ref(tlsutil): remove ServerConfig

dead code from Tiller days

Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
pull/6914/head
Matthew Fisher 5 years ago
parent 865c46c014
commit 9ed2a28ede
No known key found for this signature in database
GPG Key ID: 92AA783CBAAE8E3B

@ -27,18 +27,14 @@ import (
// Options represents configurable options used to create client and server TLS configurations. // Options represents configurable options used to create client and server TLS configurations.
type Options struct { type Options struct {
CaCertFile string CaCertFile string
// If either the KeyFile or CertFile is empty, ClientConfig() will not load them, // If either the KeyFile or CertFile is empty, ClientConfig() will not load them.
// preventing Helm from authenticating to Tiller. They are required to be non-empty
// when calling ServerConfig, otherwise an error is returned.
KeyFile string KeyFile string
CertFile string CertFile string
// Client-only options // Client-only options
InsecureSkipVerify bool InsecureSkipVerify bool
// Server-only options
ClientAuth tls.ClientAuthType
} }
// ClientConfig retusn a TLS configuration for use by a Helm client. // ClientConfig returns a TLS configuration for use by a Helm client.
func ClientConfig(opts Options) (cfg *tls.Config, err error) { func ClientConfig(opts Options) (cfg *tls.Config, err error) {
var cert *tls.Certificate var cert *tls.Certificate
var pool *x509.CertPool var pool *x509.CertPool
@ -60,24 +56,3 @@ func ClientConfig(opts Options) (cfg *tls.Config, err error) {
cfg = &tls.Config{InsecureSkipVerify: opts.InsecureSkipVerify, Certificates: []tls.Certificate{*cert}, RootCAs: pool} cfg = &tls.Config{InsecureSkipVerify: opts.InsecureSkipVerify, Certificates: []tls.Certificate{*cert}, RootCAs: pool}
return cfg, nil return cfg, nil
} }
// ServerConfig returns a TLS configuration for use by the Tiller server.
func ServerConfig(opts Options) (cfg *tls.Config, err error) {
var cert *tls.Certificate
var pool *x509.CertPool
if cert, err = CertFromFilePair(opts.CertFile, opts.KeyFile); err != nil {
if os.IsNotExist(err) {
return nil, errors.Wrapf(err, "could not load x509 key pair (cert: %q, key: %q)", opts.CertFile, opts.KeyFile)
}
return nil, errors.Wrapf(err, "could not read x509 key pair (cert: %q, key: %q)", opts.CertFile, opts.KeyFile)
}
if opts.ClientAuth >= tls.VerifyClientCertIfGiven && opts.CaCertFile != "" {
if pool, err = CertPoolFromFile(opts.CaCertFile); err != nil {
return nil, err
}
}
cfg = &tls.Config{MinVersion: tls.VersionTLS12, ClientAuth: opts.ClientAuth, Certificates: []tls.Certificate{*cert}, ClientCAs: pool}
return cfg, nil
}

@ -17,7 +17,6 @@ limitations under the License.
package tlsutil package tlsutil
import ( import (
"crypto/tls"
"path/filepath" "path/filepath"
"testing" "testing"
) )
@ -54,26 +53,6 @@ func TestClientConfig(t *testing.T) {
} }
} }
func TestServerConfig(t *testing.T) {
opts := Options{
CaCertFile: testfile(t, testCaCertFile),
CertFile: testfile(t, testCertFile),
KeyFile: testfile(t, testKeyFile),
ClientAuth: tls.RequireAndVerifyClientCert,
}
cfg, err := ServerConfig(opts)
if err != nil {
t.Fatalf("error building tls server config: %v", err)
}
if got := cfg.MinVersion; got != tls.VersionTLS12 {
t.Errorf("expecting TLS version 1.2, got %d", got)
}
if got := cfg.ClientCAs; got == nil {
t.Errorf("expecting non-nil CA pool")
}
}
func testfile(t *testing.T, file string) (path string) { func testfile(t *testing.T, file string) (path string) {
var err error var err error
if path, err = filepath.Abs(filepath.Join(tlsTestDir, file)); err != nil { if path, err = filepath.Abs(filepath.Join(tlsTestDir, file)); err != nil {

Loading…
Cancel
Save