From 87f094c5e885237186bff6cb5fb2a23ee4881347 Mon Sep 17 00:00:00 2001 From: Claudiu Belu Date: Wed, 15 Jun 2022 15:17:24 +0300 Subject: [PATCH] Replaces path.Operation with filepath.Operation (part 2) The path module has a few different functions: Clean, Split, Join, Ext, Dir, Base, IsAbs. These functions do not take into account the OS-specific path separator, meaning that they won't behave as intended on Windows. For example, Dir is supposed to return all but the last element of the path. For the path "C:\some\dir\somewhere", it is supposed to return "C:\some\dir\", however, it returns ".". Instead of these functions, the ones in filepath should be used instead. --- cmd/kube-apiserver/app/testing/testserver.go | 9 ++++----- .../app/componentconfigs/kubelet_windows.go | 4 ++-- cmd/kubeadm/app/constants/constants.go | 11 +++++------ cmd/kubeadm/app/phases/certs/certlist_test.go | 6 +++--- cmd/kubeadm/app/phases/certs/certs_test.go | 3 +-- cmd/kubeadm/app/phases/copycerts/copycerts.go | 18 +++++++++--------- .../app/phases/copycerts/copycerts_test.go | 4 ++-- cmd/kubeadm/app/util/certs/util.go | 8 ++++---- cmd/kubelet/app/server.go | 5 ++--- 9 files changed, 32 insertions(+), 36 deletions(-) diff --git a/cmd/kube-apiserver/app/testing/testserver.go b/cmd/kube-apiserver/app/testing/testserver.go index 56b23788d13..c4ee0f55ca8 100644 --- a/cmd/kube-apiserver/app/testing/testserver.go +++ b/cmd/kube-apiserver/app/testing/testserver.go @@ -22,7 +22,6 @@ import ( "fmt" "net" "os" - "path" "path/filepath" "runtime" "time" @@ -159,7 +158,7 @@ func StartTestServer(t Logger, instanceOptions *TestServerInstanceOptions, custo if err != nil { return result, err } - proxyCACertFile := path.Join(s.SecureServing.ServerCert.CertDirectory, "proxy-ca.crt") + proxyCACertFile := filepath.Join(s.SecureServing.ServerCert.CertDirectory, "proxy-ca.crt") if err := os.WriteFile(proxyCACertFile, testutil.EncodeCertPEM(proxySigningCert), 0644); err != nil { return result, err } @@ -186,8 +185,8 @@ func StartTestServer(t Logger, instanceOptions *TestServerInstanceOptions, custo if err := pkiutil.WriteCertAndKey(s.SecureServing.ServerCert.CertDirectory, "misty-crt", clientCrtOfAPIServer, signer); err != nil { return result, err } - s.ProxyClientKeyFile = path.Join(s.SecureServing.ServerCert.CertDirectory, "misty-crt.key") - s.ProxyClientCertFile = path.Join(s.SecureServing.ServerCert.CertDirectory, "misty-crt.crt") + s.ProxyClientKeyFile = filepath.Join(s.SecureServing.ServerCert.CertDirectory, "misty-crt.key") + s.ProxyClientCertFile = filepath.Join(s.SecureServing.ServerCert.CertDirectory, "misty-crt.crt") clientSigningKey, err := testutil.NewPrivateKey() if err != nil { @@ -197,7 +196,7 @@ func StartTestServer(t Logger, instanceOptions *TestServerInstanceOptions, custo if err != nil { return result, err } - clientCACertFile := path.Join(s.SecureServing.ServerCert.CertDirectory, "client-ca.crt") + clientCACertFile := filepath.Join(s.SecureServing.ServerCert.CertDirectory, "client-ca.crt") if err := os.WriteFile(clientCACertFile, testutil.EncodeCertPEM(clientSigningCert), 0644); err != nil { return result, err } diff --git a/cmd/kubeadm/app/componentconfigs/kubelet_windows.go b/cmd/kubeadm/app/componentconfigs/kubelet_windows.go index 50d4794a9f2..4573f6d7aa8 100644 --- a/cmd/kubeadm/app/componentconfigs/kubelet_windows.go +++ b/cmd/kubeadm/app/componentconfigs/kubelet_windows.go @@ -32,7 +32,7 @@ func (kc *kubeletConfig) Mutate() error { // When "kubeadm join" downloads the KubeletConfiguration from the cluster on Windows // nodes, it would contain absolute paths that may lack drive letters, since the config // could have been generated on a Linux control-plane node. On Windows the - // Golang path.IsAbs() function returns false unless the path contains a drive letter. + // Golang filepath.IsAbs() function returns false unless the path contains a drive letter. // This trips client-go and the kubelet, creating problems on Windows nodes. // Fixing it in client-go or the kubelet is a breaking change to existing Windows // users that rely on relative paths: @@ -57,7 +57,7 @@ func (kc *kubeletConfig) Mutate() error { func mutatePaths(cfg *kubeletconfig.KubeletConfiguration, drive string) { mutateStringField := func(name string, field *string) { - // path.IsAbs() is not reliable here in the Windows runtime, so check if the + // filepath.IsAbs() is not reliable here in the Windows runtime, so check if the // path starts with "/" instead. This means the path originated from a Unix node and // is an absolute path. if !strings.HasPrefix(*field, "/") { diff --git a/cmd/kubeadm/app/constants/constants.go b/cmd/kubeadm/app/constants/constants.go index 1ae2d9baabd..c52ccd27f5d 100644 --- a/cmd/kubeadm/app/constants/constants.go +++ b/cmd/kubeadm/app/constants/constants.go @@ -20,7 +20,6 @@ import ( "fmt" "net" "os" - "path" "path/filepath" "strings" "time" @@ -595,9 +594,9 @@ func GetKubeletKubeConfigPath() string { // CreateTempDirForKubeadm is a function that creates a temporary directory under /etc/kubernetes/tmp (not using /tmp as that would potentially be dangerous) func CreateTempDirForKubeadm(kubernetesDir, dirName string) (string, error) { - tempDir := path.Join(KubernetesDir, TempDirForKubeadm) + tempDir := filepath.Join(KubernetesDir, TempDirForKubeadm) if len(kubernetesDir) != 0 { - tempDir = path.Join(kubernetesDir, TempDirForKubeadm) + tempDir = filepath.Join(kubernetesDir, TempDirForKubeadm) } // creates target folder if not already exists @@ -614,9 +613,9 @@ func CreateTempDirForKubeadm(kubernetesDir, dirName string) (string, error) { // CreateTimestampDirForKubeadm is a function that creates a temporary directory under /etc/kubernetes/tmp formatted with the current date func CreateTimestampDirForKubeadm(kubernetesDir, dirName string) (string, error) { - tempDir := path.Join(KubernetesDir, TempDirForKubeadm) + tempDir := filepath.Join(KubernetesDir, TempDirForKubeadm) if len(kubernetesDir) != 0 { - tempDir = path.Join(kubernetesDir, TempDirForKubeadm) + tempDir = filepath.Join(kubernetesDir, TempDirForKubeadm) } // creates target folder if not already exists @@ -625,7 +624,7 @@ func CreateTimestampDirForKubeadm(kubernetesDir, dirName string) (string, error) } timestampDirName := fmt.Sprintf("%s-%s", dirName, time.Now().Format("2006-01-02-15-04-05")) - timestampDir := path.Join(tempDir, timestampDirName) + timestampDir := filepath.Join(tempDir, timestampDirName) if err := os.Mkdir(timestampDir, 0700); err != nil { return "", errors.Wrap(err, "could not create timestamp directory") } diff --git a/cmd/kubeadm/app/phases/certs/certlist_test.go b/cmd/kubeadm/app/phases/certs/certlist_test.go index 2f717b114c1..fa696db477a 100644 --- a/cmd/kubeadm/app/phases/certs/certlist_test.go +++ b/cmd/kubeadm/app/phases/certs/certlist_test.go @@ -21,7 +21,7 @@ import ( "crypto/tls" "crypto/x509" "os" - "path" + "path/filepath" "testing" certutil "k8s.io/client-go/util/cert" @@ -192,8 +192,8 @@ func TestCreateCertificateChain(t *testing.T) { t.Fatal(err) } - caCert, _ := parseCertAndKey(path.Join(dir, "test-ca"), t) - daughterCert, _ := parseCertAndKey(path.Join(dir, "test-daughter"), t) + caCert, _ := parseCertAndKey(filepath.Join(dir, "test-ca"), t) + daughterCert, _ := parseCertAndKey(filepath.Join(dir, "test-daughter"), t) pool := x509.NewCertPool() pool.AddCert(caCert) diff --git a/cmd/kubeadm/app/phases/certs/certs_test.go b/cmd/kubeadm/app/phases/certs/certs_test.go index 6a82cf90365..a399551432b 100644 --- a/cmd/kubeadm/app/phases/certs/certs_test.go +++ b/cmd/kubeadm/app/phases/certs/certs_test.go @@ -23,7 +23,6 @@ import ( "crypto/x509" "net" "os" - "path" "path/filepath" "testing" @@ -263,7 +262,7 @@ func TestWriteCSRFilesIfNotExist(t *testing.T) { { name: "existing CSR is garbage", setupFunc: func(csrPath string) error { - return os.WriteFile(path.Join(csrPath, "dummy.csr"), []byte("a--bunch--of-garbage"), os.ModePerm) + return os.WriteFile(filepath.Join(csrPath, "dummy.csr"), []byte("a--bunch--of-garbage"), os.ModePerm) }, expectedError: true, }, diff --git a/cmd/kubeadm/app/phases/copycerts/copycerts.go b/cmd/kubeadm/app/phases/copycerts/copycerts.go index 3c716695535..7c20fe784a5 100644 --- a/cmd/kubeadm/app/phases/copycerts/copycerts.go +++ b/cmd/kubeadm/app/phases/copycerts/copycerts.go @@ -21,7 +21,7 @@ import ( "encoding/hex" "fmt" "os" - "path" + "path/filepath" "strings" "github.com/pkg/errors" @@ -182,17 +182,17 @@ func loadAndEncryptCert(certPath string, key []byte) ([]byte, error) { func certsToTransfer(cfg *kubeadmapi.InitConfiguration) map[string]string { certsDir := cfg.CertificatesDir certs := map[string]string{ - kubeadmconstants.CACertName: path.Join(certsDir, kubeadmconstants.CACertName), - kubeadmconstants.CAKeyName: path.Join(certsDir, kubeadmconstants.CAKeyName), - kubeadmconstants.FrontProxyCACertName: path.Join(certsDir, kubeadmconstants.FrontProxyCACertName), - kubeadmconstants.FrontProxyCAKeyName: path.Join(certsDir, kubeadmconstants.FrontProxyCAKeyName), - kubeadmconstants.ServiceAccountPublicKeyName: path.Join(certsDir, kubeadmconstants.ServiceAccountPublicKeyName), - kubeadmconstants.ServiceAccountPrivateKeyName: path.Join(certsDir, kubeadmconstants.ServiceAccountPrivateKeyName), + kubeadmconstants.CACertName: filepath.Join(certsDir, kubeadmconstants.CACertName), + kubeadmconstants.CAKeyName: filepath.Join(certsDir, kubeadmconstants.CAKeyName), + kubeadmconstants.FrontProxyCACertName: filepath.Join(certsDir, kubeadmconstants.FrontProxyCACertName), + kubeadmconstants.FrontProxyCAKeyName: filepath.Join(certsDir, kubeadmconstants.FrontProxyCAKeyName), + kubeadmconstants.ServiceAccountPublicKeyName: filepath.Join(certsDir, kubeadmconstants.ServiceAccountPublicKeyName), + kubeadmconstants.ServiceAccountPrivateKeyName: filepath.Join(certsDir, kubeadmconstants.ServiceAccountPrivateKeyName), } if cfg.Etcd.External == nil { - certs[kubeadmconstants.EtcdCACertName] = path.Join(certsDir, kubeadmconstants.EtcdCACertName) - certs[kubeadmconstants.EtcdCAKeyName] = path.Join(certsDir, kubeadmconstants.EtcdCAKeyName) + certs[kubeadmconstants.EtcdCACertName] = filepath.Join(certsDir, kubeadmconstants.EtcdCACertName) + certs[kubeadmconstants.EtcdCAKeyName] = filepath.Join(certsDir, kubeadmconstants.EtcdCAKeyName) } else { certs[externalEtcdCA] = cfg.Etcd.External.CAFile