Skip to content

Commit 90ae7db

Browse files
akselleirvakselleirv
authored
Merge pull request #1526 from flux-iac/replace-errors-pkg
Replace github.com/pkg/errors with errors wrapping using stdlib
2 parents 8828763 + f145d21 commit 90ae7db

File tree

2 files changed

+19
-35
lines changed

2 files changed

+19
-35
lines changed

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,6 @@ require (
3434
github.com/kubescape/go-git-url v0.0.30
3535
github.com/maxbrunsfeld/counterfeiter/v6 v6.11.2
3636
github.com/onsi/gomega v1.36.2
37-
github.com/pkg/errors v0.9.1
3837
github.com/spf13/afero v1.12.0
3938
github.com/spf13/cobra v1.8.1
4039
github.com/spf13/pflag v1.0.5
@@ -170,6 +169,7 @@ require (
170169
github.com/opencontainers/image-spec v1.1.0 // indirect
171170
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
172171
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
172+
github.com/pkg/errors v0.9.1 // indirect
173173
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
174174
github.com/prometheus/client_golang v1.20.5 // indirect
175175
github.com/prometheus/client_model v0.6.1 // indirect

mtls/rotator.go

Lines changed: 18 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -9,14 +9,14 @@ import (
99
"crypto/x509"
1010
"crypto/x509/pkix"
1111
"encoding/pem"
12+
"errors"
1213
"fmt"
1314
"math/big"
1415
"os"
1516
"sync"
1617
"time"
1718

1819
infrav1 "github.com/flux-iac/tofu-controller/api/v1alpha2"
19-
"github.com/pkg/errors"
2020
corev1 "k8s.io/api/core/v1"
2121
"k8s.io/apimachinery/pkg/api/meta"
2222
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -495,12 +495,12 @@ func buildArtifactsFromSecret(secret *corev1.Secret) (caArtifacts *KeyPairArtifa
495495
func parseArtifacts(certName, keyName string, secret *corev1.Secret) (*KeyPairArtifacts, error) {
496496
certPem, ok := secret.Data[certName]
497497
if !ok {
498-
return nil, errors.New(fmt.Sprintf("Cert Secret is not well-formed, missing %s", caCertName))
498+
return nil, fmt.Errorf("cert Secret is not well-formed, missing %s", caCertName)
499499
}
500500

501501
keyPem, ok := secret.Data[keyName]
502502
if !ok {
503-
return nil, errors.New(fmt.Sprintf("Cert Secret is not well-formed, missing %s", caKeyName))
503+
return nil, fmt.Errorf("cert Secret is not well-formed, missing %s", caKeyName)
504504
}
505505

506506
certDer, _ := pem.Decode(certPem)
@@ -510,7 +510,7 @@ func parseArtifacts(certName, keyName string, secret *corev1.Secret) (*KeyPairAr
510510

511511
cert, err := x509.ParseCertificate(certDer.Bytes)
512512
if err != nil {
513-
return nil, errors.Wrap(err, "while parsing CA cert")
513+
return nil, fmt.Errorf("while parsing CA cert: %w", err)
514514
}
515515

516516
keyDer, _ := pem.Decode(keyPem)
@@ -520,7 +520,7 @@ func parseArtifacts(certName, keyName string, secret *corev1.Secret) (*KeyPairAr
520520

521521
key, err := x509.ParsePKCS1PrivateKey(keyDer.Bytes)
522522
if err != nil {
523-
return nil, errors.Wrap(err, "while parsing key")
523+
return nil, fmt.Errorf("while parsing key: %w", err)
524524
}
525525

526526
return &KeyPairArtifacts{
@@ -552,19 +552,19 @@ func (cr *CertRotator) createCACert(begin, end time.Time) (*KeyPairArtifacts, er
552552
}
553553
key, err := rsa.GenerateKey(rand.Reader, 2048)
554554
if err != nil {
555-
return nil, errors.Wrap(err, "generating key")
555+
return nil, fmt.Errorf("generating key: %w", err)
556556
}
557557
der, err := x509.CreateCertificate(rand.Reader, certTemplate, certTemplate, key.Public(), key)
558558
if err != nil {
559-
return nil, errors.Wrap(err, "creating certificate")
559+
return nil, fmt.Errorf("creating certificate: %w", err)
560560
}
561561
certPEM, keyPEM, err := pemEncode(der, key)
562562
if err != nil {
563-
return nil, errors.Wrap(err, "encoding PEM")
563+
return nil, fmt.Errorf("encoding PEM: %w", err)
564564
}
565565
cert, err := x509.ParseCertificate(der)
566566
if err != nil {
567-
return nil, errors.Wrap(err, "parsing certificate")
567+
return nil, fmt.Errorf("parsing certificate: %w", err)
568568
}
569569

