Remove useless org mutate code

2025-09-14 13:45:06 +00:00 · 2024-01-25 21:49:14 +08:00
parent 46c4249e3e
commit 6e5e1d0317
2 changed files with 0 additions and 60 deletions
--- a/cmd/kubeadm/app/phases/certs/renewal/manager.go
+++ b/cmd/kubeadm/app/phases/certs/renewal/manager.go
@@ -423,48 +423,5 @@ func certToConfig(cert *x509.Certificate) certutil.Config {
 }

 func loadCertConfigMutators(certBaseName string) []certConfigMutatorFunc {
-	// TODO: Remove these mutators after the organization migration is complete in a future release
-	// https://github.com/kubernetes/kubeadm/issues/2414
-	switch certBaseName {
-	case kubeadmconstants.EtcdHealthcheckClientCertAndKeyBaseName,
-		kubeadmconstants.APIServerEtcdClientCertAndKeyBaseName:
-		return []certConfigMutatorFunc{
-			removeSystemPrivilegedGroupMutator(),
-		}
-	case kubeadmconstants.APIServerKubeletClientCertAndKeyBaseName:
-		return []certConfigMutatorFunc{
-			removeSystemPrivilegedGroupMutator(),
-			addClusterAdminsGroupMutator(),
-		}
-	}
 	return nil
 }
-
-func removeSystemPrivilegedGroupMutator() certConfigMutatorFunc {
-	return func(c *certutil.Config) error {
-		organizations := make([]string, 0, len(c.Organization))
-		for _, org := range c.Organization {
-			if org != kubeadmconstants.SystemPrivilegedGroup {
-				organizations = append(organizations, org)
-			}
-		}
-		c.Organization = organizations
-		return nil
-	}
-}
-
-func addClusterAdminsGroupMutator() certConfigMutatorFunc {
-	return func(c *certutil.Config) error {
-		found := false
-		for _, org := range c.Organization {
-			if org == kubeadmconstants.ClusterAdminsGroupAndClusterRoleBinding {
-				found = true
-				break
-			}
-		}
-		if !found {
-			c.Organization = append(c.Organization, kubeadmconstants.ClusterAdminsGroupAndClusterRoleBinding)
-		}
-		return nil
-	}
-}
--- a/cmd/kubeadm/app/phases/certs/renewal/manager_test.go
+++ b/cmd/kubeadm/app/phases/certs/renewal/manager_test.go
@@ -30,7 +30,6 @@ import (
 	netutils "k8s.io/utils/net"

 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
-	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	certtestutil "k8s.io/kubernetes/cmd/kubeadm/app/util/certs"
 	"k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil"
 	testutil "k8s.io/kubernetes/cmd/kubeadm/test"
@@ -127,22 +126,6 @@ func TestRenewUsingLocalCA(t *testing.T) {
 			},
 			expectedOrganization: testCertOrganization,
 		},
-		{
-			name:     "apiserver-etcd-client cert should not contain SystemPrivilegedGroup after renewal",
-			certName: "apiserver-etcd-client",
-			createCertFunc: func() *x509.Certificate {
-				return writeTestCertificate(t, dir, "apiserver-etcd-client", testCACert, testCAKey, []string{kubeadmconstants.SystemPrivilegedGroup})
-			},
-			expectedOrganization: []string{},
-		},
-		{
-			name:     "apiserver-kubelet-client cert should replace SystemPrivilegedGroup with ClusterAdminsGroup after renewal",
-			certName: "apiserver-kubelet-client",
-			createCertFunc: func() *x509.Certificate {
-				return writeTestCertificate(t, dir, "apiserver-kubelet-client", testCACert, testCAKey, []string{kubeadmconstants.SystemPrivilegedGroup})
-			},
-			expectedOrganization: []string{kubeadmconstants.ClusterAdminsGroupAndClusterRoleBinding},
-		},
 	}

 	for _, test := range tests {