kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14797 from justinsb/pure_context_work 

Context threading: more wiring
This commit is contained in:
Kubernetes Prow Robot 2022-12-22 17:35:29 -08:00 committed by GitHub
parent 5922daed00 ba59d65bc9
commit c01fdbb6e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
75 changed files with 312 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/kops/create.go
View File

@ -76,7 +76,7 @@ func NewCmdCreate(f *util.Factory, out io.Writer) *cobra.Command {
Example: createExample,
Args: cobra.NoArgs,
RunE: func(cmd *cobra.Command, args []string) error {
return RunCreate(context.TODO(), f, out, options)
return RunCreate(cmd.Context(), f, out, options)
},
}
@ -198,7 +198,7 @@ func RunCreate(ctx context.Context, f *util.Factory, out io.Writer, c *CreateOpt
}
sshKeyArr := []byte(v.Spec.PublicKey)
err = sshCredentialStore.AddSSHPublicKey(sshKeyArr)
err = sshCredentialStore.AddSSHPublicKey(ctx, sshKeyArr)
if err != nil {
return err
}

6
cmd/kops/create_cluster.go
View File

@ -200,7 +200,7 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
}
}
return RunCreateCluster(context.TODO(), f, out, options)
return RunCreateCluster(cmd.Context(), f, out, options)
},
}
@ -649,7 +649,7 @@ func RunCreateCluster(ctx context.Context, f *util.Factory, out io.Writer, c *Cr
}
assetBuilder := assets.NewAssetBuilder(cluster, false)
fullCluster, err := cloudup.PopulateClusterSpec(clientset, cluster, cloud, assetBuilder)
fullCluster, err := cloudup.PopulateClusterSpec(ctx, clientset, cluster, cloud, assetBuilder)
if err != nil {
return err
}
@ -765,7 +765,7 @@ func RunCreateCluster(ctx context.Context, f *util.Factory, out io.Writer, c *Cr
}
for _, data := range c.SSHPublicKeys {
err = sshCredentialStore.AddSSHPublicKey(data)
err = sshCredentialStore.AddSSHPublicKey(ctx, data)
if err != nil {
return fmt.Errorf("error adding SSH public key: %v", err)
}

5
cmd/kops/create_instancegroup.go
View File

@ -119,7 +119,7 @@ func NewCmdCreateInstanceGroup(f *util.Factory, out io.Writer) *cobra.Command {
return nil, cobra.ShellCompDirectiveNoFileComp
},
RunE: func(cmd *cobra.Command, args []string) error {
return RunCreateInstanceGroup(context.TODO(), f, out, options)
return RunCreateInstanceGroup(cmd.Context(), f, out, options)
},
}
@ -277,8 +277,9 @@ func RunCreateInstanceGroup(ctx context.Context, f *util.Factory, out io.Writer,
func completeClusterSubnet(f commandutils.Factory, excludeSubnets *[]string) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
ctx := cmd.Context()
commandutils.ConfigureKlogForCompletion()
ctx := context.TODO()
cluster, _, completions, directive := GetClusterForCompletion(ctx, f, nil)
if cluster == nil {

19
cmd/kops/create_keypair.go
View File

@ -128,10 +128,10 @@ func NewCmdCreateKeypair(f *util.Factory, out io.Writer) *cobra.Command {
return nil
},
ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return completeCreateKeypair(f, options, args, toComplete)
return completeCreateKeypair(cmd.Context(), f, options, args, toComplete)
},
RunE: func(cmd *cobra.Command, args []string) error {
return RunCreateKeypair(context.TODO(), f, out, options)
return RunCreateKeypair(cmd.Context(), f, out, options)
},
}
@ -164,7 +164,7 @@ func RunCreateKeypair(ctx context.Context, f *util.Factory, out io.Writer, optio
}
if options.Keyset != "all" {
return createKeypair(out, options, options.Keyset, keyStore)
return createKeypair(ctx, out, options, options.Keyset, keyStore)
}
keysets, err := keyStore.ListKeysets()
@ -174,7 +174,7 @@ func RunCreateKeypair(ctx context.Context, f *util.Factory, out io.Writer, optio
for name := range keysets {
if rotatableKeysetFilter(name, nil) {
if err := createKeypair(out, options, name, keyStore); err != nil {
if err := createKeypair(ctx, out, options, name, keyStore); err != nil {
return fmt.Errorf("creating keypair for %s: %v", name, err)
}
}
@ -183,7 +183,7 @@ func RunCreateKeypair(ctx context.Context, f *util.Factory, out io.Writer, optio
return nil
}
func createKeypair(out io.Writer, options *CreateKeypairOptions, name string, keyStore fi.CAStore) error {
func createKeypair(ctx context.Context, out io.Writer, options *CreateKeypairOptions, name string, keyStore fi.CAStore) error {
var err error
var privateKey *pki.PrivateKey
if options.PrivateKeyPath != "" {
@ -252,7 +252,7 @@ func createKeypair(out io.Writer, options *CreateKeypairOptions, name string, ke
return err
}
err = keyStore.StoreKeyset(name, keyset)
err = keyStore.StoreKeyset(ctx, name, keyset)
if err != nil {
return fmt.Errorf("error storing user provided keys %q %q: %v", options.CertPath, options.PrivateKeyPath, err)
}
@ -267,7 +267,7 @@ func createKeypair(out io.Writer, options *CreateKeypairOptions, name string, ke
return nil
}
func completeKeyset(cluster *kopsapi.Cluster, clientSet simple.Clientset, args []string, filter func(name string, keyset *fi.Keyset) bool) (keyset *fi.Keyset, keyStore fi.CAStore, completions []string, directive cobra.ShellCompDirective) {
func completeKeyset(ctx context.Context, cluster *kopsapi.Cluster, clientSet simple.Clientset, args []string, filter func(name string, keyset *fi.Keyset) bool) (keyset *fi.Keyset, keyStore fi.CAStore, completions []string, directive cobra.ShellCompDirective) {
keyStore, err := clientSet.KeyStore(cluster)
if err != nil {
completions, directive := commandutils.CompletionError("getting keystore", err)
@ -304,16 +304,15 @@ func completeKeyset(cluster *kopsapi.Cluster, clientSet simple.Clientset, args [
return keyset, keyStore, nil, cobra.ShellCompDirectiveNoFileComp
}
func completeCreateKeypair(f commandutils.Factory, options *CreateKeypairOptions, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
func completeCreateKeypair(ctx context.Context, f commandutils.Factory, options *CreateKeypairOptions, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
commandutils.ConfigureKlogForCompletion()
ctx := context.TODO()
cluster, clientSet, completions, directive := GetClusterForCompletion(ctx, f, nil)
if cluster == nil {
return completions, directive
}
keyset, _, completions, directive := completeKeyset(cluster, clientSet, args, rotatableKeysetFilter)
keyset, _, completions, directive := completeKeyset(ctx, cluster, clientSet, args, rotatableKeysetFilter)
if keyset == nil {
return completions, directive
}

2
cmd/kops/create_secret_ciliumpassword.go
View File

@ -71,7 +71,7 @@ func NewCmdCreateSecretCiliumPassword(f *util.Factory, out io.Writer) *cobra.Com
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunCreateSecretCiliumEncryptionConfig(context.TODO(), f, out, options)
return RunCreateSecretCiliumEncryptionConfig(cmd.Context(), f, out, options)
},
}

2
cmd/kops/create_secret_dockerconfig.go
View File

@ -76,7 +76,7 @@ func NewCmdCreateSecretDockerConfig(f *util.Factory, out io.Writer) *cobra.Comma
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunCreateSecretDockerConfig(context.TODO(), f, out, options)
return RunCreateSecretDockerConfig(cmd.Context(), f, out, options)
},
}

2
cmd/kops/create_secret_encryptionconfig.go
View File

@ -70,7 +70,7 @@ func NewCmdCreateSecretEncryptionConfig(f *util.Factory, out io.Writer) *cobra.C
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunCreateSecretEncryptionConfig(context.TODO(), f, out, options)
return RunCreateSecretEncryptionConfig(cmd.Context(), f, out, options)
},
}

2
cmd/kops/create_secret_weavepassword.go
View File

@ -78,7 +78,7 @@ func NewCmdCreateSecretWeavePassword(f *util.Factory, out io.Writer) *cobra.Comm
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunCreateSecretWeavePassword(context.TODO(), f, out, options)
return RunCreateSecretWeavePassword(cmd.Context(), f, out, options)
},
}

4
cmd/kops/create_sshpublickey.go
View File

@ -59,7 +59,7 @@ func NewCmdCreateSSHPublicKey(f *util.Factory, out io.Writer) *cobra.Command {
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunCreateSSHPublicKey(context.TODO(), f, out, options)
return RunCreateSSHPublicKey(cmd.Context(), f, out, options)
},
}
@ -101,7 +101,7 @@ func RunCreateSSHPublicKey(ctx context.Context, f *util.Factory, out io.Writer,
return fmt.Errorf("error reading SSH public key %v: %v", options.PublicKeyPath, err)
}
err = sshCredentialStore.AddSSHPublicKey(data)
err = sshCredentialStore.AddSSHPublicKey(ctx, data)
if err != nil {
return fmt.Errorf("error adding SSH public key: %v", err)
}

2
cmd/kops/delete.go
View File

@ -60,7 +60,7 @@ func NewCmdDelete(f *util.Factory, out io.Writer) *cobra.Command {
SuggestFor: []string{"rm"},
Args: cobra.NoArgs,
RunE: func(cmd *cobra.Command, args []string) error {
return RunDelete(context.TODO(), f, out, options)
return RunDelete(cmd.Context(), f, out, options)
},
}

2
cmd/kops/delete_cluster.go
View File

@ -73,7 +73,7 @@ func NewCmdDeleteCluster(f *util.Factory, out io.Writer) *cobra.Command {
Args: rootCommand.clusterNameArgsNoKubeconfig(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunDeleteCluster(context.TODO(), f, out, options)
return RunDeleteCluster(cmd.Context(), f, out, options)
},
}

5
cmd/kops/delete_instance.go
View File

@ -133,7 +133,7 @@ func NewCmdDeleteInstance(f *util.Factory, out io.Writer) *cobra.Command {
},
ValidArgsFunction: completeInstanceOrNode(f, &options),
RunE: func(cmd *cobra.Command, args []string) error {
return RunDeleteInstance(context.TODO(), f, out, &options)
return RunDeleteInstance(cmd.Context(), f, out, &options)
},
}
@ -307,12 +307,13 @@ func findDeletionNode(groups map[string]*cloudinstances.CloudInstanceGroup, opti
func completeInstanceOrNode(f commandutils.Factory, options *DeleteInstanceOptions) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
ctx := cmd.Context()
if len(args) > 0 {
return nil, cobra.ShellCompDirectiveNoFileComp
}
commandutils.ConfigureKlogForCompletion()
ctx := context.TODO()
cluster, clientSet, completions, directive := GetClusterForCompletion(ctx, f, nil)
if cluster == nil {

2
cmd/kops/delete_instancegroup.go
View File

@ -86,7 +86,7 @@ func NewCmdDeleteInstanceGroup(f *util.Factory, out io.Writer) *cobra.Command {
},
ValidArgsFunction: completeInstanceGroup(f, nil, &[]string{kops.InstanceGroupRoleControlPlane.ToLowerString()}),
RunE: func(cmd *cobra.Command, args []string) error {
ctx := context.TODO()
ctx := cmd.Context()
if !options.Yes {
message := fmt.Sprintf("Do you really want to delete instance group %q? This action cannot be undone.", options.GroupName)

5
cmd/kops/delete_secret.go
View File

@ -79,7 +79,7 @@ func NewCmdDeleteSecret(f *util.Factory, out io.Writer) *cobra.Command {
},
ValidArgsFunction: completeSecretNames(f),
RunE: func(cmd *cobra.Command, args []string) error {
return RunDeleteSecret(context.TODO(), f, out, options)
return RunDeleteSecret(cmd.Context(), f, out, options)
},
}
@ -120,8 +120,9 @@ func RunDeleteSecret(ctx context.Context, f *util.Factory, out io.Writer, option
func completeSecretNames(f commandutils.Factory) func(cmd *cobra.Command, args []string, complete string) ([]string, cobra.ShellCompDirective) {
return func(cmd *cobra.Command, args []string, complete string) ([]string, cobra.ShellCompDirective) {
ctx := cmd.Context()
commandutils.ConfigureKlogForCompletion()
ctx := context.TODO()
cluster, clientSet, completions, directive := GetClusterForCompletion(ctx, f, nil)
if cluster == nil {

2
cmd/kops/delete_sshpublickey.go
View File

@ -52,7 +52,7 @@ func NewCmdDeleteSSHPublicKey(f *util.Factory, out io.Writer) *cobra.Command {
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
ctx := context.TODO()
ctx := cmd.Context()
return RunDeleteSSHPublicKey(ctx, f, out, options)
},

17
cmd/kops/distrust_keypair.go
View File

@ -98,10 +98,10 @@ func NewCmdDistrustKeypair(f *util.Factory, out io.Writer) *cobra.Command {
return nil
},
ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return completeDistrustKeyset(f, options, args, toComplete)
return completeDistrustKeyset(cmd.Context(), f, options, args, toComplete)
},
RunE: func(cmd *cobra.Command, args []string) error {
return RunDistrustKeypair(context.TODO(), f, out, options)
return RunDistrustKeypair(cmd.Context(), f, out, options)
},
}
@ -125,7 +125,7 @@ func RunDistrustKeypair(ctx context.Context, f *util.Factory, out io.Writer, opt
}
if options.Keyset != "all" {
return distrustKeypair(out, options.Keyset, options.KeypairIDs[:], keyStore)
return distrustKeypair(ctx, out, options.Keyset, options.KeypairIDs[:], keyStore)
}
keysets, err := keyStore.ListKeysets()
@ -135,7 +135,7 @@ func RunDistrustKeypair(ctx context.Context, f *util.Factory, out io.Writer, opt
for name := range keysets {
if rotatableKeysetFilter(name, nil) {
if err := distrustKeypair(out, name, nil, keyStore); err != nil {
if err := distrustKeypair(ctx, out, name, nil, keyStore); err != nil {
return fmt.Errorf("distrusting keypair for %s: %v", name, err)
}
}
@ -144,7 +144,7 @@ func RunDistrustKeypair(ctx context.Context, f *util.Factory, out io.Writer, opt
return nil
}
func distrustKeypair(out io.Writer, name string, keypairIDs []string, keyStore fi.CAStore) error {
func distrustKeypair(ctx context.Context, out io.Writer, name string, keypairIDs []string, keyStore fi.CAStore) error {
keyset, err := keyStore.FindKeyset(name)
if err != nil {
return err
@ -182,7 +182,7 @@ func distrustKeypair(out io.Writer, name string, keypairIDs []string, keyStore f
now := time.Now().UTC().Round(0)
item.DistrustTimestamp = &now
if err := keyStore.StoreKeyset(name, keyset); err != nil {
if err := keyStore.StoreKeyset(ctx, name, keyset); err != nil {
return fmt.Errorf("error storing keyset: %w", err)
}
@ -192,16 +192,15 @@ func distrustKeypair(out io.Writer, name string, keypairIDs []string, keyStore f
return nil
}
func completeDistrustKeyset(f commandutils.Factory, options *DistrustKeypairOptions, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
func completeDistrustKeyset(ctx context.Context, f commandutils.Factory, options *DistrustKeypairOptions, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
commandutils.ConfigureKlogForCompletion()
ctx := context.TODO()
cluster, clientSet, completions, directive := GetClusterForCompletion(ctx, f, nil)
if cluster == nil {
return completions, directive
}
keyset, _, completions, directive := completeKeyset(cluster, clientSet, args, rotatableKeysetFilter)
keyset, _, completions, directive := completeKeyset(ctx, cluster, clientSet, args, rotatableKeysetFilter)
if keyset == nil {
return completions, directive
}

4
cmd/kops/edit_cluster.go
View File

@ -81,7 +81,7 @@ func NewCmdEditCluster(f *util.Factory, out io.Writer) *cobra.Command {
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunEditCluster(context.TODO(), f, out, options)
return RunEditCluster(cmd.Context(), f, out, options)
},
}
@ -264,7 +264,7 @@ func updateCluster(ctx context.Context, clientset simple.Clientset, oldCluster,
}
assetBuilder := assets.NewAssetBuilder(newCluster, false)
fullCluster, err := cloudup.PopulateClusterSpec(clientset, newCluster, cloud, assetBuilder)
fullCluster, err := cloudup.PopulateClusterSpec(ctx, clientset, newCluster, cloud, assetBuilder)
if err != nil {
return fmt.Sprintf("error populating cluster spec: %s", err), nil
}

4
cmd/kops/edit_instancegroup.go
View File

@ -104,7 +104,7 @@ func NewCmdEditInstanceGroup(f *util.Factory, out io.Writer) *cobra.Command {
},
ValidArgsFunction: completeInstanceGroup(f, nil, nil),
RunE: func(cmd *cobra.Command, args []string) error {
return RunEditInstanceGroup(context.TODO(), f, out, options)
return RunEditInstanceGroup(cmd.Context(), f, out, options)
},
}
@ -299,7 +299,7 @@ func updateInstanceGroup(ctx context.Context, clientset simple.Clientset, channe
}
assetBuilder := assets.NewAssetBuilder(cluster, false)
fullCluster, err := cloudup.PopulateClusterSpec(clientset, cluster, cloud, assetBuilder)
fullCluster, err := cloudup.PopulateClusterSpec(ctx, clientset, cluster, cloud, assetBuilder)
if err != nil {
return fmt.Sprintf("error populating cluster spec: %s", err), nil
}

