Fix double-encoding of ca cert data in kube context

Signed-off-by: Vui Lam <[email protected]>
vmware-tanzu · Sep 5, 2024 · 800db76 · 800db76
1 parent aa76610
commit 800db76
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/pkg/auth/tanzu/kubeconfig.go b/pkg/auth/tanzu/kubeconfig.go
@@ -5,7 +5,6 @@
 package tanzu
 
 import (
-	"encoding/base64"
 	"encoding/json"
 	"os"
 	"path/filepath"
@@ -30,19 +29,20 @@ const (
 
 // GetTanzuKubeconfig constructs and returns the kubeconfig that points to Tanzu Org and
 func GetTanzuKubeconfig(c *configtypes.Context, endpoint, orgID, endpointCACertPath string, skipTLSVerify bool) (string, string, string, error) {
+	var clusterCACertDataBytes []byte
+	var err error
+
 	clusterAPIServerURL := strings.TrimSpace(endpoint)
 	if !strings.HasPrefix(clusterAPIServerURL, "https://") && !strings.HasPrefix(clusterAPIServerURL, "http://") {
 		clusterAPIServerURL = "https://" + clusterAPIServerURL
 	}
 	clusterAPIServerURL = clusterAPIServerURL + "/org/" + orgID
 
-	clusterCACertData := ""
 	if endpointCACertPath != "" {
-		fileBytes, err := os.ReadFile(endpointCACertPath)
+		clusterCACertDataBytes, err = os.ReadFile(endpointCACertPath)
 		if err != nil {
 			return "", "", "", errors.Wrapf(err, "error reading CA certificate file %s", endpointCACertPath)
 		}
-		clusterCACertData = base64.StdEncoding.EncodeToString(fileBytes)
 	}
 
 	contextName := kubeconfigContextName(c.Name)
@@ -53,7 +53,7 @@ func GetTanzuKubeconfig(c *configtypes.Context, endpoint, orgID, endpointCACertP
 		Kind:       "Config",
 		APIVersion: clientcmdapi.SchemeGroupVersion.Version,
 		Clusters: map[string]*clientcmdapi.Cluster{clusterName: {
-			CertificateAuthorityData: []byte(clusterCACertData),
+			CertificateAuthorityData: clusterCACertDataBytes,
 			InsecureSkipTLSVerify:    skipTLSVerify,
 			Server:                   clusterAPIServerURL,
 		}},
@@ -62,7 +62,7 @@ func GetTanzuKubeconfig(c *configtypes.Context, endpoint, orgID, endpointCACertP
 		CurrentContext: contextName,
 	}
 
-	kubeconfigByes, err := json.Marshal(kcfg)
+	kubeconfigBytes, err := json.Marshal(kcfg)
 	if err != nil {
 		return "", "", "", errors.Wrap(err, "failed to marshal the tanzu kubeconfig")
 	}
@@ -71,7 +71,7 @@ func GetTanzuKubeconfig(c *configtypes.Context, endpoint, orgID, endpointCACertP
 	if err != nil {
 		return "", "", "", errors.Wrap(err, "unable to get the Tanzu local kubeconfig path")
 	}
-	err = kubeutils.MergeKubeConfigWithoutSwitchContext(kubeconfigByes, kubeconfigPath)
+	err = kubeutils.MergeKubeConfigWithoutSwitchContext(kubeconfigBytes, kubeconfigPath)
 	if err != nil {
 		return "", "", "", errors.Wrap(err, "failed to merge the tanzu kubeconfig")
 	}

diff --git a/pkg/auth/tanzu/kubeconfig_test.go b/pkg/auth/tanzu/kubeconfig_test.go
@@ -100,8 +100,11 @@ var _ = Describe("Unit tests for tanzu auth", func() {
 				Expect(cluster.Server).To(Equal(clusterAPIServerURL))
 				Expect(config.Contexts[kubeContext].AuthInfo).To(Equal(kubeconfigUserName(tanzuContext.Name)))
 				Expect(gotClusterName).To(Equal(kubeconfigClusterName(tanzuContext.Name)))
-				Expect(len(cluster.CertificateAuthorityData)).ToNot(Equal(0))
 				Expect(user.Exec).To(Equal(getExecConfig(tanzuContext)))
+
+				caCertBytes, err := os.ReadFile(fakeCAcertPath)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(caCertBytes).To(Equal(cluster.CertificateAuthorityData))
 			})
 		})
 		Context("When endpointCACertPath is not provided and skipTLSVerify is set to true", func() {