From 47f5e822d073b4183df8fb3fc237ca5659ba4644 Mon Sep 17 00:00:00 2001
From: Matt Moyer <moyerm@vmware.com>
Date: Fri, 7 May 2021 16:22:08 -0500
Subject: [PATCH] Fix TestImpersonationProxy on EKS.

The admin kubeconfigs we have on EKS clusters are a bit different from others, because there is no certificate/key (EKS does not use certificate auth).

This code didn't quite work correctly in that case. The fix is to allow the case where `tlsConfig.GetClientCertificate` is non-nil, but returns a value with no certificates.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
---
 .../concierge_impersonation_proxy_test.go     | 21 ++++++++++---------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/test/integration/concierge_impersonation_proxy_test.go b/test/integration/concierge_impersonation_proxy_test.go
index 390ae1f1..4fa7329e 100644
--- a/test/integration/concierge_impersonation_proxy_test.go
+++ b/test/integration/concierge_impersonation_proxy_test.go
@@ -1705,17 +1705,18 @@ func getCredForConfig(t *testing.T, config *rest.Config) *loginv1alpha1.ClusterC
 	if tlsConfig != nil && tlsConfig.GetClientCertificate != nil {
 		cert, err := tlsConfig.GetClientCertificate(nil)
 		require.NoError(t, err)
-		require.Len(t, cert.Certificate, 1)
+		if len(cert.Certificate) > 0 {
+			require.Len(t, cert.Certificate, 1)
+			publicKey := pem.EncodeToMemory(&pem.Block{
+				Type:  "CERTIFICATE",
+				Bytes: cert.Certificate[0],
+			})
+			out.ClientCertificateData = string(publicKey)
 
-		publicKey := pem.EncodeToMemory(&pem.Block{
-			Type:  "CERTIFICATE",
-			Bytes: cert.Certificate[0],
-		})
-		out.ClientCertificateData = string(publicKey)
-
-		privateKey, err := keyutil.MarshalPrivateKeyToPEM(cert.PrivateKey)
-		require.NoError(t, err)
-		out.ClientKeyData = string(privateKey)
+			privateKey, err := keyutil.MarshalPrivateKeyToPEM(cert.PrivateKey)
+			require.NoError(t, err)
+			out.ClientKeyData = string(privateKey)
+		}
 	}
 
 	if *out == (loginv1alpha1.ClusterCredential{}) {