@@ -80,89 +80,89 @@ func generateMTLSBundleFiles(bundle mtlsBundle, projectRoot string) error {
8080 }
8181
8282 // =================== Client certificate ===================
83- clientTemplate , err := renderX509Template (bundle .Client .TemplateData )
84- if err != nil {
85- return fmt .Errorf ("generating client template for bundle: %w" , err )
86- }
83+ if bundle .Client .FileName != "" {
84+ clientTemplate , err := renderX509Template (bundle .Client .TemplateData )
85+ if err != nil {
86+ return fmt .Errorf ("generating client template for bundle: %w" , err )
87+ }
8788
88- // because this is a client certificate, we need to swap out the issuer
89- clientTemplate .Issuer = caCert .Subject
90- clientTemplate .KeyUsage |= x509 .KeyUsageKeyEncipherment | x509 .KeyUsageDigitalSignature
91- clientTemplate .ExtKeyUsage = []x509.ExtKeyUsage {x509 .ExtKeyUsageClientAuth }
89+ // because this is a client certificate, we need to swap out the issuer
90+ clientTemplate .Issuer = caCert .Subject
91+ clientTemplate .KeyUsage |= x509 .KeyUsageKeyEncipherment | x509 .KeyUsageDigitalSignature
92+ clientTemplate .ExtKeyUsage = []x509.ExtKeyUsage {x509 .ExtKeyUsageClientAuth }
9293
93- client , err := generateTLSKeyPair (clientTemplate , * caCert , caPrivateKey ) // signed by the CA from above
94- if err != nil {
95- return fmt .Errorf ("generating signed client cert for bundle: %w" , err )
96- }
94+ client , err := generateTLSKeyPair (clientTemplate , * caCert , caPrivateKey ) // signed by the CA from above
95+ if err != nil {
96+ return fmt .Errorf ("generating signed client cert for bundle: %w" , err )
97+ }
9798
98- _ , err = tls .X509KeyPair (client .cert , client .key )
99- if err != nil {
100- return fmt .Errorf ("generated client certificate validation failed: %w" , err )
101- }
99+ _ , err = tls .X509KeyPair (client .cert , client .key )
100+ if err != nil {
101+ return fmt .Errorf ("generated client certificate validation failed: %w" , err )
102+ }
102103
103- clientChild , _ := pem .Decode (client .cert )
104- clientCert , err := x509 .ParseCertificate (clientChild .Bytes )
105- if err != nil {
106- return fmt .Errorf ("parsing client cert for bundle: %w" , err )
107- }
108- err = clientCert .CheckSignatureFrom (caCert )
109- if err != nil {
110- return fmt .Errorf ("checking client is signed by CA: %w" , err )
111- }
112- fmt .Printf ("\n client is signed by CA\n " )
104+ clientChild , _ := pem .Decode (client .cert )
105+ clientCert , err := x509 .ParseCertificate (clientChild .Bytes )
106+ if err != nil {
107+ return fmt .Errorf ("parsing client cert for bundle: %w" , err )
108+ }
109+ err = clientCert .CheckSignatureFrom (caCert )
110+ if err != nil {
111+ return fmt .Errorf ("checking client is signed by CA: %w" , err )
112+ }
113113
114- // Write the signed client certificate to disk
115- clientContents , err := createKubeTLSSecretYaml (bundle .Client , true , client )
116- if err != nil {
117- return fmt .Errorf ("marshaling bundle client %s to yaml: %w" , bundle .Client .FileName , err )
118- }
114+ // Write the signed client certificate to disk
115+ clientContents , err := createKubeTLSSecretYaml (bundle .Client , true , client )
116+ if err != nil {
117+ return fmt .Errorf ("marshaling bundle client %s to yaml: %w" , bundle .Client .FileName , err )
118+ }
119119
120- err = writeFiles (clientContents , projectRoot , bundle .Client .FileName , bundle .Client .Symlinks )
121- if err != nil {
122- return fmt .Errorf ("writing bundle CA %s to project root: %w" , bundle .Ca .FileName , err )
120+ err = writeFiles (clientContents , projectRoot , bundle .Client .FileName , bundle .Client .Symlinks )
121+ if err != nil {
