kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upup: support Base64 and raw-string JSON encoding of certs/keys 

For compatability reasons, we write the certificate & keys as base64
encoded strings.  I don't think we have to any more, but we have to be
able to parse it.
This commit is contained in:
Justin Santa Barbara 2016-06-10 13:35:40 -04:00
parent 70002068fa
commit c54ef2773d
1 changed files with 37 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
upup/pkg/fi/ca.go
View File

@ -30,14 +30,24 @@ type Certificate struct {
func (c *Certificate) UnmarshalJSON(b []byte) error { func (c *Certificate) UnmarshalJSON(b []byte) error {
s := "" s := ""
if err := json.Unmarshal(b, &s); err == nil { if err := json.Unmarshal(b, &s); err == nil {
d, err := base64.StdEncoding.DecodeString(s) r, err := LoadPEMCertificate([]byte(s))
if err != nil { if err != nil {
return fmt.Errorf("error decoding certificate base64 data: %q", string(b)) // Alternative form: Check if base64 encoded
} // TODO: Do we need this? I think we need this only on nodeup, but maybe we could just not base64-it?
r, err := LoadPEMCertificate(d) d, err2 := base64.StdEncoding.DecodeString(s)
if err != nil { if err2 == nil {
glog.Infof("Invalid certificate data: %q", string(b)) r2, err2 := LoadPEMCertificate(d)
return fmt.Errorf("error parsing certificate: %v", err) if err2 == nil {
glog.Warningf("used base64 decode of certificate")
r = r2
err = nil
}
}
if err != nil {
glog.Infof("Invalid certificate data: %q", string(b))
return fmt.Errorf("error parsing certificate: %v", err)
}
} }
*c = *r *c = *r
return nil return nil
@ -101,18 +111,30 @@ func (c *PrivateKey) AsString() (string, error) {
func (k *PrivateKey) UnmarshalJSON(b []byte) (err error) { func (k *PrivateKey) UnmarshalJSON(b []byte) (err error) {
s := "" s := ""
if err = json.Unmarshal(b, &s); err == nil { if err := json.Unmarshal(b, &s); err == nil {
d, err := base64.StdEncoding.DecodeString(s) r, err := parsePEMPrivateKey([]byte(s))
if err != nil { if err != nil {
return fmt.Errorf("error decoding private key base64 data: %q", string(b)) // Alternative form: Check if base64 encoded
// TODO: Do we need this? I think we need this only on nodeup, but maybe we could just not base64-it?
d, err2 := base64.StdEncoding.DecodeString(s)
if err2 == nil {
r2, err2 := parsePEMPrivateKey(d)
if err2 == nil {
glog.Warningf("used base64 decode of PrivateKey")
r = r2
err = nil
}
}
if err != nil {
return fmt.Errorf("error parsing private key: %v", err)
}
} }
key, err := parsePEMPrivateKey(d) k.Key = r
if err != nil {
return fmt.Errorf("error parsing private key: %v", err)
}
k.Key = key
return nil return nil
} }
return fmt.Errorf("unknown format for private key: %q", string(b)) return fmt.Errorf("unknown format for private key: %q", string(b))
} }