Remove useless org mutate code

2025-09-15 06:01:50 +00:00 · 2024-01-25 21:49:14 +08:00
parent 46c4249e3e
commit 6e5e1d0317
2 changed files with 0 additions and 60 deletions
--- a/cmd/kubeadm/app/phases/certs/renewal/manager.go
+++ b/cmd/kubeadm/app/phases/certs/renewal/manager.go
@@ -423,48 +423,5 @@ func certToConfig(cert *x509.Certificate) certutil.Config {
 }
 func loadCertConfigMutators(certBaseName string) []certConfigMutatorFunc {
 	// TODO: Remove these mutators after the organization migration is complete in a future release
 	// https://github.com/kubernetes/kubeadm/issues/2414
 	switch certBaseName {
 	case kubeadmconstants.EtcdHealthcheckClientCertAndKeyBaseName,
 		kubeadmconstants.APIServerEtcdClientCertAndKeyBaseName:
 		return []certConfigMutatorFunc{
 			removeSystemPrivilegedGroupMutator(),
 		}
 	case kubeadmconstants.APIServerKubeletClientCertAndKeyBaseName:
 		return []certConfigMutatorFunc{
 			removeSystemPrivilegedGroupMutator(),
 			addClusterAdminsGroupMutator(),
 		}
 	}
 	return nil
 }
 func removeSystemPrivilegedGroupMutator() certConfigMutatorFunc {
 	return func(c *certutil.Config) error {
 		organizations := make([]string, 0, len(c.Organization))
 		for _, org := range c.Organization {
 			if org != kubeadmconstants.SystemPrivilegedGroup {
 				organizations = append(organizations, org)
 			}
 		}
 		c.Organization = organizations
 		return nil
 	}
 }
 func addClusterAdminsGroupMutator() certConfigMutatorFunc {
 	return func(c *certutil.Config) error {
 		found := false
 		for _, org := range c.Organization {
 			if org == kubeadmconstants.ClusterAdminsGroupAndClusterRoleBinding {
 				found = true
 				break
 			}
 		}
 		if !found {
 			c.Organization = append(c.Organization, kubeadmconstants.ClusterAdminsGroupAndClusterRoleBinding)
 		}
 		return nil
 	}
 }
--- a/cmd/kubeadm/app/phases/certs/renewal/manager_test.go
+++ b/cmd/kubeadm/app/phases/certs/renewal/manager_test.go
@@ -30,7 +30,6 @@ import (
 	netutils "k8s.io/utils/net"
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	certtestutil "k8s.io/kubernetes/cmd/kubeadm/app/util/certs"
 	"k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil"
 	testutil "k8s.io/kubernetes/cmd/kubeadm/test"
@@ -127,22 +126,6 @@ func TestRenewUsingLocalCA(t *testing.T) {
 			},
 			expectedOrganization: testCertOrganization,
 		},
 		{
 			name:     "apiserver-etcd-client cert should not contain SystemPrivilegedGroup after renewal",
 			certName: "apiserver-etcd-client",
 			createCertFunc: func() *x509.Certificate {
 				return writeTestCertificate(t, dir, "apiserver-etcd-client", testCACert, testCAKey, []string{kubeadmconstants.SystemPrivilegedGroup})
 			},
 			expectedOrganization: []string{},
 		},
 		{
 			name:     "apiserver-kubelet-client cert should replace SystemPrivilegedGroup with ClusterAdminsGroup after renewal",
 			certName: "apiserver-kubelet-client",
 			createCertFunc: func() *x509.Certificate {
 				return writeTestCertificate(t, dir, "apiserver-kubelet-client", testCACert, testCAKey, []string{kubeadmconstants.SystemPrivilegedGroup})
 			},
 			expectedOrganization: []string{kubeadmconstants.ClusterAdminsGroupAndClusterRoleBinding},
 		},
 	}
 	for _, test := range tests {