2
cmd/kops/export_kubeconfig.go
View File

@ -90,7 +90,7 @@ func NewCmdExportKubeconfig(f *util.Factory, out io.Writer) *cobra.Command {
},
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunExportKubeconfig(context.TODO(), f, out, options, args)
return RunExportKubeconfig(cmd.Context(), f, out, options, args)
},
}

2
cmd/kops/get.go
View File

@ -52,7 +52,7 @@ func NewCmdGet(f *util.Factory, out io.Writer) *cobra.Command {
Short: i18n.T(`Get one or many resources.`),
Args: rootCommand.clusterNameArgs(&options.ClusterName),
RunE: func(cmd *cobra.Command, args []string) error {
return RunGet(context.TODO(), f, out, options)
return RunGet(cmd.Context(), f, out, options)
},
}

2
cmd/kops/get_all.go
View File

@ -65,7 +65,7 @@ func NewCmdGetAll(f *util.Factory, out io.Writer, getOptions *GetOptions) *cobra
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunGetAll(context.TODO(), f, out, options)
return RunGetAll(cmd.Context(), f, out, options)
},
}

2
cmd/kops/get_assets.go
View File

@ -91,7 +91,7 @@ func NewCmdGetAssets(f *util.Factory, out io.Writer, getOptions *GetOptions) *co
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunGetAssets(context.TODO(), f, out, &options)
return RunGetAssets(cmd.Context(), f, out, &options)
},
}

6
cmd/kops/get_cluster.go
View File

@ -108,7 +108,7 @@ func NewCmdGetCluster(f *util.Factory, out io.Writer, getOptions *GetOptions) *c
},
ValidArgsFunction: commandutils.CompleteClusterName(f, false, true),
RunE: func(cmd *cobra.Command, args []string) error {
return RunGetClusters(context.TODO(), f, out, &options)
return RunGetClusters(cmd.Context(), f, out, &options)
},
}
@ -157,7 +157,7 @@ func RunGetClusters(ctx context.Context, f commandutils.Factory, out io.Writer,
if options.FullSpec {
var err error
clusters, err = fullClusterSpecs(clusters)
clusters, err = fullClusterSpecs(ctx, clusters)
if err != nil {
return err
}
@ -278,7 +278,7 @@ func fullOutputYAML(out io.Writer, args ...runtime.Object) error {
return nil
}
func fullClusterSpecs(clusters []*kopsapi.Cluster) ([]*kopsapi.Cluster, error) {
func fullClusterSpecs(ctx context.Context, clusters []*kopsapi.Cluster) ([]*kopsapi.Cluster, error) {
var fullSpecs []*kopsapi.Cluster
for _, cluster := range clusters {
configBase, err := registry.ConfigBase(cluster)

2
cmd/kops/get_instancegroups.go
View File

@ -81,7 +81,7 @@ func NewCmdGetInstanceGroups(f *util.Factory, out io.Writer, getOptions *GetOpti
return completeInstanceGroup(f, &args, nil)(cmd, nil, toComplete)
},
RunE: func(cmd *cobra.Command, args []string) error {
return RunGetInstanceGroups(context.TODO(), f, out, &options)
return RunGetInstanceGroups(cmd.Context(), f, out, &options)
},
}

2
cmd/kops/get_instances.go
View File

@ -73,7 +73,7 @@ func NewCmdGetInstances(f *util.Factory, out io.Writer, options *GetOptions) *co
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunGetInstances(context.TODO(), f, out, options)
return RunGetInstances(cmd.Context(), f, out, options)
},
}

9
cmd/kops/get_keypairs.go
View File

@ -72,10 +72,10 @@ func NewCmdGetKeypairs(f *util.Factory, out io.Writer, getOptions *GetOptions) *
return nil
},
ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return completeGetKeypairs(f, options, args, toComplete)
return completeGetKeypairs(cmd.Context(), f, options, args, toComplete)
},
RunE: func(cmd *cobra.Command, args []string) error {
return RunGetKeypairs(context.TODO(), f, out, options)
return RunGetKeypairs(cmd.Context(), f, out, options)
},
}
@ -259,9 +259,8 @@ func RunGetKeypairs(ctx context.Context, f commandutils.Factory, out io.Writer,
return nil
}
func completeGetKeypairs(f commandutils.Factory, options *GetKeypairsOptions, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
func completeGetKeypairs(ctx context.Context, f commandutils.Factory, options *GetKeypairsOptions, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
commandutils.ConfigureKlogForCompletion()
ctx := context.TODO()
cluster, clientSet, completions, directive := GetClusterForCompletion(ctx, f, nil)
if cluster == nil {
@ -269,7 +268,7 @@ func completeGetKeypairs(f commandutils.Factory, options *GetKeypairsOptions, ar
}
alreadySelected := sets.NewString(args...).Insert("all")
_, _, completions, directive = completeKeyset(cluster, clientSet, nil, func(name string, keyset *fi.Keyset) bool {
_, _, completions, directive = completeKeyset(ctx, cluster, clientSet, nil, func(name string, keyset *fi.Keyset) bool {
return !alreadySelected.Has(name)
})

2
cmd/kops/get_secrets.go
View File

@ -69,7 +69,7 @@ func NewCmdGetSecrets(f *util.Factory, out io.Writer, getOptions *GetOptions) *c
},
ValidArgsFunction: completeSecretNames(f),
RunE: func(cmd *cobra.Command, args []string) error {
return RunGetSecrets(context.TODO(), f, out, &options)
return RunGetSecrets(cmd.Context(), f, out, &options)
},
}

2
cmd/kops/get_sshpublickeys.go
View File

@ -57,7 +57,7 @@ func NewCmdGetSSHPublicKeys(f *util.Factory, out io.Writer, getOptions *GetOptio
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunGetSSHPublicKeys(context.TODO(), f, out, &options)
return RunGetSSHPublicKeys(cmd.Context(), f, out, &options)
},
}

