Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check keyset existence before attempting to distrust #14041

Merged
merged 1 commit into from
Jul 28, 2022
Merged

Check keyset existence before attempting to distrust #14041

merged 1 commit into from
Jul 28, 2022

Conversation

yurrriq
Copy link
Contributor

@yurrriq yurrriq commented Jul 27, 2022
edited
Loading

Fixes #14040

λ kops distrust keypair this-is-not-a-keypair 12345678910
Using cluster from kubectl context: my-cluster.local

Error: keyset not found

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jul 27, 2022
@k8s-ci-robot
Copy link
Contributor

Hi @yurrriq. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 27, 2022
@yurrriq yurrriq marked this pull request as draft July 27, 2022 23:52
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 27, 2022
@yurrriq
Copy link
Contributor Author

yurrriq commented Jul 27, 2022
edited
Loading

Checking for keypair existence before primariness didn't actually work, but now I've tracked down what seems like the culprit

kops/upup/pkg/fi/clientset_castore.go

Lines 113 to 115 in 8560e47

if errors.IsNotFound(err) {
return nil, nil
}

@yurrriq yurrriq force-pushed the distrust-nonexistent-keypair branch from c0971d5 to ea59314 Compare July 28, 2022 00:21
@yurrriq yurrriq force-pushed the distrust-nonexistent-keypair branch from ea59314 to b1c5460 Compare July 28, 2022 00:23
@yurrriq yurrriq changed the title Check for keypair existence before primariness Check keyset existence before attempting to distrust Jul 28, 2022
@yurrriq yurrriq marked this pull request as ready for review July 28, 2022 00:23
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 28, 2022
@k8s-ci-robot k8s-ci-robot requested a review from hakman July 28, 2022 00:23
yurrriq
yurrriq commented Jul 28, 2022
View reviewed changes
cmd/kops/distrust_keypair.go
@@ -148,6 +148,8 @@ func distrustKeypair(out io.Writer, name string, keypairIDs []string, keyStore f
keyset, err := keyStore.FindKeyset(name)
if err != nil {
return err
} else if keyset == nil {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See also:

kops/cmd/kops/promote_keypair.go

Lines 160 to 162 in 8560e47

} else if keyset == nil {
return fmt.Errorf("keyset not found")
}

@hakman
Copy link
Member

hakman commented Jul 28, 2022

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jul 28, 2022
hakman
hakman approved these changes Jul 28, 2022
View reviewed changes
Copy link
Member

@hakman hakman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 28, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hakman

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 28, 2022
This was referenced Jul 28, 2022
Merged
Merged
Merged
@k8s-ci-robot k8s-ci-robot merged commit 3c08551 into kubernetes:master Jul 28, 2022
@k8s-ci-robot k8s-ci-robot added this to the v1.25 milestone Jul 28, 2022
k8s-ci-robot added a commit that referenced this pull request Jul 28, 2022
@k8s-ci-robot
Merge pull request #14042 from hakman/automated-cherry-pick-of-#14041…
0406702 
…-upstream-release-1.24

Automated cherry pick of #14041: Check keyset existence before attempting to distrust
k8s-ci-robot added a commit that referenced this pull request Jul 28, 2022
@k8s-ci-robot
Merge pull request #14044 from hakman/automated-cherry-pick-of-#14041…
d969e50 
…-upstream-release-1.22

Automated cherry pick of #14041: Check keyset existence before attempting to distrust
k8s-ci-robot added a commit that referenced this pull request Jul 28, 2022
@k8s-ci-robot
Merge pull request #14043 from hakman/automated-cherry-pick-of-#14041…
7a185f9 
…-upstream-release-1.23

Automated cherry pick of #14041: Check keyset existence before attempting to distrust
@yurrriq yurrriq deleted the distrust-nonexistent-keypair branch September 21, 2022 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hakman hakman hakman approved these changes

@KashifSaadat KashifSaadat Awaiting requested review from KashifSaadat

@rdrgmnzs rdrgmnzs Awaiting requested review from rdrgmnzs

Assignees

@hakman hakman

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
v1.25
Development

Successfully merging this pull request may close these issues.

nil pointer panic when trying to distrust a nonexistent keypair
3 participants
@yurrriq @k8s-ci-robot @hakman