Skip to content

Commit

Permalink
Upgrade client-go to v12.0.0
Browse files Browse the repository at this point in the history
Minor API changes (some helpers functions disappeared upstream probably because they were deemed to be trivial to write explicitly).

Sore point: a roundtrip test is broken since the reflection based test trips over some non-semantic changes while comparing empty slices (nil != []foo{} in Go)
Will address that ASAP but I'd like to unblock this in the meantime.

Closes bitnami-labs#183
  • Loading branch information
Marko Mikulicic committed Jul 25, 2019
1 parent f556cf5 commit b2309db
Show file tree
Hide file tree
Showing 1,127 changed files with 85,986 additions and 30,383 deletions.
3 changes: 2 additions & 1 deletion cmd/controller/keyregistry.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package main
import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"log"

"k8s.io/client-go/kubernetes"
Expand Down Expand Up @@ -43,7 +44,7 @@ func (kr *KeyRegistry) generateKey() (string, error) {
// Only store key to local store if write to k8s worked
kr.registerNewKey(generatedName, key, cert)
log.Printf("New key written to %s/%s\n", kr.namespace, generatedName)
log.Printf("Certificate is \n%s\n", certUtil.EncodeCertPEM(cert))
log.Printf("Certificate is \n%s\n", pem.EncodeToMemory(&pem.Block{Type: certUtil.CertificateBlockType, Bytes: cert.Raw}))
return generatedName, nil
}

Expand Down
12 changes: 7 additions & 5 deletions cmd/controller/keys.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,17 @@ import (
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"errors"
"io"
"math/big"
"time"

"k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
certUtil "k8s.io/client-go/util/cert"
"k8s.io/client-go/util/keyutil"
)

const SealedSecretsKeyLabel = "sealedsecrets.bitnami.com/sealed-secrets-key"
Expand All @@ -36,7 +38,7 @@ func generatePrivateKeyAndCert(keySize int) (*rsa.PrivateKey, *x509.Certificate,
}

func readKey(secret v1.Secret) (*rsa.PrivateKey, []*x509.Certificate, error) {
key, err := certUtil.ParsePrivateKeyPEM(secret.Data[v1.TLSPrivateKeyKey])
key, err := keyutil.ParsePrivateKeyPEM(secret.Data[v1.TLSPrivateKeyKey])
if err != nil {
return nil, nil, err
}
Expand All @@ -55,7 +57,7 @@ func readKey(secret v1.Secret) (*rsa.PrivateKey, []*x509.Certificate, error) {
func writeKey(client kubernetes.Interface, key *rsa.PrivateKey, certs []*x509.Certificate, namespace, label, prefix string) (string, error) {
certbytes := []byte{}
for _, cert := range certs {
certbytes = append(certbytes, certUtil.EncodeCertPEM(cert)...)
certbytes = append(certbytes, pem.EncodeToMemory(&pem.Block{Type: certUtil.CertificateBlockType, Bytes: cert.Raw})...)
}
secret := v1.Secret{
ObjectMeta: metav1.ObjectMeta{
Expand All @@ -66,13 +68,13 @@ func writeKey(client kubernetes.Interface, key *rsa.PrivateKey, certs []*x509.Ce
},
},
Data: map[string][]byte{
v1.TLSPrivateKeyKey: certUtil.EncodePrivateKeyPEM(key),
v1.TLSPrivateKeyKey: pem.EncodeToMemory(&pem.Block{Type: keyutil.RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(key)}),
v1.TLSCertKey: certbytes,
},
Type: v1.SecretTypeTLS,
}

createdSecret, err := client.Core().Secrets(namespace).Create(&secret)
createdSecret, err := client.CoreV1().Secrets(namespace).Create(&secret)
if err != nil {
return "", err
}
Expand Down
8 changes: 5 additions & 3 deletions cmd/controller/keys_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,17 @@ package main
import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"io"
mathrand "math/rand"
"reflect"
"testing"

"k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes/fake"
certUtil "k8s.io/client-go/util/cert"
"k8s.io/client-go/util/keyutil"
)

// This is omg-not safe for real crypto use!
Expand All @@ -38,8 +40,8 @@ func TestReadKey(t *testing.T) {
Namespace: "myns",
},
Data: map[string][]byte{
v1.TLSPrivateKeyKey: certUtil.EncodePrivateKeyPEM(key),
v1.TLSCertKey: certUtil.EncodeCertPEM(cert),
v1.TLSPrivateKeyKey: pem.EncodeToMemory(&pem.Block{Type: keyutil.RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(key)}),
v1.TLSCertKey: pem.EncodeToMemory(&pem.Block{Type: certUtil.CertificateBlockType, Bytes: cert.Raw}),
},
Type: v1.SecretTypeTLS,
}
Expand Down
4 changes: 2 additions & 2 deletions cmd/controller/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,15 +65,15 @@ func initKeyPrefix(keyPrefix string) (string, error) {

func initKeyRegistry(client kubernetes.Interface, r io.Reader, namespace, prefix, label string, keysize int) (*KeyRegistry, error) {
log.Printf("Searching for existing private keys")
secretList, err := client.Core().Secrets(namespace).List(metav1.ListOptions{
secretList, err := client.CoreV1().Secrets(namespace).List(metav1.ListOptions{
LabelSelector: keySelector.String(),
})
if err != nil {
return nil, err
}
items := secretList.Items
if len(items) == 0 {
s, err := client.Core().Secrets(namespace).Get(prefix, metav1.GetOptions{})
s, err := client.CoreV1().Secrets(namespace).Get(prefix, metav1.GetOptions{})
if !errors.IsNotFound(err) {
if err != nil {
return nil, err
Expand Down
8 changes: 5 additions & 3 deletions cmd/controller/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package main
import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"testing"
"time"

