github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 03:41:45 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #103313 from neolit123/1.22-fix-key-check-download-certs

Browse Source 
kubeadm: fix wrong check for keys/certs during "download-certs"
This commit is contained in:
Kubernetes Prow Robot 2021-06-29 14:54:20 -07:00 committed by GitHub
commit 7eaf2ebab2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/kubeadm/app/phases/copycerts/copycerts.go
View File

@ -251,9 +251,9 @@ func DownloadCerts(client clientset.Interface, cfg *kubeadmapi.InitConfiguration
}
func writeCertOrKey(certOrKeyPath string, certOrKeyData []byte) error {
if _, err := keyutil.ParsePublicKeysPEM(certOrKeyData); err == nil {
if _, err := keyutil.ParsePrivateKeyPEM(certOrKeyData); err == nil {
return keyutil.WriteKey(certOrKeyPath, certOrKeyData)
} else if _, err := certutil.ParseCertsPEM(certOrKeyData); err == nil {
} else if _, err := keyutil.ParsePublicKeysPEM(certOrKeyData); err == nil {
return certutil.WriteCert(certOrKeyPath, certOrKeyData)
}
return errors.New("unknown data found in Secret entry")

5
cmd/kubeadm/app/phases/copycerts/copycerts_test.go
View File

@ -29,7 +29,6 @@ import (
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
fakeclient "k8s.io/client-go/kubernetes/fake"
certutil "k8s.io/client-go/util/cert"
keyutil "k8s.io/client-go/util/keyutil"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
@ -240,7 +239,7 @@ func TestDownloadCerts(t *testing.T) {
}
// Check that the written files are either certificates or keys, and that they have
// the expected permissions
if _, err := keyutil.ParsePublicKeysPEM(diskCertData); err == nil {
if _, err := keyutil.ParsePrivateKeyPEM(diskCertData); err == nil {
if stat, err := os.Stat(certPath); err == nil {
if stat.Mode() != keyFileMode {
t.Errorf("key %q should have mode %#o, has %#o", certName, keyFileMode, stat.Mode())
@ -248,7 +247,7 @@ func TestDownloadCerts(t *testing.T) {
} else {
t.Errorf("could not stat key %q: %v", certName, err)
}
} else if _, err := certutil.ParseCertsPEM(diskCertData); err == nil {
} else if _, err := keyutil.ParsePublicKeysPEM(diskCertData); err == nil {
if stat, err := os.Stat(certPath); err == nil {
if stat.Mode() != certFileMode {
t.Errorf("cert %q should have mode %#o, has %#o", certName, certFileMode, stat.Mode())