github.com/openshift/installer@v1.4.17/pkg/asset/tls/boundsasigningkey.go

github.com/openshift/installer@v1.4.17/pkg/asset/tls/boundsasigningkey.go (about)

     1  package tls
     2  
     3  import (
     4  	"context"
     5  	"os"
     6  	"path/filepath"
     7  
     8  	"github.com/pkg/errors"
     9  	"github.com/sirupsen/logrus"
    10  
    11  	"github.com/openshift/installer/pkg/asset"
    12  )
    13  
    14  // BoundSASigningKey contains a user provided key and public parts for the
    15  // service account signing key used by kube-apiserver.
    16  // This asset does not generate any new content and only loads these files from disk
    17  // when provided by the user.
    18  type BoundSASigningKey struct {
    19  	FileList []*asset.File
    20  }
    21  
    22  var _ asset.WritableAsset = (*BoundSASigningKey)(nil)
    23  
    24  // Name returns a human friendly name for the asset.
    25  func (*BoundSASigningKey) Name() string {
    26  	return "User-provided Service Account Signing key"
    27  }
    28  
    29  // Dependencies returns all of the dependencies directly needed to generate
    30  // the asset.
    31  func (*BoundSASigningKey) Dependencies() []asset.Asset {
    32  	return nil
    33  }
    34  
    35  // Generate generates the CloudProviderConfig.
    36  func (*BoundSASigningKey) Generate(_ context.Context, dependencies asset.Parents) error { return nil }
    37  
    38  // Files returns the files generated by the asset.
    39  func (sk *BoundSASigningKey) Files() []*asset.File {
    40  	return sk.FileList
    41  }
    42  
    43  // Load reads the private key from the disk.
    44  // It ensures that the key provided is a valid RSA key.
    45  func (sk *BoundSASigningKey) Load(f asset.FileFetcher) (bool, error) {
    46  	keyFile, err := f.FetchByName(filepath.Join(tlsDir, "bound-service-account-signing-key.key"))
    47  	if err != nil {
    48  		if os.IsNotExist(err) {
    49  			return false, nil
    50  		}
    51  		return false, err
    52  	}
    53  
    54  	rsaKey, err := PemToPrivateKey(keyFile.Data)
    55  	if err != nil {
    56  		logrus.Debugf("Failed to load rsa.PrivateKey from file: %s", err)
    57  		return false, errors.Wrap(err, "failed to load rsa.PrivateKey from the file")
    58  	}
    59  	pubData, err := PublicKeyToPem(&rsaKey.PublicKey)
    60  	if err != nil {
    61  		return false, errors.Wrap(err, "failed to extract public key from the key")
    62  	}
    63  	sk.FileList = []*asset.File{keyFile, {Filename: filepath.Join(tlsDir, "bound-service-account-signing-key.pub"), Data: pubData}}
    64  	return true, nil
    65  }