50
cmd/kops/integration_test.go
View File

@ -1023,9 +1023,7 @@ func TestClusterNameDigit(t *testing.T) {
runTestTerraformAWS(t)
}
func (i *integrationTest) runTest(t *testing.T, h *testutils.IntegrationTestHarness, expectedDataFilenames []string, tfFileName string, expectedTfFileName string, phase *cloudup.Phase) {
ctx := context.Background()
func (i *integrationTest) runTest(t *testing.T, ctx context.Context, h *testutils.IntegrationTestHarness, expectedDataFilenames []string, tfFileName string, expectedTfFileName string, phase *cloudup.Phase) {
var stdout bytes.Buffer
i.srcDir = updateClusterTestBase + i.srcDir
@ -1041,7 +1039,7 @@ func (i *integrationTest) runTest(t *testing.T, h *testutils.IntegrationTestHarn
actualTFPath = expectedTfFileName
}
factory := i.setupCluster(t, inputYAML, ctx, stdout)
factory := i.setupCluster(t, ctx, inputYAML, stdout)
{
options := &UpdateClusterOptions{}
@ -1166,7 +1164,7 @@ func (i *integrationTest) runTest(t *testing.T, h *testutils.IntegrationTestHarn
}
}
func (i *integrationTest) setupCluster(t *testing.T, inputYAML string, ctx context.Context, stdout bytes.Buffer) *util.Factory {
func (i *integrationTest) setupCluster(t *testing.T, ctx context.Context, inputYAML string, stdout bytes.Buffer) *util.Factory {
factoryOptions := &util.FactoryOptions{}
factoryOptions.RegistryPath = "memfs://tests"
@ -1208,68 +1206,68 @@ func (i *integrationTest) setupCluster(t *testing.T, inputYAML string, ctx conte
t.Fatalf("error getting keystore: %v", err)
}
storeKeyset(t, keyStore, fi.CertificateIDCA, &testingKeyset{
storeKeyset(t, ctx, keyStore, fi.CertificateIDCA, &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBANFI3zr0Tk8krsW8vwjfMpzJOlWQ8616vG3YPa2qAgI7V4oKwfV0\nyIg1jt+H6f4P/wkPAPTPTfRp9Iy8oHEEFw0CAwEAAQJATmTyoZ3D+6dtBErocEVT\nKyHBhS3P6YrRLIBU0kmdiQHN8BuzvENqm5PASTq1m6yAAJs7qu9S0kO8u4G+SILv\n7QIhAPNCeJoFHmNUwQ1kxuta1RqICGcNoA4Yx5LiHXd9dPM7AiEA3D7gq8WB8csD\nghBNu/zLy3RdFCkfJqWkX5FhdX29alcCIHw4A1HTL1NV4kcuoQ1qEsw7jt7g7EyG\nhtMQuC9eVywlAiA1Z12s6Og4S+Se3fsrUQHNZHrJT6tJALMZpTO/fGy4YwIhANlJ\nR6hkVKtJp9zhipu6WpvpiAtoIlsNnPMPyuDRwV/u\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBbjCCARigAwIBAgIMFpANqBD8NSD82AUSMA0GCSqGSIb3DQEBCwUAMBgxFjAU\nBgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwODAwWhcNMzEwNzA3MDcw\nODAwWjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD\nSwAwSAJBANFI3zr0Tk8krsW8vwjfMpzJOlWQ8616vG3YPa2qAgI7V4oKwfV0yIg1\njt+H6f4P/wkPAPTPTfRp9Iy8oHEEFw0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG\nMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNG3zVjTcLlJwDsJ4/K9DV7KohUA\nMA0GCSqGSIb3DQEBCwUAA0EAB8d03fY2w7WKpfO29qI295pu2C4ca9AiVGOpgSc8\ntmQsq6rcxt3T+rb589PVtz0mw/cKTxOk6gH2CCC+yHfy2w==\n-----END CERTIFICATE-----",
secondaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBAMF6F4aZdpe0RUpyykaBpWwZCnwbffhYGOw+fs6RdLuUq7QCNmJm\n/Eq7WWOziMYDiI9SbclpD+6QiJ0N3EqppVUCAwEAAQJAV9YPAit/vKW542+zx0iq\niiXgLbHpgaq1PeOtfChrH5E4C/Bq4P/0MV6bSBm+Hfc9HKaGQE8HMQT7pdkbTECq\nQQIhANSEABWO1ycqVMUeqgnIkkQi/F/m3cZ9r2HIQPj8upcRAiEA6RDOOrrgvpka\nDoDK+eucjeDDKiR5uLFHvftz0PUNkgUCIDutpehn6HuTI6MHbXC55nlD6eN0jasD\n+JBZEAXb0vpBAiBy/qfCspJReJkyrrl3tpj4J/4jvPuR9WbAhmEOqNqZQQIgBrnt\n9mujgf4rNXZTuxAt0ljAzwKFjs+JcTtm4z59uZg=\n-----END RSA PRIVATE KEY-----",
secondaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBbjCCARigAwIBAgIMFpANvmSa0OAlYmXKMA0GCSqGSIb3DQEBCwUAMBgxFjAU\nBgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwOTM2WhcNMzEwNzA3MDcw\nOTM2WjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD\nSwAwSAJBAMF6F4aZdpe0RUpyykaBpWwZCnwbffhYGOw+fs6RdLuUq7QCNmJm/Eq7\nWWOziMYDiI9SbclpD+6QiJ0N3EqppVUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG\nMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLImp6ARjPDAH6nhI+scWVt3Q9bn\nMA0GCSqGSIb3DQEBCwUAA0EAVQVx5MUtuAIeePuP9o51xtpT2S6Fvfi8J4ICxnlA\n9B7UD2ushcVFPtaeoL9Gfu8aY4KJBeqqg5ojl4qmRnThjw==\n-----END CERTIFICATE-----",
})
storeKeyset(t, keyStore, "apiserver-aggregator-ca", &testingKeyset{
storeKeyset(t, ctx, keyStore, "apiserver-aggregator-ca", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBAMshO9QDlN4KOVxXoC0On4nSNC4YTMews6U84dsVinB1H2zSO4rY\nCbwv/hpchuVvgxeVe22tCCYkC7Bb3tKC3XsCAwEAAQJAe4xCLGjlQcvsKYsuZFlR\nle0hSawD/y0thuIp6SwH4O92AOsfrWDdiWIVCP6S47oBv351BOcoPbOjxfMTN+f6\naQIhAPIfBCHL/GecX1IVyitI1ueG1z0n5DDOKQAxmxTg82SnAiEA1sYK+vXMIV/e\nCl/CHxKwu7f+ufh1bV0OFyd+eI2+Vw0CICs6eG1kUzNYivhH5ammvp/lxkYn+ijw\nlgdv0+V9aFdfAiEAsTUytiK8zQTGthSQnQbU3+5OtK82ZIgVKjGh/mIlnLkCIQC1\neG3yBXM7/cxw1doWZ7AzMncufx9R8Q2Hblm80UrpaQ==\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBgjCCASygAwIBAgIMFo3gINaZLHjisEcbMA0GCSqGSIb3DQEBCwUAMCIxIDAe\nBgNVBAMTF2FwaXNlcnZlci1hZ2dyZWdhdG9yLWNhMB4XDTIxMDYzMDA0NTExMloX\nDTMxMDYzMDA0NTExMlowIjEgMB4GA1UEAxMXYXBpc2VydmVyLWFnZ3JlZ2F0b3It\nY2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyyE71AOU3go5XFegLQ6fidI0LhhM\nx7CzpTzh2xWKcHUfbNI7itgJvC/+GlyG5W+DF5V7ba0IJiQLsFve0oLdewIDAQAB\no0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU\nALfqF5ZmfqvqORuJIFilZYKF3d0wDQYJKoZIhvcNAQELBQADQQAHAomFKsF4jvYX\nWM/UzQXDj9nSAFTf8dBPCXyZZNotsOH7+P6W4mMiuVs8bAuGiXGUdbsQ2lpiT/Rk\nCzMeMdr4\n-----END CERTIFICATE-----",
secondaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBAMshO9QDlN4KOVxXoC0On4nSNC4YTMews6U84dsVinB1H2zSO4rY\nCbwv/hpchuVvgxeVe22tCCYkC7Bb3tKC3XsCAwEAAQJAe4xCLGjlQcvsKYsuZFlR\nle0hSawD/y0thuIp6SwH4O92AOsfrWDdiWIVCP6S47oBv351BOcoPbOjxfMTN+f6\naQIhAPIfBCHL/GecX1IVyitI1ueG1z0n5DDOKQAxmxTg82SnAiEA1sYK+vXMIV/e\nCl/CHxKwu7f+ufh1bV0OFyd+eI2+Vw0CICs6eG1kUzNYivhH5ammvp/lxkYn+ijw\nlgdv0+V9aFdfAiEAsTUytiK8zQTGthSQnQbU3+5OtK82ZIgVKjGh/mIlnLkCIQC1\neG3yBXM7/cxw1doWZ7AzMncufx9R8Q2Hblm80UrpaQ==\n-----END RSA PRIVATE KEY-----",
secondaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBgjCCASygAwIBAgIMFo3gM0nxQpiX/agfMA0GCSqGSIb3DQEBCwUAMCIxIDAe\nBgNVBAMTF2FwaXNlcnZlci1hZ2dyZWdhdG9yLWNhMB4XDTIxMDYzMDA0NTIzMVoX\nDTMxMDYzMDA0NTIzMVowIjEgMB4GA1UEAxMXYXBpc2VydmVyLWFnZ3JlZ2F0b3It\nY2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyyE71AOU3go5XFegLQ6fidI0LhhM\nx7CzpTzh2xWKcHUfbNI7itgJvC/+GlyG5W+DF5V7ba0IJiQLsFve0oLdewIDAQAB\no0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU\nALfqF5ZmfqvqORuJIFilZYKF3d0wDQYJKoZIhvcNAQELBQADQQCXsoezoxXu2CEN\nQdlXZOfmBT6cqxIX/RMHXhpHwRiqPsTO8IO2bVA8CSzxNwMuSv/ZtrMHoh8+PcVW\nHLtkTXH8\n-----END CERTIFICATE-----",
})
storeKeyset(t, keyStore, "etcd-clients-ca", &testingKeyset{
storeKeyset(t, ctx, keyStore, "etcd-clients-ca", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBPQIBAAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKmXVSysPKgE80QSU4tZ6m4\n9pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQJBAKt/gmpHqP3qA3u8RA5R\n2W6L360Z2Mnza1FmkI/9StCCkJGjuE5yDhxU4JcVnFyX/nMxm2ockEEQDqRSu7Oo\nxTECIQD2QsUsgFL4FnXWzTclySJ6ajE4Cte3gSDOIvyMNMireQIhAOEnsV8UaSI+\nZyL7NMLzMPLCgtsrPnlamr8gdrEHf9ITAiEAxCCLbpTI/4LL2QZZrINTLVGT34Fr\nKl/yI5pjrrp/M2kCIQDfOktQyRuzJ8t5kzWsUxCkntS+FxHJn1rtQ3Jp8dV4oQIh\nAOyiVWDyLZJvg7Y24Ycmp86BZjM9Wk/BfWpBXKnl9iDY\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBcjCCARygAwIBAgIMFo1ogHnr26DL9YkqMA0GCSqGSIb3DQEBCwUAMBoxGDAW\nBgNVBAMTD2V0Y2QtY2xpZW50cy1jYTAeFw0yMTA2MjgxNjE5MDFaFw0zMTA2Mjgx\nNjE5MDFaMBoxGDAWBgNVBAMTD2V0Y2QtY2xpZW50cy1jYTBcMA0GCSqGSIb3DQEB\nAQUAA0sAMEgCQQDYlt4Xx03Cp8QooPrloaVWznx9aQDSpl1UsrDyoBPNEElOLWep\nuPaQBHiDLL8LwzGi7G9r+ib13tKrwprnlPv7AgMBAAGjQjBAMA4GA1UdDwEB/wQE\nAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjlt4Ue54AbJPWlDpRM51s\nx+PeBDANBgkqhkiG9w0BAQsFAANBAAZAdf8ROEVkr3Rf7I+s+CQOil2toadlKWOY\nqCeJ2XaEROfp9aUTEIU1MGM3g57MPyAPPU7mURskuOQz6B1UFaY=\n-----END CERTIFICATE-----",
secondaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBPQIBAAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKmXVSysPKgE80QSU4tZ6m4\n9pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQJBAKt/gmpHqP3qA3u8RA5R\n2W6L360Z2Mnza1FmkI/9StCCkJGjuE5yDhxU4JcVnFyX/nMxm2ockEEQDqRSu7Oo\nxTECIQD2QsUsgFL4FnXWzTclySJ6ajE4Cte3gSDOIvyMNMireQIhAOEnsV8UaSI+\nZyL7NMLzMPLCgtsrPnlamr8gdrEHf9ITAiEAxCCLbpTI/4LL2QZZrINTLVGT34Fr\nKl/yI5pjrrp/M2kCIQDfOktQyRuzJ8t5kzWsUxCkntS+FxHJn1rtQ3Jp8dV4oQIh\nAOyiVWDyLZJvg7Y24Ycmp86BZjM9Wk/BfWpBXKnl9iDY\n-----END RSA PRIVATE KEY-----",
secondaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBcjCCARygAwIBAgIMFo1olfBnC/CsT+dqMA0GCSqGSIb3DQEBCwUAMBoxGDAW\nBgNVBAMTD2V0Y2QtY2xpZW50cy1jYTAeFw0yMTA2MjgxNjIwMzNaFw0zMTA2Mjgx\nNjIwMzNaMBoxGDAWBgNVBAMTD2V0Y2QtY2xpZW50cy1jYTBcMA0GCSqGSIb3DQEB\nAQUAA0sAMEgCQQDYlt4Xx03Cp8QooPrloaVWznx9aQDSpl1UsrDyoBPNEElOLWep\nuPaQBHiDLL8LwzGi7G9r+ib13tKrwprnlPv7AgMBAAGjQjBAMA4GA1UdDwEB/wQE\nAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjlt4Ue54AbJPWlDpRM51s\nx+PeBDANBgkqhkiG9w0BAQsFAANBAF1xUz77PlUVUnd9duF8F7plou0TONC9R6/E\nYQ8C6vM1b+9NSDGjCW8YmwEU2fBgskb/BBX2lwVZ32/RUEju4Co=\n-----END CERTIFICATE-----",
})
storeKeyset(t, keyStore, "etcd-manager-ca-events", &testingKeyset{
storeKeyset(t, ctx, keyStore, "etcd-manager-ca-events", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAKiC8tndMlEFZ7qzeKxeKqFVjaYpsh/Hg7RxWo15+1kgH3suO0lx\np9+RxSVv97hnsfbySTPZVhy2cIQj7eZtZt8CAwEAAQJASgIRBIw4YAseronKEvHc\niTTY3ERtvbVTa7lpCr+rG03g4l5xgZXCrP+TvZFr04OH4Ka0Qr4QwvT4qTzOx7He\n+QIhANWjbYUnZ73TC5HTlv9CKr7J34rtuG3soz75ihUbX3tlAiEAyezR8MWSqMkv\nN9Yul0a0YsTq7MuSw+iM+bhNxCeAzvMCIQCNANONOcff4sZVFjkn+ozp5aWUNXgv\nnSrVqq+3ZJytfQIgfZ2n1QL0A7B0gWXqwg0oNrGN/BWAjgNjgA5ZwodYqGUCIA+1\nTJZinwh9+JkPJ8CS3xnQBV7OG2b7C+e3kEkdTHFC\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBgDCCASqgAwIBAgIMFo+bKjm04vB4rNtaMA0GCSqGSIb3DQEBCwUAMCExHzAd\nBgNVBAMTFmV0Y2QtbWFuYWdlci1jYS1ldmVudHMwHhcNMjEwNzA1MjAwOTU2WhcN\nMzEwNzA1MjAwOTU2WjAhMR8wHQYDVQQDExZldGNkLW1hbmFnZXItY2EtZXZlbnRz\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKiC8tndMlEFZ7qzeKxeKqFVjaYpsh/H\ng7RxWo15+1kgH3suO0lxp9+RxSVv97hnsfbySTPZVhy2cIQj7eZtZt8CAwEAAaNC\nMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBg6\nCEZkQNnRkARBwFce03AEWa+sMA0GCSqGSIb3DQEBCwUAA0EAJMnBThok/uUe8q8O\nsS5q19KUuE8YCTUzMDj36EBKf6NX4NoakCa1h6kfQVtlMtEIMWQZCjbm8xGK5ffs\nGS/VUw==\n-----END CERTIFICATE-----",
secondaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAKFhHVVxxDGv8d1jBvtdSxz7KIVoBOjLDMxsmTsINiQkTQaFlb+X\nPlnY1ar4+RhE519AFUkqfhypk4Zxqf1YFXUCAwEAAQJAa2aWfycXy3mtHgmpu+B6\n/O6qKR7xJXz9J4+e6wqr/aCca7ArI3T5mOPl/Bud+mC991SEtkIXIGQMNPXgbr5s\ngQIhANKTO1E4/W2Yez/nGBrizWZRjo8NZClT4gxzxV5hFjD3AiEAxDEabVsGlMJR\nwkdX+zEniY1NoHcWE5iJqRwNRfLZffMCIQC5AWgNHV/zKROn+jZAcOF7Ms5oOqC0\neqFQxWozWGMx0wIgaTy1okcbZpw9YusGBJW/UYdcRmDalLRT00Ra0lSL2YUCIDUp\nz1z7kOIHbVyHalFZDv9t1t9wRhBRKPL0ZjSOQwj0\n-----END RSA PRIVATE KEY-----",
secondaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBgDCCASqgAwIBAgIMFo+bQ+EgIiBmGghjMA0GCSqGSIb3DQEBCwUAMCExHzAd\nBgNVBAMTFmV0Y2QtbWFuYWdlci1jYS1ldmVudHMwHhcNMjEwNzA1MjAxMTQ2WhcN\nMzEwNzA1MjAxMTQ2WjAhMR8wHQYDVQQDExZldGNkLW1hbmFnZXItY2EtZXZlbnRz\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKFhHVVxxDGv8d1jBvtdSxz7KIVoBOjL\nDMxsmTsINiQkTQaFlb+XPlnY1ar4+RhE519AFUkqfhypk4Zxqf1YFXUCAwEAAaNC\nMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNuW\nLLH5c8kDubDbr6BHgedW0iJ9MA0GCSqGSIb3DQEBCwUAA0EAiKUoBoaGu7XzboFE\nhjfKlX0TujqWuW3qMxDEJwj4dVzlSLrAoB/G01MJ+xxYKh456n48aG6N827UPXhV\ncPfVNg==\n-----END CERTIFICATE-----",
})
storeKeyset(t, keyStore, "etcd-manager-ca-main", &testingKeyset{
storeKeyset(t, ctx, keyStore, "etcd-manager-ca-main", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBAMW5A2xmJgkkoaURt6/pc0zhbo8rq7kX4zoWJmUV+MNVLXecut3V\nHPfLI3PRhlGDB3ftJNapf2uPLRoZyujeoycCAwEAAQJBALIOHMEfdB1DubW3MN3f\ns4+Ga1PPFgPHOT9z9vuNP8pWcRWGACXdln4T/VM5LQYrwTQ/i9EMZycl3ISbTUfy\nEPECIQD5RWUR1dF4S2VGFtxhttbZbP6m3Nk/eiOmT3wPv4TJDQIhAMsPY9YgTmfV\nuZwykVu/UopdjVY/vFAiFYwA2Km8b2gDAiB9jdiUnTA++SrvnMAwb5nUNjQl9ANx\nF6IxOMPyYrMNWQIhALb2wANRCrSeq+ak3bqockwALXi4ZwphG78RiCewhUVXAiA+\n4yljHjbbEGQje8VuxmA3ITMeCwAkIqjXY1Z5DUTnDA==\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBfDCCASagAwIBAgIMFo+bKjm1c3jfv6hIMA0GCSqGSIb3DQEBCwUAMB8xHTAb\nBgNVBAMTFGV0Y2QtbWFuYWdlci1jYS1tYWluMB4XDTIxMDcwNTIwMDk1NloXDTMx\nMDcwNTIwMDk1NlowHzEdMBsGA1UEAxMUZXRjZC1tYW5hZ2VyLWNhLW1haW4wXDAN\nBgkqhkiG9w0BAQEFAANLADBIAkEAxbkDbGYmCSShpRG3r+lzTOFujyuruRfjOhYm\nZRX4w1Utd5y63dUc98sjc9GGUYMHd+0k1ql/a48tGhnK6N6jJwIDAQABo0IwQDAO\nBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWZLkbBFx\nGAgPU4i62c52unSo7RswDQYJKoZIhvcNAQELBQADQQAj6Pgd0va/8FtkyMlnohLu\nGf4v8RJO6zk3Y6jJ4+cwWziipFM1ielMzSOZfFcCZgH3m5Io40is4hPSqyq2TOA6\n-----END CERTIFICATE-----",
secondaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAMN9483Hf4qLDdOG9Fl2w7ewdHN7Cd2mn3Biz7xt8UQfTeW2K/fq\nmQKt5swBZMbHJ+I9XHuW9fxikwxAApZmYHUCAwEAAQJAOOGfcBe1L52oRz0ESie5\naPBJ4fQR+dFqoOvPYBdpVRV4h8PcLGhH7H0RO0pJf9ni0MxWDMn2R8Nw6/I7zSgr\n/QIhAN432G6YOItNGj0wrNBgZerFIOVdnHe+higgAhJOtNFbAiEA4TXsL5ALyAYI\nVDS66EbriI15z5XxiauBk0zAbqun7m8CIQDUK+Ichn7GkpGRBx6ZvtDQvfNQzHaO\n5nzVZupTbI68rQIgLzkNU1PTBJgvOujroDTuwm1X820vfnyV6PsZBpu71MUCIAPQ\nTjwL4gGtCZtHXHqAUS9vgf4sQ40oBqNb3NhshheB\n-----END RSA PRIVATE KEY-----",
secondaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBfDCCASagAwIBAgIMFo+bQ+Eg8Si30gr4MA0GCSqGSIb3DQEBCwUAMB8xHTAb\nBgNVBAMTFGV0Y2QtbWFuYWdlci1jYS1tYWluMB4XDTIxMDcwNTIwMTE0NloXDTMx\nMDcwNTIwMTE0NlowHzEdMBsGA1UEAxMUZXRjZC1tYW5hZ2VyLWNhLW1haW4wXDAN\nBgkqhkiG9w0BAQEFAANLADBIAkEAw33jzcd/iosN04b0WXbDt7B0c3sJ3aafcGLP\nvG3xRB9N5bYr9+qZAq3mzAFkxscn4j1ce5b1/GKTDEAClmZgdQIDAQABo0IwQDAO\nBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUE/h+3gDP\nDvKwHRyiYlXM8voZ1wowDQYJKoZIhvcNAQELBQADQQBXuimeEoAOu5HN4hG7NqL9\nt40K3ZRhRZv3JQWnRVJCBDjg1rD0GQJR/n+DoWvbeijI5C9pNjr2pWSIYR1eYCvd\n-----END CERTIFICATE-----",
})
storeKeyset(t, keyStore, "etcd-peers-ca-events", &testingKeyset{
storeKeyset(t, ctx, keyStore, "etcd-peers-ca-events", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAL+YOBxdsZq2MqLiX2PY18dTN4Dyw/6bqb8T2McoycOaTQsuTOVx\nkt4k6kQ+UQxNH1rnVRxWSiyHvFj3NOjQKV8CAwEAAQJATy6MugRq20LDaJffzncW\nrnUQ8kTihX41yBdetuh/gkuyMifMRLi1wVKjrtvIcjhj1vCoCoDLYnUJ/au2rFjO\neQIhAMwZbPwLshFZocs27a+9ngWlF67uHawBsWeC8rddc6u9AiEA8FDBJrDjckMh\ngPoFA29l4JmJTNT16wbBiIopKOwpTUsCIDXDvOHocs//PI+7uIFDAg2an9KFB2v4\nRjNuW2HSTFZBAiA7pD8bpCD+tax1/xcJcDc/k7tgpyXVS5rykR9/+YSSmwIhAIqA\nuHHsA+iviwxdgjDQR8Cc0jWzH9LOC3/AM0+WH4Pe\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBfDCCASagAwIBAgIMFo+bKjmxTPh3/lYJMA0GCSqGSIb3DQEBCwUAMB8xHTAb\nBgNVBAMTFGV0Y2QtcGVlcnMtY2EtZXZlbnRzMB4XDTIxMDcwNTIwMDk1NloXDTMx\nMDcwNTIwMDk1NlowHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1ldmVudHMwXDAN\nBgkqhkiG9w0BAQEFAANLADBIAkEAv5g4HF2xmrYyouJfY9jXx1M3gPLD/pupvxPY\nxyjJw5pNCy5M5XGS3iTqRD5RDE0fWudVHFZKLIe8WPc06NApXwIDAQABo0IwQDAO\nBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUf6xiDI+O\nYph1ziCGr2hZaQYt+fUwDQYJKoZIhvcNAQELBQADQQBBxj5hqEQstonTb8lnqeGB\nDEYtUeAk4eR/HzvUMjF52LVGuvN3XVt+JTrFeKNvb6/RDUbBNRj3azalcUkpPh6V\n-----END CERTIFICATE-----",
secondaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAKOTY9go19aqd5hD8NR+ZxwBVi6BjUi0pURSVtNzcWjTzBcy+T6w\nqMjl61/PzFnM7mWMNAq3/BDzjkFotvltFy8CAwEAAQJAUIYQEqsYhZ5pPVXEynZn\nP8wQptgzuuTirp1yDKm53IYNYkRMdPD1XPymeCOvS1lvkwIFCiyuo1EUMQzVowdU\nMQIhAMj9iSDnm2nSzXdv7lOA3hUsh5/sCZbmAHe8+Y3P8LtFAiEA0FhibI6FkmQC\n7/ifuhS90Y3Qmo/B9N8HiFIN84Gm9eMCIC9E2VxAvB8+MY5WZ7GBzDkkmNz2kSbI\n/vEqI3LDpbUVAiEAnhgTR5C2ZqkhWXrtqUQH7bWQ71fas7dxfc3V7EsbqEUCIEv+\nfsV/d2yUde2L5E6eYiL0lZ5DwhKkXOjZlZX7rT8c\n-----END RSA PRIVATE KEY-----",
secondaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBfDCCASagAwIBAgIMFo+bQ+Eq69jgzpKwMA0GCSqGSIb3DQEBCwUAMB8xHTAb\nBgNVBAMTFGV0Y2QtcGVlcnMtY2EtZXZlbnRzMB4XDTIxMDcwNTIwMTE0NloXDTMx\nMDcwNTIwMTE0NlowHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1ldmVudHMwXDAN\nBgkqhkiG9w0BAQEFAANLADBIAkEAo5Nj2CjX1qp3mEPw1H5nHAFWLoGNSLSlRFJW\n03NxaNPMFzL5PrCoyOXrX8/MWczuZYw0Crf8EPOOQWi2+W0XLwIDAQABo0IwQDAO\nBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUxauhhKQh\ncvdZND78rHe0RQVTTiswDQYJKoZIhvcNAQELBQADQQB+cq4jIS9q0zXslaRa+ViI\nJ+dviA3sMygbmSJO0s4DxYmoazKJblux5q0ASSvS9iL1l9ShuZ1dWyp2tpZawHyb\n-----END CERTIFICATE-----",
})
storeKeyset(t, keyStore, "etcd-peers-ca-main", &testingKeyset{
