ref(tlsutil): remove ServerConfig

dead code from Tiller days Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
5 years ago · 9ed2a28ede
parent 865c46c014
commit 9ed2a28ede
2 changed files with 2 additions and 48 deletions
--- a/internal/tlsutil/cfg.go
+++ b/internal/tlsutil/cfg.go
@ -27,18 +27,14 @@ import (
 // Options represents configurable options used to create client and server TLS configurations.
 type Options struct {
 	CaCertFile string
-	// If either the KeyFile or CertFile is empty, ClientConfig() will not load them,
-	// preventing Helm from authenticating to Tiller. They are required to be non-empty
-	// when calling ServerConfig, otherwise an error is returned.
+	// If either the KeyFile or CertFile is empty, ClientConfig() will not load them.
 	KeyFile  string
 	CertFile string
 	// Client-only options
 	InsecureSkipVerify bool
-	// Server-only options
-	ClientAuth tls.ClientAuthType
 }

-// ClientConfig retusn a TLS configuration for use by a Helm client.
+// ClientConfig returns a TLS configuration for use by a Helm client.
 func ClientConfig(opts Options) (cfg *tls.Config, err error) {
 	var cert *tls.Certificate
 	var pool *x509.CertPool
@ -60,24 +56,3 @@ func ClientConfig(opts Options) (cfg *tls.Config, err error) {
 	cfg = &tls.Config{InsecureSkipVerify: opts.InsecureSkipVerify, Certificates: []tls.Certificate{*cert}, RootCAs: pool}
 	return cfg, nil
 }
-
-// ServerConfig returns a TLS configuration for use by the Tiller server.
-func ServerConfig(opts Options) (cfg *tls.Config, err error) {
-	var cert *tls.Certificate
-	var pool *x509.CertPool
-
-	if cert, err = CertFromFilePair(opts.CertFile, opts.KeyFile); err != nil {
-		if os.IsNotExist(err) {
-			return nil, errors.Wrapf(err, "could not load x509 key pair (cert: %q, key: %q)", opts.CertFile, opts.KeyFile)
-		}
-		return nil, errors.Wrapf(err, "could not read x509 key pair (cert: %q, key: %q)", opts.CertFile, opts.KeyFile)
-	}
-	if opts.ClientAuth >= tls.VerifyClientCertIfGiven && opts.CaCertFile != "" {
-		if pool, err = CertPoolFromFile(opts.CaCertFile); err != nil {
-			return nil, err
-		}
-	}
-
-	cfg = &tls.Config{MinVersion: tls.VersionTLS12, ClientAuth: opts.ClientAuth, Certificates: []tls.Certificate{*cert}, ClientCAs: pool}
-	return cfg, nil
-}
--- a/internal/tlsutil/tlsutil_test.go
+++ b/internal/tlsutil/tlsutil_test.go
@ -17,7 +17,6 @@ limitations under the License.
 package tlsutil

 import (
-	"crypto/tls"
 	"path/filepath"
 	"testing"
 )
@ -54,26 +53,6 @@ func TestClientConfig(t *testing.T) {
 	}
 }

-func TestServerConfig(t *testing.T) {
-	opts := Options{
-		CaCertFile: testfile(t, testCaCertFile),
-		CertFile:   testfile(t, testCertFile),
-		KeyFile:    testfile(t, testKeyFile),
-		ClientAuth: tls.RequireAndVerifyClientCert,
-	}
-
-	cfg, err := ServerConfig(opts)
-	if err != nil {
-		t.Fatalf("error building tls server config: %v", err)
-	}
-	if got := cfg.MinVersion; got != tls.VersionTLS12 {
-		t.Errorf("expecting TLS version 1.2, got %d", got)
-	}
-	if got := cfg.ClientCAs; got == nil {
-		t.Errorf("expecting non-nil CA pool")
-	}
-}
-
 func testfile(t *testing.T, file string) (path string) {
 	var err error
 	if path, err = filepath.Abs(filepath.Join(tlsTestDir, file)); err != nil {