570570
return &KeyPairArtifacts{Cert: cert, Key: key, CertPEM: certPEM, KeyPEM: keyPEM, validUntil: end}, nil
@@ -592,15 +592,15 @@ func (cr *CertRotator) createCertPEM(ca *KeyPairArtifacts, hostnames []string, b
592592
}
593593
key, err := rsa.GenerateKey(rand.Reader, 2048)
594594
if err != nil {
595-
return nil, nil, errors.Wrap(err, "generating key")
595+
return nil, nil, fmt.Errorf("generating key: %w", err)
596596
}
597597
der, err := x509.CreateCertificate(rand.Reader, certTemplate, ca.Cert, key.Public(), ca.Key)
598598
if err != nil {
599-
return nil, nil, errors.Wrap(err, "creating certificate")
599+
return nil, nil, fmt.Errorf("creating certificate: %w", err)
600600
}
601601
certPEM, keyPEM, err := pemEncode(der, key)
602602
if err != nil {
603-
return nil, nil, errors.Wrap(err, "encoding PEM")
603+
return nil, nil, fmt.Errorf("encoding PEM: %w", err)
604604
}
605605
return certPEM, keyPEM, nil
606606
}
@@ -609,11 +609,11 @@ func (cr *CertRotator) createCertPEM(ca *KeyPairArtifacts, hostnames []string, b
609609
func pemEncode(certificateDER []byte, key *rsa.PrivateKey) ([]byte, []byte, error) {
610610
certBuf := &bytes.Buffer{}
611611
if err := pem.Encode(certBuf, &pem.Block{Type: "CERTIFICATE", Bytes: certificateDER}); err != nil {
612-
return nil, nil, errors.Wrap(err, "encoding cert")
612+
return nil, nil, fmt.Errorf("encoding cert: %w", err)
613613
}
614614
keyBuf := &bytes.Buffer{}
615615
if err := pem.Encode(keyBuf, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}); err != nil {
616-
return nil, nil, errors.Wrap(err, "encoding key")
616+
return nil, nil, fmt.Errorf("encoding key: %w", err)
617617
}
618618
return certBuf.Bytes(), keyBuf.Bytes(), nil
619619
}
@@ -622,22 +622,6 @@ func (cr *CertRotator) lookaheadTime() time.Time {
622622
return time.Now().Add(cr.LookaheadInterval)
623623
}
624624

625-
func (cr *CertRotator) validServerCert(caCert, cert, key []byte) bool {
626-
valid, err := ValidCert(caCert, cert, key, cr.DNSName, cr.extKeyUsages, cr.lookaheadTime())
627-
if err != nil {
628-
return false
629-
}
630-
return valid
631-
}
632-
633-
func (cr *CertRotator) validCACert(cert, key []byte) bool {
634-
valid, err := ValidCert(cert, cert, key, cr.CAName, nil, cr.lookaheadTime())
635-
if err != nil {
636-
return false
637-
}
638-
return valid
639-
}
640-
641625
func (cr *CertRotator) generateNamespaceTLS(namespace string) (*corev1.Secret, error) {
642626
n := len(cr.artifactCaches)
643627
// get last artifact cache
@@ -698,13 +682,13 @@ func ValidCert(caCert, cert, key []byte, dnsName string, keyUsages *[]x509.ExtKe
698682
}
699683
cac, err := x509.ParseCertificate(caDer.Bytes)
700684
if err != nil {
701-
return false, errors.Wrap(err, "parsing CA cert")
685+
return false, fmt.Errorf("parsing CA cert: %w", err)
702686
}
703687
pool.AddCert(cac)
704688

705689
_, err = tls.X509KeyPair(cert, key)
706690
if err != nil {
707-
return false, errors.Wrap(err, "building key pair")
691+
return false, fmt.Errorf("building key pair: %w", err)
708692
}
709693

710694
b, _ := pem.Decode(cert)
@@ -714,7 +698,7 @@ func ValidCert(caCert, cert, key []byte, dnsName string, keyUsages *[]x509.ExtKe
714698

715699
crt, err := x509.ParseCertificate(b.Bytes)
716700
if err != nil {
717-
return false, errors.Wrap(err, "parsing cert")
701+
return false, fmt.Errorf("parsing cert: %w", err)
718702
}
719703

720704
opt := x509.VerifyOptions{
@@ -728,7 +712,7 @@ func ValidCert(caCert, cert, key []byte, dnsName string, keyUsages *[]x509.ExtKe
728712

729713
_, err = crt.Verify(opt)
730714
if err != nil {
731-
return false, errors.Wrap(err, "verifying cert")
715+
return false, fmt.Errorf("verifying cert: %w", err)
732716
}
733717
return true, nil
734718
}

0 commit comments

Comments
 (0)