certs[externalEtcdCert] = cfg.Etcd.External.CertFile diff --git a/cmd/kubeadm/app/phases/copycerts/copycerts_test.go b/cmd/kubeadm/app/phases/copycerts/copycerts_test.go index 305a4441c81..f5503d66fe4 100644 --- a/cmd/kubeadm/app/phases/copycerts/copycerts_test.go +++ b/cmd/kubeadm/app/phases/copycerts/copycerts_test.go @@ -20,7 +20,7 @@ import ( "context" "encoding/hex" "os" - "path" + "path/filepath" "regexp" goruntime "runtime" "testing" @@ -55,7 +55,7 @@ func TestGetDataFromInitConfig(t *testing.T) { t.Fatalf(dedent.Dedent("failed to decode key.\nfatal error: %v"), err) } - if err := os.Mkdir(path.Join(tmpdir, "etcd"), 0755); err != nil { + if err := os.Mkdir(filepath.Join(tmpdir, "etcd"), 0755); err != nil { t.Fatalf(dedent.Dedent("failed to create etcd cert dir.\nfatal error: %v"), err) } diff --git a/cmd/kubeadm/app/util/certs/util.go b/cmd/kubeadm/app/util/certs/util.go index af3e638cb0f..531edec4c7d 100644 --- a/cmd/kubeadm/app/util/certs/util.go +++ b/cmd/kubeadm/app/util/certs/util.go @@ -21,7 +21,7 @@ import ( "crypto/rsa" "crypto/x509" "net" - "path" + "path/filepath" "testing" certutil "k8s.io/client-go/util/cert" @@ -230,7 +230,7 @@ func WritePKIFiles(t *testing.T, dir string, files PKIFiles) { for filename, body := range files { switch body := body.(type) { case *x509.Certificate: - if err := certutil.WriteCert(path.Join(dir, filename), pkiutil.EncodeCertPEM(body)); err != nil { + if err := certutil.WriteCert(filepath.Join(dir, filename), pkiutil.EncodeCertPEM(body)); err != nil { t.Errorf("unable to write certificate to file %q: [%v]", dir, err) } case *rsa.PublicKey: @@ -238,7 +238,7 @@ func WritePKIFiles(t *testing.T, dir string, files PKIFiles) { if err != nil { t.Errorf("unable to write public key to file %q: [%v]", filename, err) } - if err := keyutil.WriteKey(path.Join(dir, filename), publicKeyBytes); err != nil { + if err := keyutil.WriteKey(filepath.Join(dir, filename), publicKeyBytes); err != nil { t.Errorf("unable to write public key to file %q: [%v]", filename, err) } case *rsa.PrivateKey: @@ -246,7 +246,7 @@ func WritePKIFiles(t *testing.T, dir string, files PKIFiles) { if err != nil { t.Errorf("unable to write private key to file %q: [%v]", filename, err) } - if err := keyutil.WriteKey(path.Join(dir, filename), privateKey); err != nil { + if err := keyutil.WriteKey(filepath.Join(dir, filename), privateKey); err != nil { t.Errorf("unable to write private key to file %q: [%v]", filename, err) } } diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index 9cf57be9722..1bf3c492c92 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -26,7 +26,6 @@ import ( "net" "net/http" "os" - "path" "path/filepath" "strconv" "strings" @@ -1010,8 +1009,8 @@ func getNodeName(cloud cloudprovider.Interface, hostname string) (types.NodeName // certificate and key file are generated. Returns a configured server.TLSOptions object. func InitializeTLS(kf *options.KubeletFlags, kc *kubeletconfiginternal.KubeletConfiguration) (*server.TLSOptions, error) { if !kc.ServerTLSBootstrap && kc.TLSCertFile == "" && kc.TLSPrivateKeyFile == "" { - kc.TLSCertFile = path.Join(kf.CertDirectory, "kubelet.crt") - kc.TLSPrivateKeyFile = path.Join(kf.CertDirectory, "kubelet.key") + kc.TLSCertFile = filepath.Join(kf.CertDirectory, "kubelet.crt") + kc.TLSPrivateKeyFile = filepath.Join(kf.CertDirectory, "kubelet.key") canReadCertAndKey, err := certutil.CanReadCertAndKey(kc.TLSCertFile, kc.TLSPrivateKeyFile) if err != nil {