Skip to content

Replace installer TLS utility functions with Go stdlib#394

Open
sanchezl wants to merge 1 commit into
openshift:release-4.21from
sanchezl:replace-installer-tls-utils
Open

Replace installer TLS utility functions with Go stdlib#394
sanchezl wants to merge 1 commit into
openshift:release-4.21from
sanchezl:replace-installer-tls-utils

Conversation

@sanchezl
Copy link
Copy Markdown

@sanchezl sanchezl commented Apr 6, 2026

Summary

  • Replace usage of installer/pkg/asset/tls utility functions (PemToPrivateKey, PemToCertificate, PrivateKeyToPem, CertToPem, PublicKeyToPem) with Go standard library equivalents, reducing coupling to the installer's internal crypto utilities
  • New local helpers support both RSA and ECDSA key material, aligning with the upstream direction toward algorithm-agnostic PKI and configurable key types
  • Installer asset types (RootCA, BoundSASigningKey, CertCfg, GenerateSignedCertificate) are retained as they are fundamental to the wrapper's graph-based architecture

Test plan

  • make aro builds successfully
  • go test ./pkg/installer/ all tests pass
  • make lint-go passes clean
  • make validate-go passes

@sanchezl
Replace installer TLS utility functions with Go stdlib
dde366d 
Replace usage of github.com/openshift/installer/pkg/asset/tls utility
functions (PemToPrivateKey, PemToCertificate, PrivateKeyToPem, CertToPem,
PublicKeyToPem) with Go standard library equivalents. This reduces
coupling to the installer's internal crypto utilities, which are being
deprecated upstream in favor of library-go/pkg/crypto.

The new local helpers support both RSA and ECDSA key types, aligning
with the upstream direction. Installer asset types (RootCA,
BoundSASigningKey, CertCfg, GenerateSignedCertificate) are retained
as they are fundamental to the wrapper's graph-based architecture.
@openshift-ci openshift-ci Bot requested review from kimorris27 and mociarain April 6, 2026 20:28
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Apr 6, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sanchezl
Once this PR has been reviewed and has the lgtm label, please assign kimorris27 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Apr 10, 2026

@sanchezl: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/unit dde366d link true /test unit

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kimorris27 kimorris27 Awaiting requested review from kimorris27

@mociarain mociarain Awaiting requested review from mociarain

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sanchezl