Merge pull request #10368 from k8s-infra-cherrypick-robot/cherry-pick…

…-10321-to-release-1.7 [release-1.7] 🐛 Checking cert's keypair for nil before accessing to avoid panics
kubernetes-sigs · Apr 3, 2024 · c7ee120 · c7ee120
2 parents 6774f33 + 6d55c7c
commit c7ee120
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/util/secret/certificates.go b/util/secret/certificates.go
@@ -371,6 +371,10 @@ func (c *Certificate) AsSecret(clusterName client.ObjectKey, owner metav1.OwnerR
 // AsFiles converts the certificate to a slice of Files that may have 0, 1 or 2 Files.
 func (c *Certificate) AsFiles() []bootstrapv1.File {
 	out := make([]bootstrapv1.File, 0)
+	if c.KeyPair == nil {
+		return out
+	}
+
 	if len(c.KeyPair.Cert) > 0 {
 		out = append(out, bootstrapv1.File{
 			Path:        c.CertFile,

diff --git a/util/secret/certificates_test.go b/util/secret/certificates_test.go
@@ -45,3 +45,11 @@ func TestNewControlPlaneJoinCertsExternal(t *testing.T) {
 	certs := secret.NewControlPlaneJoinCerts(config)
 	g.Expect(certs.GetByPurpose(secret.EtcdCA).KeyFile).To(BeEmpty())
 }
+
+func TestNewControlPlaneJoinCertsAsFilesNotPanicsWhenEmpty(t *testing.T) {
+	g := NewWithT(t)
+
+	config := &bootstrapv1.ClusterConfiguration{}
+	certs := secret.NewControlPlaneJoinCerts(config)
+	g.Expect(certs.AsFiles()).To(BeEmpty())
+}