Merge pull request #8951 from olemarkus/automated-cherry-pick-of-#894…

…5-origin-release-1.17 Automated cherry pick of #8945: Load the correct certificate before deleting
kubernetes · Apr 22, 2020 · 5ece47b · 5ece47b
2 parents df11e39 + 59b6c16
commit 5ece47b
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/upup/pkg/fi/BUILD.bazel b/upup/pkg/fi/BUILD.bazel
@@ -72,6 +72,7 @@ go_test(
     ],
     embed = [":go_default_library"],
     deps = [
+        "//pkg/apis/kops:go_default_library",
         "//pkg/pki:go_default_library",
         "//util/pkg/vfs:go_default_library",
     ],

diff --git a/upup/pkg/fi/vfs_castore.go b/upup/pkg/fi/vfs_castore.go
@@ -1062,7 +1062,7 @@ func (c *VFSCAStore) deletePrivateKey(name string, id string) (bool, error) {
 func (c *VFSCAStore) deleteCertificate(name string, id string) (bool, error) {
 	// Update the bundle
 	{
-		p := c.buildPrivateKeyPoolPath(name)
+		p := c.buildCertificatePoolPath(name)
 		ks, err := c.loadCertificates(p, false)
 		if err != nil {
 			return false, err

diff --git a/upup/pkg/fi/vfs_castore_test.go b/upup/pkg/fi/vfs_castore_test.go
@@ -23,6 +23,7 @@ import (
 	"testing"
 	"time"
 
+	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/pki"
 	"k8s.io/kops/util/pkg/vfs"
 )
@@ -214,4 +215,20 @@ spec:
 		}
 	}
 
+	// Check that keyset gets deleted
+	{
+		keyset := &kops.Keyset{}
+		keyset.Name = "ca"
+		keyset.Spec.Type = kops.SecretTypeKeypair
+
+		s.DeleteKeysetItem(keyset, "237054359138908419352140518924933177492")
+
+		_, err := pathMap["memfs://tests/private/ca/237054359138908419352140518924933177492.key"].ReadFile()
+		pathMap["memfs://tests/private/ca/237054359138908419352140518924933177492.key"].ReadFile()
+		if err == nil {
+			t.Fatalf("File memfs://tests/private/ca/237054359138908419352140518924933177492.key still exists")
+		}
+
+	}
+
 }