kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove use of deprecated create-if-missing functions 

Generally tightening up the interface to make it easier to remove list
operations.
This commit is contained in:
Justin Santa Barbara 2017-11-12 16:42:43 -05:00
parent 2737bef0b6
commit 9e5c086c5b
8 changed files with 69 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nodeup/pkg/model/context.go
View File

@ -120,15 +120,25 @@ func (c *NodeupModelContext) buildPKIKubeconfig(id string) (string, error) {
if err != nil { if err != nil {
return "", fmt.Errorf("error fetching CA certificate from keystore: %v", err) return "", fmt.Errorf("error fetching CA certificate from keystore: %v", err)
} }
if caCertificate == nil {
return "", fmt.Errorf("CA certificate %q not found", fi.CertificateId_CA)
}
certificate, err := c.KeyStore.Cert(id, false) certificate, err := c.KeyStore.FindCert(id)
if err != nil { if err != nil {
return "", fmt.Errorf("error fetching %q certificate from keystore: %v", id, err) return "", fmt.Errorf("error fetching %q certificate from keystore: %v", id, err)
} }
privateKey, err := c.KeyStore.PrivateKey(id, false) if certificate == nil {
return "", fmt.Errorf("certificate %q not found", id)
}
privateKey, err := c.KeyStore.FindPrivateKey(id)
if err != nil { if err != nil {
return "", fmt.Errorf("error fetching %q private key from keystore: %v", id, err) return "", fmt.Errorf("error fetching %q private key from keystore: %v", id, err)
} }
if privateKey == nil {
return "", fmt.Errorf("private key %q not found", id)
}
user := kubeconfig.KubectlUser{} user := kubeconfig.KubectlUser{}
user.ClientCertificateData, err = certificate.AsBytes() user.ClientCertificateData, err = certificate.AsBytes()

12
nodeup/pkg/model/convenience.go
View File

@ -96,11 +96,15 @@ func getProxyEnvVars(proxies *kops.EgressProxySpec) []v1.EnvVar {
// buildCertificateRequest retrieves the certificate from a keystore // buildCertificateRequest retrieves the certificate from a keystore
func buildCertificateRequest(c *fi.ModelBuilderContext, b *NodeupModelContext, name, path string) error { func buildCertificateRequest(c *fi.ModelBuilderContext, b *NodeupModelContext, name, path string) error {
cert, err := b.KeyStore.Cert(name, false) cert, err := b.KeyStore.FindCert(name)
if err != nil { if err != nil {
return err return err
} }
if cert == nil {
return fmt.Errorf("certificate %q not found", name)
}
serialized, err := cert.AsString() serialized, err := cert.AsString()
if err != nil { if err != nil {
return err return err
@ -123,11 +127,15 @@ func buildCertificateRequest(c *fi.ModelBuilderContext, b *NodeupModelContext, n
// buildPrivateKeyRequest retrieves a private key from the store // buildPrivateKeyRequest retrieves a private key from the store
func buildPrivateKeyRequest(c *fi.ModelBuilderContext, b *NodeupModelContext, name, path string) error { func buildPrivateKeyRequest(c *fi.ModelBuilderContext, b *NodeupModelContext, name, path string) error {
k, err := b.KeyStore.PrivateKey(name, false) k, err := b.KeyStore.FindPrivateKey(name)
if err != nil { if err != nil {
return err return err
} }
if k == nil {
return fmt.Errorf("private key %q not found", name)
}
serialized, err := k.AsString() serialized, err := k.AsString()
if err != nil { if err != nil {
return err return err

6
nodeup/pkg/model/kube_controller_manager.go
View File

@ -49,11 +49,15 @@ func (b *KubeControllerManagerBuilder) Build(c *fi.ModelBuilderContext) error {
// If we're using the CertificateSigner, include the CA Key // If we're using the CertificateSigner, include the CA Key
// @TODO: use a per-machine key? use KMS? // @TODO: use a per-machine key? use KMS?
if b.useCertificateSigner() { if b.useCertificateSigner() {
ca, err := b.KeyStore.PrivateKey(fi.CertificateId_CA, false) ca, err := b.KeyStore.FindPrivateKey(fi.CertificateId_CA)
if err != nil { if err != nil {
return err return err
} }
if ca == nil {
return fmt.Errorf("CA private key %q not found", fi.CertificateId_CA)
}
serialized, err := ca.AsString() serialized, err := ca.AsString()
if err != nil { if err != nil {
return err return err

