From 1c4e31ae80b4f7d2dd985e935cf11a1acda5fcf5 Mon Sep 17 00:00:00 2001 From: sivchari Date: Sat, 20 Jul 2024 22:09:32 +0900 Subject: [PATCH 1/3] use url.JoinPath instead of fmt to concat endpoint Signed-off-by: sivchari --- util/kubeconfig/kubeconfig.go | 3 +- util/kubeconfig/kubeconfig_test.go | 55 ++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 1 deletion(-) diff --git a/util/kubeconfig/kubeconfig.go b/util/kubeconfig/kubeconfig.go index 3c5338f683d9..1d83c77b375a 100644 --- a/util/kubeconfig/kubeconfig.go +++ b/util/kubeconfig/kubeconfig.go @@ -22,6 +22,7 @@ import ( "crypto" "crypto/x509" "fmt" + "net/url" "time" "github.com/pkg/errors" @@ -109,7 +110,7 @@ func CreateSecret(ctx context.Context, c client.Client, cluster *clusterv1.Clust // CreateSecretWithOwner creates the Kubeconfig secret for the given cluster name, namespace, endpoint, and owner reference. func CreateSecretWithOwner(ctx context.Context, c client.Client, clusterName client.ObjectKey, endpoint string, owner metav1.OwnerReference) error { - server := fmt.Sprintf("https://%s", endpoint) + server, err := url.JoinPath("https://%s", endpoint) out, err := generateKubeconfig(ctx, c, clusterName, server) if err != nil { return err diff --git a/util/kubeconfig/kubeconfig_test.go b/util/kubeconfig/kubeconfig_test.go index 320b01f57ca4..608b42334619 100644 --- a/util/kubeconfig/kubeconfig_test.go +++ b/util/kubeconfig/kubeconfig_test.go @@ -284,6 +284,61 @@ func TestCreateSecretWithOwner(t *testing.T) { g.Expect(restClient.Host).To(Equal("https://localhost:6443")) } +func TestCreateSecretWithOwnerHasEndpointPrefixIsSlush(t *testing.T) { + g := NewWithT(t) + + caKey, err := certs.NewPrivateKey() + g.Expect(err).ToNot(HaveOccurred()) + + caCert, err := getTestCACert(caKey) + g.Expect(err).ToNot(HaveOccurred()) + + caSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test1-ca", + Namespace: "test", + }, + Data: map[string][]byte{ + secret.TLSKeyDataName: certs.EncodePrivateKeyPEM(caKey), + secret.TLSCrtDataName: certs.EncodeCertPEM(caCert), + }, + } + + c := fake.NewClientBuilder().WithObjects(caSecret).Build() + + owner := metav1.OwnerReference{ + Name: "test1", + Kind: "Cluster", + APIVersion: clusterv1.GroupVersion.String(), + } + + err = CreateSecretWithOwner( + ctx, + c, + client.ObjectKey{ + Name: "test1", + Namespace: "test", + }, + "/localhost:6443", + owner, + ) + + g.Expect(err).ToNot(HaveOccurred()) + + s := &corev1.Secret{} + key := client.ObjectKey{Name: "test1-kubeconfig", Namespace: "test"} + g.Expect(c.Get(ctx, key, s)).To(Succeed()) + g.Expect(s.OwnerReferences).To(ContainElement(owner)) + g.Expect(s.Type).To(Equal(clusterv1.ClusterSecretType)) + + clientConfig, err := clientcmd.NewClientConfigFromBytes(s.Data[secret.KubeconfigDataName]) + g.Expect(err).ToNot(HaveOccurred()) + restClient, err := clientConfig.ClientConfig() + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(restClient.CAData).To(Equal(certs.EncodeCertPEM(caCert))) + g.Expect(restClient.Host).To(Equal("https://localhost:6443")) +} + func TestCreateSecret(t *testing.T) { g := NewWithT(t) From 458e6a6ee142c2926ec057700dd7bb8f6fd327bf Mon Sep 17 00:00:00 2001 From: sivchari Date: Sat, 20 Jul 2024 22:18:35 +0900 Subject: [PATCH 2/3] handle err Signed-off-by: sivchari --- util/kubeconfig/kubeconfig.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/util/kubeconfig/kubeconfig.go b/util/kubeconfig/kubeconfig.go index 1d83c77b375a..b4b343daa29f 100644 --- a/util/kubeconfig/kubeconfig.go +++ b/util/kubeconfig/kubeconfig.go @@ -111,6 +111,9 @@ func CreateSecret(ctx context.Context, c client.Client, cluster *clusterv1.Clust // CreateSecretWithOwner creates the Kubeconfig secret for the given cluster name, namespace, endpoint, and owner reference. func CreateSecretWithOwner(ctx context.Context, c client.Client, clusterName client.ObjectKey, endpoint string, owner metav1.OwnerReference) error { server, err := url.JoinPath("https://%s", endpoint) + if err != nil { + return err + } out, err := generateKubeconfig(ctx, c, clusterName, server) if err != nil { return err From e84b5ce730910c7a6a99181bf164f7ff1b019126 Mon Sep 17 00:00:00 2001 From: sivchari Date: Sat, 20 Jul 2024 22:27:51 +0900 Subject: [PATCH 3/3] fix: variable Signed-off-by: sivchari --- util/kubeconfig/kubeconfig.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/kubeconfig/kubeconfig.go b/util/kubeconfig/kubeconfig.go index b4b343daa29f..c3ca6656262d 100644 --- a/util/kubeconfig/kubeconfig.go +++ b/util/kubeconfig/kubeconfig.go @@ -110,7 +110,7 @@ func CreateSecret(ctx context.Context, c client.Client, cluster *clusterv1.Clust // CreateSecretWithOwner creates the Kubeconfig secret for the given cluster name, namespace, endpoint, and owner reference. func CreateSecretWithOwner(ctx context.Context, c client.Client, clusterName client.ObjectKey, endpoint string, owner metav1.OwnerReference) error { - server, err := url.JoinPath("https://%s", endpoint) + server, err := url.JoinPath("https://", endpoint) if err != nil { return err }