trust password and code cleanup (#226)

Author: AmitSahastra

lxd-initializer/lxd-initializer.go

@@ -2,8 +2,6 @@ package main
 
 import (
 	"context"
-	"crypto/sha256"
-	"encoding/hex"
 	"flag"
 	"fmt"
 	"log"
@@ -26,48 +24,6 @@ var lxdSocketPaths = []string{
 	"/var/snap/lxd/common/lxd/unix.socket", // Snap path
 }
 
-// normalizeToken makes a safe-ish token from a string
-func normalizeToken(s string) string {
-	s = strings.ToLower(strings.TrimSpace(s))
-	if s == "" {
-		return s
-	}
-	var b strings.Builder
-	prevDash := false
-	for _, r := range s {
-		if (r >= 'a' && r <= 'z') || (r >= '0' && r <= '9') {
-			b.WriteRune(r)
-			prevDash = false
-			continue
-		}
-		if !prevDash {
-			b.WriteByte('-')
-			prevDash = true
-		}
-	}
-	return strings.Trim(b.String(), "-")
-}
-
-func envBool(key string, def bool) bool {
-	v := strings.ToLower(strings.TrimSpace(os.Getenv(key)))
-	if v == "true" || v == "1" || v == "yes" {
-		return true
-	}
-	if v == "false" || v == "0" || v == "no" {
-		return false
-	}
-	return def
-}
-
-func deriveTrustPassword(seed string) string {
-	sum := sha256.Sum256([]byte("lxd-trust:" + seed))
-	val := hex.EncodeToString(sum[:])
-	if len(val) > 32 {
-		return val[:32]
-	}
-	return val
-}
-
 // getKubernetesClient returns a Kubernetes client using in-cluster config
 func getKubernetesClient() (*kubernetes.Clientset, error) {
 	config, err := rest.InClusterConfig()

pkg/util/trust/password.go

@@ -0,0 +1,17 @@
+package trust
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+)
+
+// DeriveTrustPassword generates a deterministic trust password from a given seed.
+// The output is a hex string truncated to 32 characters for readability.
+func DeriveTrustPassword(seed string) string {
+	sum := sha256.Sum256([]byte("lxd-trust:" + seed))
+	s := hex.EncodeToString(sum[:])
+	if len(s) > 32 {
+		return s[:32]
+	}
+	return s
+}