mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
kubeadm: drop duplicate function NewCACertAndKey
The function certs.NewCACertAndKey() is just a wrapper around pkiutil.NewCertificateAuthority() which doesn't add any additional functionality. Instead use pkiutil.NewCertificateAuthority() directly.
This commit is contained in:
parent
b32b742d97
commit
580513ed66
@ -85,7 +85,7 @@ func (k *KubeadmCert) CreateAsCA(ic *kubeadmapi.InitConfiguration) (*x509.Certif
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, errors.Wrapf(err, "couldn't get configuration for %q CA certificate", k.Name)
|
return nil, nil, errors.Wrapf(err, "couldn't get configuration for %q CA certificate", k.Name)
|
||||||
}
|
}
|
||||||
caCert, caKey, err := NewCACertAndKey(cfg)
|
caCert, caKey, err := pkiutil.NewCertificateAuthority(cfg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, errors.Wrapf(err, "couldn't generate %q CA certificate", k.Name)
|
return nil, nil, errors.Wrapf(err, "couldn't generate %q CA certificate", k.Name)
|
||||||
}
|
}
|
||||||
@ -141,7 +141,7 @@ func (t CertificateTree) CreateTree(ic *kubeadmapi.InitConfiguration) error {
|
|||||||
// CA key exists; just use that to create new certificates.
|
// CA key exists; just use that to create new certificates.
|
||||||
} else {
|
} else {
|
||||||
// CACert doesn't already exist, create a new cert and key.
|
// CACert doesn't already exist, create a new cert and key.
|
||||||
caCert, caKey, err = NewCACertAndKey(cfg)
|
caCert, caKey, err = pkiutil.NewCertificateAuthority(cfg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -90,17 +90,6 @@ func NewServiceAccountSigningKey() (*rsa.PrivateKey, error) {
|
|||||||
return saSigningKey, nil
|
return saSigningKey, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewCACertAndKey will generate a self signed CA.
|
|
||||||
func NewCACertAndKey(certSpec *certutil.Config) (*x509.Certificate, *rsa.PrivateKey, error) {
|
|
||||||
|
|
||||||
caCert, caKey, err := pkiutil.NewCertificateAuthority(certSpec)
|
|
||||||
if err != nil {
|
|
||||||
return nil, nil, errors.Wrap(err, "failure while generating CA certificate and key")
|
|
||||||
}
|
|
||||||
|
|
||||||
return caCert, caKey, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// CreateCACertAndKeyFiles generates and writes out a given certificate authority.
|
// CreateCACertAndKeyFiles generates and writes out a given certificate authority.
|
||||||
// The certSpec should be one of the variables from this package.
|
// The certSpec should be one of the variables from this package.
|
||||||
func CreateCACertAndKeyFiles(certSpec *KubeadmCert, cfg *kubeadmapi.InitConfiguration) error {
|
func CreateCACertAndKeyFiles(certSpec *KubeadmCert, cfg *kubeadmapi.InitConfiguration) error {
|
||||||
@ -114,7 +103,7 @@ func CreateCACertAndKeyFiles(certSpec *KubeadmCert, cfg *kubeadmapi.InitConfigur
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
caCert, caKey, err := NewCACertAndKey(certConfig)
|
caCert, caKey, err := pkiutil.NewCertificateAuthority(certConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -370,16 +370,6 @@ func TestWriteKeyFilesIfNotExist(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestNewCACertAndKey(t *testing.T) {
|
|
||||||
certCfg := &certutil.Config{CommonName: "kubernetes"}
|
|
||||||
caCert, _, err := NewCACertAndKey(certCfg)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("failed call NewCACertAndKey: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
certstestutil.AssertCertificateIsCa(t, caCert)
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestSharedCertificateExists(t *testing.T) {
|
func TestSharedCertificateExists(t *testing.T) {
|
||||||
caCert, caKey := certstestutil.CreateCACert(t)
|
caCert, caKey := certstestutil.CreateCACert(t)
|
||||||
_, key, _ := certstestutil.CreateTestCert(t, caCert, caKey, certutil.AltNames{})
|
_, key, _ := certstestutil.CreateTestCert(t, caCert, caKey, certutil.AltNames{})
|
||||||
|
@ -30,7 +30,6 @@ go_test(
|
|||||||
],
|
],
|
||||||
embed = [":go_default_library"],
|
embed = [":go_default_library"],
|
||||||
deps = [
|
deps = [
|
||||||
"//cmd/kubeadm/app/phases/certs:go_default_library",
|
|
||||||
"//cmd/kubeadm/app/util/certs:go_default_library",
|
"//cmd/kubeadm/app/util/certs:go_default_library",
|
||||||
"//cmd/kubeadm/app/util/pkiutil:go_default_library",
|
"//cmd/kubeadm/app/util/pkiutil:go_default_library",
|
||||||
"//cmd/kubeadm/test:go_default_library",
|
"//cmd/kubeadm/test:go_default_library",
|
||||||
|
@ -21,12 +21,12 @@ import (
|
|||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
certutil "k8s.io/client-go/util/cert"
|
certutil "k8s.io/client-go/util/cert"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/phases/certs"
|
"k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestFileRenew(t *testing.T) {
|
func TestFileRenew(t *testing.T) {
|
||||||
caCertCfg := &certutil.Config{CommonName: "kubernetes"}
|
caCertCfg := &certutil.Config{CommonName: "kubernetes"}
|
||||||
