Skip to content

Commit

Permalink
Remove support for reading legacy-format keypairs
Browse files Browse the repository at this point in the history
  • Loading branch information
@johngmyers
johngmyers committed May 16, 2020
1 parent 50a1a8e commit a986eba
Show file tree
Hide file tree
Showing 22 changed files with 112 additions and 541 deletions.
5 changes: 1 addition & 4 deletions cmd/kops/util/factory.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,10 +113,7 @@ func (f *Factory) Clientset() (simple.Clientset, error) {
return nil, field.Invalid(field.NewPath("State Store"), registryPath, INVALID_STATE_ERROR)
}

// For kops CLI / controller, we do allow vfs list (unlike nodeup!)
allowVFSList := true

f.clientset = vfsclientset.NewVFSClientset(basePath, allowVFSList)
f.clientset = vfsclientset.NewVFSClientset(basePath)
}
if strings.HasPrefix(registryPath, "file://") {
klog.Warning("The local filesystem state store is not functional for running clusters")
Expand Down
3 changes: 1 addition & 2 deletions examples/kops-api-example/apply.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,7 @@ import (
)

func apply(ctx context.Context) error {
allowList := true
clientset := vfsclientset.NewVFSClientset(registryBase, allowList)
clientset := vfsclientset.NewVFSClientset(registryBase)

cluster, err := clientset.GetCluster(ctx, clusterName)
if err != nil {
Expand Down
3 changes: 1 addition & 2 deletions examples/kops-api-example/up.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,7 @@ import (
)

func up(ctx context.Context) error {
allowList := true
clientset := vfsclientset.NewVFSClientset(registryBase, allowList)
clientset := vfsclientset.NewVFSClientset(registryBase)

cluster := &api.Cluster{}
cluster.ObjectMeta.Name = clusterName
Expand Down
1 change: 0 additions & 1 deletion hack/.packages
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,6 @@ k8s.io/kops/protokube/pkg/gossip/openstack
k8s.io/kops/protokube/pkg/hostmount
k8s.io/kops/protokube/pkg/protokube
k8s.io/kops/protokube/tests/integration/build_etcd_manifest
k8s.io/kops/tests
k8s.io/kops/tests/codecs
k8s.io/kops/tests/integration/channel
k8s.io/kops/tests/integration/conversion
Expand Down
2 changes: 1 addition & 1 deletion nodeup/pkg/model/kube_apiserver_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ type fakeKeyStore struct {
T *testing.T
}

func (k fakeKeyStore) FindKeypair(name string) (*pki.Certificate, *pki.PrivateKey, fi.KeysetFormat, error) {
func (k fakeKeyStore) FindKeypair(name string) (*pki.Certificate, *pki.PrivateKey, bool, error) {
panic("implement me")
}

Expand Down
10 changes: 4 additions & 6 deletions pkg/client/simple/vfsclientset/clientset.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,7 @@ import (
)

type VFSClientset struct {
basePath vfs.Path
allowList bool
basePath vfs.Path
}

var _ simple.Clientset = &VFSClientset{}
Expand Down Expand Up @@ -90,7 +89,7 @@ func (c *VFSClientset) KeyStore(cluster *kops.Cluster) (fi.CAStore, error) {
return nil, err
}
basedir := configBase.Join("pki")
return fi.NewVFSCAStore(cluster, basedir, c.allowList), nil
return fi.NewVFSCAStore(cluster, basedir), nil
}

func (c *VFSClientset) SSHCredentialStore(cluster *kops.Cluster) (fi.SSHCredentialStore, error) {
Expand Down Expand Up @@ -163,10 +162,9 @@ func (c *VFSClientset) DeleteCluster(ctx context.Context, cluster *kops.Cluster)
return DeleteAllClusterState(configBase)
}

func NewVFSClientset(basePath vfs.Path, allowList bool) simple.Clientset {
func NewVFSClientset(basePath vfs.Path) simple.Clientset {
vfsClientset := &VFSClientset{
basePath: basePath,
allowList: allowList,
basePath: basePath,
}
return vfsClientset
}
16 changes: 8 additions & 8 deletions pkg/kubeconfig/create_kubecfg_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func (f fakeStatusStore) GetApiIngressStatus(cluster *kops.Cluster) ([]kops.ApiI

// mock a fake key store
type fakeKeyStore struct {
FindKeypairFn func(name string) (*pki.Certificate, *pki.PrivateKey, fi.KeysetFormat, error)
FindKeypairFn func(name string) (*pki.Certificate, *pki.PrivateKey, bool, error)

CreateKeypairFn func(signer string, name string, template *x509.Certificate, privateKey *pki.PrivateKey) (*pki.Certificate, error)

Expand All @@ -59,7 +59,7 @@ type fakeKeyStore struct {
MirrorToFn func(basedir vfs.Path) error
}

func (f fakeKeyStore) FindKeypair(name string) (*pki.Certificate, *pki.PrivateKey, fi.KeysetFormat, error) {
func (f fakeKeyStore) FindKeypair(name string) (*pki.Certificate, *pki.PrivateKey, bool, error) {
return f.FindKeypairFn(name)
}

