server: added utility function for bundling init certs

Part of #60632 Release note: None
cockroachdb · Feb 19, 2021 · 41ee1c2 · 41ee1c2
1 parent 5c2c112
commit 41ee1c2
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/pkg/server/auto_tls_init.go b/pkg/server/auto_tls_init.go
@@ -255,7 +255,7 @@ func (b *CertificateBundle) InitializeFromConfig(c base.Config) (err error) {
 	// First check to see if host cert is already present
 	// if it is, we should fail to initialize.
 	if _, err = os.Stat(cl.NodeCertPath()); !os.IsNotExist(err) {
-		err = errors.New("InterNodeHost certificate already present")
+		err = errors.New("interNodeHost certificate already present")
 		return
 	}
 
@@ -337,3 +337,22 @@ func (b *CertificateBundle) InitializeFromConfig(c base.Config) (err error) {
 
 	return
 }
+
+// copyOnlyCAs is a helper function to only populate the CA portion of
+// a ServiceCertificateBundle
+func (sb *ServiceCertificateBundle) copyOnlyCAs(destBundle *ServiceCertificateBundle) {
+	destBundle.CACertificate = sb.CACertificate
+	destBundle.CAKey = sb.CAKey
+}
+
+// ToPeerInitBundle populates a bundle of initialization certificate CAs (only).
+// This function is expected to serve any node providing a init bundle to a
+// joining or starting peer.
+func (b *CertificateBundle) ToPeerInitBundle() (pb CertificateBundle) {
+	b.InterNode.copyOnlyCAs(&pb.InterNode)
+	b.UserAuth.copyOnlyCAs(&pb.UserAuth)
+	b.SQLService.copyOnlyCAs(&pb.SQLService)
+	b.RPCService.copyOnlyCAs(&pb.RPCService)
+	b.AdminUIService.copyOnlyCAs(&pb.AdminUIService)
+	return
+}