Merge #188

188: Upgrade client-go to v12.0.0 r=mkmik a=mkmik Minor API changes (some helpers functions disappeared upstream probably because they were deemed to be trivial to write explicitly). Sore point: a roundtrip test is broken since the reflection based test trips over some non-semantic changes while comparing empty slices (nil != []foo{} in Go) Will address that ASAP but I'd like to unblock this in the meantime. Closes #183 Co-authored-by: Marko Mikulicic <mkm@bitnami.com>
bitnami-labs · Jul 25, 2019 · 755fe43 · 755fe43
2 parents f556cf5 + b2309db
commit 755fe43
Show file tree

Hide file tree

Showing 1,127 changed files with 85,986 additions and 30,383 deletions.
diff --git a/cmd/controller/keyregistry.go b/cmd/controller/keyregistry.go
@@ -3,6 +3,7 @@ package main
 import (
 	"crypto/rsa"
 	"crypto/x509"
+	"encoding/pem"
 	"log"
 
 	"k8s.io/client-go/kubernetes"
@@ -43,7 +44,7 @@ func (kr *KeyRegistry) generateKey() (string, error) {
 	// Only store key to local store if write to k8s worked
 	kr.registerNewKey(generatedName, key, cert)
 	log.Printf("New key written to %s/%s\n", kr.namespace, generatedName)
-	log.Printf("Certificate is \n%s\n", certUtil.EncodeCertPEM(cert))
+	log.Printf("Certificate is \n%s\n", pem.EncodeToMemory(&pem.Block{Type: certUtil.CertificateBlockType, Bytes: cert.Raw}))
 	return generatedName, nil
 }
 

diff --git a/cmd/controller/keys.go b/cmd/controller/keys.go
@@ -5,15 +5,17 @@ import (
 	"crypto/rsa"
 	"crypto/x509"
 	"crypto/x509/pkix"
+	"encoding/pem"
 	"errors"
 	"io"
 	"math/big"
 	"time"
 
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	certUtil "k8s.io/client-go/util/cert"
+	"k8s.io/client-go/util/keyutil"
 )
 
 const SealedSecretsKeyLabel = "sealedsecrets.bitnami.com/sealed-secrets-key"
@@ -36,7 +38,7 @@ func generatePrivateKeyAndCert(keySize int) (*rsa.PrivateKey, *x509.Certificate,
 }
 
 func readKey(secret v1.Secret) (*rsa.PrivateKey, []*x509.Certificate, error) {
-	key, err := certUtil.ParsePrivateKeyPEM(secret.Data[v1.TLSPrivateKeyKey])
+	key, err := keyutil.ParsePrivateKeyPEM(secret.Data[v1.TLSPrivateKeyKey])
 	if err != nil {
 		return nil, nil, err
 	}
@@ -55,7 +57,7 @@ func readKey(secret v1.Secret) (*rsa.PrivateKey, []*x509.Certificate, error) {
 func writeKey(client kubernetes.Interface, key *rsa.PrivateKey, certs []*x509.Certificate, namespace, label, prefix string) (string, error) {
 	certbytes := []byte{}
 	for _, cert := range certs {
-		certbytes = append(certbytes, certUtil.EncodeCertPEM(cert)...)
+		certbytes = append(certbytes, pem.EncodeToMemory(&pem.Block{Type: certUtil.CertificateBlockType, Bytes: cert.Raw})...)
 	}
 	secret := v1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
@@ -66,13 +68,13 @@ func writeKey(client kubernetes.Interface, key *rsa.PrivateKey, certs []*x509.Ce
 			},
 		},
 		Data: map[string][]byte{
-			v1.TLSPrivateKeyKey: certUtil.EncodePrivateKeyPEM(key),
+			v1.TLSPrivateKeyKey: pem.EncodeToMemory(&pem.Block{Type: keyutil.RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(key)}),
 			v1.TLSCertKey:       certbytes,
 		},
 		Type: v1.SecretTypeTLS,
 	}
 