Expand Down Expand Up @@ -144,10 +144,10 @@ func TestBuildKubecfg(t *testing.T) {
args{
publiccluster,
fakeKeyStore{
FindKeypairFn: func(name string) (*pki.Certificate, *pki.PrivateKey, fi.KeysetFormat, error) {
FindKeypairFn: func(name string) (*pki.Certificate, *pki.PrivateKey, bool, error) {
return fakeCertificate(),
fakePrivateKey(),
fi.KeysetFormatLegacy,
true,
nil
},
},
Expand All @@ -169,10 +169,10 @@ func TestBuildKubecfg(t *testing.T) {
args{
emptyMasterPublicNameCluster,
fakeKeyStore{
FindKeypairFn: func(name string) (*pki.Certificate, *pki.PrivateKey, fi.KeysetFormat, error) {
FindKeypairFn: func(name string) (*pki.Certificate, *pki.PrivateKey, bool, error) {
return fakeCertificate(),
fakePrivateKey(),
fi.KeysetFormatLegacy,
true,
nil
},
},
Expand All @@ -194,10 +194,10 @@ func TestBuildKubecfg(t *testing.T) {
args{
gossipCluster,
fakeKeyStore{
FindKeypairFn: func(name string) (*pki.Certificate, *pki.PrivateKey, fi.KeysetFormat, error) {
FindKeypairFn: func(name string) (*pki.Certificate, *pki.PrivateKey, bool, error) {
return fakeCertificate(),
fakePrivateKey(),
fi.KeysetFormatLegacy,
true,
nil
},
},
Expand Down
6 changes: 0 additions & 6 deletions pkg/model/components/etcdmanager/model.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,8 +97,6 @@ func (b *EtcdManagerBuilder) Build(c *fi.ModelBuilderContext) error {
return err
}

format := string(fi.KeysetFormatV1Alpha2)

c.AddTask(&fitasks.ManagedFile{
Contents: fi.WrapResource(fi.NewBytesResource(d)),
Lifecycle: b.Lifecycle,
Expand All @@ -112,23 +110,20 @@ func (b *EtcdManagerBuilder) Build(c *fi.ModelBuilderContext) error {
Name: fi.String("etcd-manager-ca-" + etcdCluster.Name),
Subject: "cn=etcd-manager-ca-" + etcdCluster.Name,
Type: "ca",
Format: format,
})

// We create a CA for etcd peers and a separate one for clients
c.AddTask(&fitasks.Keypair{
Name: fi.String("etcd-peers-ca-" + etcdCluster.Name),
Subject: "cn=etcd-peers-ca-" + etcdCluster.Name,
Type: "ca",
Format: format,
})

// Because API server can only have a single client-cert, we need to share a client CA
if err := c.EnsureTask(&fitasks.Keypair{
Name: fi.String("etcd-clients-ca"),
Subject: "cn=etcd-clients-ca",
Type: "ca",
Format: format,
}); err != nil {
return err
}
Expand All @@ -138,7 +133,6 @@ func (b *EtcdManagerBuilder) Build(c *fi.ModelBuilderContext) error {
Name: fi.String("etcd-clients-ca-cilium"),
Subject: "cn=etcd-clients-ca-cilium",
Type: "ca",
Format: format,
})
}
}
Expand Down
10 changes: 5 additions & 5 deletions pkg/model/components/etcdmanager/tests/minimal/tasks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Name: etcd-clients-ca
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-clients-ca
type: ca
---
Expand All @@ -12,7 +12,7 @@ Name: etcd-manager-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-events
type: ca
---
Expand All @@ -21,7 +21,7 @@ Name: etcd-manager-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-main
type: ca
---
Expand All @@ -30,7 +30,7 @@ Name: etcd-peers-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-events
type: ca
---
Expand All @@ -39,7 +39,7 @@ Name: etcd-peers-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-main
type: ca
---
Expand Down
10 changes: 5 additions & 5 deletions pkg/model/components/etcdmanager/tests/old_versions_mount_hosts/tasks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Name: etcd-clients-ca
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-clients-ca
type: ca
---
Expand All @@ -12,7 +12,7 @@ Name: etcd-manager-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-events
type: ca
---
Expand All @@ -21,7 +21,7 @@ Name: etcd-manager-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-main
type: ca
---
Expand All @@ -30,7 +30,7 @@ Name: etcd-peers-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-events
type: ca
---
Expand All @@ -39,7 +39,7 @@ Name: etcd-peers-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-main
type: ca
---
Expand Down
10 changes: 5 additions & 5 deletions pkg/model/components/etcdmanager/tests/overwrite_settings/tasks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Name: etcd-clients-ca
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-clients-ca
type: ca
---
Expand All @@ -12,7 +12,7 @@ Name: etcd-manager-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-events
type: ca
---
Expand All @@ -21,7 +21,7 @@ Name: etcd-manager-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-main
type: ca
---
Expand All @@ -30,7 +30,7 @@ Name: etcd-peers-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-events
type: ca
---
Expand All @@ -39,7 +39,7 @@ Name: etcd-peers-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-main
type: ca
---
Expand Down
10 changes: 5 additions & 5 deletions pkg/model/components/etcdmanager/tests/proxy/tasks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Name: etcd-clients-ca
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-clients-ca
type: ca
---
Expand All @@ -12,7 +12,7 @@ Name: etcd-manager-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-events
type: ca
---
Expand All @@ -21,7 +21,7 @@ Name: etcd-manager-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-manager-ca-main
type: ca
---
Expand All @@ -30,7 +30,7 @@ Name: etcd-peers-ca-events
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-events
type: ca
---
Expand All @@ -39,7 +39,7 @@ Name: etcd-peers-ca-main
Signer: null
alternateNameTasks: null
alternateNames: null
format: v1alpha2
oldFormat: false
subject: cn=etcd-peers-ca-main
type: ca
---
Expand Down
Loading

0 comments on commit a986eba

Please sign in to comment.