storeKeyset(t, ctx, keyStore, "etcd-peers-ca-main", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBALJFpdanCA3og1CrCz2n8G88SUm/ZGej11VMWGVCoMBpQld7swGa\nI7g0lxbvoSjN4GHnO1Hf/g0TUUzbHxOKxLcCAwEAAQJBAI418S1i4ZH2wYpAaB8v\nMSYLOYuTGk1y7fwlgv6EQCg8esJcMCeDsqT5V5sUicT6jT5m3KdpKA4v4kpZJzHo\nr8ECIQDRtEmpTSmTQ1FAVPu34j6ZU0W5zT8RMaoUFPCXPJ/M9QIhANmg7bTqNNBY\nd7TUxmgm2NW5GDn0yyg1WqoIL4wOJz97AiBvrCad9e1x8qNOMvNpVR4o4GN9MoOn\nUF9WGmCU6T/gEQIgdhnEBdK3eH0Z8TMqvKigMVNyFzmF6jsSCYXJr7qah/MCIQCy\npxPa6cKMC0n9t61B+1f7O2yCvwllormxaFYVm9J4xw==\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBeDCCASKgAwIBAgIMFo+bKjmuLDDLcDHsMA0GCSqGSIb3DQEBCwUAMB0xGzAZ\nBgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjAeFw0yMTA3MDUyMDA5NTZaFw0zMTA3\nMDUyMDA5NTZaMB0xGzAZBgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjBcMA0GCSqG\nSIb3DQEBAQUAA0sAMEgCQQCyRaXWpwgN6INQqws9p/BvPElJv2Rno9dVTFhlQqDA\naUJXe7MBmiO4NJcW76EozeBh5ztR3/4NE1FM2x8TisS3AgMBAAGjQjBAMA4GA1Ud\nDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQtE1d49uSvpURf\nOQ25Vlu6liY20DANBgkqhkiG9w0BAQsFAANBAAgLVaetJZcfOA3OIMMvQbz2Ydrt\nuWF9BKkIad8jrcIrm3IkOtR8bKGmDIIaRKuG/ZUOL6NMe2fky3AAfKwleL4=\n-----END CERTIFICATE-----",
secondaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBALE1vJwNk3HlXVk6JfFlK9oWkdHAp4cN9y4xSK12g+2dpUyUxMYN\nYAy4JWYUcUBaiEhjKd6YR6CZmRnXlLsASt8CAwEAAQJABeku812Yj3IBHRrNbTHc\ntpeOIZr1e5HBru7B59dOKzzKrI2SozD+wKmhi2r+8yPkdU1nq4DE1Pboc1BmPh9C\n0QIhAMiAQ+yZRuThl8qOCZ+D9Frmml102DIf5d1NjGGQD84FAiEA4kMJCM194VPV\n2W7QsLH+szbwRHXg1dOlR9WQHJ8rZpMCIF/F7SwyV0vzerdVu8EHngxhxPDJZJAk\n7n8UkO71iqclAiEAypza9z4E7oWDZ507Vi9edJ/K0pN4jiJjzIrq7SZ/1+8CID2K\nAMbqYsKhlMt8zM+hSUg+u8wcWs8CVBb4ozQY2Xyb\n-----END RSA PRIVATE KEY-----",
secondaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBeDCCASKgAwIBAgIMFo+bQ+EuVthBfuZvMA0GCSqGSIb3DQEBCwUAMB0xGzAZ\nBgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjAeFw0yMTA3MDUyMDExNDZaFw0zMTA3\nMDUyMDExNDZaMB0xGzAZBgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjBcMA0GCSqG\nSIb3DQEBAQUAA0sAMEgCQQCxNbycDZNx5V1ZOiXxZSvaFpHRwKeHDfcuMUitdoPt\nnaVMlMTGDWAMuCVmFHFAWohIYynemEegmZkZ15S7AErfAgMBAAGjQjBAMA4GA1Ud\nDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTAjQ8T4HclPIsC\nqipEfUIcLP6jqTANBgkqhkiG9w0BAQsFAANBAJdZ17TN3HlWrH7HQgfR12UBwz8K\nG9DurDznVaBVUYaHY8Sg5AvAXeb+yIF2JMmRR+bK+/G1QYY2D3/P31Ic2Oo=\n-----END CERTIFICATE-----",
})
storeKeyset(t, keyStore, "service-account", &testingKeyset{
storeKeyset(t, ctx, keyStore, "service-account", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBPQIBAAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKmXVSysPKgE80QSU4tZ6m4\n9pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQJBAKt/gmpHqP3qA3u8RA5R\n2W6L360Z2Mnza1FmkI/9StCCkJGjuE5yDhxU4JcVnFyX/nMxm2ockEEQDqRSu7Oo\nxTECIQD2QsUsgFL4FnXWzTclySJ6ajE4Cte3gSDOIvyMNMireQIhAOEnsV8UaSI+\nZyL7NMLzMPLCgtsrPnlamr8gdrEHf9ITAiEAxCCLbpTI/4LL2QZZrINTLVGT34Fr\nKl/yI5pjrrp/M2kCIQDfOktQyRuzJ8t5kzWsUxCkntS+FxHJn1rtQ3Jp8dV4oQIh\nAOyiVWDyLZJvg7Y24Ycmp86BZjM9Wk/BfWpBXKnl9iDY\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBZzCCARGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDEw9zZXJ2\naWNlLWFjY291bnQwHhcNMjEwNTAyMjAzMDA2WhcNMzEwNTAyMjAzMDA2WjAaMRgw\nFgYDVQQDEw9zZXJ2aWNlLWFjY291bnQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\n2JbeF8dNwqfEKKD65aGlVs58fWkA0qZdVLKw8qATzRBJTi1nqbj2kAR4gyy/C8Mx\nouxva/om9d7Sq8Ka55T7+wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T\nAQH/BAUwAwEB/zAdBgNVHQ4EFgQUI5beFHueAGyT1pQ6UTOdbMfj3gQwDQYJKoZI\nhvcNAQELBQADQQBwPLO+Np8o6k3aNBGKE4JTCOs06X72OXNivkWWWP/9XGz6x4DI\nHPU65kbUn/pWXBUVVlpsKsdmWA2Bu8pd/vD+\n-----END CERTIFICATE-----\n",
secondaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZFFtxc+8xir1XC3mI/RhCC\nrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQJAejInjmEzqmzQr0NxcIN4\nPukwK3FBKl+RAOZfqNIKcww14mfOn7Gc6lF2zEC4GnLiB3tthbSXoBGi54nkW4ki\nyQIhANZNne9UhQlwyjsd3WxDWWrl6OOZ3J8ppMOIQni9WRLlAiEAw1XEdxPOSOSO\nB6rucpTT1QivVvyEFIb/ukvPm769Mh8CIQDNQwKnHdlfNX0+KljPPaMD1LrAZbr/\naC+8aWLhqtsKUQIgF7gUcTkwdV17eabh6Xv09Qtm7zMefred2etWvFy+8JUCIECv\nFYOKQVWHX+Q7CHX2K1oTECVnZuW1UItdDYVlFYxQ\n-----END RSA PRIVATE KEY-----",
secondaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBZzCCARGgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDEw9zZXJ2\naWNlLWFjY291bnQwHhcNMjEwNTAyMjAzMjE3WhcNMzEwNTAyMjAzMjE3WjAaMRgw\nFgYDVQQDEw9zZXJ2aWNlLWFjY291bnQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\no4Tridlsf4Yz3UAiup/scSTiG/OqxkUW3Fz7zGKvVcLeYj9GEIKuzoB1VFk1nboD\nq4cCuGLfdzaQdCQKPIsDuwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T\nAQH/BAUwAwEB/zAdBgNVHQ4EFgQUhPbxEmUbwVOCa+fZgxreFhf67UEwDQYJKoZI\nhvcNAQELBQADQQALMsyK2Q7C/bk27eCvXyZKUfrLvor10hEjwGhv14zsKWDeTj/J\nA1LPYp7U9VtFfgFOkVbkLE9Rstc0ltNrPqxA\n-----END CERTIFICATE-----\n",
})
if i.ciliumEtcd {
storeKeyset(t, keyStore, "etcd-clients-ca-cilium", &testingKeyset{
storeKeyset(t, ctx, keyStore, "etcd-clients-ca-cilium", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBPQIBAAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKmXVSysPKgE80QSU4tZ6m4\n9pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQJBAKt/gmpHqP3qA3u8RA5R\n2W6L360Z2Mnza1FmkI/9StCCkJGjuE5yDhxU4JcVnFyX/nMxm2ockEEQDqRSu7Oo\nxTECIQD2QsUsgFL4FnXWzTclySJ6ajE4Cte3gSDOIvyMNMireQIhAOEnsV8UaSI+\nZyL7NMLzMPLCgtsrPnlamr8gdrEHf9ITAiEAxCCLbpTI/4LL2QZZrINTLVGT34Fr\nKl/yI5pjrrp/M2kCIQDfOktQyRuzJ8t5kzWsUxCkntS+FxHJn1rtQ3Jp8dV4oQIh\nAOyiVWDyLZJvg7Y24Ycmp86BZjM9Wk/BfWpBXKnl9iDY\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBgDCCASqgAwIBAgIMFotPsR9PsbCKkTJsMA0GCSqGSIb3DQEBCwUAMCExHzAd\nBgNVBAMTFmV0Y2QtY2xpZW50cy1jYS1jaWxpdW0wHhcNMjEwNjIxMjAyMTUyWhcN\nMzEwNjIxMjAyMTUyWjAhMR8wHQYDVQQDExZldGNkLWNsaWVudHMtY2EtY2lsaXVt\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm\nXVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAaNC\nMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFCOW\n3hR7ngBsk9aUOlEznWzH494EMA0GCSqGSIb3DQEBCwUAA0EAR4UEW5ZK+NVtqm7s\nHF/JbSYPd+BhcNaJVOv8JP+/CGfCOXOmxjpZICSYQqe6UjjjP7fbJy8FANTpKTuJ\nUQC1kQ==\n-----END CERTIFICATE-----",
secondaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBPQIBAAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKmXVSysPKgE80QSU4tZ6m4\n9pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQJBAKt/gmpHqP3qA3u8RA5R\n2W6L360Z2Mnza1FmkI/9StCCkJGjuE5yDhxU4JcVnFyX/nMxm2ockEEQDqRSu7Oo\nxTECIQD2QsUsgFL4FnXWzTclySJ6ajE4Cte3gSDOIvyMNMireQIhAOEnsV8UaSI+\nZyL7NMLzMPLCgtsrPnlamr8gdrEHf9ITAiEAxCCLbpTI/4LL2QZZrINTLVGT34Fr\nKl/yI5pjrrp/M2kCIQDfOktQyRuzJ8t5kzWsUxCkntS+FxHJn1rtQ3Jp8dV4oQIh\nAOyiVWDyLZJvg7Y24Ycmp86BZjM9Wk/BfWpBXKnl9iDY\n-----END RSA PRIVATE KEY-----",
secondaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBgDCCASqgAwIBAgIMFotP940EXpD3N1D7MA0GCSqGSIb3DQEBCwUAMCExHzAd\nBgNVBAMTFmV0Y2QtY2xpZW50cy1jYS1jaWxpdW0wHhcNMjEwNjIxMjAyNjU1WhcN\nMzEwNjIxMjAyNjU1WjAhMR8wHQYDVQQDExZldGNkLWNsaWVudHMtY2EtY2lsaXVt\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm\nXVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAaNC\nMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFCOW\n3hR7ngBsk9aUOlEznWzH494EMA0GCSqGSIb3DQEBCwUAA0EARXoKy6mExpD6tHFO\nCN3ZGNZ5BsHl5W5y+gwUuVskgC7xt/bgTuXm5hz8TLgnG5kYtG4uxjFg4yCvtNg2\nMQNfAQ==\n-----END CERTIFICATE-----",
})
storeKeyset(t, keyStore, "etcd-manager-ca-cilium", &testingKeyset{
storeKeyset(t, ctx, keyStore, "etcd-manager-ca-cilium", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBAMHrFsj6jdcV2UZnTJmqNdbz7kQjh0NW0PrIWcRAD6Y1q9/Nvbnd\nWF8jGay206KXJk1r/qHXyDuwHCKgZkfbnS0CAwEAAQJAbmWl/RkXMwHPRlN8uma6\na/tHBCet09pS8tKouB84SYh61MmgKnd+IGVmoUA18zSSOVYkueiHxUjVNIx5Oe6b\nwQIhANfLXoFFoW2MHXEgTmZV3N8t/zcpWk24PfjuoutR1YSFAiEA5gxOtNgVfTv6\nUPb1zixknCLy/QRUyuA1UH4mlPMIiokCIQCZq7t692kDp/n3a3gpLBAD5q+OSqaC\nHigTs2zVgws4OQIgZ86j8X0UbVeUQ9a84pUrrT0kEsJSlN2JkVHrjQkCEKkCIQCs\ngOQHglDw6452+lc/qokpE4vGEyrm6uyMj07Uz4KY6A==\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBgDCCASqgAwIBAgIMFo+bv6kG/ijs2GJsMA0GCSqGSIb3DQEBCwUAMCExHzAd\nBgNVBAMTFmV0Y2QtbWFuYWdlci1jYS1jaWxpdW0wHhcNMjEwNzA1MjAyMDM3WhcN\nMzEwNzA1MjAyMDM3WjAhMR8wHQYDVQQDExZldGNkLW1hbmFnZXItY2EtY2lsaXVt\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMHrFsj6jdcV2UZnTJmqNdbz7kQjh0NW\n0PrIWcRAD6Y1q9/NvbndWF8jGay206KXJk1r/qHXyDuwHCKgZkfbnS0CAwEAAaNC\nMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFDKE\nITER3OCn4C7w9YVi2YdHDUkJMA0GCSqGSIb3DQEBCwUAA0EAo2zLlhHTpYlTM7dh\netdG+8zu6GpzoNs6caeYT1F7LCUp5CX8T05QVHZNSwTU41wFFu3nRa5Fr8/2nB+M\nEcE5pA==\n-----END CERTIFICATE-----",
secondaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAKObYoPZoxsjbLbCy1tA2JyHFKEPHg3XgOPCmQLAYvnDOIxAewih\nwpdjjcuJP+xoz0vUA+fcJaBei/3lAFNV0MUCAwEAAQJASYREM20zfrlfW4ySppGw\nBD4qxeiuH5gr4ayK5xKeJw6bHCh/bdUn5SPFY3PWzqj/RsvegNSZyNU7rfOFWV1n\nbQIhAMP2awFys/VQeokXH4hIXX6lreLnNWaCX9gVvkUvbWJbAiEA1btHLJj+EZ5m\nQPZvLJ469ASs4F0yMbjKer+xPhnpw18CIG2tVWaSFDaQvIRN9NAJ8IoZoKEGVtTw\n00PVp5CBYu9RAiAeoSgiDArdG4Yr6SUlj8eDEOh1fuWimojp7m7IJ46IoQIhAIO0\nJpW2I4J+WHOqUKJVjugNtBSqNDF5mDXINHo7U/gO\n-----END RSA PRIVATE KEY-----",
secondaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBgDCCASqgAwIBAgIMFo+b23aziPjha6o+MA0GCSqGSIb3DQEBCwUAMCExHzAd\nBgNVBAMTFmV0Y2QtbWFuYWdlci1jYS1jaWxpdW0wHhcNMjEwNzA1MjAyMjM3WhcN\nMzEwNzA1MjAyMjM3WjAhMR8wHQYDVQQDExZldGNkLW1hbmFnZXItY2EtY2lsaXVt\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKObYoPZoxsjbLbCy1tA2JyHFKEPHg3X\ngOPCmQLAYvnDOIxAewihwpdjjcuJP+xoz0vUA+fcJaBei/3lAFNV0MUCAwEAAaNC\nMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOBa\nmp4zlA4aPNrVCZgS+Ot9sG5BMA0GCSqGSIb3DQEBCwUAA0EABBJLTr+G+TxDLF3E\nJyV/pgEM/QggrBJozK1bWCvxIUKsnZHiX6E/WVeDeT1QlM1HaxumLGMsKAAyxPV4\nGY7LCw==\n-----END CERTIFICATE-----",
})
storeKeyset(t, keyStore, "etcd-peers-ca-cilium", &testingKeyset{
storeKeyset(t, ctx, keyStore, "etcd-peers-ca-cilium", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBANiACqgi/3txqkMV6kTSMA1ZR6M3ul4QiGthUuW7TPKkNHhnq5rR\nFdyhLcQJYsetmVR2TrgH0hQD9Nofn5H5yWkCAwEAAQJBAJEjbYGATOPVtH3a0D2o\n5vvb8XGTJ4Zt8PaDvU4zfYdfoAGpL/Pq3QijpESEKX9t4+sh4w94dG7oDpniGCvV\nO4ECIQDsUkKcDiNKH7TxZxYLx9MYEIXMQK/71ge+QHN9DSSQeQIhAOqHP0EhCqtZ\niYHYvPnO4gf4Du+eCqlfrb2u3z3FbSRxAiBPn1OkArtvIQm1ADeUVopQJFkAPZdN\nsYpAVrTSoFf+eQIgOCMNcgJ9skwpTOpbOZRaqDupH5P9y1L6nGeqSffiyxECIF2N\nrfTIH7lUlRexa0ExTFVRnblo9qawPxhWQkd2u3En\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBfDCCASagAwIBAgIMFo+bv6kGnIBWECkZMA0GCSqGSIb3DQEBCwUAMB8xHTAb\nBgNVBAMTFGV0Y2QtcGVlcnMtY2EtY2lsaXVtMB4XDTIxMDcwNTIwMjAzN1oXDTMx\nMDcwNTIwMjAzN1owHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1jaWxpdW0wXDAN\nBgkqhkiG9w0BAQEFAANLADBIAkEA2IAKqCL/e3GqQxXqRNIwDVlHoze6XhCIa2FS\n5btM8qQ0eGermtEV3KEtxAlix62ZVHZOuAfSFAP02h+fkfnJaQIDAQABo0IwQDAO\nBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUfr/92gfR\nqn/blYJEH3A38U51A8AwDQYJKoZIhvcNAQELBQADQQCC6qoc1PX3AXOtt+lqTtu0\noHrjU5/YXFbqDxEh/VdGYhqtpg3YuoHWAp3JDg1RVW1SRfUx30/375hoB5Nrw/5S\n-----END CERTIFICATE-----",
secondaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBAMN09qchDoATwSsKH7iCy6JD8QBaZVc3bueNH6ERCeIlaoq6FJbM\n9RvdJhMJqkfge/9JLe9L3vYuWehO0M9p0GkCAwEAAQJAIhzRx41/aF8KQaa8rok1\nXRaag0NDmJs2IfeBY60DmpI66uTtDHhpwxC9p6XDWdxcv0FJma0CHoTEksg8GDm5\nGQIhANFFU345K3Aezn6oeoT7vV0iAj0PRqEwiJ2f7l0lhtUHAiEA7xn76xIsJUCB\nAeshuO83KSsei6Traudg/+4G3H0Jww8CIQC8hLVIOfwVjsr6co+ciKL36REXLFG2\nF2Cajl5ObuXdtQIgCpoiW4gQwQ4dKlKcyjCBR6gL0LFdZv4fhPmvADPjLO0CIQCT\nNBQjZG61HYyhBYaexj+ZVleuheY6re75KkncxUYwNw==\n-----END RSA PRIVATE KEY-----",
@ -1277,13 +1275,13 @@ func (i *integrationTest) setupCluster(t *testing.T, inputYAML string, ctx conte
})
}
if !model.UseKopsControllerForNodeBootstrap(cluster) {
storeKeyset(t, keyStore, "kubelet", &testingKeyset{
storeKeyset(t, ctx, keyStore, "kubelet", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAM6BUO6Gjjskn8s87GdJB8QPpNTx949t5Z/GgQpLVCapj741c1//\nvyH6JPsyqFUVy+lsBXQHSdCz2awMhKd9x5kCAwEAAQJARozbj4Ic2Yvbo92+jlLe\n+la146J/B1tuVbXFpDS0HTi3W94fVfu6R7FR9um1te1hzBAr6I4RqXxBAvipzG9P\n4QIhAPUg1AV/uyzKxELhVNKysAqvz1oLx2NeAh3DewRQn2MNAiEA16n2q69vFDvd\nnoCi2jwfR9/VyuMjloJElRyG1hoqg70CIQDkH/QRVgkcq2uxDkFBgLgiifF/zJx3\n1mJDzsuqfVmH9QIgEP/2z8W+bcviRlJBhA5lMNc2FQ4eigiuu0pKXqolW8kCIBy/\n27C5grBlEqjw1taSKqoSnylUW6SL8N8UR0MJU5up\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBkzCCAT2gAwIBAgIMFpL6CzllQiBcgTbiMA0GCSqGSIb3DQEBCwUAMBgxFjAU\nBgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzE2MTk0MjIxWhcNMzEwNzE2MTk0\nMjIxWjApMRUwEwYDVQQKEwxzeXN0ZW06bm9kZXMxEDAOBgNVBAMTB2t1YmVsZXQw\nXDANBgkqhkiG9w0BAQEFAANLADBIAkEAzoFQ7oaOOySfyzzsZ0kHxA+k1PH3j23l\nn8aBCktUJqmPvjVzX/+/Ifok+zKoVRXL6WwFdAdJ0LPZrAyEp33HmQIDAQABo1Yw\nVDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/\nBAIwADAfBgNVHSMEGDAWgBTRt81Y03C5ScA7CePyvQ1eyqIVADANBgkqhkiG9w0B\nAQsFAANBAGOPYAM8wEDpRs4Sa+UxSRNM5xt2a0ctNqLxYbN0gsoTXY3vEFb06qLH\npgBJgBLXG8siOEhyEhsFiXSw4klQ/y8=\n-----END CERTIFICATE-----",
secondaryKey: "",
secondaryCertificate: "",
})
storeKeyset(t, keyStore, "kube-proxy", &testingKeyset{
storeKeyset(t, ctx, keyStore, "kube-proxy", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAM7f0Zt5vDchamMg9TABxyAWGRVhWVmLqmfKr1rGvohWB/eVJmxZ\nCSNg6ShIDnDT2qJx5Aw05jjfDRJsrlCcAkMCAwEAAQJAeeRo5boBy14WCFiH/4Rc\npqw+lVlpwxhHDKbhUZRe+YbfobR7M35GoKJ5Zjtvh5V1eC1irGzSvUQg96snVCIv\nqQIhAPWGxfFedkYvddBHpp6pg/55AshVp8NPeYfV1olKc10FAiEA17Lzn7yyekzY\nr8tgm5zt6Hf9DfOPS+iCUwTpJzkhRKcCIAJUiyBlUx4LaUTWyUAMP9J0d5BLL9Js\nuKyPXP/kkv+5AiEApTYO/jmU5rH3gmafP3Gqk9VbwRTdnAGh2J65Sm6quZ8CIC4v\nqwjRQtwPYB4PPym2gTL4hjgWTj7bQEspm3A9eEs5\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBhjCCATCgAwIBAgIMFpL6CzlkDYhRlgqCMA0GCSqGSIb3DQEBCwUAMBgxFjAU\nBgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzE2MTk0MjIxWhcNMzEwNzE2MTk0\nMjIxWjAcMRowGAYDVQQDExFzeXN0ZW06a3ViZS1wcm94eTBcMA0GCSqGSIb3DQEB\nAQUAA0sAMEgCQQDO39Gbebw3IWpjIPUwAccgFhkVYVlZi6pnyq9axr6IVgf3lSZs\nWQkjYOkoSA5w09qiceQMNOY43w0SbK5QnAJDAgMBAAGjVjBUMA4GA1UdDwEB/wQE\nAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY\nMBaAFNG3zVjTcLlJwDsJ4/K9DV7KohUAMA0GCSqGSIb3DQEBCwUAA0EANRng3dTL\nZYQLfeRolSiKFHrsDxfNL5sXbsNcJNkP9VNmxTGs3RyvNlzsaVQkXaBnlHYx0+nk\nGWXMq4Kke2ukxQ==\n-----END CERTIFICATE-----",
secondaryKey: "",
@ -1301,7 +1299,7 @@ type testingKeyset struct {
secondaryCertificate string
}
func storeKeyset(t *testing.T, keyStore fi.Keystore, name string, testingKeyset *testingKeyset) {
func storeKeyset(t *testing.T, ctx context.Context, keyStore fi.Keystore, name string, testingKeyset *testingKeyset) {
{
privateKey, err := pki.ParsePEMPrivateKey([]byte(testingKeyset.primaryKey))
if err != nil {
@ -1332,7 +1330,7 @@ func storeKeyset(t *testing.T, keyStore fi.Keystore, name string, testingKeyset
_, _ = keyset.AddItem(cert, privateKey, false)
}
err = keyStore.StoreKeyset(name, keyset)
err = keyStore.StoreKeyset(ctx, name, keyset)
if err != nil {
t.Fatalf("error storing user provided keys: %v", err)
}
@ -1340,6 +1338,7 @@ func storeKeyset(t *testing.T, keyStore fi.Keystore, name string, testingKeyset
}
func (i *integrationTest) runTestTerraformAWS(t *testing.T) {
ctx := testutils.ContextForTest(t)
h := testutils.NewIntegrationTestHarness(t)
defer h.Close()
@ -1423,10 +1422,11 @@ func (i *integrationTest) runTestTerraformAWS(t *testing.T) {
}
expectedFilenames = append(expectedFilenames, i.expectServiceAccountRolePolicies...)
i.runTest(t, h, expectedFilenames, "", "", nil)
i.runTest(t, ctx, h, expectedFilenames, "", "", nil)
}
func (i *integrationTest) runTestPhase(t *testing.T, phase cloudup.Phase) {
ctx := testutils.ContextForTest(t)
h := testutils.NewIntegrationTestHarness(t)
defer h.Close()
@ -1467,10 +1467,11 @@ func (i *integrationTest) runTestPhase(t *testing.T, phase cloudup.Phase) {
}
}
i.runTest(t, h, expectedFilenames, tfFileName, "", &phase)
i.runTest(t, ctx, h, expectedFilenames, tfFileName, "", &phase)
}
func (i *integrationTest) runTestTerraformGCE(t *testing.T) {
ctx := testutils.ContextForTest(t)
h := testutils.NewIntegrationTestHarness(t)
defer h.Close()
@ -1505,10 +1506,11 @@ func (i *integrationTest) runTestTerraformGCE(t *testing.T) {
expectedFilenames = append(expectedFilenames, prefix+"startup-script")
}
i.runTest(t, h, expectedFilenames, "", "", nil)
i.runTest(t, ctx, h, expectedFilenames, "", "", nil)
}
func (i *integrationTest) runTestTerraformHetzner(t *testing.T) {
ctx := testutils.ContextForTest(t)
h := testutils.NewIntegrationTestHarness(t)
defer h.Close()
@ -1537,7 +1539,7 @@ func (i *integrationTest) runTestTerraformHetzner(t *testing.T) {
"hcloud_server_nodes-fsn1_user_data",
)
i.runTest(t, h, expectedFilenames, "", "", nil)
i.runTest(t, ctx, h, expectedFilenames, "", "", nil)
}
func MakeSSHKeyPair(publicKeyPath string, privateKeyPath string) error {

