fix

Signed-off-by: tiansuo <[email protected]>

Author: tiansuo114

pkg/karmadactl/cmdinit/cert/cert.go

@@ -72,9 +72,9 @@ func GeneratePrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
 
 // CertsConfig is a wrapper around certutil.Config extending it with PublicKeyAlgorithm.
 type CertsConfig struct {
-    certutil.Config
-    NotAfter           *time.Time
-    PublicKeyAlgorithm x509.PublicKeyAlgorithm
+	certutil.Config
+	NotAfter           *time.Time
+	PublicKeyAlgorithm x509.PublicKeyAlgorithm
 }
 
 // EncodeCertPEM returns PEM-encoded certificate data
@@ -257,15 +257,15 @@ func WriteCertAndKey(pkiPath, pkiName string, ca *x509.Certificate, key *crypto.
 
 // NewCertConfig create new CertConfig
 func NewCertConfig(cn string, org []string, altNames certutil.AltNames, notAfter *time.Time) *CertsConfig {
-    return &CertsConfig{
-        Config: certutil.Config{
-            CommonName:   cn,
-            Organization: org,
-            Usages:       []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
-            AltNames:     altNames,
-        },
-        NotAfter: notAfter,
-    }
+	return &CertsConfig{
+		Config: certutil.Config{
+			CommonName:   cn,
+			Organization: org,
+			Usages:       []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
+			AltNames:     altNames,
+		},
+		NotAfter: notAfter,
+	}
 }
 
 // NewGenCerts generates a full set of certificates driven by certConfigMap and
@@ -278,73 +278,73 @@ func NewCertConfig(cn string, org []string, altNames certutil.AltNames, notAfter
 // - front-proxy-client -> front-proxy-ca
 // - others -> main CA
 func NewGenCerts(pkiPath, caCertFile, caKeyFile string, certConfigMap map[string]*CertsConfig) error {
-    // Main CA (karmada CA)
-    caCert, caKey, err := getCACertAndKey(caCertFile, caKeyFile)
-    if err != nil {
-        return err
-    }
-    if err = WriteCertAndKey(pkiPath, globaloptions.CaCertAndKeyName, caCert, caKey); err != nil {
-        return err
-    }
-
-    // Front-proxy CA
-    frontProxyCaCert, frontProxyCaKey, err := NewCACertAndKey(options.FrontProxyCaCertAndKeyName)
-    if err != nil {
-        return err
-    }
-    if err = WriteCertAndKey(pkiPath, options.FrontProxyCaCertAndKeyName, frontProxyCaCert, frontProxyCaKey); err != nil {
-        return err
-    }
-
-    // Etcd CA
-    etcdCaCert, etcdCaKey, err := NewCACertAndKey(options.EtcdCaCertAndKeyName)
-    if err != nil {
-        return err
-    }
-    if err = WriteCertAndKey(pkiPath, options.EtcdCaCertAndKeyName, etcdCaCert, etcdCaKey); err != nil {
-        return err
-    }
-
-    // Choose signing CA by cert name
-    for certName, certConfig := range certConfigMap {
-        if certConfig == nil {
-            continue
-        }
-
-        var signerCACert *x509.Certificate
-        var signerCAKey crypto.Signer
-
-        switch certName {
-        // etcd server/client and all etcd-client variants should be signed by etcd-ca
-        case options.EtcdServerCertAndKeyName,
-            options.EtcdClientCertAndKeyName,
-            options.KarmadaApiServerEtcdClientCertAndKeyName,
-            options.KarmadaAggregatedApiServerEtcdClientCertAndKeyName,
-            options.KarmadaSearchEtcdClientCertAndKeyName:
-            signerCACert = etcdCaCert
-            signerCAKey = *etcdCaKey
-
-        // front-proxy client should be signed by front-proxy-ca
-        case options.FrontProxyClientCertAndKeyName:
-            signerCACert = frontProxyCaCert
-            signerCAKey = *frontProxyCaKey
-
-        // default: signed by main karmada CA
-        default:
-            signerCACert = caCert
-            signerCAKey = *caKey
-        }
-
-        cert, key, err := NewCertAndKey(signerCACert, signerCAKey, certConfig)
-        if err != nil {
-            return err
-        }
-        if err = WriteCertAndKey(pkiPath, certName, cert, &key); err != nil {
-            return err
-        }
-    }
-
-    return nil
+	// Main CA (karmada CA)
+	caCert, caKey, err := getCACertAndKey(caCertFile, caKeyFile)
+	if err != nil {
+		return err
+	}
+	if err = WriteCertAndKey(pkiPath, globaloptions.CaCertAndKeyName, caCert, caKey); err != nil {
+		return err
+	}
+
+	// Front-proxy CA
+	frontProxyCaCert, frontProxyCaKey, err := NewCACertAndKey(options.FrontProxyCaCertAndKeyName)
+	if err != nil {
+		return err
+	}
+	if err = WriteCertAndKey(pkiPath, options.FrontProxyCaCertAndKeyName, frontProxyCaCert, frontProxyCaKey); err != nil {
+		return err
+	}
+
+	// Etcd CA
+	etcdCaCert, etcdCaKey, err := NewCACertAndKey(options.EtcdCaCertAndKeyName)
+	if err != nil {
+		return err
+	}
+	if err = WriteCertAndKey(pkiPath, options.EtcdCaCertAndKeyName, etcdCaCert, etcdCaKey); err != nil {
+		return err
+	}
+
+	// Choose signing CA by cert name
+	for certName, certConfig := range certConfigMap {
+		if certConfig == nil {
+			continue
+		}
+
+		var signerCACert *x509.Certificate
+		var signerCAKey crypto.Signer
+
+		switch certName {
+		// etcd server/client and all etcd-client variants should be signed by etcd-ca
+		case options.EtcdServerCertAndKeyName,
+			options.EtcdClientCertAndKeyName,
+			options.KarmadaAPIServerEtcdClientCertAndKeyName,
+			options.KarmadaAggregatedAPIServerEtcdClientCertAndKeyName,
+			options.KarmadaSearchEtcdClientCertAndKeyName:
+			signerCACert = etcdCaCert
+			signerCAKey = *etcdCaKey
+
+		// front-proxy client should be signed by front-proxy-ca
+		case options.FrontProxyClientCertAndKeyName:
+			signerCACert = frontProxyCaCert
+			signerCAKey = *frontProxyCaKey
+
+		// default: signed by main karmada CA
+		default:
+			signerCACert = caCert
+			signerCAKey = *caKey
+		}
+
+		cert, key, err := NewCertAndKey(signerCACert, signerCAKey, certConfig)
+		if err != nil {
+			return err
+		}
+		if err = WriteCertAndKey(pkiPath, certName, cert, &key); err != nil {
+			return err
+		}
+	}
+
+	return nil
 }
 
