From 800db76fe4e6eaa86dfacdc6bf9702ee46d42334 Mon Sep 17 00:00:00 2001 From: Vui Lam Date: Wed, 4 Sep 2024 21:44:14 -0700 Subject: [PATCH] Fix double-encoding of ca cert data in kube context Signed-off-by: Vui Lam --- pkg/auth/tanzu/kubeconfig.go | 14 +++++++------- pkg/auth/tanzu/kubeconfig_test.go | 5 ++++- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/pkg/auth/tanzu/kubeconfig.go b/pkg/auth/tanzu/kubeconfig.go index 7dbd57652..f598d182e 100644 --- a/pkg/auth/tanzu/kubeconfig.go +++ b/pkg/auth/tanzu/kubeconfig.go @@ -5,7 +5,6 @@ package tanzu import ( - "encoding/base64" "encoding/json" "os" "path/filepath" @@ -30,19 +29,20 @@ const ( // GetTanzuKubeconfig constructs and returns the kubeconfig that points to Tanzu Org and func GetTanzuKubeconfig(c *configtypes.Context, endpoint, orgID, endpointCACertPath string, skipTLSVerify bool) (string, string, string, error) { + var clusterCACertDataBytes []byte + var err error + clusterAPIServerURL := strings.TrimSpace(endpoint) if !strings.HasPrefix(clusterAPIServerURL, "https://") && !strings.HasPrefix(clusterAPIServerURL, "http://") { clusterAPIServerURL = "https://" + clusterAPIServerURL } clusterAPIServerURL = clusterAPIServerURL + "/org/" + orgID - clusterCACertData := "" if endpointCACertPath != "" { - fileBytes, err := os.ReadFile(endpointCACertPath) + clusterCACertDataBytes, err = os.ReadFile(endpointCACertPath) if err != nil { return "", "", "", errors.Wrapf(err, "error reading CA certificate file %s", endpointCACertPath) } - clusterCACertData = base64.StdEncoding.EncodeToString(fileBytes) } contextName := kubeconfigContextName(c.Name) @@ -53,7 +53,7 @@ func GetTanzuKubeconfig(c *configtypes.Context, endpoint, orgID, endpointCACertP Kind: "Config", APIVersion: clientcmdapi.SchemeGroupVersion.Version, Clusters: map[string]*clientcmdapi.Cluster{clusterName: { - CertificateAuthorityData: []byte(clusterCACertData), + CertificateAuthorityData: clusterCACertDataBytes, InsecureSkipTLSVerify: skipTLSVerify, Server: clusterAPIServerURL, }}, @@ -62,7 +62,7 @@ func GetTanzuKubeconfig(c *configtypes.Context, endpoint, orgID, endpointCACertP CurrentContext: contextName, } - kubeconfigByes, err := json.Marshal(kcfg) + kubeconfigBytes, err := json.Marshal(kcfg) if err != nil { return "", "", "", errors.Wrap(err, "failed to marshal the tanzu kubeconfig") } @@ -71,7 +71,7 @@ func GetTanzuKubeconfig(c *configtypes.Context, endpoint, orgID, endpointCACertP if err != nil { return "", "", "", errors.Wrap(err, "unable to get the Tanzu local kubeconfig path") } - err = kubeutils.MergeKubeConfigWithoutSwitchContext(kubeconfigByes, kubeconfigPath) + err = kubeutils.MergeKubeConfigWithoutSwitchContext(kubeconfigBytes, kubeconfigPath) if err != nil { return "", "", "", errors.Wrap(err, "failed to merge the tanzu kubeconfig") } diff --git a/pkg/auth/tanzu/kubeconfig_test.go b/pkg/auth/tanzu/kubeconfig_test.go index 8654e09cc..758d80bf4 100644 --- a/pkg/auth/tanzu/kubeconfig_test.go +++ b/pkg/auth/tanzu/kubeconfig_test.go @@ -100,8 +100,11 @@ var _ = Describe("Unit tests for tanzu auth", func() { Expect(cluster.Server).To(Equal(clusterAPIServerURL)) Expect(config.Contexts[kubeContext].AuthInfo).To(Equal(kubeconfigUserName(tanzuContext.Name))) Expect(gotClusterName).To(Equal(kubeconfigClusterName(tanzuContext.Name))) - Expect(len(cluster.CertificateAuthorityData)).ToNot(Equal(0)) Expect(user.Exec).To(Equal(getExecConfig(tanzuContext))) + + caCertBytes, err := os.ReadFile(fakeCAcertPath) + Expect(err).ToNot(HaveOccurred()) + Expect(caCertBytes).To(Equal(cluster.CertificateAuthorityData)) }) }) Context("When endpointCACertPath is not provided and skipTLSVerify is set to true", func() {