Commits on Oct 17, 2022

1. get-keypairs: Tolerate items without certificates …

   Allow the "kops get keypairs" command to consume key sets with old key
   pair items that lack an associated X.509 certificate. When the command
   is invoked without the "--distrusted" flag set to true, omit these old
   items as if they're distrusted. Conversely, when the command is
   invoked with the "--distrusted" flag set to true, include these items,
   but omit their details that would be contingent on the nonexistent
   certificate.
   
   In order to supply only information that is known to be true, treat
   the following fields in the output as newly optional:
   
   - issuer
   - notAfter
   - notBefore
   - subject
   
   With no certificate present, it's not possible to present concrete
   values for those fields.

   

   seh authored and hakman committed Oct 17, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 3bc5253
   • Browse repository at this point

   Copy the full SHA

   3bc5253 View commit details

   Browse the repository at this point in the history

2. promote-keypair: Block items without certificates …

   Forbid the "kops promote keypair" command from promoting a key pair
   item that lacks an associated X.509 certificate.
   
   Along with that prohibition, refuse to store a key set in a VFS whose
   primary key pair lacks a certificate. This allows us to continue
   storing such key pairs, but we will never allow them to serve as the
   primary key pair within the containing key set.

   

   seh authored and hakman committed Oct 17, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 16912cb
   • Browse repository at this point

   Copy the full SHA

   16912cb View commit details

   Browse the repository at this point in the history