string, createIfMissing bool) (*fi.CertificatePool, error) {
panic("implement me")
}

func (k fakeKeyStore) FindCertificatePool(name string) (*fi.CertificatePool, error) {
panic("implement me")
}
Expand Down
4 changes: 0 additions & 4 deletions upup/pkg/fi/ca.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,10 +73,6 @@ type HasVFSPath interface {
type CAStore interface {
Keystore

// CertificatePool returns all active certificates with the specified id
// Deprecated: prefer FindCertificatePool
CertificatePool(name string, createIfMissing bool) (*CertificatePool, error)

// FindCertificatePool returns the named CertificatePool, or (nil,nil) if not found
FindCertificatePool(name string) (*CertificatePool, error)

Expand Down
25 changes: 5 additions & 20 deletions upup/pkg/fi/clientset_castore.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,20 +204,6 @@ func FindPrimary(keyset *kops.Keyset) *kops.KeysetItem {
return primary
}

// CertificatePool implements CAStore::CertificatePool
func (c *ClientsetCAStore) CertificatePool(id string, createIfMissing bool) (*CertificatePool, error) {
cert, err := c.FindCertificatePool(id)
if err == nil && cert == nil {
if !createIfMissing {
klog.Warningf("using empty certificate, because running with DryRun")
return &CertificatePool{}, err
}
return nil, fmt.Errorf("cannot find certificate pool %q", id)
}
return cert, err

}

// FindKeypair implements CAStore::FindKeypair
func (c *ClientsetCAStore) FindKeypair(name string) (*pki.Certificate, *pki.PrivateKey, KeysetFormat, error) {
ctx := context.TODO()
Expand Down Expand Up @@ -334,8 +320,7 @@ func (c *ClientsetCAStore) ListSSHCredentials() ([]*kops.SSHCredential, error) {
return items, nil
}

// IssueCert implements CAStore::IssueCert
func (c *ClientsetCAStore) IssueCert(signer string, name string, serial *big.Int, privateKey *pki.PrivateKey, template *x509.Certificate) (*pki.Certificate, error) {
func (c *ClientsetCAStore) issueCert(signer string, name string, serial *big.Int, privateKey *pki.PrivateKey, template *x509.Certificate) (*pki.Certificate, error) {
ctx := context.TODO()

klog.Infof("Issuing new certificate: %q", name)
Expand Down Expand Up @@ -449,7 +434,7 @@ func (c *ClientsetCAStore) FindPrivateKeyset(name string) (*kops.Keyset, error)
func (c *ClientsetCAStore) CreateKeypair(signer string, id string, template *x509.Certificate, privateKey *pki.PrivateKey) (*pki.Certificate, error) {
serial := c.buildSerial()

cert, err := c.IssueCert(signer, id, serial, privateKey, template)
cert, err := c.issueCert(signer, id, serial, privateKey, template)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -488,8 +473,8 @@ func (c *ClientsetCAStore) addKey(ctx context.Context, name string, keysetType k
return nil
}

// DeleteKeysetItem deletes the specified key from the registry; deleting the whole keyset if it was the last one
func DeleteKeysetItem(client kopsinternalversion.KeysetInterface, name string, keysetType kops.KeysetType, id string) error {
// deleteKeysetItem deletes the specified key from the registry; deleting the whole keyset if it was the last one
func deleteKeysetItem(client kopsinternalversion.KeysetInterface, name string, keysetType kops.KeysetType, id string) error {
ctx := context.TODO()

keyset, err := client.Get(ctx, name, metav1.GetOptions{})
Expand Down Expand Up @@ -637,7 +622,7 @@ func (c *ClientsetCAStore) DeleteKeysetItem(item *kops.Keyset, id string) error
switch item.Spec.Type {
case kops.SecretTypeKeypair:
client := c.clientset.Keysets(c.namespace)
return DeleteKeysetItem(client, item.Name, kops.SecretTypeKeypair, id)
return deleteKeysetItem(client, item.Name, kops.SecretTypeKeypair, id)
default:
// Primarily because we need to make sure users can recreate them!
return fmt.Errorf("deletion of keystore items of type %v not (yet) supported", item.Spec.Type)
Expand Down
21 changes: 0 additions & 21 deletions upup/pkg/fi/k8sapi/BUILD.bazel
View file
Open in desktop

This file was deleted.

87 changes: 0 additions & 87 deletions upup/pkg/fi/k8sapi/cert_secret.go
View file
Open in desktop

This file was deleted.

158 changes: 0 additions & 158 deletions upup/pkg/fi/k8sapi/k8s_keystore.go
View file
Open in desktop

This file was deleted.

Loading