Reorder groups in Admin cert

simo5 · simo5 · commit 2d5d27ef0e4e · 2018-03-05T11:25:45.000-05:00
This is to workaround Bug #18715, which is caused by Golang Crypto's x509 certificate generation ordering Subjects RDN incorrectly *and* GNUTLS' bug that "fixes" client certs on read with the correct encoding. To avoid issues until both are fixed we set the correct ordering ourself Signed-off-by: Simo Sorce <simo@redhat.com>
diff --git a/pkg/cmd/server/admin/default_certs.go b/pkg/cmd/server/admin/default_certs.go
@@ -145,7 +145,7 @@ func DefaultClusterAdminClientCertInfo(certDir string) ClientCertInfo {
 		},
 		UnqualifiedUser: "admin",
 		User:            "system:admin",
-		Groups:          sets.NewString(bootstrappolicy.ClusterAdminGroup, bootstrappolicy.MastersGroup),
+		Groups:          sets.NewString(bootstrappolicy.MastersGroup, bootstrappolicy.ClusterAdminGroup),
 	}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -145,7 +145,7 @@ func DefaultClusterAdminClientCertInfo(certDir string) ClientCertInfo {`
`145`	`145`	`},`
`146`	`146`	`UnqualifiedUser: "admin",`
`147`	`147`	`User: "system:admin",`
`148`		`- Groups: sets.NewString(bootstrappolicy.ClusterAdminGroup, bootstrappolicy.MastersGroup),`
	`148`	`+ Groups: sets.NewString(bootstrappolicy.MastersGroup, bootstrappolicy.ClusterAdminGroup),`
`149`	`149`	`}`
`150`	`150`	`}`
`151`	`151`