mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-28 14:07:14 +00:00
Move pkg/kubelet/util/csr into client-go
Everything else it depends on was already there, and now we have a somewhat consistent code chain.
This commit is contained in:
Clayton Coleman
parent
b3a11aa635
commit
5649f9a578
@ -22,7 +22,6 @@ go_library(
|
|||||||
srcs = ["bootstrap.go"],
|
srcs = ["bootstrap.go"],
|
||||||
importpath = "k8s.io/kubernetes/pkg/kubelet/certificate/bootstrap",
|
importpath = "k8s.io/kubernetes/pkg/kubelet/certificate/bootstrap",
|
||||||
deps = [
|
deps = [
|
||||||
"//pkg/kubelet/util/csr:go_default_library",
|
|
||||||
"//vendor/github.com/golang/glog:go_default_library",
|
"//vendor/github.com/golang/glog:go_default_library",
|
||||||
"//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
|
"//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
|
||||||
"//vendor/k8s.io/apimachinery/pkg/util/runtime:go_default_library",
|
"//vendor/k8s.io/apimachinery/pkg/util/runtime:go_default_library",
|
||||||
@ -32,6 +31,7 @@ go_library(
|
|||||||
"//vendor/k8s.io/client-go/tools/clientcmd/api:go_default_library",
|
"//vendor/k8s.io/client-go/tools/clientcmd/api:go_default_library",
|
||||||
"//vendor/k8s.io/client-go/transport:go_default_library",
|
"//vendor/k8s.io/client-go/transport:go_default_library",
|
||||||
"//vendor/k8s.io/client-go/util/cert:go_default_library",
|
"//vendor/k8s.io/client-go/util/cert:go_default_library",
|
||||||
|
"//vendor/k8s.io/client-go/util/certificate/csr:go_default_library",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@ -32,7 +32,7 @@ import (
|
|||||||
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
|
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
|
||||||
"k8s.io/client-go/transport"
|
"k8s.io/client-go/transport"
|
||||||
certutil "k8s.io/client-go/util/cert"
|
certutil "k8s.io/client-go/util/cert"
|
||||||
"k8s.io/kubernetes/pkg/kubelet/util/csr"
|
"k8s.io/client-go/util/certificate/csr"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
|||||||
@ -53,7 +53,6 @@ filegroup(
|
|||||||
srcs = [
|
srcs = [
|
||||||
":package-srcs",
|
":package-srcs",
|
||||||
"//pkg/kubelet/util/cache:all-srcs",
|
"//pkg/kubelet/util/cache:all-srcs",
|
||||||
"//pkg/kubelet/util/csr:all-srcs",
|
|
||||||
"//pkg/kubelet/util/format:all-srcs",
|
"//pkg/kubelet/util/format:all-srcs",
|
||||||
"//pkg/kubelet/util/ioutils:all-srcs",
|
"//pkg/kubelet/util/ioutils:all-srcs",
|
||||||
"//pkg/kubelet/util/queue:all-srcs",
|
"//pkg/kubelet/util/queue:all-srcs",
|
||||||
|
|||||||
@ -38,7 +38,6 @@ go_library(
|
|||||||
importpath = "k8s.io/client-go/util/certificate",
|
importpath = "k8s.io/client-go/util/certificate",
|
||||||
tags = ["automanaged"],
|
tags = ["automanaged"],
|
||||||
deps = [
|
deps = [
|
||||||
"//pkg/kubelet/util/csr:go_default_library",
|
|
||||||
"//vendor/github.com/golang/glog:go_default_library",
|
"//vendor/github.com/golang/glog:go_default_library",
|
||||||
"//vendor/k8s.io/api/certificates/v1beta1:go_default_library",
|
"//vendor/k8s.io/api/certificates/v1beta1:go_default_library",
|
||||||
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
|
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
|
||||||
@ -46,6 +45,7 @@ go_library(
|
|||||||
"//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library",
|
"//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library",
|
||||||
"//vendor/k8s.io/client-go/kubernetes/typed/certificates/v1beta1:go_default_library",
|
"//vendor/k8s.io/client-go/kubernetes/typed/certificates/v1beta1:go_default_library",
|
||||||
"//vendor/k8s.io/client-go/util/cert:go_default_library",
|
"//vendor/k8s.io/client-go/util/cert:go_default_library",
|
||||||
|
"//vendor/k8s.io/client-go/util/certificate/csr:go_default_library",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -58,7 +58,10 @@ filegroup(
|
|||||||
|
|
||||||
filegroup(
|
filegroup(
|
||||||
name = "all-srcs",
|
name = "all-srcs",
|
||||||
srcs = [":package-srcs"],
|
srcs = [
|
||||||
|
":package-srcs",
|
||||||
|
"//staging/src/k8s.io/client-go/util/certificate/csr:all-srcs",
|
||||||
|
],
|
||||||
tags = ["automanaged"],
|
tags = ["automanaged"],
|
||||||
visibility = ["//visibility:public"],
|
visibility = ["//visibility:public"],
|
||||||
)
|
)
|
||||||
|
|||||||
@ -35,7 +35,7 @@ import (
|
|||||||
"k8s.io/apimachinery/pkg/util/wait"
|
"k8s.io/apimachinery/pkg/util/wait"
|
||||||
certificatesclient "k8s.io/client-go/kubernetes/typed/certificates/v1beta1"
|
certificatesclient "k8s.io/client-go/kubernetes/typed/certificates/v1beta1"
|
||||||
"k8s.io/client-go/util/cert"
|
"k8s.io/client-go/util/cert"
|
||||||
"k8s.io/kubernetes/pkg/kubelet/util/csr"
|
"k8s.io/client-go/util/certificate/csr"
|
||||||
)
|
