Simplify node lock and various small changes

Co-authored-by: Fabian Kammel <fabian@kammel.dev>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

joinservice/internal/kubeadm/kubeadm.go

@@ -67,8 +67,8 @@ func (k *Kubeadm) GetJoinToken(ttl time.Duration) (*kubeadm.BootstrapTokenDiscov
 		Token:       tokenStr,
 		Description: "Bootstrap token generated by Constellation's Join service",
 		TTL:         &metav1.Duration{Duration: ttl},
-		Usages:      []string{"signing", "authentication"},
-		Groups:      []string{"system:bootstrappers:kubeadm:default-node-token"},
+		Usages:      kubeconstants.DefaultTokenUsages,
+		Groups:      kubeconstants.DefaultTokenGroups,
 	}
 
 	// create the token in Kubernetes
@@ -113,33 +113,23 @@ func (k *Kubeadm) GetControlPlaneCertificatesAndKeys() (map[string][]byte, error
 	k.log.Infof("Loading control plane certificates and keys")
 	controlPlaneFiles := make(map[string][]byte)
 
-	keyFilenames := []string{
+	filenames := []string{
 		kubeconstants.CAKeyName,
 		kubeconstants.ServiceAccountPrivateKeyName,
 		kubeconstants.FrontProxyCAKeyName,
 		kubeconstants.EtcdCAKeyName,
-	}
-	certFilenames := []string{
 		kubeconstants.CACertName,
 		kubeconstants.ServiceAccountPublicKeyName,
 		kubeconstants.FrontProxyCACertName,
 		kubeconstants.EtcdCACertName,
 	}
 
-	for _, keyFilename := range keyFilenames {
-		key, err := k.file.Read(filepath.Join(kubeconstants.KubernetesDir, kubeconstants.DefaultCertificateDir, keyFilename))
+	for _, filename := range filenames {
+		key, err := k.file.Read(filepath.Join(kubeconstants.KubernetesDir, kubeconstants.DefaultCertificateDir, filename))
 		if err != nil {
 			return nil, err
 		}
-		controlPlaneFiles[keyFilename] = key
-	}
-
-	for _, certFilename := range certFilenames {
-		cert, err := k.file.Read(filepath.Join(kubeconstants.KubernetesDir, kubeconstants.DefaultCertificateDir, certFilename))
-		if err != nil {
-			return nil, err
-		}
-		controlPlaneFiles[certFilename] = cert
+		controlPlaneFiles[filename] = key
 	}
 
 	return controlPlaneFiles, nil

joinservice/internal/server/server.go

@@ -70,14 +70,6 @@ func (s *Server) Run(creds credentials.TransportCredentials, port string) error
 // - a decryption key for CA certificates uploaded to the Kubernetes cluster.
 func (s *Server) IssueJoinTicket(ctx context.Context, req *joinproto.IssueJoinTicketRequest) (resp *joinproto.IssueJoinTicketResponse, retErr error) {
 	s.log.Infof("IssueJoinTicket called")
-
-	defer func() {
-		if retErr != nil {
-			s.log.Errorf("IssueJoinTicket failed: %s", retErr)
-			retErr = fmt.Errorf("IssueJoinTicket failed: %w", retErr)
-		}
-	}()
-
 	log := s.log.With(zap.String("peerAddress", grpclog.PeerAddrFromContext(ctx)))
 	log.Infof("Loading IDs")
 	var id attestationtypes.ID
@@ -108,10 +100,11 @@ func (s *Server) IssueJoinTicket(ctx context.Context, req *joinproto.IssueJoinTi
 
 	var controlPlaneFiles []*joinproto.ControlPlaneCertOrKey
 	if req.IsControlPlane {
-		log.Infof("Creating control plane certificate key")
+		log.Infof("Loading control plane certificates and keys")
 		filesMap, err := s.joinTokenGetter.GetControlPlaneCertificatesAndKeys()
 		if err != nil {
-			return nil, fmt.Errorf("ActivateControlPlane failed: %w", err)
+			log.With(zap.Error(err)).Errorf("Failed to load control plane certificates and keys")
+			return nil, status.Errorf(codes.Internal, "ActivateControlPlane failed: %s", err)
 		}
 
 		for k, v := range filesMap {