16
nodeup/pkg/model/protokube.go
View File

@ -70,7 +70,7 @@ func (t *ProtokubeBuilder) Build(c *fi.ModelBuilderContext) error {
// retrieve the etcd peer certificates and private keys from the keystore // retrieve the etcd peer certificates and private keys from the keystore
if t.UseEtcdTLS() { if t.UseEtcdTLS() {
for _, x := range []string{"etcd", "etcd-client"} { for _, x := range []string{"etcd", "etcd-client"} {
if err := t.buildCeritificateTask(c, x, fmt.Sprintf("%s.pem", x)); err != nil { if err := t.buildCertificateTask(c, x, fmt.Sprintf("%s.pem", x)); err != nil {
return err return err
} }
} }
@ -376,12 +376,16 @@ func (t *ProtokubeBuilder) writeProxyEnvVars(buffer *bytes.Buffer) {
} }
// buildCertificateTask is responsible for build a certificate request task // buildCertificateTask is responsible for build a certificate request task
func (t *ProtokubeBuilder) buildCeritificateTask(c *fi.ModelBuilderContext, name, filename string) error { func (t *ProtokubeBuilder) buildCertificateTask(c *fi.ModelBuilderContext, name, filename string) error {
cert, err := t.KeyStore.Cert(name, false) cert, err := t.KeyStore.FindCert(name)
if err != nil { if err != nil {
return err return err
} }
if cert == nil {
return fmt.Errorf("certificate %q not found", name)
}
serialized, err := cert.AsString() serialized, err := cert.AsString()
if err != nil { if err != nil {
return err return err
@ -399,11 +403,15 @@ func (t *ProtokubeBuilder) buildCeritificateTask(c *fi.ModelBuilderContext, name
// buildPrivateKeyTask is responsible for build a certificate request task // buildPrivateKeyTask is responsible for build a certificate request task
func (t *ProtokubeBuilder) buildPrivateTask(c *fi.ModelBuilderContext, name, filename string) error { func (t *ProtokubeBuilder) buildPrivateTask(c *fi.ModelBuilderContext, name, filename string) error {
cert, err := t.KeyStore.PrivateKey(name, false) cert, err := t.KeyStore.FindPrivateKey(name)
if err != nil { if err != nil {
return err return err
} }
if cert == nil {
return fmt.Errorf("private key %q not found", name)
}
serialized, err := cert.AsString() serialized, err := cert.AsString()
if err != nil { if err != nil {
return err return err

