From f8dd70ac9d40a6456c71d69d917fd50140e219f7 Mon Sep 17 00:00:00 2001
From: makhov <makhov.alex@gmail.com>
Date: Tue, 26 Mar 2024 17:24:45 +0200
Subject: [PATCH 1/2] Checking cert's keypair for nil before accessing to avoid
 panics

---
 util/secret/certificates.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/util/secret/certificates.go b/util/secret/certificates.go
index 7e9d211dcf51..b1d553c52b82 100644
--- a/util/secret/certificates.go
+++ b/util/secret/certificates.go
@@ -371,6 +371,10 @@ func (c *Certificate) AsSecret(clusterName client.ObjectKey, owner metav1.OwnerR
 // AsFiles converts the certificate to a slice of Files that may have 0, 1 or 2 Files.
 func (c *Certificate) AsFiles() []bootstrapv1.File {
 	out := make([]bootstrapv1.File, 0)
+	if c.KeyPair == nil {
+		return out
+	}
+
 	if len(c.KeyPair.Cert) > 0 {
 		out = append(out, bootstrapv1.File{
 			Path:        c.CertFile,

From 3a251e54704b7a663829005be134e1c7cffc3147 Mon Sep 17 00:00:00 2001
From: makhov <makhov.alex@gmail.com>
Date: Wed, 3 Apr 2024 10:11:04 +0300
Subject: [PATCH 2/2] Checking cert's keypair for nil before accessing to avoid
 panics. Test case added

---
 util/secret/certificates_test.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/util/secret/certificates_test.go b/util/secret/certificates_test.go
index e6c48c252ba2..ac9072003924 100644
--- a/util/secret/certificates_test.go
+++ b/util/secret/certificates_test.go
@@ -45,3 +45,11 @@ func TestNewControlPlaneJoinCertsExternal(t *testing.T) {
 	certs := secret.NewControlPlaneJoinCerts(config)
 	g.Expect(certs.GetByPurpose(secret.EtcdCA).KeyFile).To(BeEmpty())
 }
+
+func TestNewControlPlaneJoinCertsAsFilesNotPanicsWhenEmpty(t *testing.T) {
+	g := NewWithT(t)
+
+	config := &bootstrapv1.ClusterConfiguration{}
+	certs := secret.NewControlPlaneJoinCerts(config)
+	g.Expect(certs.AsFiles()).To(BeEmpty())
+}