6
cmd/kops/lifecycle_integration_test.go
View File

@ -200,7 +200,7 @@ func runLifecycleTest(h *testutils.IntegrationTestHarness, o *LifecycleTestOptio
beforeResources := AllAWSResources(cloud)
factory := newIntegrationTest(o.ClusterName, o.SrcDir).
setupCluster(t, inputYAML, ctx, stdout)
setupCluster(t, ctx, inputYAML, stdout)
updateEnsureNoChanges(ctx, t, factory, o.ClusterName, stdout)
@ -437,7 +437,7 @@ func runLifecycleTestOpenstack(o *LifecycleTestOptions) {
inputYAML := "in-" + o.Version + ".yaml"
factory := newIntegrationTest(o.ClusterName, o.SrcDir).
setupCluster(t, inputYAML, ctx, stdout)
setupCluster(t, ctx, inputYAML, stdout)
updateEnsureNoChanges(ctx, t, factory, o.ClusterName, stdout)
@ -489,7 +489,7 @@ func runLifecycleTestGCE(o *LifecycleTestOptions) {
inputYAML := "in-" + o.Version + ".yaml"
factory := newIntegrationTest(o.ClusterName, o.SrcDir).
setupCluster(t, inputYAML, ctx, stdout)
setupCluster(t, ctx, inputYAML, stdout)
updateEnsureNoChanges(ctx, t, factory, o.ClusterName, stdout)

5
cmd/kops/main.go
View File

@ -16,6 +16,9 @@ limitations under the License.
package main // import "k8s.io/kops/cmd/kops"
import "context"
func main() {
Execute()
ctx := context.Background()
Execute(ctx)
}

17
cmd/kops/promote_keypair.go
View File

@ -102,10 +102,10 @@ func NewCmdPromoteKeypair(f *util.Factory, out io.Writer) *cobra.Command {
return nil
},
ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return completePromoteKeyset(f, options, args, toComplete)
return completePromoteKeyset(cmd.Context(), f, options, args, toComplete)
},
RunE: func(cmd *cobra.Command, args []string) error {
return RunPromoteKeypair(context.TODO(), f, out, options)
return RunPromoteKeypair(cmd.Context(), f, out, options)
},
}
@ -134,7 +134,7 @@ func RunPromoteKeypair(ctx context.Context, f *util.Factory, out io.Writer, opti
}
if options.Keyset != "all" {
return promoteKeypair(out, options.Keyset, options.KeypairID, keyStore)
return promoteKeypair(ctx, out, options.Keyset, options.KeypairID, keyStore)
}
keysets, err := keyStore.ListKeysets()
@ -144,7 +144,7 @@ func RunPromoteKeypair(ctx context.Context, f *util.Factory, out io.Writer, opti
for name := range keysets {
if rotatableKeysetFilter(name, nil) {
if err := promoteKeypair(out, name, "", keyStore); err != nil {
if err := promoteKeypair(ctx, out, name, "", keyStore); err != nil {
return fmt.Errorf("promoting keypair for %s: %v", name, err)
}
}
@ -153,7 +153,7 @@ func RunPromoteKeypair(ctx context.Context, f *util.Factory, out io.Writer, opti
return nil
}
func promoteKeypair(out io.Writer, name string, keypairID string, keyStore fi.CAStore) error {
func promoteKeypair(ctx context.Context, out io.Writer, name string, keypairID string, keyStore fi.CAStore) error {
keyset, err := keyStore.FindKeyset(name)
if err != nil {
return fmt.Errorf("reading keyset: %v", err)
@ -192,7 +192,7 @@ func promoteKeypair(out io.Writer, name string, keypairID string, keyStore fi.CA
}
keyset.Primary = keyset.Items[keypairID]
err = keyStore.StoreKeyset(name, keyset)
err = keyStore.StoreKeyset(ctx, name, keyset)
if err != nil {
return fmt.Errorf("writing keyset: %v", err)
}
@ -201,16 +201,15 @@ func promoteKeypair(out io.Writer, name string, keypairID string, keyStore fi.CA
return nil
}
func completePromoteKeyset(f commandutils.Factory, options *PromoteKeypairOptions, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
func completePromoteKeyset(ctx context.Context, f commandutils.Factory, options *PromoteKeypairOptions, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
commandutils.ConfigureKlogForCompletion()
ctx := context.TODO()
cluster, clientSet, completions, directive := GetClusterForCompletion(ctx, f, nil)
if cluster == nil {
return completions, directive
}
keyset, _, completions, directive := completeKeyset(cluster, clientSet, args, rotatableKeysetFilter)
keyset, _, completions, directive := completeKeyset(ctx, cluster, clientSet, args, rotatableKeysetFilter)
if keyset == nil {
return completions, directive
}

4
cmd/kops/replace.go
View File

@ -73,7 +73,7 @@ func NewCmdReplace(f *util.Factory, out io.Writer) *cobra.Command {
Args: cobra.NoArgs,
ValidArgsFunction: cobra.NoFileCompletions,
RunE: func(cmd *cobra.Command, args []string) error {
return RunReplace(context.TODO(), f, out, options)
return RunReplace(cmd.Context(), f, out, options)
},
}
cmd.Flags().StringSliceVarP(&options.Filenames, "filename", "f", options.Filenames, "A list of one or more files separated by a comma.")
@ -207,7 +207,7 @@ func RunReplace(ctx context.Context, f *util.Factory, out io.Writer, c *ReplaceO
}
sshKeyArr := []byte(v.Spec.PublicKey)
err = sshCredentialStore.AddSSHPublicKey(sshKeyArr)
err = sshCredentialStore.AddSSHPublicKey(ctx, sshKeyArr)
if err != nil {
return fmt.Errorf("error replacing SSHCredential: %v", err)
}

5
cmd/kops/rolling-update_cluster.go
View File

@ -178,7 +178,7 @@ func NewCmdRollingUpdateCluster(f *util.Factory, out io.Writer) *cobra.Command {
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunRollingUpdateCluster(context.TODO(), f, out, &options)
return RunRollingUpdateCluster(cmd.Context(), f, out, &options)
},
}
@ -458,8 +458,9 @@ func RunRollingUpdateCluster(ctx context.Context, f *util.Factory, out io.Writer
func completeInstanceGroup(f commandutils.Factory, selectedInstanceGroups *[]string, selectedInstanceGroupRoles *[]string) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
ctx := cmd.Context()
commandutils.ConfigureKlogForCompletion()
ctx := context.TODO()
cluster, clientSet, completions, directive := GetClusterForCompletion(ctx, f, args)
if cluster == nil {

4
cmd/kops/root.go
View File

@ -89,10 +89,10 @@ var rootCommand = RootCmd{
},
}
func Execute() {
func Execute(ctx context.Context) {
goflag.Set("logtostderr", "true")
goflag.CommandLine.Parse([]string{})
if err := rootCommand.cobraCommand.Execute(); err != nil {
if err := rootCommand.cobraCommand.ExecuteContext(ctx); err != nil {
os.Exit(1)
}
}

2
cmd/kops/toolbox_dump.go
View File

@ -83,7 +83,7 @@ func NewCmdToolboxDump(f commandutils.Factory, out io.Writer) *cobra.Command {
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunToolboxDump(context.TODO(), f, out, options)
return RunToolboxDump(cmd.Context(), f, out, options)
},
}

2
cmd/kops/toolbox_instance-selector.go
View File

@ -152,7 +152,7 @@ func NewCmdToolboxInstanceSelector(f commandutils.Factory, out io.Writer) *cobra
return nil, cobra.ShellCompDirectiveNoFileComp
}
commandline.Command.RunE = func(cmd *cobra.Command, args []string) error {
return RunToolboxInstanceSelector(context.TODO(), f, out, &commandline, options)
return RunToolboxInstanceSelector(cmd.Context(), f, out, &commandline, options)
}
cpuArchs := []string{cpuArchitectureAMD64, cpuArchitectureARM64}

11
cmd/kops/trust_keypair.go
View File

@ -80,10 +80,10 @@ func NewCmdTrustKeypair(f *util.Factory, out io.Writer) *cobra.Command {
return nil
},
ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return completeTrustKeyset(f, options, args, toComplete)
return completeTrustKeyset(cmd.Context(), f, options, args, toComplete)
},
RunE: func(cmd *cobra.Command, args []string) error {
ctx := context.TODO()
ctx := cmd.Context()
return RunTrustKeypair(ctx, f, out, options)
},
@ -125,7 +125,7 @@ func RunTrustKeypair(ctx context.Context, f *util.Factory, out io.Writer, option
item.DistrustTimestamp = nil
if err := keyStore.StoreKeyset(options.Keyset, keyset); err != nil {
if err := keyStore.StoreKeyset(ctx, options.Keyset, keyset); err != nil {
return fmt.Errorf("error storing keypair: %w", err)
}
@ -135,16 +135,15 @@ func RunTrustKeypair(ctx context.Context, f *util.Factory, out io.Writer, option
return nil
}
func completeTrustKeyset(f commandutils.Factory, options *TrustKeypairOptions, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
func completeTrustKeyset(ctx context.Context, f commandutils.Factory, options *TrustKeypairOptions, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
commandutils.ConfigureKlogForCompletion()
ctx := context.TODO()
cluster, clientSet, completions, directive := GetClusterForCompletion(ctx, f, nil)
if cluster == nil {
return completions, directive
}
keyset, _, completions, directive := completeKeyset(cluster, clientSet, args, func(name string, keyset *fi.Keyset) bool {
keyset, _, completions, directive := completeKeyset(ctx, cluster, clientSet, args, func(name string, keyset *fi.Keyset) bool {
if name == "all" {
return false
}

