diff --git a/pkg/asset/tls/aggregatorca.go b/pkg/asset/tls/aggregatorca.go index 632c4b159c5..650baa9c563 100644 --- a/pkg/asset/tls/aggregatorca.go +++ b/pkg/asset/tls/aggregatorca.go @@ -5,6 +5,7 @@ import ( "crypto/x509/pkix" "github.com/openshift/installer/pkg/asset" + "github.com/pkg/errors" ) // AggregatorCA is the asset that generates the aggregator-ca key/cert pair. @@ -18,16 +19,11 @@ var _ asset.Asset = (*AggregatorCA)(nil) // the parent CA, and install config if it depends on the install config for // DNS names, etc. func (a *AggregatorCA) Dependencies() []asset.Asset { - return []asset.Asset{ - &RootCA{}, - } + return []asset.Asset{} } // Generate generates the cert/key pair based on its dependencies. func (a *AggregatorCA) Generate(dependencies asset.Parents) error { - rootCA := &RootCA{} - dependencies.Get(rootCA) - cfg := &CertCfg{ Subject: pkix.Name{CommonName: "aggregator", OrganizationalUnit: []string{"bootkube"}}, KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, @@ -35,7 +31,17 @@ func (a *AggregatorCA) Generate(dependencies asset.Parents) error { IsCA: true, } - return a.CertKey.Generate(cfg, rootCA, "aggregator-ca", DoNotAppendParent) + key, crt, err := GenerateRootCertKey(cfg) + if err != nil { + return errors.Wrap(err, "failed to generate Aggregator CA") + } + + a.KeyRaw = PrivateKeyToPem(key) + a.CertRaw = CertToPem(crt) + + a.generateFiles("aggregator-ca") + + return nil } // Name returns the human-friendly name of the asset. diff --git a/pkg/asset/tls/etcdca.go b/pkg/asset/tls/etcdca.go index ca1f58884e6..da5d5aab077 100644 --- a/pkg/asset/tls/etcdca.go +++ b/pkg/asset/tls/etcdca.go @@ -5,6 +5,7 @@ import ( "crypto/x509/pkix" "github.com/openshift/installer/pkg/asset" + "github.com/pkg/errors" ) // EtcdCA is the asset that generates the etcd-ca key/cert pair. @@ -18,16 +19,11 @@ var _ asset.Asset = (*EtcdCA)(nil) // the parent CA, and install config if it depends on the install config for // DNS names, etc. func (a *EtcdCA) Dependencies() []asset.Asset { - return []asset.Asset{ - &RootCA{}, - } + return []asset.Asset{} } // Generate generates the cert/key pair based on its dependencies. func (a *EtcdCA) Generate(dependencies asset.Parents) error { - rootCA := &RootCA{} - dependencies.Get(rootCA) - cfg := &CertCfg{ Subject: pkix.Name{CommonName: "etcd", OrganizationalUnit: []string{"etcd"}}, KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, @@ -35,7 +31,17 @@ func (a *EtcdCA) Generate(dependencies asset.Parents) error { IsCA: true, } - return a.CertKey.Generate(cfg, rootCA, "etcd-client-ca", DoNotAppendParent) + key, crt, err := GenerateRootCertKey(cfg) + if err != nil { + return errors.Wrap(err, "failed to generate ETCD client CA") + } + + a.KeyRaw = PrivateKeyToPem(key) + a.CertRaw = CertToPem(crt) + + a.generateFiles("etcd-client-ca") + + return nil } // Name returns the human-friendly name of the asset. diff --git a/pkg/asset/tls/kubeca.go b/pkg/asset/tls/kubeca.go index d4818803174..a75f87251a1 100644 --- a/pkg/asset/tls/kubeca.go +++ b/pkg/asset/tls/kubeca.go @@ -5,6 +5,7 @@ import ( "crypto/x509/pkix" "github.com/openshift/installer/pkg/asset" + "github.com/pkg/errors" ) // KubeCA is the asset that generates the kube-ca key/cert pair. @@ -18,16 +19,11 @@ var _ asset.Asset = (*KubeCA)(nil) // the parent CA, and install config if it depends on the install config for // DNS names, etc. func (a *KubeCA) Dependencies() []asset.Asset { - return []asset.Asset{ - &RootCA{}, - } + return []asset.Asset{} } // Generate generates the cert/key pair based on its dependencies. func (a *KubeCA) Generate(dependencies asset.Parents) error { - rootCA := &RootCA{} - dependencies.Get(rootCA) - cfg := &CertCfg{ Subject: pkix.Name{CommonName: "kube-ca", OrganizationalUnit: []string{"bootkube"}}, KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, @@ -35,7 +31,17 @@ func (a *KubeCA) Generate(dependencies asset.Parents) error { IsCA: true, } - return a.CertKey.Generate(cfg, rootCA, "kube-ca", DoNotAppendParent) + key, crt, err := GenerateRootCertKey(cfg) + if err != nil { + return errors.Wrap(err, "failed to generate Kube CA") + } + + a.KeyRaw = PrivateKeyToPem(key) + a.CertRaw = CertToPem(crt) + + a.generateFiles("kube-ca") + + return nil } // Name returns the human-friendly name of the asset.