122+ return fmt .Errorf ("writing bundle client %s to project root: %w" , bundle .Client .FileName , err )
123+ }
123124 }
124-
125125 // =================== Server certificate ===================
126- serverTemplate , err := renderX509Template (bundle .Server .TemplateData )
127- if err != nil {
128- return fmt .Errorf ("generating server template for bundle: %w" , err )
129- }
126+ if bundle .Server .FileName != "" {
127+ serverTemplate , err := renderX509Template (bundle .Server .TemplateData )
128+ if err != nil {
129+ return fmt .Errorf ("generating server template for bundle: %w" , err )
130+ }
130131
131- // because this is a server certificate, we need to swap out the issuer
132- serverTemplate .Issuer = caCert .Subject
132+ // because this is a server certificate, we need to swap out the issuer
133+ serverTemplate .Issuer = caCert .Subject
133134
134- server , err := generateTLSKeyPair (serverTemplate , * caCert , caPrivateKey ) // signed by the CA from above
135- if err != nil {
136- return fmt .Errorf ("generating signed server cert for bundle: %w" , err )
137- }
135+ server , err := generateTLSKeyPair (serverTemplate , * caCert , caPrivateKey ) // signed by the CA from above
136+ if err != nil {
137+ return fmt .Errorf ("generating signed server cert for bundle: %w" , err )
138+ }
138139
139- _ , err = tls .X509KeyPair (server .cert , server .key )
140- if err != nil {
141- return fmt .Errorf ("generated server certificate validation failed: %w" , err )
142- }
140+ _ , err = tls .X509KeyPair (server .cert , server .key )
141+ if err != nil {
142+ return fmt .Errorf ("generated server certificate validation failed: %w" , err )
143+ }
143144
144- serverChild , _ := pem .Decode (server .cert )
145- serverCert , err := x509 .ParseCertificate (serverChild .Bytes )
146- if err != nil {
147- return fmt .Errorf ("parsing server cert for bundle: %w" , err )
148- }
149- err = serverCert .CheckSignatureFrom (caCert )
150- if err != nil {
151- return fmt .Errorf ("checking server is signed by CA: %w" , err )
152- }
153- fmt .Printf ("\n server is signed by CA\n " )
145+ serverChild , _ := pem .Decode (server .cert )
146+ serverCert , err := x509 .ParseCertificate (serverChild .Bytes )
147+ if err != nil {
148+ return fmt .Errorf ("parsing server cert for bundle: %w" , err )
149+ }
150+ err = serverCert .CheckSignatureFrom (caCert )
151+ if err != nil {
152+ return fmt .Errorf ("checking server is signed by CA: %w" , err )
153+ }
154154
155- // Write the signed server certificate to disk
156- serverContents , err := createOpaqueSecretYaml (bundle .Server , true , server , ca .cert )
157- if err != nil {
158- return fmt .Errorf ("marshaling bundle server %s to yaml: %w" , bundle .Server .FileName , err )
159- }
155+ // Write the signed server certificate to disk
156+ serverContents , err := createOpaqueSecretYaml (bundle .Server , true , server , ca .cert )
157+ if err != nil {
158+ return fmt .Errorf ("marshaling bundle server %s to yaml: %w" , bundle .Server .FileName , err )
159+ }
160160
161- err = writeFiles (serverContents , projectRoot , bundle .Server .FileName , bundle .Server .Symlinks )
162- if err != nil {
163- return fmt .Errorf ("writing bundle server %s to project root: %w" , bundle .Server .FileName , err )
161+ err = writeFiles (serverContents , projectRoot , bundle .Server .FileName , bundle .Server .Symlinks )
162+ if err != nil {
163+ return fmt .Errorf ("writing bundle server %s to project root: %w" , bundle .Server .FileName , err )
164+ }
164165 }
165-
166166 if bundle .Crl {
167167 // =================== CA Revocation List ===================
168168 crlTemplate := x509.RevocationList {
0 commit comments