7
cmd/kops/update_cluster.go
View File

@ -107,7 +107,7 @@ func NewCmdUpdateCluster(f *util.Factory, out io.Writer) *cobra.Command {
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
_, err := RunUpdateCluster(context.TODO(), f, out, options)
_, err := RunUpdateCluster(cmd.Context(), f, out, options)
return err
},
}
@ -230,7 +230,7 @@ func RunUpdateCluster(ctx context.Context, f *util.Factory, out io.Writer, c *Up
if err != nil {
return results, fmt.Errorf("error reading SSH key file %q: %v", c.SSHPublicKey, err)
}
err = sshCredentialStore.AddSSHPublicKey(authorized)
err = sshCredentialStore.AddSSHPublicKey(ctx, authorized)
if err != nil {
return results, fmt.Errorf("error adding SSH public key: %v", err)
}
@ -456,8 +456,9 @@ func hasKubecfg(contextName string) (bool, error) {
func completeUpdateClusterTarget(f commandutils.Factory, options *UpdateClusterOptions) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
ctx := cmd.Context()
commandutils.ConfigureKlogForCompletion()
ctx := context.TODO()
cluster, _, _, directive := GetClusterForCompletion(ctx, f, nil)
if cluster == nil {

2
cmd/kops/upgrade_cluster.go
View File

@ -73,7 +73,7 @@ func NewCmdUpgradeCluster(f *util.Factory, out io.Writer) *cobra.Command {
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
ctx := context.TODO()
ctx := cmd.Context()
return RunUpgradeCluster(ctx, f, out, options)
},

2
cmd/kops/validate_cluster.go
View File

@ -85,7 +85,7 @@ func NewCmdValidateCluster(f *util.Factory, out io.Writer) *cobra.Command {
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
result, err := RunValidateCluster(context.TODO(), f, out, options)
result, err := RunValidateCluster(cmd.Context(), f, out, options)
if err != nil {
return fmt.Errorf("validation failed: %v", err)
}

2
examples/kops-api-example/up.go
View File

@ -125,7 +125,7 @@ func up(ctx context.Context) error {
if err != nil {
return fmt.Errorf("error reading SSH key file %q: %v", f, err)
}
err = sshCredentialStore.AddSSHPublicKey(pubKey)
err = sshCredentialStore.AddSSHPublicKey(ctx, pubKey)
if err != nil {
return fmt.Errorf("error adding SSH public key: %v", err)
}

5
nodeup/pkg/model/fakes_test.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package model
import (
"context"
"crypto/x509"
"fmt"
"testing"
@ -86,10 +87,10 @@ func (k fakeKeystore) CreateKeypair(signer string, name string, template *x509.C
panic("fakeKeystore does not implement CreateKeypair")
}
func (k fakeKeystore) StoreKeyset(name string, keyset *fi.Keyset) error {
func (k fakeKeystore) StoreKeyset(ctx context.Context, name string, keyset *fi.Keyset) error {
panic("fakeKeystore does not implement StoreKeyset")
}
func (k fakeKeystore) MirrorTo(basedir vfs.Path) error {
func (k fakeKeystore) MirrorTo(ctx context.Context, basedir vfs.Path) error {
panic("fakeKeystore does not implement MirrorTo")
}

9
nodeup/pkg/model/kubelet_test.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package model
import (
"context"
"fmt"
"path/filepath"
"sort"
@ -226,6 +227,8 @@ func runKubeletBuilder(t *testing.T, context *fi.NodeupModelBuilderContext, node
}
func BuildNodeupModelContext(model *testutils.Model) (*NodeupModelContext, error) {
ctx := context.TODO()
if model.Cluster == nil {
return nil, fmt.Errorf("no cluster found in model")
}
@ -251,7 +254,7 @@ func BuildNodeupModelContext(model *testutils.Model) (*NodeupModelContext, error
return nil, fmt.Errorf("error from PerformAssignments: %v", err)
}
nodeupModelContext.Cluster, err = mockedPopulateClusterSpec(model.Cluster, cloud)
nodeupModelContext.Cluster, err = mockedPopulateClusterSpec(ctx, model.Cluster, cloud)
if err != nil {
return nil, fmt.Errorf("unexpected error from mockedPopulateClusterSpec: %v", err)
}
@ -292,7 +295,7 @@ func BuildNodeupModelContext(model *testutils.Model) (*NodeupModelContext, error
return nodeupModelContext, nil
}
func mockedPopulateClusterSpec(c *kops.Cluster, cloud fi.Cloud) (*kops.Cluster, error) {
func mockedPopulateClusterSpec(ctx context.Context, c *kops.Cluster, cloud fi.Cloud) (*kops.Cluster, error) {
vfs.Context.ResetMemfsContext(true)
assetBuilder := assets.NewAssetBuilder(c, false)
@ -301,7 +304,7 @@ func mockedPopulateClusterSpec(c *kops.Cluster, cloud fi.Cloud) (*kops.Cluster,
return nil, fmt.Errorf("error building vfspath: %v", err)
}
clientset := vfsclientset.NewVFSClientset(basePath)
return cloudup.PopulateClusterSpec(clientset, c, cloud, assetBuilder)
return cloudup.PopulateClusterSpec(ctx, clientset, c, cloud, assetBuilder)
}
// Fixed cert and key, borrowed from the create_kubecfg_test.go test

4
pkg/acls/gce/storage.go
View File

@ -35,9 +35,7 @@ type gcsAclStrategy struct{}
var _ acls.ACLStrategy = &gcsAclStrategy{}
// GetACL returns the ACL to use if this is a google cloud storage path
func (s *gcsAclStrategy) GetACL(p vfs.Path, cluster *kops.Cluster) (vfs.ACL, error) {
ctx := context.TODO()
func (s *gcsAclStrategy) GetACL(ctx context.Context, p vfs.Path, cluster *kops.Cluster) (vfs.ACL, error) {
if cluster.Spec.GetCloudProvider() != kops.CloudProviderGCE {
return nil, nil
}

4
pkg/acls/interface.go
View File

@ -17,6 +17,8 @@ limitations under the License.
package acls
import (
"context"
"k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/util/pkg/vfs"
)
@ -24,5 +26,5 @@ import (
// ACLStrategy is the interface implemented by ACL strategy providers
type ACLStrategy interface {
// GetACL returns the ACL if this strategy handles the vfs.Path, when writing for the specified cluster
GetACL(p vfs.Path, cluster *kops.Cluster) (vfs.ACL, error)
GetACL(ctx context.Context, p vfs.Path, cluster *kops.Cluster) (vfs.ACL, error)
}

7
pkg/acls/plugins.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package acls
import (
"context"
"fmt"
"sync"
@ -30,14 +31,14 @@ var (
)
// GetACL returns the ACL for the vfs.Path, by consulting all registered strategies
func GetACL(p vfs.Path, cluster *kops.Cluster) (vfs.ACL, error) {
func GetACL(ctx context.Context, p vfs.Path, cluster *kops.Cluster) (vfs.ACL, error) {
strategiesMutex.Lock()
defer strategiesMutex.Unlock()
for k, strategy := range strategies {
acl, err := strategy.GetACL(p, cluster)
acl, err := strategy.GetACL(ctx, p, cluster)
if err != nil {
return nil, fmt.Errorf("error from acl provider %q: %v", k, err)
return nil, fmt.Errorf("error from acl provider %q: %w", k, err)
}
if acl != nil {
return acl, nil

3
pkg/acls/s3/storage.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package s3
import (
"context"
"fmt"
"net/url"
"strings"
@ -37,7 +38,7 @@ var _ acls.ACLStrategy = &s3PublicAclStrategy{}
// GetACL creates a s3PublicAclStrategy object for writing public files with assets FileRepository.
// This strategy checks if the files are inside the state store, and if the files are located inside
// the state store, this returns nil and logs a message (level 8) that it will not run.
func (s *s3PublicAclStrategy) GetACL(p vfs.Path, cluster *kops.Cluster) (vfs.ACL, error) {
func (s *s3PublicAclStrategy) GetACL(ctx context.Context, p vfs.Path, cluster *kops.Cluster) (vfs.ACL, error) {
if cluster.Spec.Assets == nil || cluster.Spec.Assets.FileRepository == nil {
return nil, nil
}

9
pkg/acls/s3/storage_test.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package s3
import (
"context"
"testing"
"k8s.io/kops/pkg/apis/kops"
@ -25,6 +26,8 @@ import (
)
func Test_Strategy(t *testing.T) {
ctx := context.TODO()
context := &vfs.VFSContext{}
path, err := context.BuildVfsPath("s3://test/foo")
if err != nil {
@ -41,7 +44,7 @@ func Test_Strategy(t *testing.T) {
}
s := &s3PublicAclStrategy{}
acl, err := s.GetACL(path, cluster)
acl, err := s.GetACL(ctx, path, cluster)
if err != nil {
t.Errorf("error getting ACL: %v", err)
}
@ -52,6 +55,8 @@ func Test_Strategy(t *testing.T) {
}
func Test_In_StateStore(t *testing.T) {
ctx := context.TODO()
context := &vfs.VFSContext{}
stateStore, err := context.BuildVfsPath("s3://my_state_store/cluster")
if err != nil {
@ -68,7 +73,7 @@ func Test_In_StateStore(t *testing.T) {
}
s := &s3PublicAclStrategy{}
acl, err := s.GetACL(stateStore, cluster)
acl, err := s.GetACL(ctx, stateStore, cluster)
if err != nil {
t.Errorf("error getting ACL: %v", err)
}

15
pkg/assets/copyfile.go
View File

@ -18,6 +18,7 @@ package assets
import (
"bytes"
"context"
"fmt"
"net/url"
"os"
@ -54,6 +55,8 @@ func fileExtensionForSHA(sha string) (string, error) {
}
func (e *CopyFile) Run() error {
ctx := context.TODO()
expectedSHA := strings.TrimSpace(e.SHA)
shaExtension, err := fileExtensionForSHA(expectedSHA)
@ -88,7 +91,7 @@ func (e *CopyFile) Run() error {
klog.V(2).Infof("copying bits from %q to %q", source, target)
if err := transferFile(e.Cluster, source, target, sourceSha); err != nil {
if err := transferFile(ctx, e.Cluster, source, target, sourceSha); err != nil {
return fmt.Errorf("unable to transfer %q to %q: %v", source, target, err)
}
@ -97,7 +100,7 @@ func (e *CopyFile) Run() error {
// transferFile downloads a file from the source location, validates the file matches the SHA,
// and uploads the file to the target location.
func transferFile(cluster *kops.Cluster, source string, target string, sha string) error {
func transferFile(ctx context.Context, cluster *kops.Cluster, source string, target string, sha string) error {
// TODO drop file to disk, as vfs reads file into memory. We load kubelet into memory for instance.
// TODO in s3 can we do a copy file ... would need to test
@ -147,20 +150,20 @@ func transferFile(cluster *kops.Cluster, source string, target string, sha strin
}
klog.Infof("uploading %q to %q", source, objectStore)
if err := writeFile(cluster, uploadVFS, data); err != nil {
if err := writeFile(ctx, cluster, uploadVFS, data); err != nil {
return err
}
b := []byte(shaHash.Hex())
if err := writeFile(cluster, shaVFS, b); err != nil {
if err := writeFile(ctx, cluster, shaVFS, b); err != nil {
return err
}
return nil
}
func writeFile(cluster *kops.Cluster, p vfs.Path, data []byte) error {
acl, err := acls.GetACL(p, cluster)
func writeFile(ctx context.Context, cluster *kops.Cluster, p vfs.Path, data []byte) error {
acl, err := acls.GetACL(ctx, p, cluster)
if err != nil {
return err
}

2
pkg/client/simple/vfsclientset/addons.go
View File

@ -83,7 +83,7 @@ func (c *vfsAddonsClient) Replace(addons kubemanifest.ObjectList) error {
configPath := c.basePath.Join("default")
acl, err := acls.GetACL(configPath, c.cluster)
acl, err := acls.GetACL(ctx, configPath, c.cluster)
if err != nil {
return err
}

9
pkg/client/simple/vfsclientset/cluster.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package vfsclientset
import (
"context"
"fmt"
"os"
"strings"
@ -96,6 +97,8 @@ func (c *ClusterVFS) List(options metav1.ListOptions) (*api.ClusterList, error)
}
func (r *ClusterVFS) Create(c *api.Cluster) (*api.Cluster, error) {
ctx := context.TODO()
if errs := validation.ValidateCluster(c, false); len(errs) != 0 {
return nil, errs.ToAggregate()
}
@ -109,7 +112,7 @@ func (r *ClusterVFS) Create(c *api.Cluster) (*api.Cluster, error) {
return nil, fmt.Errorf("clusterName is required")
}
if err := r.writeConfig(c, r.basePath.Join(clusterName, registry.PathCluster), c, vfs.WriteOptionCreate); err != nil {
if err := r.writeConfig(ctx, c, r.basePath.Join(clusterName, registry.PathCluster), c, vfs.WriteOptionCreate); err != nil {
if os.IsExist(err) {
return nil, err
}
@ -120,6 +123,8 @@ func (r *ClusterVFS) Create(c *api.Cluster) (*api.Cluster, error) {
}
func (r *ClusterVFS) Update(c *api.Cluster, status *api.ClusterStatus) (*api.Cluster, error) {
ctx := context.TODO()
clusterName := c.ObjectMeta.Name
if clusterName == "" {
return nil, field.Required(field.NewPath("objectMeta", "name"), "clusterName is required")
@ -142,7 +147,7 @@ func (r *ClusterVFS) Update(c *api.Cluster, status *api.ClusterStatus) (*api.Clu
c.SetGeneration(old.GetGeneration() + 1)
}
if err := r.writeConfig(c, r.basePath.Join(clusterName, registry.PathCluster), c, vfs.WriteOptionOnlyIfExists); err != nil {
if err := r.writeConfig(ctx, c, r.basePath.Join(clusterName, registry.PathCluster), c, vfs.WriteOptionOnlyIfExists); err != nil {
if os.IsNotExist(err) {
return nil, err
}

8
pkg/client/simple/vfsclientset/commonvfs.go
View File

@ -92,7 +92,7 @@ func (c *commonVFS) create(ctx context.Context, cluster *kops.Cluster, i runtime
objectMeta.SetCreationTimestamp(metav1.NewTime(time.Now().UTC()))
}
err = c.writeConfig(cluster, c.basePath.Join(objectMeta.GetName()), i, vfs.WriteOptionCreate)
err = c.writeConfig(ctx, cluster, c.basePath.Join(objectMeta.GetName()), i, vfs.WriteOptionCreate)
if err != nil {
if os.IsExist(err) {
return err
@ -129,7 +129,7 @@ func (c *commonVFS) readConfig(configPath vfs.Path) (runtime.Object, error) {
return object, nil
}
func (c *commonVFS) writeConfig(cluster *kops.Cluster, configPath vfs.Path, o runtime.Object, writeOptions ...vfs.WriteOption) error {
func (c *commonVFS) writeConfig(ctx context.Context, cluster *kops.Cluster, configPath vfs.Path, o runtime.Object, writeOptions ...vfs.WriteOption) error {
data, err := c.serialize(o)
if err != nil {
return fmt.Errorf("error marshaling object: %v", err)
@ -153,7 +153,7 @@ func (c *commonVFS) writeConfig(cluster *kops.Cluster, configPath vfs.Path, o ru
}
}
acl, err := acls.GetACL(configPath, cluster)
acl, err := acls.GetACL(ctx, configPath, cluster)
if err != nil {
return err
}
@ -192,7 +192,7 @@ func (c *commonVFS) update(ctx context.Context, cluster *kops.Cluster, i runtime
objectMeta.SetCreationTimestamp(metav1.NewTime(time.Now().UTC()))
}
err = c.writeConfig(cluster, c.basePath.Join(objectMeta.GetName()), i, vfs.WriteOptionOnlyIfExists)
err = c.writeConfig(ctx, cluster, c.basePath.Join(objectMeta.GetName()), i, vfs.WriteOptionOnlyIfExists)
if err != nil {
return fmt.Errorf("error writing %s: %v", c.kind, err)
}

6
pkg/commands/commandutils/cluster.go
View File

@ -17,8 +17,6 @@ limitations under the License.
package commandutils
import (
"context"
"github.com/spf13/cobra"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/sets"
@ -27,6 +25,8 @@ import (
// CompleteClusterName returns a Cobra completion function for cluster names.
func CompleteClusterName(f Factory, suppressIfArgs bool, suppressArgs bool) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
ctx := cmd.Context()
if suppressIfArgs && len(args) > 0 {
return nil, cobra.ShellCompDirectiveNoFileComp
}
@ -38,7 +38,7 @@ func CompleteClusterName(f Factory, suppressIfArgs bool, suppressArgs bool) func
return CompletionError("getting clientset", err)
}
list, err := client.ListClusters(context.TODO(), metav1.ListOptions{})
list, err := client.ListClusters(ctx, metav1.ListOptions{})
if err != nil {
return CompletionError("listing clusters", err)
}