)
|
||||||
|
|
||||||
// certificateWaitBackoff controls the amount and timing of retries when the
|
// certificateWaitBackoff controls the amount and timing of retries when the
|
||||||
|
|||||||
@ -9,9 +9,8 @@ load(
|
|||||||
go_library(
|
go_library(
|
||||||
name = "go_default_library",
|
name = "go_default_library",
|
||||||
srcs = ["csr.go"],
|
srcs = ["csr.go"],
|
||||||
importpath = "k8s.io/kubernetes/pkg/kubelet/util/csr",
|
importpath = "k8s.io/client-go/util/certificate/csr",
|
||||||
deps = [
|
deps = [
|
||||||
"//pkg/apis/certificates/v1beta1:go_default_library",
|
|
||||||
"//vendor/github.com/golang/glog:go_default_library",
|
"//vendor/github.com/golang/glog:go_default_library",
|
||||||
"//vendor/k8s.io/api/certificates/v1beta1:go_default_library",
|
"//vendor/k8s.io/api/certificates/v1beta1:go_default_library",
|
||||||
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
|
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
|
||||||
@ -43,7 +42,7 @@ filegroup(
|
|||||||
go_test(
|
go_test(
|
||||||
name = "go_default_test",
|
name = "go_default_test",
|
||||||
srcs = ["csr_test.go"],
|
srcs = ["csr_test.go"],
|
||||||
importpath = "k8s.io/kubernetes/pkg/kubelet/util/csr",
|
importpath = "k8s.io/client-go/util/certificate/csr",
|
||||||
library = ":go_default_library",
|
library = ":go_default_library",
|
||||||
deps = [
|
deps = [
|
||||||
"//vendor/k8s.io/api/certificates/v1beta1:go_default_library",
|
"//vendor/k8s.io/api/certificates/v1beta1:go_default_library",
|
||||||
@ -19,14 +19,15 @@ package csr
|
|||||||
import (
|
import (
|
||||||
"crypto"
|
"crypto"
|
||||||
"crypto/sha512"
|
"crypto/sha512"
|
||||||
|
"crypto/x509"
|
||||||
"crypto/x509/pkix"
|
"crypto/x509/pkix"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
|
"encoding/pem"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"github.com/golang/glog"
|
||||||
"reflect"
|
"reflect"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/golang/glog"
|
|
||||||
|
|
||||||
certificates "k8s.io/api/certificates/v1beta1"
|
certificates "k8s.io/api/certificates/v1beta1"
|
||||||
"k8s.io/apimachinery/pkg/api/errors"
|
"k8s.io/apimachinery/pkg/api/errors"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
@ -38,7 +39,6 @@ import (
|
|||||||
certificatesclient "k8s.io/client-go/kubernetes/typed/certificates/v1beta1"
|
certificatesclient "k8s.io/client-go/kubernetes/typed/certificates/v1beta1"
|
||||||
"k8s.io/client-go/tools/cache"
|
"k8s.io/client-go/tools/cache"
|
||||||
certutil "k8s.io/client-go/util/cert"
|
certutil "k8s.io/client-go/util/cert"
|
||||||
certhelper "k8s.io/kubernetes/pkg/apis/certificates/v1beta1"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// RequestNodeCertificate will create a certificate signing request for a node
|
// RequestNodeCertificate will create a certificate signing request for a node
|
||||||
@ -200,11 +200,11 @@ func digestedName(privateKeyData []byte, subject *pkix.Name, usages []certificat
|
|||||||
|
|
||||||
// ensureCompatible ensures that a CSR object is compatible with an original CSR
|
// ensureCompatible ensures that a CSR object is compatible with an original CSR
|
||||||
func ensureCompatible(new, orig *certificates.CertificateSigningRequest, privateKey interface{}) error {
|
func ensureCompatible(new, orig *certificates.CertificateSigningRequest, privateKey interface{}) error {
|
||||||
newCsr, err := certhelper.ParseCSR(new)
|
newCsr, err := ParseCSR(new)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("unable to parse new csr: %v", err)
|
return fmt.Errorf("unable to parse new csr: %v", err)
|
||||||
}
|
}
|
||||||
origCsr, err := certhelper.ParseCSR(orig)
|
origCsr, err := ParseCSR(orig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("unable to parse original csr: %v", err)
|
return fmt.Errorf("unable to parse original csr: %v", err)
|
||||||
}
|
}
|
||||||
@ -244,3 +244,18 @@ func formatError(format string, err error) error {
|
|||||||
}
|
}
|
||||||
return fmt.Errorf(format, err)
|
return fmt.Errorf(format, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ParseCSR extracts the CSR from the API object and decodes it.
|
||||||
|
func ParseCSR(obj *certificates.CertificateSigningRequest) (*x509.CertificateRequest, error) {
|
||||||
|
// extract PEM from request object
|
||||||
|
pemBytes := obj.Spec.Request
|
||||||
|
block, _ := pem.Decode(pemBytes)
|
||||||
|
if block == nil || block.Type != "CERTIFICATE REQUEST" {
|
||||||
|
return nil, fmt.Errorf("PEM block type must be CERTIFICATE REQUEST")
|
||||||
|
}
|
||||||
|
csr, err := x509.ParseCertificateRequest(block.Bytes)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return csr, nil
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue
Block a user