Expand All @@ -12,6 +13,7 @@ import (
"k8s.io/client-go/kubernetes/fake"
ktesting "k8s.io/client-go/testing"
certUtil "k8s.io/client-go/util/cert"
"k8s.io/client-go/util/keyutil"
)

func findAction(fake *fake.Clientset, verb, resource string) ktesting.Action {
Expand Down Expand Up @@ -160,21 +162,21 @@ func TestReuseKey(t *testing.T) {
func writeLegacyKey(client kubernetes.Interface, key *rsa.PrivateKey, certs []*x509.Certificate, namespace, name string) (string, error) {
certbytes := []byte{}
for _, cert := range certs {
certbytes = append(certbytes, certUtil.EncodeCertPEM(cert)...)
certbytes = append(certbytes, pem.EncodeToMemory(&pem.Block{Type: certUtil.CertificateBlockType, Bytes: cert.Raw})...)
}
secret := v1.Secret{
ObjectMeta: metav1.ObjectMeta{
Namespace: namespace,
Name: name,
},
Data: map[string][]byte{
v1.TLSPrivateKeyKey: certUtil.EncodePrivateKeyPEM(key),
v1.TLSPrivateKeyKey: pem.EncodeToMemory(&pem.Block{Type: keyutil.RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(key)}),
v1.TLSCertKey: certbytes,
},
Type: v1.SecretTypeTLS,
}

createdSecret, err := client.Core().Secrets(namespace).Create(&secret)
createdSecret, err := client.CoreV1().Secrets(namespace).Create(&secret)
if err != nil {
return "", err
}
Expand Down
3 changes: 2 additions & 1 deletion cmd/controller/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package main

import (
"crypto/x509"
"encoding/pem"
"io"
"io/ioutil"
"log"
Expand Down Expand Up @@ -85,7 +86,7 @@ func httpserver(cp certProvider, sc secretChecker, sr secretRotator) {
certs := cp()
w.Header().Set("Content-Type", "application/x-pem-file")
for _, cert := range certs {
w.Write(certUtil.EncodeCertPEM(cert))
w.Write(pem.EncodeToMemory(&pem.Block{Type: certUtil.CertificateBlockType, Bytes: cert.Raw}))
}
})

Expand Down
21 changes: 5 additions & 16 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,34 +3,23 @@ module github.com/bitnami-labs/sealed-secrets
go 1.12

require (
cloud.google.com/go v0.0.0-20170810012647-4226ba9d76a5 // indirect
github.com/Azure/go-autorest v9.5.2+incompatible // indirect
github.com/bitnami-labs/flagenv v0.0.0-20190607135054-a87af7a1d6fc
github.com/bitnami-labs/pflagenv v0.0.0-20190702160147-b4d9f048d98f
github.com/dgrijalva/jwt-go v3.1.0+incompatible // indirect
github.com/ghodss/yaml v1.0.0 // indirect
github.com/gogo/protobuf v1.2.1 // indirect
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef // indirect
github.com/golang/protobuf v0.0.0-20171113180720-1e59b77b52bf // indirect
github.com/gomodule/redigo v2.0.0+incompatible // indirect
github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf
github.com/googleapis/gnostic v0.0.0-20171211024024-933c109c13ce // indirect
github.com/gophercloud/gophercloud v0.0.0-20171208163052-4d2733c96289 // indirect
github.com/hashicorp/golang-lru v0.0.0-20160813221303-0a025b7e63ad // indirect
github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c // indirect
github.com/imdario/mergo v0.0.0-20170620104701-e3000cb3d28c // indirect
github.com/onsi/ginkgo v0.0.0-20180119174237-747514b53ddd
github.com/onsi/gomega v0.0.0-20180205174834-a9c79f175573
github.com/onsi/ginkgo v1.6.0
github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3
github.com/spf13/pflag v1.0.3
github.com/throttled/throttled v2.2.2+incompatible
golang.org/x/oauth2 v0.0.0-20170807180024-9a379c6b3e95 // indirect
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c // indirect
google.golang.org/appengine v0.0.0-20170801183137-c5a90ac045b7 // indirect
gopkg.in/inf.v0 v0.9.0 // indirect
k8s.io/api v0.0.0-20180828232432-12444147eb11
k8s.io/apimachinery v0.0.0-20180619225948-e386b2658ed2
k8s.io/client-go v0.0.0-20180817174322-745ca8300397
k8s.io/api v0.0.0-20190620084959-7cf5895f2711
k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719
k8s.io/client-go v0.0.0-20190620085101-78d2af792bab
k8s.io/code-generator v0.0.0-20190713022532-93d7507fc8ff
k8s.io/kube-openapi v0.0.0-20190709113604-33be087ad058 // indirect
)
Loading

0 comments on commit b2309db

Please sign in to comment.