-	createdSecret, err := client.Core().Secrets(namespace).Create(&secret)
+	createdSecret, err := client.CoreV1().Secrets(namespace).Create(&secret)
 	if err != nil {
 		return "", err
 	}

diff --git a/cmd/controller/keys_test.go b/cmd/controller/keys_test.go
@@ -3,15 +3,17 @@ package main
 import (
 	"crypto/rsa"
 	"crypto/x509"
+	"encoding/pem"
 	"io"
 	mathrand "math/rand"
 	"reflect"
 	"testing"
 
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes/fake"
 	certUtil "k8s.io/client-go/util/cert"
+	"k8s.io/client-go/util/keyutil"
 )
 
 // This is omg-not safe for real crypto use!
@@ -38,8 +40,8 @@ func TestReadKey(t *testing.T) {
 			Namespace: "myns",
 		},
 		Data: map[string][]byte{
-			v1.TLSPrivateKeyKey: certUtil.EncodePrivateKeyPEM(key),
-			v1.TLSCertKey:       certUtil.EncodeCertPEM(cert),
+			v1.TLSPrivateKeyKey: pem.EncodeToMemory(&pem.Block{Type: keyutil.RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(key)}),
+			v1.TLSCertKey:       pem.EncodeToMemory(&pem.Block{Type: certUtil.CertificateBlockType, Bytes: cert.Raw}),
 		},
 		Type: v1.SecretTypeTLS,
 	}

diff --git a/cmd/controller/main.go b/cmd/controller/main.go
@@ -65,15 +65,15 @@ func initKeyPrefix(keyPrefix string) (string, error) {
 
 func initKeyRegistry(client kubernetes.Interface, r io.Reader, namespace, prefix, label string, keysize int) (*KeyRegistry, error) {
 	log.Printf("Searching for existing private keys")
-	secretList, err := client.Core().Secrets(namespace).List(metav1.ListOptions{
+	secretList, err := client.CoreV1().Secrets(namespace).List(metav1.ListOptions{
 		LabelSelector: keySelector.String(),
 	})
 	if err != nil {
 		return nil, err
 	}
 	items := secretList.Items
 	if len(items) == 0 {
-		s, err := client.Core().Secrets(namespace).Get(prefix, metav1.GetOptions{})
+		s, err := client.CoreV1().Secrets(namespace).Get(prefix, metav1.GetOptions{})
 		if !errors.IsNotFound(err) {
 			if err != nil {
 				return nil, err

diff --git a/cmd/controller/main_test.go b/cmd/controller/main_test.go
@@ -3,6 +3,7 @@ package main
 import (
 	"crypto/rsa"
 	"crypto/x509"
+	"encoding/pem"
 	"testing"
 	"time"
 
@@ -12,6 +13,7 @@ import (
 	"k8s.io/client-go/kubernetes/fake"
 	ktesting "k8s.io/client-go/testing"
 	certUtil "k8s.io/client-go/util/cert"
+	"k8s.io/client-go/util/keyutil"
 )
 
 func findAction(fake *fake.Clientset, verb, resource string) ktesting.Action {
@@ -160,21 +162,21 @@ func TestReuseKey(t *testing.T) {
 func writeLegacyKey(client kubernetes.Interface, key *rsa.PrivateKey, certs []*x509.Certificate, namespace, name string) (string, error) {
 	certbytes := []byte{}
 	for _, cert := range certs {
-		certbytes = append(certbytes, certUtil.EncodeCertPEM(cert)...)
+		certbytes = append(certbytes, pem.EncodeToMemory(&pem.Block{Type: certUtil.CertificateBlockType, Bytes: cert.Raw})...)
 	}
 	secret := v1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: namespace,
 			Name:      name,
 		},
 		Data: map[string][]byte{
-			v1.TLSPrivateKeyKey: certUtil.EncodePrivateKeyPEM(key),
+			v1.TLSPrivateKeyKey: pem.EncodeToMemory(&pem.Block{Type: keyutil.RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(key)}),
 			v1.TLSCertKey:       certbytes,
 		},
 		Type: v1.SecretTypeTLS,
 	}
 