 // GenCerts Create CA certificate and sign etcd karmada certificate.

pkg/karmadactl/cmdinit/cert/cert_test.go

@@ -17,24 +17,24 @@ limitations under the License.
 package cert
 
 import (
-    "crypto/sha256"
-    "crypto/x509"
-    "encoding/pem"
-    "fmt"
-    "io"
-    "net"
-    "os"
-    "path/filepath"
-    "testing"
-    "time"
-
-    certutil "k8s.io/client-go/util/cert"
-    "k8s.io/klog/v2"
-
-    initopt "github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/options"
-    globalopt "github.com/karmada-io/karmada/pkg/karmadactl/options"
-    "github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/utils"
-    "github.com/karmada-io/karmada/pkg/util/names"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"io"
+	"net"
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+
+	certutil "k8s.io/client-go/util/cert"
+	"k8s.io/klog/v2"
+
+	"github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/utils"
+	initopt "github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/options"
+	globalopt "github.com/karmada-io/karmada/pkg/karmadactl/options"
+	"github.com/karmada-io/karmada/pkg/util/names"
 )
 
 const (
@@ -189,67 +189,67 @@ func compareFiles(file1, file2 string) (bool, error) {
 
 // compareCertFilesInDirs compares specific files in two directories to check if they are the same
 func compareCertFilesInDirs(dir1, dir2, filename string) (bool, error) {
-    file1 := filepath.Join(dir1, filename)
-    file2 := filepath.Join(dir2, filename)
-    return compareFiles(file1, file2)
+	file1 := filepath.Join(dir1, filename)
+	file2 := filepath.Join(dir2, filename)
+	return compareFiles(file1, file2)
 }
 
 // helper: read certificate from dir/name.{crt}
 func readCertFromPath(t *testing.T, dir, name string) *x509.Certificate {
-    t.Helper()
-    b, err := os.ReadFile(filepath.Join(dir, fmt.Sprintf("%s.crt", name)))
-    if err != nil {
-        t.Fatalf("failed reading cert %s: %v", name, err)
-    }
-    blk, _ := pem.Decode(b)
-    if blk == nil {
-        t.Fatalf("failed decoding PEM for %s", name)
-    }
-    crt, err := x509.ParseCertificate(blk.Bytes)
-    if err != nil {
-        t.Fatalf("failed parsing x509 for %s: %v", name, err)
-    }
-    return crt
+	t.Helper()
+	b, err := os.ReadFile(filepath.Join(dir, fmt.Sprintf("%s.crt", name)))
+	if err != nil {
+		t.Fatalf("failed reading cert %s: %v", name, err)
+	}
+	blk, _ := pem.Decode(b)
+	if blk == nil {
+		t.Fatalf("failed decoding PEM for %s", name)
+	}
+	crt, err := x509.ParseCertificate(blk.Bytes)
+	if err != nil {
+		t.Fatalf("failed parsing x509 for %s: %v", name, err)
+	}
+	return crt
 }
 
