From 7f5fce69f5a493237dde9571d6f71c6e6ce71ef3 Mon Sep 17 00:00:00 2001 From: Ignasi Barrera Date: Sun, 25 Feb 2024 08:32:09 +0100 Subject: [PATCH] Move secret loader to a k8s package --- cmd/main.go | 3 +- internal/config.go | 8 ++-- internal/config_test.go | 2 +- internal/k8s/client.go | 43 +++++++++++++++++++ internal/k8s/client_test.go | 41 ++++++++++++++++++ internal/{ => k8s}/secrets.go | 28 +++--------- internal/{ => k8s}/secrets_test.go | 13 +++--- internal/k8s/testdata/kubeconfig | 19 ++++++++ internal/k8s/testdata/kubeconfig-invalid | 19 ++++++++ .../oidc-with-invalid-secret-ref.json | 0 .../oidc-with-non-existing-secret-ref.json | 0 .../testdata/oidc-with-valid-secret-ref.json | 0 12 files changed, 142 insertions(+), 34 deletions(-) create mode 100644 internal/k8s/client.go create mode 100644 internal/k8s/client_test.go rename internal/{ => k8s}/secrets.go (80%) rename internal/{ => k8s}/secrets_test.go (93%) create mode 100644 internal/k8s/testdata/kubeconfig create mode 100644 internal/k8s/testdata/kubeconfig-invalid rename internal/{ => k8s}/testdata/oidc-with-invalid-secret-ref.json (100%) rename internal/{ => k8s}/testdata/oidc-with-non-existing-secret-ref.json (100%) rename internal/{ => k8s}/testdata/oidc-with-valid-secret-ref.json (100%) diff --git a/cmd/main.go b/cmd/main.go index 537ccb57..c08c69cb 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -24,6 +24,7 @@ import ( "github.com/tetratelabs/telemetry" "github.com/tetrateio/authservice-go/internal" + "github.com/tetrateio/authservice-go/internal/k8s" "github.com/tetrateio/authservice-go/internal/oidc" "github.com/tetrateio/authservice-go/internal/server" ) @@ -37,7 +38,7 @@ func main() { envoyAuthz = server.NewExtAuthZFilter(&configFile.Config, jwks, sessions) authzServer = server.New(&configFile.Config, envoyAuthz.Register) healthz = server.NewHealthServer(&configFile.Config) - secrets = internal.NewSecretLoader(&configFile.Config) + secrets = k8s.NewSecretLoader(&configFile.Config) ) configLog := run.NewPreRunner("config-log", func() error { diff --git a/internal/config.go b/internal/config.go index f41d8f4e..da82941a 100644 --- a/internal/config.go +++ b/internal/config.go @@ -30,7 +30,7 @@ import ( oidcv1 "github.com/tetrateio/authservice-go/config/gen/go/v1/oidc" ) -const scopeOIDC = "openid" +const ScopeOIDC = "openid" var ( _ run.Config = (*LocalConfigFile)(nil) @@ -178,14 +178,14 @@ func mergeAndValidateOIDCConfigs(cfg *configv1.Config) error { func applyOIDCDefaults(config *oidcv1.OIDCConfig) { if config.GetScopes() == nil { - config.Scopes = []string{scopeOIDC} + config.Scopes = []string{ScopeOIDC} } for _, s := range config.GetScopes() { - if