-	createdSecret, err := client.Core().Secrets(namespace).Create(&secret)
+	createdSecret, err := client.CoreV1().Secrets(namespace).Create(&secret)
 	if err != nil {
 		return "", err
 	}

diff --git a/cmd/controller/server.go b/cmd/controller/server.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"crypto/x509"
+	"encoding/pem"
 	"io"
 	"io/ioutil"
 	"log"
@@ -85,7 +86,7 @@ func httpserver(cp certProvider, sc secretChecker, sr secretRotator) {
 		certs := cp()
 		w.Header().Set("Content-Type", "application/x-pem-file")
 		for _, cert := range certs {
-			w.Write(certUtil.EncodeCertPEM(cert))
+			w.Write(pem.EncodeToMemory(&pem.Block{Type: certUtil.CertificateBlockType, Bytes: cert.Raw}))
 		}
 	})
 

diff --git a/go.mod b/go.mod
@@ -3,34 +3,23 @@ module github.com/bitnami-labs/sealed-secrets
 go 1.12
 
 require (
-	cloud.google.com/go v0.0.0-20170810012647-4226ba9d76a5 // indirect
-	github.com/Azure/go-autorest v9.5.2+incompatible // indirect
 	github.com/bitnami-labs/flagenv v0.0.0-20190607135054-a87af7a1d6fc
 	github.com/bitnami-labs/pflagenv v0.0.0-20190702160147-b4d9f048d98f
 	github.com/dgrijalva/jwt-go v3.1.0+incompatible // indirect
-	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/gogo/protobuf v1.2.1 // indirect
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 	github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef // indirect
-	github.com/golang/protobuf v0.0.0-20171113180720-1e59b77b52bf // indirect
 	github.com/gomodule/redigo v2.0.0+incompatible // indirect
 	github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf
 	github.com/googleapis/gnostic v0.0.0-20171211024024-933c109c13ce // indirect
-	github.com/gophercloud/gophercloud v0.0.0-20171208163052-4d2733c96289 // indirect
-	github.com/hashicorp/golang-lru v0.0.0-20160813221303-0a025b7e63ad // indirect
-	github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c // indirect
-	github.com/imdario/mergo v0.0.0-20170620104701-e3000cb3d28c // indirect
-	github.com/onsi/ginkgo v0.0.0-20180119174237-747514b53ddd
-	github.com/onsi/gomega v0.0.0-20180205174834-a9c79f175573
+	github.com/onsi/ginkgo v1.6.0
+	github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3
 	github.com/spf13/pflag v1.0.3
 	github.com/throttled/throttled v2.2.2+incompatible
-	golang.org/x/oauth2 v0.0.0-20170807180024-9a379c6b3e95 // indirect
 	golang.org/x/time v0.0.0-20181108054448-85acf8d2951c // indirect
-	google.golang.org/appengine v0.0.0-20170801183137-c5a90ac045b7 // indirect
-	gopkg.in/inf.v0 v0.9.0 // indirect
-	k8s.io/api v0.0.0-20180828232432-12444147eb11
-	k8s.io/apimachinery v0.0.0-20180619225948-e386b2658ed2
-	k8s.io/client-go v0.0.0-20180817174322-745ca8300397
+	k8s.io/api v0.0.0-20190620084959-7cf5895f2711
+	k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719
+	k8s.io/client-go v0.0.0-20190620085101-78d2af792bab
 	k8s.io/code-generator v0.0.0-20190713022532-93d7507fc8ff
 	k8s.io/kube-openapi v0.0.0-20190709113604-33be087ad058 // indirect
 )