Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove support for reading legacy-format keypairs #9131

Merged
merged 1 commit into from
May 20, 2020
Merged

Remove support for reading legacy-format keypairs #9131

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 1 addition & 4 deletions cmd/kops/util/factory.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,10 +113,7 @@ func (f *Factory) Clientset() (simple.Clientset, error) {
return nil, field.Invalid(field.NewPath("State Store"), registryPath, INVALID_STATE_ERROR)
}

// For kops CLI / controller, we do allow vfs list (unlike nodeup!)
allowVFSList := true

f.clientset = vfsclientset.NewVFSClientset(basePath, allowVFSList)
f.clientset = vfsclientset.NewVFSClientset(basePath)
}
if strings.HasPrefix(registryPath, "file://") {
klog.Warning("The local filesystem state store is not functional for running clusters")
Expand Down
3 changes: 1 addition & 2 deletions examples/kops-api-example/apply.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,7 @@ import (
)

func apply(ctx context.Context) error {
allowList := true
clientset := vfsclientset.NewVFSClientset(registryBase, allowList)
clientset := vfsclientset.NewVFSClientset(registryBase)

cluster, err := clientset.GetCluster(ctx, clusterName)
if err != nil {
Expand Down
3 changes: 1 addition & 2 deletions examples/kops-api-example/up.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,7 @@ import (
)

func up(ctx context.Context) error {
allowList := true
clientset := vfsclientset.NewVFSClientset(registryBase, allowList)
clientset := vfsclientset.NewVFSClientset(registryBase)

cluster := &api.Cluster{}
cluster.ObjectMeta.Name = clusterName
Expand Down
1 change: 0 additions & 1 deletion hack/.packages
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,6 @@ k8s.io/kops/protokube/pkg/gossip/openstack
k8s.io/kops/protokube/pkg/hostmount
k8s.io/kops/protokube/pkg/protokube
k8s.io/kops/protokube/tests/integration/build_etcd_manifest
k8s.io/kops/tests
k8s.io/kops/tests/codecs
k8s.io/kops/tests/integration/channel
k8s.io/kops/tests/integration/conversion
Expand Down
2 changes: 1 addition & 1 deletion nodeup/pkg/model/kube_apiserver_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ type fakeKeyStore struct {
T *testing.T
}

func (k fakeKeyStore) FindKeypair(name string) (*pki.Certificate, *pki.PrivateKey, fi.KeysetFormat, error) {
func (k fakeKeyStore) FindKeypair(name string) (*pki.Certificate, *pki.PrivateKey, bool, error) {
panic("implement me")
}

Expand Down
2 changes: 1 addition & 1 deletion nodeup/pkg/model/kubelet_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -228,7 +228,7 @@ func mockedPopulateClusterSpec(c *kops.Cluster) (*kops.Cluster, error) {
if err != nil {
return nil, fmt.Errorf("error building vfspath: %v", err)
}
clientset := vfsclientset.NewVFSClientset(basePath, true)
clientset := vfsclientset.NewVFSClientset(basePath)
return cloudup.PopulateClusterSpec(clientset, c, assetBuilder)
}

Expand Down
10 changes: 4 additions & 6 deletions pkg/client/simple/vfsclientset/clientset.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,7 @@ import (
)

type VFSClientset struct {
basePath vfs.Path
allowList bool
basePath vfs.Path
}

var _ simple.Clientset = &VFSClientset{}
Expand Down Expand Up @@ -90,7 +89,7 @@ func (c *VFSClientset) KeyStore(cluster *kops.Cluster) (fi.CAStore, error) {
return nil, err
}
basedir := configBase.Join("pki")
return fi.NewVFSCAStore(cluster, basedir, c.allowList), nil
return fi.NewVFSCAStore(cluster, basedir), nil
}

func (c *VFSClientset) SSHCredentialStore(cluster *kops.Cluster) (fi.SSHCredentialStore, error) {
Expand Down Expand Up @@ -163,10 +162,9 @@ func (c *VFSClientset) DeleteCluster(ctx context.Context, cluster *kops.Cluster)
return DeleteAllClusterState(configBase)
}

func NewVFSClientset(basePath vfs.Path, allowList bool) simple.Clientset {
func NewVFSClientset(basePath vfs.Path) simple.Clientset {
vfsClientset := &VFSClientset{
basePath: basePath,
allowList: allowList,
basePath: basePath,
}
return vfsClientset
}
16 changes: 8 additions & 8 deletions pkg/kubeconfig/create_kubecfg_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func (f fakeStatusStore) GetApiIngressStatus(cluster *kops.Cluster) ([]kops.ApiI

// mock a fake key store
type fakeKeyStore struct {
FindKeypairFn func(name string) (*pki.Certificate, *pki.PrivateKey, fi.KeysetFormat, error)
FindKeypairFn func(name string) (*pki.Certificate, *pki.PrivateKey, bool, error)

CreateKeypairFn func(signer string, name string, template *x509.Certificate, privateKey *pki.PrivateKey) (*pki.Certificate, error)

Expand All @@ -59,7 +59,7 @@ type fakeKeyStore struct {
MirrorToFn func(basedir vfs.Path) error
}

func (f fakeKeyStore) FindKeypair(name string) (*pki.Certificate, *pki.PrivateKey, fi.KeysetFormat, error) {
func (f fakeKeyStore) FindKeypair(name string) (*pki.Certificate, *pki.PrivateKey, bool, error) {
return f.FindKeypairFn(name)
}