caCert, caKey, err := certs.NewCACertAndKey(caCertCfg)
|
caCert, caKey, err := pkiutil.NewCertificateAuthority(caCertCfg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("couldn't create CA: %v", err)
|
t.Fatalf("couldn't create CA: %v", err)
|
||||||
}
|
}
|
||||||
|
@ -32,7 +32,6 @@ import (
|
|||||||
fakecerts "k8s.io/client-go/kubernetes/typed/certificates/v1beta1/fake"
|
fakecerts "k8s.io/client-go/kubernetes/typed/certificates/v1beta1/fake"
|
||||||
k8stesting "k8s.io/client-go/testing"
|
k8stesting "k8s.io/client-go/testing"
|
||||||
certutil "k8s.io/client-go/util/cert"
|
certutil "k8s.io/client-go/util/cert"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/phases/certs"
|
|
||||||
certtestutil "k8s.io/kubernetes/cmd/kubeadm/app/util/certs"
|
certtestutil "k8s.io/kubernetes/cmd/kubeadm/app/util/certs"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil"
|
"k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil"
|
||||||
testutil "k8s.io/kubernetes/cmd/kubeadm/test"
|
testutil "k8s.io/kubernetes/cmd/kubeadm/test"
|
||||||
@ -40,7 +39,7 @@ import (
|
|||||||
|
|
||||||
func TestRenewImplementations(t *testing.T) {
|
func TestRenewImplementations(t *testing.T) {
|
||||||
caCertCfg := &certutil.Config{CommonName: "kubernetes"}
|
caCertCfg := &certutil.Config{CommonName: "kubernetes"}
|
||||||
caCert, caKey, err := certs.NewCACertAndKey(caCertCfg)
|
caCert, caKey, err := pkiutil.NewCertificateAuthority(caCertCfg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("couldn't create CA: %v", err)
|
t.Fatalf("couldn't create CA: %v", err)
|
||||||
}
|
}
|
||||||
@ -198,7 +197,7 @@ func TestRenewExistingCert(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
caCertCfg := &certutil.Config{CommonName: "kubernetes"}
|
caCertCfg := &certutil.Config{CommonName: "kubernetes"}
|
||||||
caCert, caKey, err := certs.NewCACertAndKey(caCertCfg)
|
caCert, caKey, err := pkiutil.NewCertificateAuthority(caCertCfg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("couldn't create CA: %v", err)
|
t.Fatalf("couldn't create CA: %v", err)
|
||||||
}
|
}
|
||||||
|
@ -39,13 +39,6 @@ func SetupCertificateAuthorithy(t *testing.T) (*x509.Certificate, *rsa.PrivateKe
|
|||||||
return caCert, caKey
|
return caCert, caKey
|
||||||
}
|
}
|
||||||
|
|
||||||
// AssertCertificateIsCa is a utility function for kubeadm testing that asserts if a given certificate is a CA
|
|
||||||
func AssertCertificateIsCa(t *testing.T, cert *x509.Certificate) {
|
|
||||||
if !cert.IsCA {
|
|
||||||
t.Error("cert is not a valida CA")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// AssertCertificateIsSignedByCa is a utility function for kubeadm testing that asserts if a given certificate is signed
|
// AssertCertificateIsSignedByCa is a utility function for kubeadm testing that asserts if a given certificate is signed
|
||||||
// by the expected CA
|
// by the expected CA
|
||||||
func AssertCertificateIsSignedByCa(t *testing.T, cert *x509.Certificate, signingCa *x509.Certificate) {
|
func AssertCertificateIsSignedByCa(t *testing.T, cert *x509.Certificate, signingCa *x509.Certificate) {
|
||||||
|
@ -61,12 +61,12 @@ const (
|
|||||||
func NewCertificateAuthority(config *certutil.Config) (*x509.Certificate, *rsa.PrivateKey, error) {
|
func NewCertificateAuthority(config *certutil.Config) (*x509.Certificate, *rsa.PrivateKey, error) {
|
||||||
key, err := NewPrivateKey()
|
key, err := NewPrivateKey()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, errors.Wrap(err, "unable to create private key")
|
return nil, nil, errors.Wrap(err, "unable to create private key while generating CA certificate")
|
||||||
}
|
}
|
||||||
|
|
||||||
cert, err := certutil.NewSelfSignedCACert(*config, key)
|
cert, err := certutil.NewSelfSignedCACert(*config, key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, errors.Wrap(err, "unable to create self-signed certificate")
|
return nil, nil, errors.Wrap(err, "unable to create self-signed CA certificate")
|
||||||
}
|
}
|
||||||
|
|
||||||
return cert, key, nil
|
return cert, key, nil
|
||||||
|
@ -33,20 +33,17 @@ func TestNewCertificateAuthority(t *testing.T) {
|
|||||||
cert, key, err := NewCertificateAuthority(&certutil.Config{CommonName: "kubernetes"})
|
cert, key, err := NewCertificateAuthority(&certutil.Config{CommonName: "kubernetes"})
|
||||||
|
|
||||||
if cert == nil {
|
if cert == nil {
|
||||||
t.Errorf(
|
t.Error("failed NewCertificateAuthority, cert == nil")
|
||||||
"failed NewCertificateAuthority, cert == nil",
|
} else if !cert.IsCA {
|
||||||
)
|
t.Error("cert is not a valida CA")
|
||||||
}
|
}
|
||||||
|
|
||||||
if key == nil {
|
if key == nil {
|
||||||
t.Errorf(
|
t.Error("failed NewCertificateAuthority, key == nil")
|
||||||
"failed NewCertificateAuthority, key == nil",
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf(
|
t.Errorf("failed NewCertificateAuthority with an error: %+v", err)
|
||||||
"failed NewCertificateAuthority with an error: %v",
|
|
||||||
err,
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user