From 363fee59e4b8620eb8f6bf673f9246932ce61b1e Mon Sep 17 00:00:00 2001 From: carlory Date: Mon, 1 Apr 2024 11:09:53 +0800 Subject: [PATCH] fix panic with SIGSEGV in kubeadm certs check-expiration --- cmd/kubeadm/app/phases/certs/renewal/manager.go | 4 ++-- .../app/phases/certs/renewal/manager_test.go | 4 ++-- .../app/phases/certs/renewal/readwriter.go | 17 ++++++++++------- .../app/phases/certs/renewal/readwriter_test.go | 6 +++--- 4 files changed, 17 insertions(+), 14 deletions(-) diff --git a/cmd/kubeadm/app/phases/certs/renewal/manager.go b/cmd/kubeadm/app/phases/certs/renewal/manager.go index 0cf272e1617..3f2247c95c6 100644 --- a/cmd/kubeadm/app/phases/certs/renewal/manager.go +++ b/cmd/kubeadm/app/phases/certs/renewal/manager.go @@ -322,7 +322,7 @@ func (rm *Manager) CertificateExists(name string) (bool, error) { return false, errors.Errorf("%s is not a known certificate", name) } - return handler.readwriter.Exists(), nil + return handler.readwriter.Exists() } // GetCertificateExpirationInfo returns certificate expiration info. @@ -358,7 +358,7 @@ func (rm *Manager) CAExists(name string) (bool, error) { return false, errors.Errorf("%s is not a known certificate", name) } - return handler.readwriter.Exists(), nil + return handler.readwriter.Exists() } // GetCAExpirationInfo returns CA expiration info. diff --git a/cmd/kubeadm/app/phases/certs/renewal/manager_test.go b/cmd/kubeadm/app/phases/certs/renewal/manager_test.go index d8ce8526ac3..e3a9783363e 100644 --- a/cmd/kubeadm/app/phases/certs/renewal/manager_test.go +++ b/cmd/kubeadm/app/phases/certs/renewal/manager_test.go @@ -54,8 +54,8 @@ type fakecertificateReadWriter struct { cert *x509.Certificate } -func (cr fakecertificateReadWriter) Exists() bool { - return cr.exist +func (cr fakecertificateReadWriter) Exists() (bool, error) { + return cr.exist, nil } func (cr fakecertificateReadWriter) Read() (*x509.Certificate, error) { diff --git a/cmd/kubeadm/app/phases/certs/renewal/readwriter.go b/cmd/kubeadm/app/phases/certs/renewal/readwriter.go index 9924255c842..34613be858a 100644 --- a/cmd/kubeadm/app/phases/certs/renewal/readwriter.go +++ b/cmd/kubeadm/app/phases/certs/renewal/readwriter.go @@ -36,7 +36,7 @@ import ( // read or write a certificate stored/embedded in a file type certificateReadWriter interface { //Exists return true if the certificate exists - Exists() bool + Exists() (bool, error) // Read a certificate stored/embedded in a file Read() (*x509.Certificate, error) @@ -61,17 +61,20 @@ func newPKICertificateReadWriter(certificateDir string, baseName string) *pkiCer } // Exists checks if a certificate exist -func (rw *pkiCertificateReadWriter) Exists() bool { +func (rw *pkiCertificateReadWriter) Exists() (bool, error) { certificatePath, _ := pkiutil.PathsForCertAndKey(rw.certificateDir, rw.baseName) return fileExists(certificatePath) } -func fileExists(filename string) bool { +func fileExists(filename string) (bool, error) { info, err := os.Stat(filename) - if os.IsNotExist(err) { - return false + if err != nil { + if os.IsNotExist(err) { + return false, nil + } + return false, err } - return !info.IsDir() + return !info.IsDir(), nil } // Read a certificate from a file the K8s pki managed by kubeadm @@ -120,7 +123,7 @@ func newKubeconfigReadWriter(kubernetesDir string, kubeConfigFileName string, ce } // Exists checks if a certificate embedded in kubeConfig file exists -func (rw *kubeConfigReadWriter) Exists() bool { +func (rw *kubeConfigReadWriter) Exists() (bool, error) { return fileExists(rw.kubeConfigFilePath) } diff --git a/cmd/kubeadm/app/phases/certs/renewal/readwriter_test.go b/cmd/kubeadm/app/phases/certs/renewal/readwriter_test.go index 1044d2373d7..cdcc9a1e284 100644 --- a/cmd/kubeadm/app/phases/certs/renewal/readwriter_test.go +++ b/cmd/kubeadm/app/phases/certs/renewal/readwriter_test.go @@ -239,7 +239,7 @@ func TestFileExists(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := fileExists(tt.filename); got != tt.want { + if got, _ := fileExists(tt.filename); got != tt.want { t.Errorf("fileExists() = %v, want %v", got, tt.want) } }) @@ -295,7 +295,7 @@ func TestPKICertificateReadWriterExists(t *testing.T) { baseName: tt.fields.baseName, certificateDir: tt.fields.certificateDir, } - if got := rw.Exists(); got != tt.want { + if got, _ := rw.Exists(); got != tt.want { t.Errorf("pkiCertificateReadWriter.Exists() = %v, want %v", got, tt.want) } }) @@ -338,7 +338,7 @@ func TestKubeConfigReadWriterExists(t *testing.T) { rw := &kubeConfigReadWriter{ kubeConfigFilePath: tt.kubeConfigFilePath, } - if got := rw.Exists(); got != tt.want { + if got, _ := rw.Exists(); got != tt.want { t.Errorf("kubeConfigReadWriter.Exists() = %v, want %v", got, tt.want) } })