diff --git a/tests/integration/update_cluster/public-jwks/README.md b/tests/integration/update_cluster/public-jwks/README.md index 9f2479a8bb..d173d34f98 100644 --- a/tests/integration/update_cluster/public-jwks/README.md +++ b/tests/integration/update_cluster/public-jwks/README.md @@ -4,6 +4,6 @@ We have to use a fixed CA because the fingerprint is inserted into the AWS WebId ca.crt & ca.key generated with: -`openssl req -new -newkey rsa:512 -days 3650 -nodes -x509 -subj "/CN=kubernetes" -keyout ca.key -out ca.crt` - - +``` +openssl req -new -newkey rsa:512 -days 3650 -nodes -x509 -subj "/CN=kubernetes" -keyout ca.key -out ca.crt -config <(cat /etc/ssl/openssl.cnf <(printf "[ v3_ca ]\nkeyUsage = critical,keyCertSign,cRLSign")) +``` diff --git a/tests/integration/update_cluster/public-jwks/ca.crt b/tests/integration/update_cluster/public-jwks/ca.crt index f195442cd8..f878ae125a 100644 --- a/tests/integration/update_cluster/public-jwks/ca.crt +++ b/tests/integration/update_cluster/public-jwks/ca.crt @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBgTCCASugAwIBAgIUZrxLCo6MlBXbjRWuIBXdlRkM2EcwDQYJKoZIhvcNAQEL -BQAwFTETMBEGA1UEAwwKa3ViZXJuZXRlczAeFw0yMDA4MTUyMTM3NDhaFw0zMDA4 -MTMyMTM3NDhaMBUxEzARBgNVBAMMCmt1YmVybmV0ZXMwXDANBgkqhkiG9w0BAQEF -AANLADBIAkEA5eJVxg/iR9zq2wQrk2VjdavGYiPu1Q0cmNb4LvItHBO0eiSVA7EV -D/7qAgnB13ASaQHLMuG50qK3wihMJC9/6QIDAQABo1MwUTAdBgNVHQ4EFgQU4/Jf -ZYu5ziuhZRnpcxvDOlYGA+4wHwYDVR0jBBgwFoAU4/JfZYu5ziuhZRnpcxvDOlYG -A+4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAANBAEHceMm6tpH6Yc+H -5uu5wY8Q4pmYJt+HOkIpoXO1KD4/8h90y6XY8Z0Nu3dOZSwBSCWChrYAIndtzJfC -PtQHwNM= +MIIBkTCCATugAwIBAgIUCpH+vP36aaPhoMAXYKNtGDRpO+0wDQYJKoZIhvcNAQEL +BQAwFTETMBEGA1UEAwwKa3ViZXJuZXRlczAeFw0yMDA5MTIyMDE3MjhaFw0zMDA5 +MTAyMDE3MjhaMBUxEzARBgNVBAMMCmt1YmVybmV0ZXMwXDANBgkqhkiG9w0BAQEF +AANLADBIAkEA4WWjrM1cq9lYsgmBYOZyjDaVYwCgb1zW4Bf5FMbWiWNuMjHPlVW2 +z17Q5ecKd0viUtF0A8/rrg3y7Lm0N3lIVwIDAQABo2MwYTAdBgNVHQ4EFgQU1d6Y +G7ISO0T1baFPjv6ecnRFtJkwHwYDVR0jBBgwFoAU1d6YG7ISO0T1baFPjv6ecnRF +tJkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEL +BQADQQBG1IGyIUyg1/1JcqJv97CQdu2N+J/Ktgw7NIDsGwvYp4OW0y3mXSxWoIFk +8l05a0McT3dLZawJ9VzpxMzJS4pG -----END CERTIFICATE----- diff --git a/tests/integration/update_cluster/public-jwks/ca.key b/tests/integration/update_cluster/public-jwks/ca.key index c8a4715ae7..2e3aa41c80 100644 --- a/tests/integration/update_cluster/public-jwks/ca.key +++ b/tests/integration/update_cluster/public-jwks/ca.key @@ -1,10 +1,10 @@ -----BEGIN PRIVATE KEY----- -MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA5eJVxg/iR9zq2wQr -k2VjdavGYiPu1Q0cmNb4LvItHBO0eiSVA7EVD/7qAgnB13ASaQHLMuG50qK3wihM -JC9/6QIDAQABAkEAug/7RJfOmkOggyxY6LADVFZ39y8GO8KlBr/XmIfDIxj20yIG -W2SmoSGPqoWDpr8G2LUSVrdaQ9ZyDqG0AqUN0QIhAPx5JQRoRDo2hiS+Ioaty/NA -7/iInYFkS5hMvud1QSKDAiEA6RhpLIFZbLAoof6/fdIUy7QWU1UHJ6PKq/3qpR7u -mCMCIQCVmHKGmgFTPNtfCgoLIw+louSNruUktfjU1SSIoMFnYQIgLxR8Ib4ahsZp -3pZqrQoioyZDoB87a7k8dVK68xD1VgsCIHFjAVxGmS2MgT80UjwPNs9XkT5WOpoR -BzhivO3D3oOn +MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA4WWjrM1cq9lYsgmB +YOZyjDaVYwCgb1zW4Bf5FMbWiWNuMjHPlVW2z17Q5ecKd0viUtF0A8/rrg3y7Lm0 +N3lIVwIDAQABAkAyOuFf6CAn1/bxLjcb7h9G6f8eogwe5TSpmg4TOEClOw0+Zy/y +vgK2QlNQE0UPbpVXLVTr8/hKeExEpQpWhPoZAiEA91yvETWsBfhd14kiXXtROedu +eeA7VFEKVAs3e6GkoeMCIQDpRJjgK1v66NRR0gWiDUknQg+O92BIX5SZ8F4CC4t5 +/QIhANUjwZ2cl6tVRNbxTPErzuOL7P+LHNQcOEAOojIfKBJtAiEAlJsN5WnaDCu9 +724kBov+OZNdRBAWd6Tkj3lQ+m6OaaUCIFiopekX5mvhslM7+ghbrwOTTY0Di1W9 ++ZFYs9l9pitG -----END PRIVATE KEY----- diff --git a/tests/integration/update_cluster/public-jwks/kubernetes.tf b/tests/integration/update_cluster/public-jwks/kubernetes.tf index c01a09d30b..65b824d6e6 100644 --- a/tests/integration/update_cluster/public-jwks/kubernetes.tf +++ b/tests/integration/update_cluster/public-jwks/kubernetes.tf @@ -206,7 +206,7 @@ resource "aws_iam_instance_profile" "nodes-minimal-example-com" { resource "aws_iam_openid_connect_provider" "minimal-example-com" { client_id_list = ["amazonaws.com"] - thumbprint_list = ["d89b37ccc0b574f3e40051ea08a7b60a9db11924"] + thumbprint_list = ["a8de31f85544b9e73aeb26ded19330e0e996fb79"] url = "https://api.minimal.example.com" } diff --git a/upup/pkg/fi/fitasks/keypair.go b/upup/pkg/fi/fitasks/keypair.go index 3cf91463ef..d7582df265 100644 --- a/upup/pkg/fi/fitasks/keypair.go +++ b/upup/pkg/fi/fitasks/keypair.go @@ -164,7 +164,7 @@ func (_ *Keypair) Render(c *fi.Context, a, e, changes *Keypair) error { klog.V(8).Infof("creating certificate new Subject") } else if changes.Type != "" { createCertificate = true - klog.V(8).Infof("creating certificate new Type") + klog.Infof("creating certificate %q as Type has changed (actual=%v, expected=%v)", name, a.Type, e.Type) } else if changes.LegacyFormat { changeStoredFormat = true } else {