kubeadm: cleanup unused CreateCSR and associated functions

2025-08-10 04:27:54 +00:00 · 2023-12-05 18:17:14 +08:00 · 2023-12-05 18:17:14 +08:00 · 56262ca56a
commit 56262ca56a
parent 55f2bc1043
3 changed files with 0 additions and 136 deletions
--- a/cmd/kubeadm/app/phases/certs/certs.go
+++ b/cmd/kubeadm/app/phases/certs/certs.go
@ -139,15 +139,6 @@ func NewCSR(certSpec *KubeadmCert, cfg *kubeadmapi.InitConfiguration) (*x509.Cer
 	return pkiutil.NewCSRAndKey(certConfig)
 }
 // CreateCSR creates a certificate signing request
 func CreateCSR(certSpec *KubeadmCert, cfg *kubeadmapi.InitConfiguration, path string) error {
 	csr, key, err := NewCSR(certSpec, cfg)
 	if err != nil {
 		return err
 	}
 	return writeCSRFilesIfNotExist(path, certSpec.BaseName, csr, key)
 }
 // CreateCertAndKeyFilesWithCA loads the given certificate authority from disk, then generates and writes out the given certificate and key.
 // The certSpec and caCertSpec should both be one of the variables from this package.
 func CreateCertAndKeyFilesWithCA(certSpec *KubeadmCert, caCertSpec *KubeadmCert, cfg *kubeadmapi.InitConfiguration) error {
@ -271,33 +262,6 @@ func writeCertificateFilesIfNotExist(pkiDir string, baseName string, signingCert
 	return nil
 }
 // writeCSRFilesIfNotExist writes a new CSR to the given path.
 // If there already is a CSR file at the given path; kubeadm tries to load it and check if it's a valid certificate.
 // otherwise this function returns an error.
 func writeCSRFilesIfNotExist(csrDir string, baseName string, csr *x509.CertificateRequest, key crypto.Signer) error {
 	if pkiutil.CSROrKeyExist(csrDir, baseName) {
 		_, _, err := pkiutil.TryLoadCSRAndKeyFromDisk(csrDir, baseName)
 		if err != nil {
 			return errors.Wrapf(err, "%s CSR existed but it could not be loaded properly", baseName)
 		}
 		fmt.Printf("[certs] Using the existing %q CSR\n", baseName)
 	} else {
 		// Write .key and .csr files to disk
 		fmt.Printf("[certs] Generating %q key and CSR\n", baseName)
 		if err := pkiutil.WriteKey(csrDir, baseName, key); err != nil {
 			return errors.Wrapf(err, "failure while saving %s key", baseName)
 		}
 		if err := pkiutil.WriteCSR(csrDir, baseName, csr); err != nil {
 			return errors.Wrapf(err, "failure while saving %s CSR", baseName)
 		}
 	}
 	return nil
 }
 type certKeyLocation struct {
 	pkiDir     string
 	caBaseName string
--- a/cmd/kubeadm/app/phases/certs/certs_test.go
+++ b/cmd/kubeadm/app/phases/certs/certs_test.go
@ -18,8 +18,6 @@ package certs
 import (
 	"bytes"
 	"crypto"
 	"crypto/sha256"
 	"crypto/x509"
 	"net"
 	"os"
@ -41,20 +39,6 @@ import (
 	testutil "k8s.io/kubernetes/cmd/kubeadm/test"
 )
 func createTestCSR(t *testing.T) (*x509.CertificateRequest, crypto.Signer) {
 	csr, key, err := pkiutil.NewCSRAndKey(
 		&pkiutil.CertConfig{
 			Config: certutil.Config{
 				CommonName: "testCert",
 			},
 		})
 	if err != nil {
 		t.Fatalf("couldn't create test cert: %v", err)
 	}
 	return csr, key
 }
 func TestWriteCertificateAuthorityFilesIfNotExist(t *testing.T) {
 	setupCert, setupKey := certstestutil.CreateCACert(t)
 	caCert, caKey := certstestutil.CreateCACert(t)
@ -235,75 +219,6 @@ func TestWriteCertificateFilesIfNotExist(t *testing.T) {
 	}
 }
 func TestWriteCSRFilesIfNotExist(t *testing.T) {
 	csr, key := createTestCSR(t)
 	csr2, key2 := createTestCSR(t)
 	var tests = []struct {
 		name          string
 		setupFunc     func(csrPath string) error
 		expectedError bool
 		expectedCSR   *x509.CertificateRequest
 	}{
 		{
 			name:        "no files exist",
 			expectedCSR: csr,
 		},
 		{
 			name: "other key exists",
 			setupFunc: func(csrPath string) error {
 				if err := pkiutil.WriteCSR(csrPath, "dummy", csr2); err != nil {
 					return err
 				}
 				return pkiutil.WriteKey(csrPath, "dummy", key2)
 			},
 			expectedCSR: csr2,
 		},
 		{
 			name: "existing CSR is garbage",
 			setupFunc: func(csrPath string) error {
 				return os.WriteFile(filepath.Join(csrPath, "dummy.csr"), []byte("a--bunch--of-garbage"), os.ModePerm)
 			},
 			expectedError: true,
 		},
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			tmpdir := testutil.SetupTempDir(t)
 			defer os.RemoveAll(tmpdir)
 			if test.setupFunc != nil {
 				if err := test.setupFunc(tmpdir); err != nil {
 					t.Fatalf("couldn't set up test: %v", err)
 				}
 			}
 			if err := writeCSRFilesIfNotExist(tmpdir, "dummy", csr, key); err != nil {
 				if test.expectedError {
 					return
 				}
 				t.Fatalf("unexpected error %v: ", err)
 			}
 			if test.expectedError {
 				t.Fatal("Expected error, but got none")
 			}
 			parsedCSR, _, err := pkiutil.TryLoadCSRAndKeyFromDisk(tmpdir, "dummy")
 			if err != nil {
 				t.Fatalf("couldn't load csr and key: %v", err)
 			}
 			if sha256.Sum256(test.expectedCSR.Raw) != sha256.Sum256(parsedCSR.Raw) {
 				t.Error("expected csr's fingerprint does not match ")
 			}
 		})
 	}
 }
 func TestCreateServiceAccountKeyAndPublicKeyFiles(t *testing.T) {
 	setupKey, err := keyutil.MakeEllipticPrivateKeyPEM()
 	if err != nil {
--- a/cmd/kubeadm/app/util/pkiutil/pki_helpers.go
+++ b/cmd/kubeadm/app/util/pkiutil/pki_helpers.go
@ -334,21 +334,6 @@ func TryLoadKeyFromDisk(pkiPath, name string) (crypto.Signer, error) {
 	return key, nil
 }
 // TryLoadCSRAndKeyFromDisk tries to load the CSR and key from the disk
 func TryLoadCSRAndKeyFromDisk(pkiPath, name string) (*x509.CertificateRequest, crypto.Signer, error) {
 	csr, err := TryLoadCSRFromDisk(pkiPath, name)
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "could not load CSR file")
 	}
 	key, err := TryLoadKeyFromDisk(pkiPath, name)
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "could not load key file")
 	}
 	return csr, key, nil
 }
 // TryLoadPrivatePublicKeyFromDisk tries to load the key from the disk and validates that it is valid
 func TryLoadPrivatePublicKeyFromDisk(pkiPath, name string) (crypto.PrivateKey, crypto.PublicKey, error) {
 	privateKeyPath := pathForKey(pkiPath, name)