github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 20:53:33 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #103313 from neolit123/1.22-fix-key-check-download-certs

Browse Source 
kubeadm: fix wrong check for keys/certs during "download-certs"
This commit is contained in:
Kubernetes Prow Robot 2021-06-29 14:54:20 -07:00 committed by GitHub
commit 7eaf2ebab2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/kubeadm/app/phases/copycerts/copycerts.go
View File

@ -251,9 +251,9 @@ func DownloadCerts(client clientset.Interface, cfg *kubeadmapi.InitConfiguration
} }
func writeCertOrKey(certOrKeyPath string, certOrKeyData []byte) error { func writeCertOrKey(certOrKeyPath string, certOrKeyData []byte) error {
if _, err := keyutil.ParsePublicKeysPEM(certOrKeyData); err == nil { if _, err := keyutil.ParsePrivateKeyPEM(certOrKeyData); err == nil {
return keyutil.WriteKey(certOrKeyPath, certOrKeyData) return keyutil.WriteKey(certOrKeyPath, certOrKeyData)
} else if _, err := certutil.ParseCertsPEM(certOrKeyData); err == nil { } else if _, err := keyutil.ParsePublicKeysPEM(certOrKeyData); err == nil {
return certutil.WriteCert(certOrKeyPath, certOrKeyData) return certutil.WriteCert(certOrKeyPath, certOrKeyData)
} }
return errors.New("unknown data found in Secret entry") return errors.New("unknown data found in Secret entry")

5
cmd/kubeadm/app/phases/copycerts/copycerts_test.go
View File

@ -29,7 +29,6 @@ import (
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
fakeclient "k8s.io/client-go/kubernetes/fake" fakeclient "k8s.io/client-go/kubernetes/fake"
certutil "k8s.io/client-go/util/cert"
keyutil "k8s.io/client-go/util/keyutil" keyutil "k8s.io/client-go/util/keyutil"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
@ -240,7 +239,7 @@ func TestDownloadCerts(t *testing.T) {
} }
// Check that the written files are either certificates or keys, and that they have // Check that the written files are either certificates or keys, and that they have
// the expected permissions // the expected permissions
if _, err := keyutil.ParsePublicKeysPEM(diskCertData); err == nil { if _, err := keyutil.ParsePrivateKeyPEM(diskCertData); err == nil {
if stat, err := os.Stat(certPath); err == nil { if stat, err := os.Stat(certPath); err == nil {
if stat.Mode() != keyFileMode { if stat.Mode() != keyFileMode {
t.Errorf("key %q should have mode %#o, has %#o", certName, keyFileMode, stat.Mode()) t.Errorf("key %q should have mode %#o, has %#o", certName, keyFileMode, stat.Mode())
@ -248,7 +247,7 @@ func TestDownloadCerts(t *testing.T) {
} else { } else {
t.Errorf("could not stat key %q: %v", certName, err) t.Errorf("could not stat key %q: %v", certName, err)
} }
} else if _, err := certutil.ParseCertsPEM(diskCertData); err == nil { } else if _, err := keyutil.ParsePublicKeysPEM(diskCertData); err == nil {
if stat, err := os.Stat(certPath); err == nil { if stat, err := os.Stat(certPath); err == nil {
if stat.Mode() != certFileMode { if stat.Mode() != certFileMode {
t.Errorf("cert %q should have mode %#o, has %#o", certName, certFileMode, stat.Mode()) t.Errorf("cert %q should have mode %#o, has %#o", certName, certFileMode, stat.Mode())