Merge pull request #82371 from deads2k/cert-reload-delegated

add ability to authenticators for dynamic update of certs for delegated authn Kubernetes-commit: 7ac65858bb9fdf41bb0cf3b257a4943ea8457ed6
2025-06-26 15:12:06 +00:00 · 2019-10-04 08:50:04 -07:00 · 2019-10-04 08:50:04 -07:00 · ec28f1ce46
commit ec28f1ce46
parent a746c2f219 a7d8568b02
4 changed files with 20 additions and 5 deletions
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@ -348,7 +348,7 @@
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery",
-			"Rev": "c930edf45883"
+			"Rev": "c31ffd88d5d2"
 		},
 		{
 			"ImportPath": "k8s.io/gengo",
--- a/go.mod
+++ b/go.mod
@ -27,7 +27,7 @@ require (
 	golang.org/x/time v0.0.0-20181108054448-85acf8d2951c
 	google.golang.org/appengine v1.5.0 // indirect
 	k8s.io/api v0.0.0-20191003035645-10e821c09743
-	k8s.io/apimachinery v0.0.0-20191003035458-c930edf45883
+	k8s.io/apimachinery v0.0.0-20191003115452-c31ffd88d5d2
 	k8s.io/klog v1.0.0
 	k8s.io/utils v0.0.0-20190920012459-5008bf6f8cd6
 	sigs.k8s.io/yaml v1.1.0
@ -42,5 +42,5 @@ replace (
 	golang.org/x/text => golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db
 	golang.org/x/time => golang.org/x/time v0.0.0-20161028155119-f51c12702a4d
 	k8s.io/api => k8s.io/api v0.0.0-20191003035645-10e821c09743
-	k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20191003035458-c930edf45883
+	k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20191003115452-c31ffd88d5d2
 )
--- a/go.sum
+++ b/go.sum
@ -180,7 +180,7 @@ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.0.0-20191003035645-10e821c09743/go.mod h1:uO3sqSrudYAYLDvkW5ph6lZtwlcN7mUlfE80fNPY8EE=
-k8s.io/apimachinery v0.0.0-20191003035458-c930edf45883/go.mod h1:3rOMKKJmoWw7dJkRxGjW26hYSWvYV5nrieoTsmWq1jw=
+k8s.io/apimachinery v0.0.0-20191003115452-c31ffd88d5d2/go.mod h1:3rOMKKJmoWw7dJkRxGjW26hYSWvYV5nrieoTsmWq1jw=
 k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
--- a/util/cert/io.go
+++ b/util/cert/io.go
@ -72,7 +72,22 @@ func WriteCert(certPath string, data []byte) error {
 // NewPool returns an x509.CertPool containing the certificates in the given PEM-encoded file.
 // Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
 func NewPool(filename string) (*x509.CertPool, error) {
-	certs, err := CertsFromFile(filename)
+	pemBlock, err := ioutil.ReadFile(filename)
 	if err != nil {
 		return nil, err
 	}
 	pool, err := NewPoolFromBytes(pemBlock)
 	if err != nil {
 		return nil, fmt.Errorf("error creating pool from %s: %s", filename, err)
 	}
 	return pool, nil
 }
 // NewPoolFromBytes returns an x509.CertPool containing the certificates in the given PEM-encoded bytes.
 // Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
 func NewPoolFromBytes(pemBlock []byte) (*x509.CertPool, error) {
 	certs, err := ParseCertsPEM(pemBlock)
 	if err != nil {
 		return nil, err
 	}