 // TestNewGenCerts_CASelection verifies certificates are signed by the expected CA
 // according to their names: etcd-* by etcd-ca, front-proxy-client by front-proxy-ca,
 // others by main CA.
 func TestNewGenCerts_CASelection(t *testing.T) {
-    dir := t.TempDir()
-    notAfter := time.Now().Add(Duration365d).UTC()
-
-    cfg := map[string]*CertsConfig{
-        // main CA signer
-        initopt.KarmadaApiServerCertAndKeyName: NewCertConfig(initopt.KarmadaApiServerCN, nil, certutil.AltNames{DNSNames: []string{"localhost"}, IPs: []net.IP{utils.StringToNetIP("127.0.0.1")}}, &notAfter),
-        // front-proxy CA signer
-        initopt.FrontProxyClientCertAndKeyName: NewCertConfig(initopt.KarmadaFrontProxyClientCN, nil, certutil.AltNames{}, &notAfter),
-        // etcd CA signer
-        initopt.KarmadaApiServerEtcdClientCertAndKeyName: NewCertConfig(initopt.KarmadaApiServerEtcdClientCN, nil, certutil.AltNames{}, &notAfter),
-    }
-
-    if err := NewGenCerts(dir, "", "", cfg); err != nil {
-        t.Fatalf("NewGenCerts error: %v", err)
-    }
-
-    // load CA certs
-    ca := readCertFromPath(t, dir, globalopt.CaCertAndKeyName)
-    etcdCA := readCertFromPath(t, dir, initopt.EtcdCaCertAndKeyName)
-    fpCA := readCertFromPath(t, dir, initopt.FrontProxyCaCertAndKeyName)
-
-    cases := []struct{
-        name     string
-        expected string
-    }{
-        {initopt.KarmadaApiServerCertAndKeyName, ca.Subject.CommonName},
-        {initopt.FrontProxyClientCertAndKeyName, fpCA.Subject.CommonName},
-        {initopt.KarmadaApiServerEtcdClientCertAndKeyName, etcdCA.Subject.CommonName},
-    }
-
-    for _, tc := range cases {
-        crt := readCertFromPath(t, dir, tc.name)
-        if got := crt.Issuer.CommonName; got != tc.expected {
-            t.Fatalf("%s issuer CN = %q, want %q", tc.name, got, tc.expected)
-        }
-    }
+	dir := t.TempDir()
+	notAfter := time.Now().Add(Duration365d).UTC()
+
+	cfg := map[string]*CertsConfig{
+		// main CA signer
+		initopt.KarmadaAPIServerCertAndKeyName: NewCertConfig(initopt.KarmadaAPIServerCN, nil, certutil.AltNames{DNSNames: []string{"localhost"}, IPs: []net.IP{utils.StringToNetIP("127.0.0.1")}}, &notAfter),
+		// front-proxy CA signer
+		initopt.FrontProxyClientCertAndKeyName: NewCertConfig(initopt.KarmadaFrontProxyClientCN, nil, certutil.AltNames{}, &notAfter),
+		// etcd CA signer
+		initopt.KarmadaAPIServerEtcdClientCertAndKeyName: NewCertConfig(initopt.KarmadaAPIServerEtcdClientCN, nil, certutil.AltNames{}, &notAfter),
+	}
+
+	if err := NewGenCerts(dir, "", "", cfg); err != nil {
+		t.Fatalf("NewGenCerts error: %v", err)
+	}
+
+	// load CA certs
+	ca := readCertFromPath(t, dir, globalopt.CaCertAndKeyName)
+	etcdCA := readCertFromPath(t, dir, initopt.EtcdCaCertAndKeyName)
+	fpCA := readCertFromPath(t, dir, initopt.FrontProxyCaCertAndKeyName)
+
+	cases := []struct {
+		name     string
+		expected string
+	}{
+		{initopt.KarmadaAPIServerCertAndKeyName, ca.Subject.CommonName},
+		{initopt.FrontProxyClientCertAndKeyName, fpCA.Subject.CommonName},
+		{initopt.KarmadaAPIServerEtcdClientCertAndKeyName, etcdCA.Subject.CommonName},
+	}
+
+	for _, tc := range cases {
+		crt := readCertFromPath(t, dir, tc.name)
+		if got := crt.Issuer.CommonName; got != tc.expected {
+			t.Fatalf("%s issuer CN = %q, want %q", tc.name, got, tc.expected)
+		}
+	}
 }