github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 21:17:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #97290 from neolit123/1.21-kubeadm-improve-token-error-messages

Browse Source 
kubeadm: improve the error messages when validating discovery CA hash
This commit is contained in:
Kubernetes Prow Robot 2021-01-04 22:55:59 -08:00 committed by GitHub
commit 242e07dc3c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kubeadm/app/discovery/token/token.go
View File

@ -62,7 +62,7 @@ func retrieveValidatedConfigInfo(client clientset.Interface, cfg *kubeadmapi.Dis
// Load the CACertHashes into a pubkeypin.Set // Load the CACertHashes into a pubkeypin.Set
pubKeyPins := pubkeypin.NewSet() pubKeyPins := pubkeypin.NewSet()
if err = pubKeyPins.Allow(cfg.BootstrapToken.CACertHashes...); err != nil { if err = pubKeyPins.Allow(cfg.BootstrapToken.CACertHashes...); err != nil {
return nil, err return nil, errors.Wrap(err, "invalid discovery token CA certificate hash")
} }
duration := cfg.Timeout.Duration duration := cfg.Timeout.Duration

12
cmd/kubeadm/app/util/pubkeypin/pubkeypin.go
View File

@ -32,6 +32,11 @@ const (
formatSHA256 = "sha256" formatSHA256 = "sha256"
) )
var (
// supportedFormats enumerates the supported formats
supportedFormats = strings.Join([]string{formatSHA256}, ", ")
)
// Set is a set of pinned x509 public keys. // Set is a set of pinned x509 public keys.
type Set struct { type Set struct {
sha256Hashes map[string]bool sha256Hashes map[string]bool
@ -47,7 +52,8 @@ func (s *Set) Allow(pubKeyHashes ...string) error {
for _, pubKeyHash := range pubKeyHashes { for _, pubKeyHash := range pubKeyHashes {
parts := strings.Split(pubKeyHash, ":") parts := strings.Split(pubKeyHash, ":")
if len(parts) != 2 { if len(parts) != 2 {
return errors.New("invalid public key hash, expected \"format:value\"") return errors.Errorf("invalid hash, expected \"format:hex-value\". "+
"Known format(s) are: %s", supportedFormats)
} }
format, value := parts[0], parts[1] format, value := parts[0], parts[1]
@ -55,7 +61,7 @@ func (s *Set) Allow(pubKeyHashes ...string) error {
case "sha256": case "sha256":
return s.allowSHA256(value) return s.allowSHA256(value)
default: default:
return errors.Errorf("unknown hash format %q", format) return errors.Errorf("unknown hash format %q. Known format(s) are: %s", format, supportedFormats)
} }
} }
return nil return nil
@ -99,7 +105,7 @@ func (s *Set) allowSHA256(hash string) error {
// validate that the hash is valid hex // validate that the hash is valid hex
_, err := hex.DecodeString(hash) _, err := hex.DecodeString(hash)
if err != nil { if err != nil {
return err return errors.Wrap(err, "could not decode SHA-256 from hex")
} }
// in the end, just store the original hex string in memory (in lowercase) // in the end, just store the original hex string in memory (in lowercase)