29
nodeup/pkg/model/secrets.go
View File

@ -42,10 +42,13 @@ func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
// retrieve the platform ca // retrieve the platform ca
{ {
ca, err := b.KeyStore.CertificatePool(fi.CertificateId_CA, false) ca, err := b.KeyStore.FindCertificatePool(fi.CertificateId_CA)
if err != nil { if err != nil {
return err return err
} }
if ca == nil {
return fmt.Errorf("certificate %q not found", fi.CertificateId_CA)
}
serialized, err := ca.AsString() serialized, err := ca.AsString()
if err != nil { if err != nil {
@ -81,10 +84,13 @@ func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
} }
{ {
cert, err := b.KeyStore.Cert("master", false) cert, err := b.KeyStore.FindCert("master")
if err != nil { if err != nil {
return err return err
} }
if cert == nil {
return fmt.Errorf("certificate %q not found", "master")
}
serialized, err := cert.AsString() serialized, err := cert.AsString()
if err != nil { if err != nil {
@ -100,11 +106,13 @@ func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
} }
{ {
k, err := b.KeyStore.PrivateKey("master", false) k, err := b.KeyStore.FindPrivateKey("master")
if err != nil { if err != nil {
return err return err
} }
if k == nil {
return fmt.Errorf("private key %q not found", "master")
}
serialized, err := k.AsString() serialized, err := k.AsString()
if err != nil { if err != nil {
return err return err
@ -121,10 +129,13 @@ func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
if b.IsKubernetesGTE("1.7") { if b.IsKubernetesGTE("1.7") {
// TODO: Remove - we use the apiserver-aggregator keypair instead (which is signed by a different CA) // TODO: Remove - we use the apiserver-aggregator keypair instead (which is signed by a different CA)
cert, err := b.KeyStore.Cert("apiserver-proxy-client", false) cert, err := b.KeyStore.FindCert("apiserver-proxy-client")
if err != nil { if err != nil {
return fmt.Errorf("apiserver proxy client cert lookup failed: %v", err.Error()) return fmt.Errorf("apiserver proxy client cert lookup failed: %v", err.Error())
} }
if cert == nil {
return fmt.Errorf("certificate %q not found", "apiserver-proxy-client")
}
serialized, err := cert.AsString() serialized, err := cert.AsString()
if err != nil { if err != nil {
@ -138,10 +149,13 @@ func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error {
} }
c.AddTask(t) c.AddTask(t)
key, err := b.KeyStore.PrivateKey("apiserver-proxy-client", false) key, err := b.KeyStore.FindPrivateKey("apiserver-proxy-client")
if err != nil { if err != nil {
return fmt.Errorf("apiserver proxy client private key lookup failed: %v", err.Error()) return fmt.Errorf("apiserver proxy client private key lookup failed: %v", err.Error())
} }
if key == nil {
return fmt.Errorf("private key %q not found", "apiserver-proxy-client")
}
serialized, err = key.AsString() serialized, err = key.AsString()
if err != nil { if err != nil {
@ -250,6 +264,9 @@ func (b *SecretBuilder) writePrivateKey(c *fi.ModelBuilderContext, id string) er
if err != nil { if err != nil {
return fmt.Errorf("private key lookup failed for %q: %v", id, err) return fmt.Errorf("private key lookup failed for %q: %v", id, err)
} }
if key == nil {
return fmt.Errorf("private key %q not found", id)
}
serialized, err := key.AsString() serialized, err := key.AsString()
if err != nil { if err != nil {

12
upup/pkg/fi/ca.go
View File

@ -63,16 +63,18 @@ type HasVFSPath interface {
type CAStore interface { type CAStore interface {
Keystore Keystore
// Cert returns the primary specified certificate
// For createIfMissing=false, using FindCert is preferred
Cert(name string, createIfMissing bool) (*pki.Certificate, error)
// CertificatePool returns all active certificates with the specified id // CertificatePool returns all active certificates with the specified id
// Deprecated: prefer FindCertificatePool
CertificatePool(name string, createIfMissing bool) (*CertificatePool, error) CertificatePool(name string, createIfMissing bool) (*CertificatePool, error)
PrivateKey(name string, createIfMissing bool) (*pki.PrivateKey, error)
// FindCertificatePool returns the named CertificatePool, or (nil,nil) if not found
FindCertificatePool(name string) (*CertificatePool, error)
// FindPrivateKey returns the named private key, or (nil,nil) if not found
FindPrivateKey(name string) (*pki.PrivateKey, error)
// FindCert returns the specified certificate, if it exists, or nil if not found // FindCert returns the specified certificate, if it exists, or nil if not found
FindCert(name string) (*pki.Certificate, error) FindCert(name string) (*pki.Certificate, error)
FindPrivateKey(name string) (*pki.PrivateKey, error)
// ListKeysets will return all the KeySets // ListKeysets will return all the KeySets
// The key material is not guaranteed to be populated - metadata like the name will be. // The key material is not guaranteed to be populated - metadata like the name will be.

