kops icon indicating copy to clipboard operation
kops copied to clipboard
verified publisher icon kubernetes

get-keypairs: Tolerate key set items without certificates

Open seh opened this issue 3 years ago • 1 comments

Allow the kops get keypairs command to consume key sets with old key pair items that lack an associated X.509 certificate. When the command is invoked without the --distrusted flag set to true, omit these old items as if they're distrusted. Conversely, when the command is invoked with the --distrusted flag set to true, include these items, but omit their details that would be contingent on the nonexistent certificate.

In order to supply only information that is known to be true, treat the following fields in the output as newly optional:

  • issuer
  • notAfter
  • notBefore
  • subject

With no certificate present, it's not possible to present concrete values for those fields.

Fixes #14174.

seh avatar Oct 03 '22 01:10 seh

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: johngmyers

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

k8s-ci-robot avatar Oct 17 '22 20:10 k8s-ci-robot

Can we also back-port this to the version 1.25 release line? That's the version of kOps we're using for the time being.

seh avatar Oct 17 '22 21:10 seh