github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 21:47:07 +00:00
Code Issues Projects Releases Wiki Activity

kubeadm: drop duplicate function NewCACertAndKey

Browse Source 
The function certs.NewCACertAndKey() is just a wrapper around
pkiutil.NewCertificateAuthority() which doesn't add any
additional functionality.

Instead use pkiutil.NewCertificateAuthority() directly.
This commit is contained in:
Dmitry Rozhkov 2019-04-18 16:31:20 +03:00 committed by Dmitry Rozhkov
parent b32b742d97
commit 580513ed66
9 changed files with 16 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/kubeadm/app/phases/certs/certlist.go
View File

@ -85,7 +85,7 @@ func (k *KubeadmCert) CreateAsCA(ic *kubeadmapi.InitConfiguration) (*x509.Certif
if err != nil { if err != nil {
return nil, nil, errors.Wrapf(err, "couldn't get configuration for %q CA certificate", k.Name) return nil, nil, errors.Wrapf(err, "couldn't get configuration for %q CA certificate", k.Name)
} }
caCert, caKey, err := NewCACertAndKey(cfg) caCert, caKey, err := pkiutil.NewCertificateAuthority(cfg)
if err != nil { if err != nil {
return nil, nil, errors.Wrapf(err, "couldn't generate %q CA certificate", k.Name) return nil, nil, errors.Wrapf(err, "couldn't generate %q CA certificate", k.Name)
} }
@ -141,7 +141,7 @@ func (t CertificateTree) CreateTree(ic *kubeadmapi.InitConfiguration) error {
// CA key exists; just use that to create new certificates. // CA key exists; just use that to create new certificates.
} else { } else {
// CACert doesn't already exist, create a new cert and key. // CACert doesn't already exist, create a new cert and key.
caCert, caKey, err = NewCACertAndKey(cfg) caCert, caKey, err = pkiutil.NewCertificateAuthority(cfg)
if err != nil { if err != nil {
return err return err
} }

13
cmd/kubeadm/app/phases/certs/certs.go
View File

@ -90,17 +90,6 @@ func NewServiceAccountSigningKey() (*rsa.PrivateKey, error) {
return saSigningKey, nil return saSigningKey, nil
} }
// NewCACertAndKey will generate a self signed CA.
func NewCACertAndKey(certSpec *certutil.Config) (*x509.Certificate, *rsa.PrivateKey, error) {
caCert, caKey, err := pkiutil.NewCertificateAuthority(certSpec)
if err != nil {
return nil, nil, errors.Wrap(err, "failure while generating CA certificate and key")
}
return caCert, caKey, nil
}
// CreateCACertAndKeyFiles generates and writes out a given certificate authority. // CreateCACertAndKeyFiles generates and writes out a given certificate authority.
// The certSpec should be one of the variables from this package. // The certSpec should be one of the variables from this package.
func CreateCACertAndKeyFiles(certSpec *KubeadmCert, cfg *kubeadmapi.InitConfiguration) error { func CreateCACertAndKeyFiles(certSpec *KubeadmCert, cfg *kubeadmapi.InitConfiguration) error {
@ -114,7 +103,7 @@ func CreateCACertAndKeyFiles(certSpec *KubeadmCert, cfg *kubeadmapi.InitConfigur
return err return err
} }
caCert, caKey, err := NewCACertAndKey(certConfig) caCert, caKey, err := pkiutil.NewCertificateAuthority(certConfig)
if err != nil { if err != nil {
return err return err
} }

10
cmd/kubeadm/app/phases/certs/certs_test.go
View File

@ -370,16 +370,6 @@ func TestWriteKeyFilesIfNotExist(t *testing.T) {
} }
} }
func TestNewCACertAndKey(t *testing.T) {
certCfg := &certutil.Config{CommonName: "kubernetes"}
caCert, _, err := NewCACertAndKey(certCfg)
if err != nil {
t.Fatalf("failed call NewCACertAndKey: %v", err)
}
certstestutil.AssertCertificateIsCa(t, caCert)
}
func TestSharedCertificateExists(t *testing.T) { func TestSharedCertificateExists(t *testing.T) {
caCert, caKey := certstestutil.CreateCACert(t) caCert, caKey := certstestutil.CreateCACert(t)
_, key, _ := certstestutil.CreateTestCert(t, caCert, caKey, certutil.AltNames{}) _, key, _ := certstestutil.CreateTestCert(t, caCert, caKey, certutil.AltNames{})

1
cmd/kubeadm/app/phases/certs/renewal/BUILD
View File

@ -30,7 +30,6 @@ go_test(
], ],
embed = [":go_default_library"], embed = [":go_default_library"],
deps = [ deps = [
"//cmd/kubeadm/app/phases/certs:go_default_library",
"//cmd/kubeadm/app/util/certs:go_default_library", "//cmd/kubeadm/app/util/certs:go_default_library",
"//cmd/kubeadm/app/util/pkiutil:go_default_library", "//cmd/kubeadm/app/util/pkiutil:go_default_library",
"//cmd/kubeadm/test:go_default_library", "//cmd/kubeadm/test:go_default_library",

4
cmd/kubeadm/app/phases/certs/renewal/filerenewal_test.go
View File

@ -21,12 +21,12 @@ import (
"testing" "testing"
certutil "k8s.io/client-go/util/cert" certutil "k8s.io/client-go/util/cert"
"k8s.io/kubernetes/cmd/kubeadm/app/phases/certs" "k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil"
) )
func TestFileRenew(t *testing.T) { func TestFileRenew(t *testing.T) {
caCertCfg := &certutil.Config{CommonName: "kubernetes"} caCertCfg := &certutil.Config{CommonName: "kubernetes"}
caCert, caKey, err := certs.NewCACertAndKey(caCertCfg) caCert, caKey, err := pkiutil.NewCertificateAuthority(caCertCfg)
if err != nil { if err != nil {
t.Fatalf("couldn't create CA: %v", err) t.Fatalf("couldn't create CA: %v", err)
} }

