From 413960e49bea4b5558ea4dda3d18137eceaf7f16 Mon Sep 17 00:00:00 2001 From: Lukasz Szaszkiewicz Date: Tue, 3 Mar 2020 14:38:18 +0100 Subject: [PATCH] cleans up dynamiccertificates package --- .../configmap_cafile_content.go | 5 +- .../dynamic_cafile_content.go | 1 + .../dynamic_serving_content.go | 1 + .../dynamiccertificates/static_content.go | 57 ------------------- 4 files changed, 3 insertions(+), 61 deletions(-) diff --git a/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/configmap_cafile_content.go b/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/configmap_cafile_content.go index d2b01dfbbe2..6000941b764 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/configmap_cafile_content.go +++ b/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/configmap_cafile_content.go @@ -97,10 +97,7 @@ func NewDynamicCAFromConfigMapController(purpose, namespace, name, key string, k queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), fmt.Sprintf("DynamicConfigMapCABundle-%s", purpose)), preRunCaches: []cache.InformerSynced{uncastConfigmapInformer.HasSynced}, } - if err := c.loadCABundle(); err != nil { - // don't fail, but do print out a message - klog.Warningf("unable to load initial CA bundle for: %q due to: %s", c.name, err) - } + uncastConfigmapInformer.AddEventHandler(cache.FilteringResourceEventHandler{ FilterFunc: func(obj interface{}) bool { if cast, ok := obj.(*corev1.ConfigMap); ok { diff --git a/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_cafile_content.go b/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_cafile_content.go index 6dbd3bee606..8a2a5e2b799 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_cafile_content.go +++ b/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_cafile_content.go @@ -126,6 +126,7 @@ func (c *DynamicFileCAContent) loadCABundle() error { return err } c.caBundle.Store(caBundleAndVerifier) + klog.V(2).Infof("Loaded a new CA Bundle and Verifier for %q", c.Name()) for _, listener := range c.listeners { listener.Enqueue() diff --git a/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_serving_content.go b/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_serving_content.go index 9ade51717d7..5b63f708972 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_serving_content.go +++ b/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_serving_content.go @@ -108,6 +108,7 @@ func (c *DynamicCertKeyPairContent) loadCertKeyPair() error { } c.certKeyPair.Store(newCertKey) + klog.V(2).Infof("Loaded a new cert/key pair for %q", c.Name()) for _, listener := range c.listeners { listener.Enqueue() diff --git a/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/static_content.go b/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/static_content.go index 239610df647..c877dfe6c6c 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/static_content.go +++ b/staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/static_content.go @@ -19,8 +19,6 @@ package dynamiccertificates import ( "crypto/tls" "crypto/x509" - "fmt" - "io/ioutil" ) type staticCAContent struct { @@ -30,19 +28,6 @@ type staticCAContent struct { var _ CAContentProvider = &staticCAContent{} -// NewStaticCAContentFromFile returns a CAContentProvider based on a filename -func NewStaticCAContentFromFile(filename string) (CAContentProvider, error) { - if len(filename) == 0 { - return nil, fmt.Errorf("missing filename for ca bundle") - } - - caBundle, err := ioutil.ReadFile(filename) - if err != nil { - return nil, err - } - return NewStaticCAContent(filename, caBundle) -} - // NewStaticCAContent returns a CAContentProvider that always returns the same value func NewStaticCAContent(name string, caBundle []byte) (CAContentProvider, error) { caBundleAndVerifier, err := newCABundleAndVerifier(name, caBundle) @@ -81,48 +66,6 @@ type staticSNICertKeyContent struct { sniNames []string } -// NewStaticCertKeyContentFromFiles returns a CertKeyContentProvider based on a filename -func NewStaticCertKeyContentFromFiles(certFile, keyFile string) (CertKeyContentProvider, error) { - if len(certFile) == 0 { - return nil, fmt.Errorf("missing filename for certificate") - } - if len(keyFile) == 0 { - return nil, fmt.Errorf("missing filename for key") - } - - certPEMBlock, err := ioutil.ReadFile(certFile) - if err != nil { - return nil, err - } - keyPEMBlock, err := ioutil.ReadFile(keyFile) - if err != nil { - return nil, err - } - - return NewStaticCertKeyContent(fmt.Sprintf("cert: %s, key: %s", certFile, keyFile), certPEMBlock, keyPEMBlock) -} - -// NewStaticSNICertKeyContentFromFiles returns a SNICertKeyContentProvider based on a filename -func NewStaticSNICertKeyContentFromFiles(certFile, keyFile string, sniNames ...string) (SNICertKeyContentProvider, error) { - if len(certFile) == 0 { - return nil, fmt.Errorf("missing filename for certificate") - } - if len(keyFile) == 0 { - return nil, fmt.Errorf("missing filename for key") - } - - certPEMBlock, err := ioutil.ReadFile(certFile) - if err != nil { - return nil, err - } - keyPEMBlock, err := ioutil.ReadFile(keyFile) - if err != nil { - return nil, err - } - - return NewStaticSNICertKeyContent(fmt.Sprintf("cert: %s, key: %s", certFile, keyFile), certPEMBlock, keyPEMBlock, sniNames...) -} - // NewStaticCertKeyContent returns a CertKeyContentProvider that always returns the same value func NewStaticCertKeyContent(name string, cert, key []byte) (CertKeyContentProvider, error) { // Ensure that the key matches the cert and both are valid