Merge pull request #9167 from weiran-ms/dev/weiran/cloudintpath

🐛Certificate paths in cloud-init scripts should not use a platform-dependent path separator
kubernetes-sigs · Aug 17, 2023 · 1b66879 · 1b66879
2 parents 9c3da1f + 470aaf0
commit 1b66879
Showing 1 changed file with 18 additions and 18 deletions.
diff --git a/util/secret/certificates.go b/util/secret/certificates.go
@@ -25,7 +25,7 @@ import (
 	"crypto/x509/pkix"
 	"encoding/hex"
 	"math/big"
-	"path/filepath"
+	"path"
 	"strings"
 	"time"
 
@@ -73,25 +73,25 @@ func NewCertificatesForInitialControlPlane(config *bootstrapv1.ClusterConfigurat
 	certificates := Certificates{
 		&Certificate{
 			Purpose:  ClusterCA,
-			CertFile: filepath.Join(certificatesDir, "ca.crt"),
-			KeyFile:  filepath.Join(certificatesDir, "ca.key"),
+			CertFile: path.Join(certificatesDir, "ca.crt"),
+			KeyFile:  path.Join(certificatesDir, "ca.key"),
 		},
 		&Certificate{
 			Purpose:  ServiceAccount,
-			CertFile: filepath.Join(certificatesDir, "sa.pub"),
-			KeyFile:  filepath.Join(certificatesDir, "sa.key"),
+			CertFile: path.Join(certificatesDir, "sa.pub"),
+			KeyFile:  path.Join(certificatesDir, "sa.key"),
 		},
 		&Certificate{
 			Purpose:  FrontProxyCA,
-			CertFile: filepath.Join(certificatesDir, "front-proxy-ca.crt"),
-			KeyFile:  filepath.Join(certificatesDir, "front-proxy-ca.key"),
+			CertFile: path.Join(certificatesDir, "front-proxy-ca.crt"),
+			KeyFile:  path.Join(certificatesDir, "front-proxy-ca.key"),
 		},
 	}
 
 	etcdCert := &Certificate{
 		Purpose:  EtcdCA,
-		CertFile: filepath.Join(certificatesDir, "etcd", "ca.crt"),
-		KeyFile:  filepath.Join(certificatesDir, "etcd", "ca.key"),
+		CertFile: path.Join(certificatesDir, "etcd", "ca.crt"),
+		KeyFile:  path.Join(certificatesDir, "etcd", "ca.key"),
 	}
 
 	// TODO make sure all the fields are actually defined and return an error if not
@@ -124,24 +124,24 @@ func NewControlPlaneJoinCerts(config *bootstrapv1.ClusterConfiguration) Certific
 	certificates := Certificates{
 		&Certificate{
 			Purpose:  ClusterCA,
-			CertFile: filepath.Join(certificatesDir, "ca.crt"),
-			KeyFile:  filepath.Join(certificatesDir, "ca.key"),
+			CertFile: path.Join(certificatesDir, "ca.crt"),
+			KeyFile:  path.Join(certificatesDir, "ca.key"),
 		},
 		&Certificate{
 			Purpose:  ServiceAccount,
-			CertFile: filepath.Join(certificatesDir, "sa.pub"),
-			KeyFile:  filepath.Join(certificatesDir, "sa.key"),
+			CertFile: path.Join(certificatesDir, "sa.pub"),
+			KeyFile:  path.Join(certificatesDir, "sa.key"),
 		},
 		&Certificate{
 			Purpose:  FrontProxyCA,
-			CertFile: filepath.Join(certificatesDir, "front-proxy-ca.crt"),
-			KeyFile:  filepath.Join(certificatesDir, "front-proxy-ca.key"),
+			CertFile: path.Join(certificatesDir, "front-proxy-ca.crt"),
+			KeyFile:  path.Join(certificatesDir, "front-proxy-ca.key"),
 		},
 	}
 	etcdCert := &Certificate{
 		Purpose:  EtcdCA,
-		CertFile: filepath.Join(certificatesDir, "etcd", "ca.crt"),
-		KeyFile:  filepath.Join(certificatesDir, "etcd", "ca.key"),
+		CertFile: path.Join(certificatesDir, "etcd", "ca.crt"),
+		KeyFile:  path.Join(certificatesDir, "etcd", "ca.key"),
 	}
 
 	// TODO make sure all the fields are actually defined and return an error if not
@@ -167,7 +167,7 @@ func NewControlPlaneJoinCerts(config *bootstrapv1.ClusterConfiguration) Certific
 // NewCertificatesForWorker return an initialized but empty set of CA certificates needed to bootstrap a cluster.
 func NewCertificatesForWorker(caCertPath string) Certificates {
 	if caCertPath == "" {
-		caCertPath = filepath.Join(DefaultCertificatesDir, "ca.crt")
+		caCertPath = path.Join(DefaultCertificatesDir, "ca.crt")
 	}
 
 	return Certificates{