kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update script and testdata CA keypair 

If we generate with the wrong type (usages), the keypair will be
regenerated.
This commit is contained in:
Justin SB 2020-09-12 16:20:49 -04:00
parent 08ce1dacaf
commit 2a44cb7f16
5 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tests/integration/update_cluster/public-jwks/README.md
View File

@ -4,6 +4,6 @@ We have to use a fixed CA because the fingerprint is inserted into the AWS WebId
ca.crt & ca.key generated with: ca.crt & ca.key generated with:
`openssl req -new -newkey rsa:512 -days 3650 -nodes -x509 -subj "/CN=kubernetes" -keyout ca.key -out ca.crt` ```
openssl req -new -newkey rsa:512 -days 3650 -nodes -x509 -subj "/CN=kubernetes" -keyout ca.key -out ca.crt -config <(cat /etc/ssl/openssl.cnf <(printf "[ v3_ca ]\nkeyUsage = critical,keyCertSign,cRLSign"))
```

18
tests/integration/update_cluster/public-jwks/ca.crt
View File

@ -1,11 +1,11 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBgTCCASugAwIBAgIUZrxLCo6MlBXbjRWuIBXdlRkM2EcwDQYJKoZIhvcNAQEL MIIBkTCCATugAwIBAgIUCpH+vP36aaPhoMAXYKNtGDRpO+0wDQYJKoZIhvcNAQEL
BQAwFTETMBEGA1UEAwwKa3ViZXJuZXRlczAeFw0yMDA4MTUyMTM3NDhaFw0zMDA4 BQAwFTETMBEGA1UEAwwKa3ViZXJuZXRlczAeFw0yMDA5MTIyMDE3MjhaFw0zMDA5
MTMyMTM3NDhaMBUxEzARBgNVBAMMCmt1YmVybmV0ZXMwXDANBgkqhkiG9w0BAQEF MTAyMDE3MjhaMBUxEzARBgNVBAMMCmt1YmVybmV0ZXMwXDANBgkqhkiG9w0BAQEF
AANLADBIAkEA5eJVxg/iR9zq2wQrk2VjdavGYiPu1Q0cmNb4LvItHBO0eiSVA7EV AANLADBIAkEA4WWjrM1cq9lYsgmBYOZyjDaVYwCgb1zW4Bf5FMbWiWNuMjHPlVW2
D/7qAgnB13ASaQHLMuG50qK3wihMJC9/6QIDAQABo1MwUTAdBgNVHQ4EFgQU4/Jf z17Q5ecKd0viUtF0A8/rrg3y7Lm0N3lIVwIDAQABo2MwYTAdBgNVHQ4EFgQU1d6Y
ZYu5ziuhZRnpcxvDOlYGA+4wHwYDVR0jBBgwFoAU4/JfZYu5ziuhZRnpcxvDOlYG G7ISO0T1baFPjv6ecnRFtJkwHwYDVR0jBBgwFoAU1d6YG7ISO0T1baFPjv6ecnRF
A+4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAANBAEHceMm6tpH6Yc+H tJkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEL
5uu5wY8Q4pmYJt+HOkIpoXO1KD4/8h90y6XY8Z0Nu3dOZSwBSCWChrYAIndtzJfC BQADQQBG1IGyIUyg1/1JcqJv97CQdu2N+J/Ktgw7NIDsGwvYp4OW0y3mXSxWoIFk
PtQHwNM= 8l05a0McT3dLZawJ9VzpxMzJS4pG
-----END CERTIFICATE----- -----END CERTIFICATE-----

16
tests/integration/update_cluster/public-jwks/ca.key
View File

@ -1,10 +1,10 @@
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA5eJVxg/iR9zq2wQr MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA4WWjrM1cq9lYsgmB
k2VjdavGYiPu1Q0cmNb4LvItHBO0eiSVA7EVD/7qAgnB13ASaQHLMuG50qK3wihM YOZyjDaVYwCgb1zW4Bf5FMbWiWNuMjHPlVW2z17Q5ecKd0viUtF0A8/rrg3y7Lm0
JC9/6QIDAQABAkEAug/7RJfOmkOggyxY6LADVFZ39y8GO8KlBr/XmIfDIxj20yIG N3lIVwIDAQABAkAyOuFf6CAn1/bxLjcb7h9G6f8eogwe5TSpmg4TOEClOw0+Zy/y
W2SmoSGPqoWDpr8G2LUSVrdaQ9ZyDqG0AqUN0QIhAPx5JQRoRDo2hiS+Ioaty/NA vgK2QlNQE0UPbpVXLVTr8/hKeExEpQpWhPoZAiEA91yvETWsBfhd14kiXXtROedu
7/iInYFkS5hMvud1QSKDAiEA6RhpLIFZbLAoof6/fdIUy7QWU1UHJ6PKq/3qpR7u eeA7VFEKVAs3e6GkoeMCIQDpRJjgK1v66NRR0gWiDUknQg+O92BIX5SZ8F4CC4t5
mCMCIQCVmHKGmgFTPNtfCgoLIw+louSNruUktfjU1SSIoMFnYQIgLxR8Ib4ahsZp /QIhANUjwZ2cl6tVRNbxTPErzuOL7P+LHNQcOEAOojIfKBJtAiEAlJsN5WnaDCu9
3pZqrQoioyZDoB87a7k8dVK68xD1VgsCIHFjAVxGmS2MgT80UjwPNs9XkT5WOpoR 724kBov+OZNdRBAWd6Tkj3lQ+m6OaaUCIFiopekX5mvhslM7+ghbrwOTTY0Di1W9
BzhivO3D3oOn +ZFYs9l9pitG
-----END PRIVATE KEY----- -----END PRIVATE KEY-----

2
tests/integration/update_cluster/public-jwks/kubernetes.tf
View File

@ -206,7 +206,7 @@ resource "aws_iam_instance_profile" "nodes-minimal-example-com" {
resource "aws_iam_openid_connect_provider" "minimal-example-com" { resource "aws_iam_openid_connect_provider" "minimal-example-com" {
client_id_list = ["amazonaws.com"] client_id_list = ["amazonaws.com"]
thumbprint_list = ["d89b37ccc0b574f3e40051ea08a7b60a9db11924"] thumbprint_list = ["a8de31f85544b9e73aeb26ded19330e0e996fb79"]
url = "https://api.minimal.example.com" url = "https://api.minimal.example.com"
} }

2
upup/pkg/fi/fitasks/keypair.go
View File

@ -164,7 +164,7 @@ func (_ *Keypair) Render(c *fi.Context, a, e, changes *Keypair) error {
klog.V(8).Infof("creating certificate new Subject") klog.V(8).Infof("creating certificate new Subject")
} else if changes.Type != "" { } else if changes.Type != "" {
createCertificate = true createCertificate = true
klog.V(8).Infof("creating certificate new Type") klog.Infof("creating certificate %q as Type has changed (actual=%v, expected=%v)", name, a.Type, e.Type)
} else if changes.LegacyFormat { } else if changes.LegacyFormat {
changeStoredFormat = true changeStoredFormat = true
} else { } else {