From ae667a94c5bfcebec60fe54c7a0b5dfdf977256d Mon Sep 17 00:00:00 2001
From: John Gardiner Myers <jgmyers@proofpoint.com>
Date: Sat, 9 May 2020 22:38:10 -0700
Subject: [PATCH] Make funcs private and remove dead code

---
 upup/pkg/fi/clientset_castore.go | 11 +++++------
 upup/pkg/fi/vfs_castore.go       | 20 ++------------------
 2 files changed, 7 insertions(+), 24 deletions(-)

diff --git a/upup/pkg/fi/clientset_castore.go b/upup/pkg/fi/clientset_castore.go
index ae9f3788e7..6a71e8fefb 100644
--- a/upup/pkg/fi/clientset_castore.go
+++ b/upup/pkg/fi/clientset_castore.go
@@ -334,8 +334,7 @@ func (c *ClientsetCAStore) ListSSHCredentials() ([]*kops.SSHCredential, error) {
 	return items, nil
 }
 
-// IssueCert implements CAStore::IssueCert
-func (c *ClientsetCAStore) IssueCert(signer string, name string, serial *big.Int, privateKey *pki.PrivateKey, template *x509.Certificate) (*pki.Certificate, error) {
+func (c *ClientsetCAStore) issueCert(signer string, name string, serial *big.Int, privateKey *pki.PrivateKey, template *x509.Certificate) (*pki.Certificate, error) {
 	ctx := context.TODO()
 
 	klog.Infof("Issuing new certificate: %q", name)
@@ -449,7 +448,7 @@ func (c *ClientsetCAStore) FindPrivateKeyset(name string) (*kops.Keyset, error)
 func (c *ClientsetCAStore) CreateKeypair(signer string, id string, template *x509.Certificate, privateKey *pki.PrivateKey) (*pki.Certificate, error) {
 	serial := c.buildSerial()
 
-	cert, err := c.IssueCert(signer, id, serial, privateKey, template)
+	cert, err := c.issueCert(signer, id, serial, privateKey, template)
 	if err != nil {
 		return nil, err
 	}
@@ -488,8 +487,8 @@ func (c *ClientsetCAStore) addKey(ctx context.Context, name string, keysetType k
 	return nil
 }
 
-// DeleteKeysetItem deletes the specified key from the registry; deleting the whole keyset if it was the last one
-func DeleteKeysetItem(client kopsinternalversion.KeysetInterface, name string, keysetType kops.KeysetType, id string) error {
+// deleteKeysetItem deletes the specified key from the registry; deleting the whole keyset if it was the last one
+func deleteKeysetItem(client kopsinternalversion.KeysetInterface, name string, keysetType kops.KeysetType, id string) error {
 	ctx := context.TODO()
 
 	keyset, err := client.Get(ctx, name, metav1.GetOptions{})
@@ -637,7 +636,7 @@ func (c *ClientsetCAStore) DeleteKeysetItem(item *kops.Keyset, id string) error
 	switch item.Spec.Type {
 	case kops.SecretTypeKeypair:
 		client := c.clientset.Keysets(c.namespace)
-		return DeleteKeysetItem(client, item.Name, kops.SecretTypeKeypair, id)
+		return deleteKeysetItem(client, item.Name, kops.SecretTypeKeypair, id)
 	default:
 		// Primarily because we need to make sure users can recreate them!
 		return fmt.Errorf("deletion of keystore items of type %v not (yet) supported", item.Spec.Type)
diff --git a/upup/pkg/fi/vfs_castore.go b/upup/pkg/fi/vfs_castore.go
index 2ae4864f7e..aa2dd16c7e 100644
--- a/upup/pkg/fi/vfs_castore.go
+++ b/upup/pkg/fi/vfs_castore.go
@@ -19,7 +19,6 @@ package fi
 import (
 	"bytes"
 	"crypto/x509"
-	"crypto/x509/pkix"
 	"fmt"
 	"math/big"
 	"os"
@@ -132,21 +131,6 @@ func (s *VFSCAStore) readCAKeypairs(id string) (*keyset, *keyset, error) {
 
 }
 
-func BuildCAX509Template() *x509.Certificate {
-	subject := &pkix.Name{
-		CommonName: "kubernetes",
-	}
-
-	template := &x509.Certificate{
-		Subject:               *subject,
-		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
-		ExtKeyUsage:           []x509.ExtKeyUsage{},
-		BasicConstraintsValid: true,
-		IsCA:                  true,
-	}
-	return template
-}
-
 func (c *VFSCAStore) buildCertificatePoolPath(name string) vfs.Path {
 	return c.basedir.Join("issued", name)
 }
@@ -671,7 +655,7 @@ func mirrorSSHCredential(cluster *kops.Cluster, basedir vfs.Path, sshCredential
 	return nil
 }
 
-func (c *VFSCAStore) IssueCert(signer string, id string, serial *big.Int, privateKey *pki.PrivateKey, template *x509.Certificate) (*pki.Certificate, error) {
+func (c *VFSCAStore) issueCert(signer string, id string, serial *big.Int, privateKey *pki.PrivateKey, template *x509.Certificate) (*pki.Certificate, error) {
 	klog.Infof("Issuing new certificate: %q", id)
 
 	template.SerialNumber = serial
@@ -884,7 +868,7 @@ func (c *VFSCAStore) FindPrivateKeyset(name string) (*kops.Keyset, error) {
 func (c *VFSCAStore) CreateKeypair(signer string, id string, template *x509.Certificate, privateKey *pki.PrivateKey) (*pki.Certificate, error) {
 	serial := c.SerialGenerator()
 
-	cert, err := c.IssueCert(signer, id, serial, privateKey, template)
+	cert, err := c.issueCert(signer, id, serial, privateKey, template)
 	if err != nil {
 		return nil, err
 	}