Expand Down Expand Up @@ -144,10 +144,10 @@ func TestBuildKubecfg(t *testing.T) {
args{
publiccluster,
fakeKeyStore{
FindKeypairFn: func(name string) (*pki.Certificate, *pki.PrivateKey, fi.KeysetFormat, error) {
FindKeypairFn: func(name string) (*pki.Certificate, *pki.PrivateKey, bool, error) {
return fakeCertificate(),
fakePrivateKey(),
fi.KeysetFormatLegacy,
true,
nil
},
},
Expand All @@ -169,10 +169,10 @@ func TestBuildKubecfg(t *testing.T) {
args{
emptyMasterPublicNameCluster,
fakeKeyStore{
FindKeypairFn: func(name string) (*pki.Certificate, *pki.PrivateKey, fi.KeysetFormat, error) {
FindKeypairFn: func(name string) (*pki.Certificate, *pki.PrivateKey, bool, error) {
return fakeCertificate(),
fakePrivateKey(),
fi.KeysetFormatLegacy,
true,
nil
},
},
Expand All @@ -194,10 +194,10 @@ func TestBuildKubecfg(t *testing.T) {
args{
gossipCluster,
fakeKeyStore{
FindKeypairFn: func(name string) (*pki.Certificate, *pki.PrivateKey, fi.KeysetFormat, error) {
FindKeypairFn: func(name string) (*pki.Certificate, *pki.PrivateKey, bool, error) {
return fakeCertificate(),
fakePrivateKey(),
fi.KeysetFormatLegacy,
true,
nil
},
},
Expand Down
6 changes: 0 additions & 6 deletions pkg/model/components/etcdmanager/model.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,8 +97,6 @@ func (b *EtcdManagerBuilder) Build(c *fi.ModelBuilderContext) error {
return err
}

format := string(fi.KeysetFormatV1Alpha2)

c.AddTask(&fitasks.ManagedFile{
Contents: fi.WrapResource(fi.NewBytesResource(d)),
Lifecycle: b.Lifecycle,
Expand All @@ -112,23 +110,20 @@ func (b *EtcdManagerBuilder) Build(c *fi.ModelBuilderContext) error {
Name: fi.String("etcd-manager-ca-" + etcdCluster.Name),
Subject: "cn=etcd-manager-ca-" + etcdCluster.Name,
Type: "ca",
Format: format,
})

// We create a CA for etcd peers and a separate one for clients
c.AddTask(&fitasks.Keypair{
Name: fi.String("etcd-peers-ca-" + etcdCluster.Name),
Subject: "cn=etcd-peers-ca-" + etcdCluster.Name,
Type: "ca",
Format: format,
})

// Because API server can only have a single client-cert, we need to share a client CA
if err := c.EnsureTask(&fitasks.Keypair{
Name: fi.String("etcd-clients-ca"),
Subject: "cn=etcd-clients-ca",
Type: "ca",
Format: format,
}); err != nil {
return err
}
Expand All @@ -138,7 +133,6 @@ func (b *EtcdManagerBuilder) Build(c *fi.ModelBuilderContext) error {
Name: fi.String("etcd-clients-ca-cilium"),
Subject: "cn=etcd-clients-ca-cilium",
Type: "ca",
Format: format,
})
}
}
Expand Down
10 changes: 5 additions & 5 deletions pkg/model/components/etcdmanager/tests/minimal/tasks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Name: etcd-clients-ca
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-clients-ca
type: ca
---
Expand All @@ -12,7 +12,7 @@ Name: etcd-manager-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-events
type: ca
---
Expand All @@ -21,7 +21,7 @@ Name: etcd-manager-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-main
type: ca
---
Expand All @@ -30,7 +30,7 @@ Name: etcd-peers-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-events
type: ca
---
Expand All @@ -39,7 +39,7 @@ Name: etcd-peers-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-main
type: ca
---
Expand Down
10 changes: 5 additions & 5 deletions pkg/model/components/etcdmanager/tests/old_versions_mount_hosts/tasks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Name: etcd-clients-ca
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-clients-ca
type: ca
---
Expand All @@ -12,7 +12,7 @@ Name: etcd-manager-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-events
type: ca
---
Expand All @@ -21,7 +21,7 @@ Name: etcd-manager-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-main
type: ca
---
Expand All @@ -30,7 +30,7 @@ Name: etcd-peers-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-events
type: ca
---
Expand All @@ -39,7 +39,7 @@ Name: etcd-peers-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-main
type: ca
---
Expand Down
10 changes: 5 additions & 5 deletions pkg/model/components/etcdmanager/tests/overwrite_settings/tasks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Name: etcd-clients-ca
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-clients-ca
type: ca
---
Expand All @@ -12,7 +12,7 @@ Name: etcd-manager-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-events
type: ca
---
Expand All @@ -21,7 +21,7 @@ Name: etcd-manager-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-main
type: ca
---
Expand All @@ -30,7 +30,7 @@ Name: etcd-peers-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-events
type: ca
---
Expand All @@ -39,7 +39,7 @@ Name: etcd-peers-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-main
type: ca
---
Expand Down
10 changes: 5 additions & 5 deletions pkg/model/components/etcdmanager/tests/proxy/tasks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Name: etcd-clients-ca
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-clients-ca
type: ca
---
Expand All @@ -12,7 +12,7 @@ Name: etcd-manager-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-events
type: ca
---
Expand All @@ -21,7 +21,7 @@ Name: etcd-manager-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-main
type: ca
---
Expand All @@ -30,7 +30,7 @@ Name: etcd-peers-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-events
type: ca
---
Expand All @@ -39,7 +39,7 @@ Name: etcd-peers-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-main
type: ca
---
Expand Down
Loading