27
upup/pkg/fi/clientset_castore.go
View File

@ -194,20 +194,6 @@ func FindPrimary(keyset *kops.Keyset) *kops.KeysetItem {
return primary return primary
} }
// Cert implements CAStore::Cert
func (c *ClientsetCAStore) Cert(name string, createIfMissing bool) (*pki.Certificate, error) {
cert, err := c.FindCert(name)
if err == nil && cert == nil {
if !createIfMissing {
glog.Warningf("using empty certificate, because running with DryRun")
return &pki.Certificate{}, err
}
return nil, fmt.Errorf("cannot find certificate %q", name)
}
return cert, err
}
// CertificatePool implements CAStore::CertificatePool // CertificatePool implements CAStore::CertificatePool
func (c *ClientsetCAStore) CertificatePool(id string, createIfMissing bool) (*CertificatePool, error) { func (c *ClientsetCAStore) CertificatePool(id string, createIfMissing bool) (*CertificatePool, error) {
cert, err := c.FindCertificatePool(id) cert, err := c.FindCertificatePool(id)
@ -413,19 +399,6 @@ func (c *ClientsetCAStore) FindPrivateKey(name string) (*pki.PrivateKey, error)
return nil, nil return nil, nil
} }
// PrivateKey implements CAStore::PrivateKey
func (c *ClientsetCAStore) PrivateKey(name string, createIfMissing bool) (*pki.PrivateKey, error) {
key, err := c.FindPrivateKey(name)
if err == nil && key == nil {
if !createIfMissing {
glog.Warningf("using empty certificate, because running with DryRun")
return &pki.PrivateKey{}, err
}
return nil, fmt.Errorf("cannot find SSL key %q", name)
}
return key, err
}
// CreateKeypair implements CAStore::CreateKeypair // CreateKeypair implements CAStore::CreateKeypair
func (c *ClientsetCAStore) CreateKeypair(signer string, id string, template *x509.Certificate, privateKey *pki.PrivateKey) (*pki.Certificate, error) { func (c *ClientsetCAStore) CreateKeypair(signer string, id string, template *x509.Certificate, privateKey *pki.PrivateKey) (*pki.Certificate, error) {
serial := c.buildSerial() serial := c.buildSerial()

26
upup/pkg/fi/vfs_castore.go
View File

@ -279,19 +279,6 @@ func (c *VFSCAStore) loadOneCertificate(p vfs.Path) (*pki.Certificate, error) {
return cert, nil return cert, nil
} }
func (c *VFSCAStore) Cert(id string, createIfMissing bool) (*pki.Certificate, error) {
cert, err := c.FindCert(id)
if err == nil && cert == nil {
if !createIfMissing {
glog.Warningf("using empty certificate, because running with DryRun")
return &pki.Certificate{}, err
}
return nil, fmt.Errorf("cannot find certificate %q", id)
}
return cert, err
}
func (c *VFSCAStore) CertificatePool(id string, createIfMissing bool) (*CertificatePool, error) { func (c *VFSCAStore) CertificatePool(id string, createIfMissing bool) (*CertificatePool, error) {
cert, err := c.FindCertificatePool(id) cert, err := c.FindCertificatePool(id)
if err == nil && cert == nil { if err == nil && cert == nil {
@ -632,19 +619,6 @@ func (c *VFSCAStore) FindPrivateKey(id string) (*pki.PrivateKey, error) {
return key, nil return key, nil
} }
func (c *VFSCAStore) PrivateKey(id string, createIfMissing bool) (*pki.PrivateKey, error) {
key, err := c.FindPrivateKey(id)
if err == nil && key == nil {
if !createIfMissing {
glog.Warningf("using empty certificate, because running with DryRun")
return &pki.PrivateKey{}, err
}
return nil, fmt.Errorf("cannot find SSL key %q", id)
}
return key, err
}
func (c *VFSCAStore) CreateKeypair(signer string, id string, template *x509.Certificate, privateKey *pki.PrivateKey) (*pki.Certificate, error) { func (c *VFSCAStore) CreateKeypair(signer string, id string, template *x509.Certificate, privateKey *pki.PrivateKey) (*pki.Certificate, error) {
serial := c.buildSerial() serial := c.buildSerial()