s == scopeOIDC { + if s == ScopeOIDC { return } } - config.Scopes = append(config.Scopes, scopeOIDC) + config.Scopes = append(config.Scopes, ScopeOIDC) } func ConfigToJSONString(c *configv1.Config) string { diff --git a/internal/config_test.go b/internal/config_test.go index 181dde47..6524e576 100644 --- a/internal/config_test.go +++ b/internal/config_test.go @@ -220,7 +220,7 @@ func TestLoadOIDC(t *testing.T) { IdToken: &oidcv1.TokenConfig{Preamble: "Bearer", Header: "authorization"}, ProxyUri: "http://fake", RedisSessionStoreConfig: &oidcv1.RedisConfig{ServerUri: "redis://localhost:6379/0"}, - Scopes: []string{scopeOIDC}, + Scopes: []string{ScopeOIDC}, Logout: &oidcv1.LogoutConfig{Path: "/logout", RedirectUri: "http://fake"}, TrustedCaConfig: &oidcv1.OIDCConfig_TrustedCertificateAuthority{TrustedCertificateAuthority: "fake-ca-pem"}, SkipVerifyPeerCert: structpb.NewBoolValue(true), diff --git a/internal/k8s/client.go b/internal/k8s/client.go new file mode 100644 index 00000000..9d4b1ae5 --- /dev/null +++ b/internal/k8s/client.go @@ -0,0 +1,43 @@ +// Copyright 2024 Tetrate +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package k8s + +import ( + "errors" + "fmt" + + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/client/config" +) + +var ( + ErrLoadingConfig = errors.New("error loading kube config") + ErrCreatingClient = errors.New("error creating kube client") +) + +// getKubeClient returns a new Kubernetes client used to load secrets. +func getKubeClient() (client.Client, error) { + cfg, err := config.GetConfig() + if err != nil { + return nil, fmt.Errorf("%w: %w", ErrLoadingConfig, err) + } + + cl, err := client.New(cfg, client.Options{}) + if err != nil { + return nil, fmt.Errorf("%w: %w", ErrCreatingClient, err) + } + + return cl, nil +} diff --git a/internal/k8s/client_test.go b/internal/k8s/client_test.go new file mode 100644 index 00000000..b8f8be29 --- /dev/null +++ b/internal/k8s/client_test.go @@ -0,0 +1,41 @@ +// Copyright 2024 Tetrate +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package k8s + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestGetKubeClient(t *testing.T) { + tests := []struct { + name string + kubeconfig string + err error + }{ + {"unexisting", "non-existing-file", ErrLoadingConfig}, + {"invalid", "testdata/kubeconfig-invalid", ErrCreatingClient}, + {"valid", "testdata/kubeconfig", nil}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Setenv("KUBECONFIG", tt.kubeconfig) + _, err := getKubeClient() + require.ErrorIs(t, err, tt.err) + }) + } +} diff --git a/internal/secrets.go b/internal/k8s/secrets.go similarity index 80% rename from internal/secrets.go rename to internal/k8s/secrets.go index 8003566e..8c8c78e3 100644 --- a/internal/secrets.go +++ b/internal/k8s/secrets.