5
cmd/kubeadm/app/phases/certs/renewal/renewal_test.go
View File

@ -32,7 +32,6 @@ import (
fakecerts "k8s.io/client-go/kubernetes/typed/certificates/v1beta1/fake" fakecerts "k8s.io/client-go/kubernetes/typed/certificates/v1beta1/fake"
k8stesting "k8s.io/client-go/testing" k8stesting "k8s.io/client-go/testing"
certutil "k8s.io/client-go/util/cert" certutil "k8s.io/client-go/util/cert"
"k8s.io/kubernetes/cmd/kubeadm/app/phases/certs"
certtestutil "k8s.io/kubernetes/cmd/kubeadm/app/util/certs" certtestutil "k8s.io/kubernetes/cmd/kubeadm/app/util/certs"
"k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil" "k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil"
testutil "k8s.io/kubernetes/cmd/kubeadm/test" testutil "k8s.io/kubernetes/cmd/kubeadm/test"
@ -40,7 +39,7 @@ import (
func TestRenewImplementations(t *testing.T) { func TestRenewImplementations(t *testing.T) {
caCertCfg := &certutil.Config{CommonName: "kubernetes"} caCertCfg := &certutil.Config{CommonName: "kubernetes"}
caCert, caKey, err := certs.NewCACertAndKey(caCertCfg) caCert, caKey, err := pkiutil.NewCertificateAuthority(caCertCfg)
if err != nil { if err != nil {
t.Fatalf("couldn't create CA: %v", err) t.Fatalf("couldn't create CA: %v", err)
} }
@ -198,7 +197,7 @@ func TestRenewExistingCert(t *testing.T) {
} }
caCertCfg := &certutil.Config{CommonName: "kubernetes"} caCertCfg := &certutil.Config{CommonName: "kubernetes"}
caCert, caKey, err := certs.NewCACertAndKey(caCertCfg) caCert, caKey, err := pkiutil.NewCertificateAuthority(caCertCfg)
if err != nil { if err != nil {
t.Fatalf("couldn't create CA: %v", err) t.Fatalf("couldn't create CA: %v", err)
} }

7
cmd/kubeadm/app/util/certs/util.go
View File

@ -39,13 +39,6 @@ func SetupCertificateAuthorithy(t *testing.T) (*x509.Certificate, *rsa.PrivateKe
return caCert, caKey return caCert, caKey
} }
// AssertCertificateIsCa is a utility function for kubeadm testing that asserts if a given certificate is a CA
func AssertCertificateIsCa(t *testing.T, cert *x509.Certificate) {
if !cert.IsCA {
t.Error("cert is not a valida CA")
}
}
// AssertCertificateIsSignedByCa is a utility function for kubeadm testing that asserts if a given certificate is signed // AssertCertificateIsSignedByCa is a utility function for kubeadm testing that asserts if a given certificate is signed
// by the expected CA // by the expected CA
func AssertCertificateIsSignedByCa(t *testing.T, cert *x509.Certificate, signingCa *x509.Certificate) { func AssertCertificateIsSignedByCa(t *testing.T, cert *x509.Certificate, signingCa *x509.Certificate) {

4
cmd/kubeadm/app/util/pkiutil/pki_helpers.go
View File

@ -61,12 +61,12 @@ const (
func NewCertificateAuthority(config *certutil.Config) (*x509.Certificate, *rsa.PrivateKey, error) { func NewCertificateAuthority(config *certutil.Config) (*x509.Certificate, *rsa.PrivateKey, error) {
key, err := NewPrivateKey() key, err := NewPrivateKey()
if err != nil { if err != nil {
return nil, nil, errors.Wrap(err, "unable to create private key") return nil, nil, errors.Wrap(err, "unable to create private key while generating CA certificate")
} }
cert, err := certutil.NewSelfSignedCACert(*config, key) cert, err := certutil.NewSelfSignedCACert(*config, key)
if err != nil { if err != nil {
return nil, nil, errors.Wrap(err, "unable to create self-signed certificate") return nil, nil, errors.Wrap(err, "unable to create self-signed CA certificate")
} }
return cert, key, nil return cert, key, nil

17
cmd/kubeadm/app/util/pkiutil/pki_helpers_test.go
View File

@ -33,20 +33,17 @@ func TestNewCertificateAuthority(t *testing.T) {
cert, key, err := NewCertificateAuthority(&certutil.Config{CommonName: "kubernetes"}) cert, key, err := NewCertificateAuthority(&certutil.Config{CommonName: "kubernetes"})
if cert == nil { if cert == nil {
t.Errorf( t.Error("failed NewCertificateAuthority, cert == nil")
"failed NewCertificateAuthority, cert == nil", } else if !cert.IsCA {
) t.Error("cert is not a valida CA")
} }
if key == nil { if key == nil {
t.Errorf( t.Error("failed NewCertificateAuthority, key == nil")
"failed NewCertificateAuthority, key == nil",
)
} }
if err != nil { if err != nil {
t.Errorf( t.Errorf("failed NewCertificateAuthority with an error: %+v", err)
"failed NewCertificateAuthority with an error: %v",
err,
)
} }
} }