Merge pull request #3076 from chrischdi/pr-remove-sha1

🌱 use sha256 thumbprint in tests
kubernetes-sigs · Jun 27, 2024 · 2572b21 · 2572b21
2 parents 53b5782 + fc841e8
commit 2572b21
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/docs/getting_started.md b/docs/getting_started.md
@@ -115,7 +115,7 @@ VSPHERE_FOLDER: "vm"                                          # The VM folder fo
 VSPHERE_TEMPLATE: "ubuntu-1804-kube-v1.17.3"                  # The VM template to use for your management cluster.
 CONTROL_PLANE_ENDPOINT_IP: "192.168.9.230"                    # the IP that kube-vip is going to use as a control plane endpoint
 VIP_NETWORK_INTERFACE: "ens192"                               # The interface that kube-vip should apply the IP to. Omit to tell kube-vip to autodetect the interface.
-VSPHERE_TLS_THUMBPRINT: "..."                                 # sha1 thumbprint of the vcenter certificate: openssl x509 -sha1 -fingerprint -in ca.crt -noout
+VSPHERE_TLS_THUMBPRINT: "..."                                 # sha256 thumbprint of the vcenter certificate: openssl x509 -sha256 -fingerprint -in ca.crt -noout
 EXP_CLUSTER_RESOURCE_SET: "true"                              # This enables the ClusterResourceSet feature that we are using to deploy CSI
 VSPHERE_SSH_AUTHORIZED_KEY: "ssh-rsa AAAAB3N..."              # The public ssh authorized key on all machines in this cluster.
                                                               #  Set to "" if you don't want to enable SSH, or are using another solution.

diff --git a/test/infrastructure/vcsim/controllers/vcsim_controller.go b/test/infrastructure/vcsim/controllers/vcsim_controller.go
@@ -18,7 +18,7 @@ package controllers
 
 import (
 	"context"
-	"crypto/sha1" //nolint: gosec
+	"crypto/sha256"
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
@@ -206,7 +206,7 @@ func (r *VCenterSimulatorReconciler) reconcileNormal(ctx context.Context, vCente
 		defer conn.Close()
 
 		cert := conn.ConnectionState().PeerCertificates[0]
-		vCenterSimulator.Status.Thumbprint = ThumbprintSHA1(cert)
+		vCenterSimulator.Status.Thumbprint = ThumbprintSHA256(cert)
 	}
 
 	if r.SupervisorMode {
@@ -293,9 +293,9 @@ func (r *VCenterSimulatorReconciler) SetupWithManager(ctx context.Context, mgr c
 	return nil
 }
 
-// ThumbprintSHA1 returns the thumbprint of the given cert in the same format used by the SDK and Client.SetThumbprint.
-func ThumbprintSHA1(cert *x509.Certificate) string {
-	sum := sha1.Sum(cert.Raw) //nolint: gosec
+// ThumbprintSHA256 returns the thumbprint of the given cert in the same format used by the SDK and Client.SetThumbprint.
+func ThumbprintSHA256(cert *x509.Certificate) string {
+	sum := sha256.Sum256(cert.Raw)
 	hex := make([]string, len(sum))
 	for i, b := range sum {
 		hex[i] = fmt.Sprintf("%02X", b)