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package internal +package k8s import ( "context" @@ -24,10 +24,10 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/client/config" configv1 "github.com/tetrateio/authservice-go/config/gen/go/v1" oidcv1 "github.com/tetrateio/authservice-go/config/gen/go/v1/oidc" + "github.com/tetrateio/authservice-go/internal" ) const ( @@ -38,9 +38,8 @@ const ( var ( _ run.PreRunner = (*SecretLoader)(nil) - ErrLoadingKubeConfig = errors.New("error loading kube config") - ErrGetSecret = errors.New("err getting secret") - ErrNoSecretData = errors.New("client-secret not found in secret") + ErrGetSecret = errors.New("error getting secret") + ErrNoSecretData = errors.New("client-secret not found in secret") ) // SecretLoader is a pre-runner that loads secrets from Kubernetes and updates @@ -55,7 +54,7 @@ type SecretLoader struct { // // the configuration with the loaded data. func NewSecretLoader(cfg *configv1.Config) *SecretLoader { return &SecretLoader{ - log: Logger(Config), + log: internal.Logger(internal.Config), cfg: cfg, } } @@ -77,7 +76,7 @@ func (s *SecretLoader) PreRun() error { var err error s.k8sClient, err = getKubeClient() if err != nil { - return fmt.Errorf("%w: loading client secret from k8s: %w", ErrLoadingKubeConfig, err) + return fmt.Errorf("loading client secret from k8s: %w", err) } } @@ -119,18 +118,3 @@ func (s *SecretLoader) loadClientSecretFromK8s(cfg *oidcv1.OIDCConfig) error { return nil } - -// getKubeClient returns a new Kubernetes client used to load secrets. -func getKubeClient() (client.Client, error) { - cfg, err := config.GetConfig() - if err != nil { - return nil, fmt.Errorf("error getting kube config: %w", err) - } - - cl, err := client.New(cfg, client.Options{}) - if err != nil { - return nil, fmt.Errorf("errot creating kube client: %w", err) - } - - return cl, nil -} diff --git a/internal/secrets_test.go b/internal/k8s/secrets_test.go similarity index 93% rename from internal/secrets_test.go rename to internal/k8s/secrets_test.go index 573b27c2..e235e5d5 100644 --- a/internal/secrets_test.go +++ b/internal/k8s/secrets_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package internal +package k8s import ( "fmt" @@ -29,6 +29,7 @@ import ( configv1 "github.com/tetrateio/authservice-go/config/gen/go/v1" mockv1 "github.com/tetrateio/authservice-go/config/gen/go/v1/mock" oidcv1 "github.com/tetrateio/authservice-go/config/gen/go/v1/oidc" + "github.com/tetrateio/authservice-go/internal" ) func TestLoadOIDCClientSecret(t *testing.T) { @@ -91,7 +92,7 @@ func TestLoadOIDCClientSecret(t *testing.T) { IdToken: &oidcv1.TokenConfig{Preamble: "Bearer", Header: "authorization"}, ProxyUri: "http://fake", RedisSessionStoreConfig: &oidcv1.RedisConfig{ServerUri: "redis://localhost:6379/0"}, - Scopes: []string{scopeOIDC}, + Scopes: []string{internal.ScopeOIDC}, Logout: &oidcv1.LogoutConfig{Path: "/logout", RedirectUri: "http://fake"}, }, }, @@ -116,7 +117,7 @@ func TestLoadOIDCClientSecret(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - var cfg LocalConfigFile + var cfg internal.LocalConfigFile sl := NewSecretLoader(&cfg.Config) sl.k8sClient = kubeClient g := run.Group{Logger: telemetry.NoopLogger()} @@ -131,15 +132,15 @@ func TestLoadOIDCClientSecret(t *testing.T) { } } -func TestErrLoadingKubeConfig(t *testing.T) { +func TestLoadWithInvalidKubeConfig(t *testing.T) { t.Setenv("KUBECONFIG", "non-existing-file") - var cfg LocalConfigFile + var cfg internal.LocalConfigFile sl := NewSecretLoader(&cfg.Config) g := run.Group{Logger: telemetry.NoopLogger()} g.Register(&cfg, sl) err := g.Run("", "--config-path", "testdata/oidc-with-valid-secret-ref.json") - require.ErrorContains(t, err, ErrLoadingKubeConfig.Error()) + require.ErrorIs(t, err, ErrLoadingConfig) } diff --git a/internal/k8s/testdata/kubeconfig b/internal/k8s/testdata/kubeconfig new file mode 100644 index 00000000..cb58b605 --- /dev/null +++ b/internal/k8s/testdata/kubeconfig @@ -0,0 +1,19 @@ +apiVersion: v1 +clusters: +- cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1ESXlOREl3TlRFd09Wb1hEVE0wTURJeU1USXdOVEV3T1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSmUzCndpMzZpak9jckE4eUdlU3NVTXFkdlRHZHF0OGZrQVpTMzFtK05TRDlvN3huUDBvNTI3bkhkQzVFemwyVmJlSjAKZDlvRlEvdEhkQzdOdms5d2ozcms4L1lXUldXeitpV3h5Q1hYa3lDSUtia3N5REY4dGZsUHgvSFRLeEJGL3p1MAo5ZG5wK0htM1B2MHY0L3EzQ1MxYkx4TGRnbUlKRU0xdGcxOExTVGVGSVRiUFc3czFnTG1YYTVKYmp4MGpqVVMwCnF1aTRHc1ZTWElnbGZ5dk9LczRNZ2lxU3AzRlVFSzdQby9ZYnd3cUVlYkd5bTZ6aFdaTFQzYkd0N0Q0amNHSnAKU1Ird1d6cDRvaDZKYkRMa0RwT2FTNzl3OTRBQUYrSG90NlJSZm0vMXMrM08wMGNUTFMwTGhrSDI4UDgrZzVxWgpUMk4ycVNXdzF1M0xXUVNyODZVQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZFYXVRMkZSUkdVK0NXdWU1eWIwY0lrRDhtZEVNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSU1BcXYzSmNVRkNUc1NOUmJVcAo5WlFtVE1PNitXMEJ5amRXZi9EaXBNY05ZeTdmVUZ2SnlDa1VYektvWWFRRlpobkExZkgyS2pFZDc4MnNwMEJOClJlQ2F1VmtVWkNjanJQb3pPUlB4SFBIOFZBN01HWlV4a1oyNHEreTQ0SUY4UUtwcEJNeTNwNlF6RmpKamUvL3YKbFpiT1JMbmJUdGEreG52dk9xSlVLYUM3WTVHTktuL1pKNEtsaTkxclprN3BTTWZzQ2drMmQ5VkxkWkpubXJDQgpMUDhRcS8vNUFuS0NXNTZVY29weFVYSDV1TjRjaER4eUZ1dGNkMk9tQ0xOYWRlZkpuWWNmaFpqUC9Vc2E5Y1QwClJaRlI4SUxULzZJR0RxczZDbVlIUmFOc1U5V1ZxMjRMTkhSN3Z6ZVRlSVRZZXVDdUhSMG9sTWtuQU9YTWw5MXkKZlZ3PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + server: https://dummy + name: kind-authservice +contexts: +- context: + cluster: kind-authservice + user: kind-authservice + name: kind-authservice +current-context: kind-authservice +kind: Config +preferences: {} +users: +- name: kind-authservice + user: + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJVjBiTHZGaWRINVl3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBeU1qUXlNRFV4TURsYUZ3MHlOVEF5TWpNeU1EVXhNVEJhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXQyeWVnKzhsdHVTM2R2WWIKYnlOWkdhRmJKbDlRblVIdGpaeWVmMjZrdGxWMnBuWmR6WjZIMERHa0cyWHNSK3FIVWdlQ1FEZHk4ck8rVWM4bwprSWRlbDRWeW5IbDlTSWtkM3M0aVhLSzdVMmxxN0tGcUhTYXV1M3dzbVFoUGQwVUpETVpQaURNK0VnT1o4M3pKCmp3dlNBWExDNmVOajJBZk5xbUVidzErelZCSHhLcFZkYTRIb2tpeG9oZWRta0hkUGVKYnhwSjBVOThib0M3aU0KbU9uNWZNSVh3VmRsV3dqVHp3Q2NaeWFFYnlUcFB5TmJiVVUyY3dJSElnVXdFazlBQnRMbHZ0OWkvRW5NRDBZTApHS3k1VUd1dkcwb2hha2FtTnRENFhzdmlHamR0azdvbHFNdkZQaFAybElWTWl2ZHg5VVh0clJzMDdub0RBMTI4CkExVWZid0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JSR3JrTmhVVVJsUGdscm51Y205SENKQS9KbgpSREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBZnorbCszOTc0SVNYcUFGVnozMzJFNlo0bnJORUUyNWxWeTU1Ckl5SXJmdUZZWkt1ZGMwQ3JoZ3VLQVlVcE5seFVzT05ISzl5Q25aU2Jib2tvS1dBeW45bkNWNGJZM1pmdkM0bHoKaXY0Z20rWDZ2Z1JaWkpSNUtVYTRQc0Iwa1ZQRE9YbUZHQjREUzd6Vmd4WE5Kek9EYWpncUNoblVoZmI4STVHTgoya1g4WkZJdTZSR0JoTUNKdUh2S1l0Q3FhNC9TYW5vV3hOTU4rVUloM1JMRWt0NWNRY1JlK05yb3NpaURtN2xWCkJ2VE1ONWVsQ1d5QVJ4Wmp0RjRlc2pqVE5Ma2pJNkUyWHA3YWdGTjB4YWV6R2lNc01Dc1VCczRTZUhQVVhuSS8KVTcrNENsdmkzM2J5N3dGNHlZWVBXOVFWT3FkdzhCV0FJcFZnWTNvSk1ibUliSkZFMVE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdDJ5ZWcrOGx0dVMzZHZZYmJ5TlpHYUZiSmw5UW5VSHRqWnllZjI2a3RsVjJwblpkCnpaNkgwREdrRzJYc1IrcUhVZ2VDUURkeThyTytVYzhva0lkZWw0VnluSGw5U0lrZDNzNGlYS0s3VTJscTdLRnEKSFNhdXUzd3NtUWhQZDBVSkRNWlBpRE0rRWdPWjgzekpqd3ZTQVhMQzZlTmoyQWZOcW1FYncxK3pWQkh4S3BWZAphNEhva2l4b2hlZG1rSGRQZUpieHBKMFU5OGJvQzdpTW1PbjVmTUlYd1ZkbFd3alR6d0NjWnlhRWJ5VHBQeU5iCmJVVTJjd0lISWdVd0VrOUFCdExsdnQ5aS9Fbk1EMFlMR0t5NVVHdXZHMG9oYWthbU50RDRYc3ZpR2pkdGs3b2wKcU12RlBoUDJsSVZNaXZkeDlVWHRyUnMwN25vREExMjhBMVVmYndJREFRQUJBb0lCQUdYSDRoWDN5QWU2MW9zdQplWDZzTUs3bU9Id01lK0VuU2poQVpqcjBISFlJNm5Qb1RwamdsU0JUeTJwZ25rSXh3N0VpOVlYSXZ3SXA5enZTCkpnSTgrNkk4cktKalQ3L0dSa3J5TzJNSDhjYVJRb0hYOTlnQk5RaFlHUzg1eTA2MWdoWVNuT05JKy9KbkNUQngKV0M4R01od1hvRXpFbnd5ckY5YXBXQXlMdUNpM2M0d21XcEQwVVNKcEhkUGtiV2lHL1VRK0FOQ0lGdWlzM3prVApaekVkWStZZjdWbm0vckVtcXpuZ2hBYWtnUUFzNHpGYlRwdHNKRk5kbEVMS0Q3Wm1HMmFTVU5HdDYzTXR4ZHRmCkV2cmxtcDQrNW1YSUx6NlQ3aUdqMDlPVUtnUERETkl5STAwVHNOWU5SOFlTS2FvbkxsdFkwZXdSU011ZnR2aEEKL0VDV2NpRUNnWUVBMlQyM1BOL0pQczNGWjdKU0RlcXhIbjd6VXhNbUFVZFBjY3pic0RXL3BTTVlGbjB5T0NZTQp3TGRhcU9YemFCNWtPaHVrQTVJSVordjlYZ0JobWg5RStra1RaYWhRVGhMY0tKUDRXMjd4Q2ZNR09QMGxqYisyCkdJY3FsVnNQNjJVVVRUcWtLdkE1Vk1pTmJmUTRnSS8yTGk4UTNhVmx0QVBPTHJja2hkUFY5VmNDZ1lFQTJDWmEKY0w3QWRsdjlkdmlZY3RlT0ZtMXFwZUsxakx4a3B5Z2JSWWE5Tlo1NFJHa1pzcXo0bThTdW1LKzZNQmQrYXhlOAo1YThZSllhS1NiTmx3czFXYlhlMDQ1WEZ0dlJSSHdSL1lnUmV4RGVPSGdVbC9kaHBkd1dXeHQ0ZGI2SWpGSHdRCnpVUGdxYzRWQjRMdWRHZ0hCUDNzaStDb3dZVHJCcS9nSk5DZ2Y2a0NnWUVBdDYzSzVKbUNtcXQ1SVhoUWtKdkQKTGpuQW1wa3lKUnFhUFdvc3hneHNBY0J1ZVhWWnBNZm5PSHJQR01kMHlyQUhwbW9BZjFSVjd5aEZqZGxjck9lTApkdU9hbHZWOUVNWTVoOFcwMC9vMXEyZmo5d056WVNxYldKblFrMy92TWVUQkNadHZleTZxQ3RtWFcwU0hFWXluClpkMDlzV3BMVjYxd0EyZXVaY2o2dXZrQ2dZQUMxRzIyc0NpZzVBOXJjVkc5bnlqVERsZXBHRkM4S1BOQVpQd0cKYXY4ckpvbjRpMCswMFNMb0Z5a2FBcUx6WWp0YmQ1SVhoN1ZQT0hXekJWQTl2cVoxQkc0djFKUWtFd3JFMXpBNwp2a2JuVnJyYmxjR3JreHUrWFNwZUxDWkNnZUxucjhBZ2o5VHZKQzJPVFo2Rms1OFQ1NmNqSmF2UDdNZU83TnFJCllOclpFUUtCZ1FES2RwUkM1VkpyUExLUHJmQkViaXpyeUtSNUNvcGdlbG1wbFd6cVBtOGlBSW5TandDNkVoY3IKc0wvajdKaDg3V1hmMDNGUUF4c0JvdzlhTkUwblNsNVY5Mit1RGtSbHFHczhPV0lOVG4wOFlsMjZONFA4VDdKagpreXQ2WGRscWlPMzVMS1lVV0pTQWpEeHZRN3VqU3dNRktFaUNMYUcvY0JvQ1k5MTNRbms5T1E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= diff --git a/internal/k8s/testdata/kubeconfig-invalid b/internal/k8s/testdata/kubeconfig-invalid new file mode 100644 index 00000000..c888852c --- /dev/null +++ b/internal/k8s/testdata/kubeconfig-invalid @@ -0,0 +1,19 @@ +apiVersion: v1 +clusters: +- cluster: + certificate-authority-data: Zm9vCg== + server: https://invalid-server-url + name: kind-authservice +contexts: +- context: + cluster: kind-authservice + user: kind-authservice + name: kind-authservice +current-context: kind-authservice +kind: Config +preferences: {} +users: +- name: kind-authservice + user: + client-certificate-data: Zm9vCg== + client-key-data: Zm9vCg== diff --git a/internal/testdata/oidc-with-invalid-secret-ref.json b/internal/k8s/testdata/oidc-with-invalid-secret-ref.json similarity index 100% rename from internal/testdata/oidc-with-invalid-secret-ref.json rename to internal/k8s/testdata/oidc-with-invalid-secret-ref.json diff --git a/internal/testdata/oidc-with-non-existing-secret-ref.json b/internal/k8s/testdata/oidc-with-non-existing-secret-ref.json similarity index 100% rename from internal/testdata/oidc-with-non-existing-secret-ref.json rename to internal/k8s/testdata/oidc-with-non-existing-secret-ref.json diff --git a/internal/testdata/oidc-with-valid-secret-ref.json b/internal/k8s/testdata/oidc-with-valid-secret-ref.json similarity index 100% rename from internal/testdata/oidc-with-valid-secret-ref.json rename to internal/k8s/testdata/oidc-with-valid-secret-ref.json