Skip to content

Fix format of ClientCertificate[Key]Data from auth plugins #480

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Sep 25, 2020
Merged

Fix format of ClientCertificate[Key]Data from auth plugins #480

merged 4 commits into from
Sep 25, 2020

Conversation

Frassle
Copy link
Contributor

@Frassle Frassle commented Sep 19, 2020

ClientCertificateData and ClientCertificateKeyData are expected to be base64 encoded strings by CertUtils.GeneratePfx. However auth plugins return the actual "--BEGIN X---...---END X---" strings, this commit base64 encodes that to match as if it was read from the config file.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Sep 19, 2020
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Sep 19, 2020
@Frassle
Copy link
Contributor Author

Frassle commented Sep 19, 2020
edited
Loading

I missed this distinction of how these strings we're formatted in my last PR (#479).

/assign @brendandburns

@brendandburns
Copy link
Contributor

This looks good, can you add a unit test to validate the behavior and protect against future breakage?

Thanks!

@Frassle
Copy link
Contributor Author

Frassle commented Sep 24, 2020

can you add a unit test

I did have a look at this quickly and wasn't sure the best way to unit test. We're calling into System.Diagnostics.Process and I couldn't think of any easy way to mock that out for a test. I could make a config that has command set to cmd.exe or /bin/sh with arguments that just cause it to echo back an expected json blob, but that seemed a big ugly.

@brendandburns
Copy link
Contributor

In other contexts, I have just used echo to echo back the json blob. I think that's actually the right way to do it.

Thanks!

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Sep 24, 2020
@Frassle
Copy link
Contributor Author

Frassle commented Sep 24, 2020

I've added another test to the auth tests copying bits of the external token test and the certificate tests.

N.B The external auth test looks like it would never run because it was ifdefed for NETSTANDARD_2_0 but the tests either run as netcoreapp2.0 or netcoreapp2.1 so I've removed that ifdef

@brendandburns
Copy link
Contributor

Thanks, looks like the test is failing though with some JSON parse error...

@Frassle
Copy link
Contributor Author

Frassle commented Sep 24, 2020

Looking in to it, I only checked it on my windows machine (removing the exclude clause to get it to run, seemed fine but I'm going to trust the comment that cert use is intermittent)

@Frassle
Copy link
Contributor Author

Frassle commented Sep 25, 2020

Seems the problem is these external tests weren't ever running so the echo handling is wrong. I've raised #484 as a smaller PR to just enable the one existing external test and get it working. After that's merged I'll merge master into here and it should fix up this PR as well.

@brendandburns
Copy link
Contributor

Cool, thanks for digging in here. I merged #484 so this should be ready once you rebase.

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Sep 25, 2020
@brendandburns
Copy link
Contributor

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 25, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: brendandburns, Frassle

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 25, 2020
@k8s-ci-robot k8s-ci-robot merged commit d7f9eb9 into kubernetes-client:master Sep 25, 2020
@Frassle Frassle deleted the fixplugin branch September 25, 2020 16:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brendandburns brendandburns Awaiting requested review from brendandburns

@krabhishek8260 krabhishek8260 Awaiting requested review from krabhishek8260

Assignees

@brendandburns brendandburns

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Frassle @brendandburns @k8s-ci-robot