djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix TestImpersonationProxy on EKS.

Browse Source 
The admin kubeconfigs we have on EKS clusters are a bit different from others, because there is no certificate/key (EKS does not use certificate auth).

This code didn't quite work correctly in that case. The fix is to allow the case where `tlsConfig.GetClientCertificate` is non-nil, but returns a value with no certificates.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
Matt Moyer 2021-05-07 16:22:08 -05:00
parent cc99d9aeb4
commit 47f5e822d0
No known key found for this signature in database
GPG Key ID: EAE88AD172C5AE2D
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
test/integration/concierge_impersonation_proxy_test.go
View File

@ -1705,8 +1705,8 @@ func getCredForConfig(t *testing.T, config *rest.Config) *loginv1alpha1.ClusterC
if tlsConfig != nil && tlsConfig.GetClientCertificate != nil { if tlsConfig != nil && tlsConfig.GetClientCertificate != nil {
cert, err := tlsConfig.GetClientCertificate(nil) cert, err := tlsConfig.GetClientCertificate(nil)
require.NoError(t, err) require.NoError(t, err)
if len(cert.Certificate) > 0 {
require.Len(t, cert.Certificate, 1) require.Len(t, cert.Certificate, 1)
publicKey := pem.EncodeToMemory(&pem.Block{ publicKey := pem.EncodeToMemory(&pem.Block{
Type: "CERTIFICATE", Type: "CERTIFICATE",
Bytes: cert.Certificate[0], Bytes: cert.Certificate[0],
@ -1717,6 +1717,7 @@ func getCredForConfig(t *testing.T, config *rest.Config) *loginv1alpha1.ClusterC
require.NoError(t, err) require.NoError(t, err)
out.ClientKeyData = string(privateKey) out.ClientKeyData = string(privateKey)
} }
}
if *out == (loginv1alpha1.ClusterCredential{}) { if *out == (loginv1alpha1.ClusterCredential{}) {
t.Fatal("failed to get creds for config") t.Fatal("failed to get creds for config")