4
pkg/commands/helpers_readwrite.go
View File

@ -41,7 +41,7 @@ func UpdateCluster(ctx context.Context, clientset simple.Clientset, cluster *kop
}
assetBuilder := assets.NewAssetBuilder(cluster, false)
fullCluster, err := cloudup.PopulateClusterSpec(clientset, cluster, cloud, assetBuilder)
fullCluster, err := cloudup.PopulateClusterSpec(ctx, clientset, cluster, cloud, assetBuilder)
if err != nil {
return err
}
@ -79,7 +79,7 @@ func UpdateInstanceGroup(ctx context.Context, clientset simple.Clientset, cluste
}
assetBuilder := assets.NewAssetBuilder(cluster, false)
fullCluster, err := cloudup.PopulateClusterSpec(clientset, cluster, cloud, assetBuilder)
fullCluster, err := cloudup.PopulateClusterSpec(ctx, clientset, cluster, cloud, assetBuilder)
if err != nil {
return err
}

3
pkg/configserver/secretstore.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package configserver
import (
"context"
"fmt"
"k8s.io/kops/upup/pkg/fi"
@ -79,6 +80,6 @@ func (s *configserverSecretStore) ListSecrets() ([]string, error) {
}
// MirrorTo implements fi.SecretStore
func (s *configserverSecretStore) MirrorTo(basedir vfs.Path) error {
func (s *configserverSecretStore) MirrorTo(ctx context.Context, basedir vfs.Path) error {
return fmt.Errorf("MirrorTo not supported by configserverSecretStore")
}

12
pkg/instancegroups/rollingupdate_os_test.go
View File

@ -38,7 +38,7 @@ import (
"k8s.io/kops/util/pkg/vfs"
)
func getTestSetupOS(t *testing.T) (*RollingUpdateCluster, *openstack.MockCloud) {
func getTestSetupOS(t *testing.T, ctx context.Context) (*RollingUpdateCluster, *openstack.MockCloud) {
vfs.Context.ResetMemfsContext(true)
k8sClient := fake.NewSimpleClientset()
@ -61,7 +61,7 @@ func getTestSetupOS(t *testing.T) (*RollingUpdateCluster, *openstack.MockCloud)
assetBuilder := assets.NewAssetBuilder(inCluster, false)
basePath, _ := vfs.Context.BuildVfsPath(inCluster.Spec.ConfigBase)
clientset := vfsclientset.NewVFSClientset(basePath)
cluster, err := cloudup.PopulateClusterSpec(clientset, inCluster, mockcloud, assetBuilder)
cluster, err := cloudup.PopulateClusterSpec(ctx, clientset, inCluster, mockcloud, assetBuilder)
if err != nil {
t.Fatalf("Failed to populate cluster spec: %v", err)
}
@ -72,7 +72,7 @@ func getTestSetupOS(t *testing.T) (*RollingUpdateCluster, *openstack.MockCloud)
t.Fatalf("Failed to get credential store: %v", err)
}
sshCredentialStore.AddSSHPublicKey(sshPublicKey)
sshCredentialStore.AddSSHPublicKey(ctx, sshPublicKey)
c := &RollingUpdateCluster{
Cloud: mockcloud,
@ -86,7 +86,7 @@ func getTestSetupOS(t *testing.T) (*RollingUpdateCluster, *openstack.MockCloud)
ValidateTickDuration: 1 * time.Millisecond,
ValidateSuccessDuration: 5 * time.Millisecond,
ValidateCount: 2,
Ctx: context.Background(),
Ctx: ctx,
Cluster: cluster,
Clientset: clientset,
}
@ -100,11 +100,13 @@ var TempTestSkip = func(t *testing.T, message string) {
}
func TestRollingUpdateDisabledSurgeOS(t *testing.T) {
ctx := context.TODO()
TempTestSkip(t, "Failing in new release PR when build is not yet published")
t.Setenv("OS_REGION_NAME", "us-test1")
c, cloud := getTestSetupOS(t)
c, cloud := getTestSetupOS(t, ctx)
groups, igList := getGroupsAllNeedUpdateOS(t, c)
err := c.RollingUpdate(groups, igList)

5
pkg/kubeconfig/create_kubecfg_test.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package kubeconfig
import (
"context"
"testing"
"time"
@ -108,11 +109,11 @@ func (f fakeKeyStore) FindKeyset(name string) (*fi.Keyset, error) {
return f.FindKeysetFn(name)
}
func (f fakeKeyStore) StoreKeyset(name string, keyset *fi.Keyset) error {
func (f fakeKeyStore) StoreKeyset(ctx context.Context, name string, keyset *fi.Keyset) error {
return f.StoreKeysetFn(name, keyset)
}
func (f fakeKeyStore) MirrorTo(basedir vfs.Path) error {
func (f fakeKeyStore) MirrorTo(ctx context.Context, basedir vfs.Path) error {
return f.MirrorToFn(basedir)
}

30
pkg/testutils/context.go Normal file
View File

@ -0,0 +1,30 @@
/*
Copyright 2022 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package testutils
import (
"context"
"testing"
)
// ContextForTest returns a Context for the given test scope.
func ContextForTest(t *testing.T) context.Context {
ctx := context.TODO()
// We might choose to bind the test to the context in future,
// or bind the logger etc.
return ctx
}

7
upup/pkg/fi/ca.go
View File

@ -18,6 +18,7 @@ package fi
import (
"bytes"
"context"
"crypto/x509"
"encoding/pem"
"fmt"
@ -80,10 +81,10 @@ type Keystore interface {
KeystoreReader
// StoreKeyset writes a Keyset to the store.
StoreKeyset(name string, keyset *Keyset) error
StoreKeyset(ctx context.Context, name string, keyset *Keyset) error
// MirrorTo will copy secrets to a vfs.Path, which is often easier for a machine to read
MirrorTo(basedir vfs.Path) error
MirrorTo(ctx context.Context, basedir vfs.Path) error
}
// HasVFSPath is implemented by keystore & other stores that use a VFS path as their backing store
@ -104,7 +105,7 @@ type SSHCredentialStore interface {
DeleteSSHCredential() error
// AddSSHPublicKey adds an SSH public key.
AddSSHPublicKey(data []byte) error
AddSSHPublicKey(ctx context.Context, data []byte) error
// FindSSHPublicKeys retrieves the SSH public keys.
FindSSHPublicKeys() ([]*kops.SSHCredential, error)

13
upup/pkg/fi/clientset_castore.go
View File

@ -200,8 +200,7 @@ func (c *ClientsetCAStore) ListKeysets() (map[string]*Keyset, error) {
}
// StoreKeyset implements CAStore::StoreKeyset
func (c *ClientsetCAStore) StoreKeyset(name string, keyset *Keyset) error {
ctx := context.TODO()
func (c *ClientsetCAStore) StoreKeyset(ctx context.Context, name string, keyset *Keyset) error {
return c.storeKeyset(ctx, name, keyset)
}
@ -283,9 +282,7 @@ func (c *ClientsetCAStore) deleteSSHCredential(ctx context.Context) error {
}
// AddSSHPublicKey implements CAStore::AddSSHPublicKey
func (c *ClientsetCAStore) AddSSHPublicKey(pubkey []byte) error {
ctx := context.TODO()
func (c *ClientsetCAStore) AddSSHPublicKey(ctx context.Context, pubkey []byte) error {
_, _, _, _, err := ssh.ParseAuthorizedKey(pubkey)
if err != nil {
return fmt.Errorf("error parsing SSH public key: %v", err)
@ -318,14 +315,14 @@ func (c *ClientsetCAStore) DeleteSSHCredential() error {
return c.deleteSSHCredential(ctx)
}
func (c *ClientsetCAStore) MirrorTo(basedir vfs.Path) error {
func (c *ClientsetCAStore) MirrorTo(ctx context.Context, basedir vfs.Path) error {
keysets, err := c.ListKeysets()
if err != nil {
return err
}
for name, keyset := range keysets {
if err := mirrorKeyset(c.cluster, basedir, name, keyset); err != nil {
if err := mirrorKeyset(ctx, c.cluster, basedir, name, keyset); err != nil {
return err
}
}
@ -336,7 +333,7 @@ func (c *ClientsetCAStore) MirrorTo(basedir vfs.Path) error {
}
for _, sshCredential := range sshCredentials {
if err := mirrorSSHCredential(c.cluster, basedir, sshCredential); err != nil {
if err := mirrorSSHCredential(ctx, c.cluster, basedir, sshCredential); err != nil {
return err
}
}

6
upup/pkg/fi/cloudup/apply_cluster.go
View File

@ -246,7 +246,7 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
}
assetBuilder := assets.NewAssetBuilder(c.Cluster, c.GetAssets)
err = c.upgradeSpecs(assetBuilder)
err = c.upgradeSpecs(ctx, assetBuilder)
if err != nil {
return err
}
@ -819,8 +819,8 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
}
// upgradeSpecs ensures that fields are fully populated / defaulted
func (c *ApplyClusterCmd) upgradeSpecs(assetBuilder *assets.AssetBuilder) error {
fullCluster, err := PopulateClusterSpec(c.Clientset, c.Cluster, c.Cloud, assetBuilder)
func (c *ApplyClusterCmd) upgradeSpecs(ctx context.Context, assetBuilder *assets.AssetBuilder) error {
fullCluster, err := PopulateClusterSpec(ctx, c.Clientset, c.Cluster, c.Cloud, assetBuilder)
if err != nil {
return err
}

5
upup/pkg/fi/cloudup/bootstrapchannelbuilder_test.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package cloudup
import (
"context"
"os"
"path"
"testing"
@ -81,6 +82,8 @@ func TestBootstrapChannelBuilder_AWSCloudController(t *testing.T) {
}
func runChannelBuilderTest(t *testing.T, key string, addonManifests []string) {
ctx := context.TODO()
basedir := path.Join("tests/bootstrapchannelbuilder/", key)
clusterYamlPath := path.Join(basedir, "cluster.yaml")
@ -103,7 +106,7 @@ func runChannelBuilderTest(t *testing.T, key string, addonManifests []string) {
t.Fatalf("error from PerformAssignments for %q: %v", key, err)
}
fullSpec, err := mockedPopulateClusterSpec(cluster, cloud)
fullSpec, err := mockedPopulateClusterSpec(ctx, cluster, cloud)
if err != nil {
t.Fatalf("error from PopulateClusterSpec for %q: %v", key, err)
}

7
upup/pkg/fi/cloudup/populate_cluster_spec.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package cloudup
import (
"context"
"fmt"
"net"
"strings"
@ -55,13 +56,13 @@ type populateClusterSpec struct {
// PopulateClusterSpec takes a user-specified cluster spec, and computes the full specification that should be set on the cluster.
// We do this so that we don't need any real "brains" on the node side.
func PopulateClusterSpec(clientset simple.Clientset, cluster *kopsapi.Cluster, cloud fi.Cloud, assetBuilder *assets.AssetBuilder) (*kopsapi.Cluster, error) {
func PopulateClusterSpec(ctx context.Context, clientset simple.Clientset, cluster *kopsapi.Cluster, cloud fi.Cloud, assetBuilder *assets.AssetBuilder) (*kopsapi.Cluster, error) {
c := &populateClusterSpec{
cloud: cloud,
InputCluster: cluster,
assetBuilder: assetBuilder,
}
err := c.run(clientset)
err := c.run(ctx, clientset)
if err != nil {
return nil, err
}
@ -76,7 +77,7 @@ func PopulateClusterSpec(clientset simple.Clientset, cluster *kopsapi.Cluster, c
// very wrong.. but at least now my new cluster.Spec.Topology
// struct is falling through..
// @kris-nova
func (c *populateClusterSpec) run(clientset simple.Clientset) error {
func (c *populateClusterSpec) run(ctx context.Context, clientset simple.Clientset) error {
if errs := validation.ValidateCluster(c.InputCluster, false); len(errs) != 0 {
return errs.ToAggregate()
}

44
upup/pkg/fi/cloudup/populate_cluster_spec_test.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package cloudup
import (
"context"
"fmt"
"strings"
"testing"
@ -42,6 +43,7 @@ func buildMinimalCluster() (*awsup.MockAWSCloud, *kopsapi.Cluster) {
}
func TestPopulateCluster_Default_NoError(t *testing.T) {
ctx := context.TODO()
cloud, c := buildMinimalCluster()
err := PerformAssignments(c, cloud)
@ -49,7 +51,7 @@ func TestPopulateCluster_Default_NoError(t *testing.T) {
t.Fatalf("error from PerformAssignments: %v", err)
}
_, err = mockedPopulateClusterSpec(c, cloud)
_, err = mockedPopulateClusterSpec(ctx, c, cloud)
if err != nil {
t.Fatalf("Unexpected error from PopulateCluster: %v", err)
}
@ -83,6 +85,7 @@ func TestPopulateCluster_Subnets(t *testing.T) {
}
for _, tc := range tests {
t.Run(tc.NonMasqueradeCIDR, func(t *testing.T) {
ctx := context.TODO()
cloud, c := buildMinimalCluster()
c.Spec.Networking.NonMasqueradeCIDR = tc.NonMasqueradeCIDR
c.Spec.Networking.Kubenet = nil
@ -95,7 +98,7 @@ func TestPopulateCluster_Subnets(t *testing.T) {
err := PerformAssignments(c, cloud)
require.NoError(t, err, "PerformAssignments")
full, err := mockedPopulateClusterSpec(c, cloud)
full, err := mockedPopulateClusterSpec(ctx, c, cloud)
require.NoError(t, err, "PopulateClusterSpec")
assert.Equal(t, tc.ExpectedClusterCIDR, full.Spec.KubeControllerManager.ClusterCIDR, "ClusterCIDR")
@ -104,7 +107,7 @@ func TestPopulateCluster_Subnets(t *testing.T) {
}
}
func mockedPopulateClusterSpec(c *kopsapi.Cluster, cloud fi.Cloud) (*kopsapi.Cluster, error) {
func mockedPopulateClusterSpec(ctx context.Context, c *kopsapi.Cluster, cloud fi.Cloud) (*kopsapi.Cluster, error) {
vfs.Context.ResetMemfsContext(true)
assetBuilder := assets.NewAssetBuilder(c, false)
@ -113,10 +116,12 @@ func mockedPopulateClusterSpec(c *kopsapi.Cluster, cloud fi.Cloud) (*kopsapi.Clu
return nil, fmt.Errorf("error building vfspath: %v", err)
}
clientset := vfsclientset.NewVFSClientset(basePath)
return PopulateClusterSpec(clientset, c, cloud, assetBuilder)
return PopulateClusterSpec(ctx, clientset, c, cloud, assetBuilder)
}
func TestPopulateCluster_Docker_Spec(t *testing.T) {
ctx := context.TODO()
cloud, c := buildMinimalCluster()
c.Spec.Docker = &kopsapi.DockerConfig{
MTU: fi.PtrTo(int32(5678)),
@ -131,7 +136,7 @@ func TestPopulateCluster_Docker_Spec(t *testing.T) {
t.Fatalf("error from PerformAssignments: %v", err)
}
full, err := mockedPopulateClusterSpec(c, cloud)
full, err := mockedPopulateClusterSpec(ctx, c, cloud)
if err != nil {
t.Fatalf("Unexpected error from PopulateCluster: %v", err)
}
@ -158,6 +163,7 @@ func TestPopulateCluster_Docker_Spec(t *testing.T) {
}
func TestPopulateCluster_StorageDefault(t *testing.T) {
ctx := context.TODO()
cloud, c := buildMinimalCluster()
err := PerformAssignments(c, cloud)
@ -165,7 +171,7 @@ func TestPopulateCluster_StorageDefault(t *testing.T) {
t.Fatalf("error from PerformAssignments: %v", err)
}
full, err := mockedPopulateClusterSpec(c, cloud)
full, err := mockedPopulateClusterSpec(ctx, c, cloud)
if err != nil {
t.Fatalf("Unexpected error from PopulateCluster: %v", err)
}
@ -176,6 +182,7 @@ func TestPopulateCluster_StorageDefault(t *testing.T) {
}
func TestPopulateCluster_EvictionHard(t *testing.T) {
ctx := context.TODO()
cloud, c := buildMinimalCluster()
err := PerformAssignments(c, cloud)
@ -187,7 +194,7 @@ func TestPopulateCluster_EvictionHard(t *testing.T) {
EvictionHard: fi.PtrTo("memory.available<250Mi"),
}
full, err := mockedPopulateClusterSpec(c, cloud)
full, err := mockedPopulateClusterSpec(ctx, c, cloud)
if err != nil {
t.Fatalf("Unexpected error from PopulateCluster: %v", err)
}
@ -198,6 +205,7 @@ func TestPopulateCluster_EvictionHard(t *testing.T) {
}
func build(c *kopsapi.Cluster) (*kopsapi.Cluster, error) {
ctx := context.TODO()
cloud, err := BuildCloud(c)
if err != nil {
return nil, fmt.Errorf("error from BuildCloud: %v", err)
@ -208,7 +216,7 @@ func build(c *kopsapi.Cluster) (*kopsapi.Cluster, error) {
return nil, fmt.Errorf("error from PerformAssignments: %v", err)
}
full, err := mockedPopulateClusterSpec(c, cloud)
full, err := mockedPopulateClusterSpec(ctx, c, cloud)
if err != nil {
return nil, fmt.Errorf("Unexpected error from PopulateCluster: %v", err)
}
@ -216,6 +224,8 @@ func build(c *kopsapi.Cluster) (*kopsapi.Cluster, error) {
}
func TestPopulateCluster_Custom_CIDR(t *testing.T) {
ctx := context.TODO()
cloud, c := buildMinimalCluster()
c.Spec.Networking.NetworkCIDR = "172.20.2.0/24"
c.Spec.Networking.Subnets = []kopsapi.ClusterSubnetSpec{
@ -229,7 +239,7 @@ func TestPopulateCluster_Custom_CIDR(t *testing.T) {
t.Fatalf("error from PerformAssignments: %v", err)
}
full, err := mockedPopulateClusterSpec(c, cloud)
full, err := mockedPopulateClusterSpec(ctx, c, cloud)
if err != nil {
t.Fatalf("Unexpected error from PopulateCluster: %v", err)
}
@ -239,6 +249,7 @@ func TestPopulateCluster_Custom_CIDR(t *testing.T) {
}
func TestPopulateCluster_IsolateMasters(t *testing.T) {
ctx := context.TODO()
cloud, c := buildMinimalCluster()
c.Spec.Networking.IsolateControlPlane = fi.PtrTo(true)
@ -247,7 +258,7 @@ func TestPopulateCluster_IsolateMasters(t *testing.T) {
t.Fatalf("error from PerformAssignments: %v", err)
}
full, err := mockedPopulateClusterSpec(c, cloud)
full, err := mockedPopulateClusterSpec(ctx, c, cloud)
if err != nil {
t.Fatalf("Unexpected error from PopulateCluster: %v", err)
}
@ -260,6 +271,7 @@ func TestPopulateCluster_IsolateMasters(t *testing.T) {
}
func TestPopulateCluster_IsolateMastersFalse(t *testing.T) {
ctx := context.TODO()
cloud, c := buildMinimalCluster()
// default: c.Spec.IsolateControlPlane = fi.PtrTo(false)
@ -268,7 +280,7 @@ func TestPopulateCluster_IsolateMastersFalse(t *testing.T) {
t.Fatalf("error from PerformAssignments: %v", err)
}
full, err := mockedPopulateClusterSpec(c, cloud)
full, err := mockedPopulateClusterSpec(ctx, c, cloud)
if err != nil {
t.Fatalf("Unexpected error from PopulateCluster: %v", err)
}
@ -344,7 +356,8 @@ func TestPopulateCluster_BastionInvalidMatchingValues_Required(t *testing.T) {
}
func expectErrorFromPopulateCluster(t *testing.T, c *kopsapi.Cluster, cloud fi.Cloud, message string) {
_, err := mockedPopulateClusterSpec(c, cloud)
ctx := context.TODO()
_, err := mockedPopulateClusterSpec(ctx, c, cloud)
if err == nil {
t.Fatalf("Expected error from PopulateCluster")
}
@ -368,6 +381,8 @@ func TestPopulateCluster_APIServerCount(t *testing.T) {
}
func TestPopulateCluster_AnonymousAuth(t *testing.T) {
ctx := context.TODO()
cloud, c := buildMinimalCluster()
c.Spec.KubernetesVersion = "1.20.0"
@ -376,7 +391,7 @@ func TestPopulateCluster_AnonymousAuth(t *testing.T) {
t.Fatalf("error from PerformAssignments: %v", err)
}
full, err := mockedPopulateClusterSpec(c, cloud)
full, err := mockedPopulateClusterSpec(ctx, c, cloud)
if err != nil {
t.Fatalf("Unexpected error from PopulateCluster: %v", err)
}
@ -418,6 +433,7 @@ func TestPopulateCluster_DockerVersion(t *testing.T) {
}
func TestPopulateCluster_KubeController_High_Enough_Version(t *testing.T) {
ctx := context.TODO()
cloud, c := buildMinimalCluster()
c.Spec.KubernetesVersion = "v1.9.0"
@ -426,7 +442,7 @@ func TestPopulateCluster_KubeController_High_Enough_Version(t *testing.T) {
t.Fatalf("error from PerformAssignments: %v", err)
}
full, err := mockedPopulateClusterSpec(c, cloud)
full, err := mockedPopulateClusterSpec(ctx, c, cloud)
if err != nil {
t.Fatalf("Unexpected error from PopulateCluster: %v", err)
}

4
upup/pkg/fi/cloudup/validation_test.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package cloudup
import (
"context"
"fmt"
"strings"
"testing"
@ -30,6 +31,7 @@ import (
const testAWSRegion = "us-test-1"
func buildDefaultCluster(t *testing.T) *api.Cluster {
ctx := context.TODO()
cloud, c := buildMinimalCluster()
err := PerformAssignments(c, cloud)
@ -37,7 +39,7 @@ func buildDefaultCluster(t *testing.T) *api.Cluster {
t.Fatalf("error from PerformAssignments: %v", err)
}
fullSpec, err := mockedPopulateClusterSpec(c, cloud)
fullSpec, err := mockedPopulateClusterSpec(ctx, c, cloud)
if err != nil {
t.Fatalf("error from PopulateClusterSpec: %v", err)
}

6
upup/pkg/fi/fitasks/keypair.go
View File

@ -159,6 +159,8 @@ func (_ *Keypair) ShouldCreate(a, e, changes *Keypair) (bool, error) {
}
func (_ *Keypair) Render(c *fi.CloudupContext, a, e, changes *Keypair) error {
ctx := c.Context()
name := fi.ValueOf(e.Name)
if name == "" {
return fi.RequiredField("Name")
@ -255,7 +257,7 @@ func (_ *Keypair) Render(c *fi.CloudupContext, a, e, changes *Keypair) error {
keyset.LegacyFormat = false
keyset.Items[ki.Id] = ki
keyset.Primary = ki
err = c.T.Keystore.StoreKeyset(name, keyset)
err = c.T.Keystore.StoreKeyset(ctx, name, keyset)
if err != nil {
return err
}
@ -283,7 +285,7 @@ func (_ *Keypair) Render(c *fi.CloudupContext, a, e, changes *Keypair) error {
return err
}
keyset.LegacyFormat = false
err = c.T.Keystore.StoreKeyset(name, keyset)
err = c.T.Keystore.StoreKeyset(ctx, name, keyset)
if err != nil {
return err
}

4
upup/pkg/fi/fitasks/managedfile.go
View File

@ -123,6 +123,8 @@ func (s *ManagedFile) CheckChanges(a, e, changes *ManagedFile) error {
}
func (e *ManagedFile) getACL(c *fi.CloudupContext, p vfs.Path) (vfs.ACL, error) {
ctx := c.Context()
var acl vfs.ACL
if fi.ValueOf(e.PublicACL) {
switch p := p.(type) {
@ -143,7 +145,7 @@ func (e *ManagedFile) getACL(c *fi.CloudupContext, p vfs.Path) (vfs.ACL, error)
return acl, nil
}
return acls.GetACL(p, c.T.Cluster)
return acls.GetACL(ctx, p, c.T.Cluster)
}
func (_ *ManagedFile) Render(c *fi.CloudupContext, a, e, changes *ManagedFile) error {

3
upup/pkg/fi/fitasks/mirrorkeystore.go
View File

@ -73,7 +73,8 @@ func (s *MirrorKeystore) CheckChanges(a, e, changes *MirrorKeystore) error {
// Render implements fi.Task::Render
func (_ *MirrorKeystore) Render(c *fi.CloudupContext, a, e, changes *MirrorKeystore) error {
ctx := c.Context()
keystore := c.T.Keystore
return keystore.MirrorTo(e.MirrorPath)
return keystore.MirrorTo(ctx, e.MirrorPath)
}

4
upup/pkg/fi/fitasks/mirrorsecrets.go
View File

@ -74,6 +74,8 @@ func (s *MirrorSecrets) CheckChanges(a, e, changes *MirrorSecrets) error {
// Render implements fi.Task::Render
func (_ *MirrorSecrets) Render(c *fi.CloudupContext, a, e, changes *MirrorSecrets) error {
ctx := c.Context()
secrets := c.T.SecretStore
return secrets.MirrorTo(e.MirrorPath)
return secrets.MirrorTo(ctx, e.MirrorPath)
}

3
upup/pkg/fi/secrets.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package fi
import (
"context"
crypto_rand "crypto/rand"
"encoding/base64"
"fmt"
@ -40,7 +41,7 @@ type SecretStore interface {
ListSecrets() ([]string, error)
// MirrorTo will copy secrets to a vfs.Path, which is often easier for a machine to read
MirrorTo(basedir vfs.Path) error
MirrorTo(ctx context.Context, basedir vfs.Path) error
}
type Secret struct {

6
upup/pkg/fi/secrets/clientset_secretstore.go
View File

@ -57,9 +57,7 @@ func NewClientsetSecretStore(cluster *kops.Cluster, clientset kopsinternalversio
return c
}
func (c *ClientsetSecretStore) MirrorTo(basedir vfs.Path) error {
ctx := context.TODO()
func (c *ClientsetSecretStore) MirrorTo(ctx context.Context, basedir vfs.Path) error {
list, err := c.clientset.Keysets(c.namespace).List(ctx, metav1.ListOptions{})
if err != nil {
return fmt.Errorf("error listing keysets: %v", err)
@ -88,7 +86,7 @@ func (c *ClientsetSecretStore) MirrorTo(basedir vfs.Path) error {
return fmt.Errorf("error serializing secret: %v", err)
}
acl, err := acls.GetACL(p, c.cluster)
acl, err := acls.GetACL(ctx, p, c.cluster)
if err != nil {
return err
}

13
upup/pkg/fi/secrets/vfs_secretstore.go
View File

@ -18,6 +18,7 @@ package secrets
import (
"bytes"
"context"
"encoding/json"
"fmt"
"os"
@ -48,7 +49,7 @@ func (c *VFSSecretStore) VFSPath() vfs.Path {
return c.basedir
}
func (c *VFSSecretStore) MirrorTo(basedir vfs.Path) error {
func (c *VFSSecretStore) MirrorTo(ctx context.Context, basedir vfs.Path) error {
if basedir.Path() == c.basedir.Path() {
klog.V(2).Infof("Skipping mirror of secret store from %q to %q (same path)", c.basedir, basedir)
return nil
@ -72,7 +73,7 @@ func (c *VFSSecretStore) MirrorTo(basedir vfs.Path) error {
p := BuildVfsSecretPath(basedir, name)
acl, err := acls.GetACL(p, c.cluster)
acl, err := acls.GetACL(ctx, p, c.cluster)
if err != nil {
return fmt.Errorf("error building acl for secret %q for mirror: %v", name, err)
}
@ -139,6 +140,8 @@ func (c *VFSSecretStore) Secret(id string) (*fi.Secret, error) {
}
func (c *VFSSecretStore) GetOrCreateSecret(id string, secret *fi.Secret) (*fi.Secret, bool, error) {
ctx := context.TODO()
p := c.buildSecretPath(id)
for i := 0; i < 2; i++ {
@ -151,7 +154,7 @@ func (c *VFSSecretStore) GetOrCreateSecret(id string, secret *fi.Secret) (*fi.Se
return s, false, nil
}
acl, err := acls.GetACL(p, c.cluster)
acl, err := acls.GetACL(ctx, p, c.cluster)
if err != nil {
return nil, false, err
}
@ -181,9 +184,11 @@ func (c *VFSSecretStore) GetOrCreateSecret(id string, secret *fi.Secret) (*fi.Se
}
func (c *VFSSecretStore) ReplaceSecret(id string, secret *fi.Secret) (*fi.Secret, error) {
ctx := context.TODO()
p := c.buildSecretPath(id)
acl, err := acls.GetACL(p, c.cluster)
acl, err := acls.GetACL(ctx, p, c.cluster)
if err != nil {
return nil, err
}

27
upup/pkg/fi/vfs_castore.go
View File

@ -18,6 +18,7 @@ package fi
import (
"bytes"
"context"
"fmt"
"os"
"sort"
@ -174,7 +175,7 @@ func (k *Keyset) ToAPIObject(name string) (*kops.Keyset, error) {
}
// writeKeysetBundle writes a Keyset bundle to VFS.
func writeKeysetBundle(cluster *kops.Cluster, p vfs.Path, name string, keyset *Keyset) error {
func writeKeysetBundle(ctx context.Context, cluster *kops.Cluster, p vfs.Path, name string, keyset *Keyset) error {
p = p.Join("keyset.yaml")
o, err := keyset.ToAPIObject(name)
@ -187,7 +188,7 @@ func writeKeysetBundle(cluster *kops.Cluster, p vfs.Path, name string, keyset *K
return err
}
acl, err := acls.GetACL(p, cluster)
acl, err := acls.GetACL(ctx, p, cluster)
if err != nil {
return err
}
@ -271,7 +272,7 @@ func (c *VFSCAStore) ListKeysets() (map[string]*Keyset, error) {
}
// MirrorTo will copy keys to a vfs.Path, which is often easier for a machine to read
func (c *VFSCAStore) MirrorTo(basedir vfs.Path) error {
func (c *VFSCAStore) MirrorTo(ctx context.Context, basedir vfs.Path) error {
if basedir.Path() == c.basedir.Path() {
klog.V(2).Infof("Skipping key store mirror from %q to %q (same paths)", c.basedir, basedir)
return nil
@ -284,7 +285,7 @@ func (c *VFSCAStore) MirrorTo(basedir vfs.Path) error {
}
for name, keyset := range keysets {
if err := mirrorKeyset(c.cluster, basedir, name, keyset); err != nil {
if err := mirrorKeyset(ctx, c.cluster, basedir, name, keyset); err != nil {
return err
}
}
@ -295,7 +296,7 @@ func (c *VFSCAStore) MirrorTo(basedir vfs.Path) error {
}
for _, sshCredential := range sshCredentials {
if err := mirrorSSHCredential(c.cluster, basedir, sshCredential); err != nil {
if err := mirrorSSHCredential(ctx, c.cluster, basedir, sshCredential); err != nil {
return err
}
}
@ -304,8 +305,8 @@ func (c *VFSCAStore) MirrorTo(basedir vfs.Path) error {
}
// mirrorKeyset writes Keyset bundles for the certificates & privatekeys.
func mirrorKeyset(cluster *kops.Cluster, basedir vfs.Path, name string, keyset *Keyset) error {
if err := writeKeysetBundle(cluster, basedir.Join("private"), name, keyset); err != nil {
func mirrorKeyset(ctx context.Context, cluster *kops.Cluster, basedir vfs.Path, name string, keyset *Keyset) error {
if err := writeKeysetBundle(ctx, cluster, basedir.Join("private"), name, keyset); err != nil {
return fmt.Errorf("writing private bundle: %v", err)
}
@ -313,14 +314,14 @@ func mirrorKeyset(cluster *kops.Cluster, basedir vfs.Path, name string, keyset *
}
// mirrorSSHCredential writes the SSH credential file to the mirror location
func mirrorSSHCredential(cluster *kops.Cluster, basedir vfs.Path, sshCredential *kops.SSHCredential) error {
func mirrorSSHCredential(ctx context.Context, cluster *kops.Cluster, basedir vfs.Path, sshCredential *kops.SSHCredential) error {
id, err := sshcredentials.Fingerprint(sshCredential.Spec.PublicKey)
if err != nil {
return fmt.Errorf("error fingerprinting SSH public key %q: %v", sshCredential.Name, err)
}
p := basedir.Join("ssh", "public", sshCredential.Name, id)
acl, err := acls.GetACL(p, cluster)
acl, err := acls.GetACL(ctx, p, cluster)
if err != nil {
return err
}
@ -333,7 +334,7 @@ func mirrorSSHCredential(cluster *kops.Cluster, basedir vfs.Path, sshCredential
return nil
}
func (c *VFSCAStore) StoreKeyset(name string, keyset *Keyset) error {
func (c *VFSCAStore) StoreKeyset(ctx context.Context, name string, keyset *Keyset) error {
if keyset.Primary == nil || keyset.Primary.Id == "" {
return fmt.Errorf("keyset must have a primary key")
}
@ -353,7 +354,7 @@ func (c *VFSCAStore) StoreKeyset(name string, keyset *Keyset) error {
{
p := c.buildPrivateKeyPoolPath(name)
if err := writeKeysetBundle(c.cluster, p, name, keyset); err != nil {
if err := writeKeysetBundle(ctx, c.cluster, p, name, keyset); err != nil {
return fmt.Errorf("writing private bundle: %v", err)
}
}
@ -396,7 +397,7 @@ func (c *VFSCAStore) findPrivateKeyset(id string) (*Keyset, error) {
}
// AddSSHPublicKey stores an SSH public key
func (c *VFSCAStore) AddSSHPublicKey(pubkey []byte) error {
func (c *VFSCAStore) AddSSHPublicKey(ctx context.Context, pubkey []byte) error {
id, err := sshcredentials.Fingerprint(strings.TrimSpace(string(pubkey)))
if err != nil {
return fmt.Errorf("error fingerprinting SSH public key: %v", err)
@ -404,7 +405,7 @@ func (c *VFSCAStore) AddSSHPublicKey(pubkey []byte) error {
p := c.buildSSHPublicKeyPath(id)
acl, err := acls.GetACL(p, c.cluster)
acl, err := acls.GetACL(ctx, p, c.cluster)
if err != nil {
return err
}

5
upup/pkg/fi/vfs_castore_test.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package fi
import (
"context"
"math/big"
"math/rand"
"strings"
@ -46,6 +47,8 @@ func TestBigInt_Format(t *testing.T) {
}
func TestVFSCAStoreRoundTrip(t *testing.T) {
ctx := context.TODO()
vfs.Context.ResetMemfsContext(true)
basePath, err := vfs.Context.BuildVfsPath("memfs://tests")
@ -81,7 +84,7 @@ func TestVFSCAStoreRoundTrip(t *testing.T) {
},
Primary: item,
}
if err := s.StoreKeyset("kubernetes-ca", keyset); err != nil {
if err := s.StoreKeyset(ctx, "kubernetes-ca", keyset); err != nil {
t.Fatalf("error from StoreKeyset: %v", err)
}
}