From 30244621965b43f305c091230a8f7a607609d565 Mon Sep 17 00:00:00 2001
From: Hussein Galal <galal-hussein@users.noreply.github.com>
Date: Thu, 9 Dec 2021 02:45:45 +0200
Subject: [PATCH] Add validation to certificate rotation (#4697)

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---
 pkg/cli/cert/cert.go | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/pkg/cli/cert/cert.go b/pkg/cli/cert/cert.go
index 8fad35e3f0..140cc138df 100644
--- a/pkg/cli/cert/cert.go
+++ b/pkg/cli/cert/cert.go
@@ -34,6 +34,20 @@ const (
 	k3sServerService         = "-server"
 )
 
+var services = []string{
+	adminService,
+	apiServerService,
+	controllerManagerService,
+	schedulerService,
+	etcdService,
+	version.Program + programControllerService,
+	authProxyService,
+	cloudControllerService,
+	kubeletService,
+	kubeProxyService,
+	version.Program + k3sServerService,
+}
+
 func commandSetup(app *cli.Context, cfg *cmds.Server, sc *server.Config) (string, string, error) {
 	gspt.SetProcTitle(os.Args[0])
 
@@ -65,6 +79,10 @@ func rotate(app *cli.Context, cfg *cmds.Server) error {
 	serverConfig.ControlConfig.Runtime = &config.ControlRuntime{}
 	deps.CreateRuntimeCertFiles(&serverConfig.ControlConfig, serverConfig.ControlConfig.Runtime)
 
+	if err := validateCertConfig(); err != nil {
+		return err
+	}
+
 	tlsBackupDir, err := backupCertificates(serverDataDir, agentDataDir)
 	if err != nil {
 		return err
@@ -219,3 +237,21 @@ func backupCertificates(serverDataDir, agentDataDir string) (string, error) {
 	}
 	return tlsBackupDir, nil
 }
+
+func validService(svc string) bool {
+	for _, service := range services {
+		if svc == service {
+			return true
+		}
+	}
+	return false
+}
+
+func validateCertConfig() error {
+	for _, s := range cmds.ServicesList {
+		if !validService(s) {
+			return errors.New("Service " + s + " is not recognized")
+		}
+	}
+	return nil
+}