Fix "pinniped get kubeconfig" strategy detection to pick the _first_ working strategy.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
parent
03f09c6870
commit
ddd1d29e5d
@ -251,23 +251,25 @@ func configureConcierge(credentialIssuer *configv1alpha1.CredentialIssuer, authe
|
||||
|
||||
// Autodiscover the --concierge-mode.
|
||||
if flags.concierge.mode == modeUnknown { //nolint:nestif
|
||||
|
||||
strategyLoop:
|
||||
for _, strategy := range credentialIssuer.Status.Strategies {
|
||||
fe := strategy.Frontend
|
||||
if strategy.Status != configv1alpha1.SuccessStrategyStatus || fe == nil {
|
||||
if strategy.Status != configv1alpha1.SuccessStrategyStatus || strategy.Frontend == nil {
|
||||
continue
|
||||
}
|
||||
|
||||
switch fe.Type {
|
||||
switch strategy.Frontend.Type {
|
||||
case configv1alpha1.TokenCredentialRequestAPIFrontendType:
|
||||
flags.concierge.mode = modeTokenCredentialRequestAPI
|
||||
break strategyLoop
|
||||
case configv1alpha1.ImpersonationProxyFrontendType:
|
||||
flags.concierge.mode = modeImpersonationProxy
|
||||
flags.concierge.endpoint = fe.ImpersonationProxyInfo.Endpoint
|
||||
flags.concierge.endpoint = strategy.Frontend.ImpersonationProxyInfo.Endpoint
|
||||
var err error
|
||||
conciergeCABundleData, err = base64.StdEncoding.DecodeString(fe.ImpersonationProxyInfo.CertificateAuthorityData)
|
||||
conciergeCABundleData, err = base64.StdEncoding.DecodeString(strategy.Frontend.ImpersonationProxyInfo.CertificateAuthorityData)
|
||||
if err != nil {
|
||||
return fmt.Errorf("autodiscovered Concierge CA bundle is invalid: %w", err)
|
||||
}
|
||||
break strategyLoop
|
||||
default:
|
||||
// Skip any unknown frontend types.
|
||||
}
|
||||
|
@ -788,7 +788,8 @@ func TestGetKubeconfig(t *testing.T) {
|
||||
&configv1alpha1.CredentialIssuer{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "test-credential-issuer"},
|
||||
Status: configv1alpha1.CredentialIssuerStatus{
|
||||
Strategies: []configv1alpha1.CredentialIssuerStrategy{{
|
||||
Strategies: []configv1alpha1.CredentialIssuerStrategy{
|
||||
{
|
||||
Type: "SomeType",
|
||||
Status: configv1alpha1.SuccessStrategyStatus,
|
||||
Reason: "SomeReason",
|
||||
@ -801,7 +802,22 @@ func TestGetKubeconfig(t *testing.T) {
|
||||
CertificateAuthorityData: "dGVzdC1jb25jaWVyZ2UtY2E=",
|
||||
},
|
||||
},
|
||||
}},
|
||||
},
|
||||
{
|
||||
Type: "SomeOtherType",
|
||||
Status: configv1alpha1.SuccessStrategyStatus,
|
||||
Reason: "SomeOtherReason",
|
||||
Message: "Some other message",
|
||||
LastUpdateTime: metav1.Now(),
|
||||
Frontend: &configv1alpha1.CredentialIssuerFrontend{
|
||||
Type: configv1alpha1.ImpersonationProxyFrontendType,
|
||||
ImpersonationProxyInfo: &configv1alpha1.ImpersonationProxyInfo{
|
||||
Endpoint: "https://some-other-impersonation-endpoint",
|
||||
CertificateAuthorityData: "dGVzdC1jb25jaWVyZ2UtY2E=",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
&conciergev1alpha1.JWTAuthenticator{
|
||||
|
Loading…
Reference in New Issue
Block a user