Skip to content

Commit 42cde8e

Browse files
0x54570x5457
committed
fix: add comments for rejectUnauthorized logic and replace selfsigned
with static certs
1 parent ee9c460 commit 42cde8e

File tree

6 files changed

+56
-30
lines changed

6 files changed

+56
-30
lines changed

package-lock.json

Lines changed: 0 additions & 24 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,6 @@
8383
"nock": "^14.0.5",
8484
"prettier": "^3.0.0",
8585
"pretty-quick": "^4.0.0",
86-
"selfsigned": "^3.0.1",
8786
"ts-mockito": "^2.3.1",
8887
"tsx": "^4.19.1",
8988
"typedoc": "^0.28.0",

src/config.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -202,6 +202,7 @@ export class KubeConfig implements SecurityAuthentication {
202202
agentOptions.key = opts.key;
203203
agentOptions.pfx = opts.pfx;
204204
agentOptions.passphrase = opts.passphrase;
205+
// Only set rejectUnauthorized if explicitly configured. When not set, fetch will use NODE_TLS_REJECT_UNAUTHORIZED env var
205206
if (opts.rejectUnauthorized !== undefined) {
206207
agentOptions.rejectUnauthorized = opts.rejectUnauthorized;
207208
}
@@ -261,6 +262,7 @@ export class KubeConfig implements SecurityAuthentication {
261262
agentOptions.key = httpsOptions.key;
262263
agentOptions.pfx = httpsOptions.pfx;
263264
agentOptions.passphrase = httpsOptions.passphrase;
265+
// Only set rejectUnauthorized if explicitly configured. When not set, fetch will use NODE_TLS_REJECT_UNAUTHORIZED env var
264266
if (httpsOptions.rejectUnauthorized !== undefined) {
265267
agentOptions.rejectUnauthorized = httpsOptions.rejectUnauthorized;
266268
}

src/config_test.ts

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,6 @@ import { ExecAuth } from './exec_auth.js';
2828
import { HttpProxyAgent, HttpsProxyAgent } from 'hpagent';
2929
import { SocksProxyAgent } from 'socks-proxy-agent';
3030
import { AddressInfo } from 'node:net';
31-
import selfsigned from 'selfsigned';
3231

3332
const kcFileName = 'testdata/kubeconfig.yaml';
3433
const kc2FileName = 'testdata/kubeconfig-2.yaml';
@@ -42,6 +41,9 @@ const kcInvalidContextFileName = 'testdata/empty-context-kubeconfig.yaml';
4241
const kcInvalidClusterFileName = 'testdata/empty-cluster-kubeconfig.yaml';
4342
const kcTlsServerNameFileName = 'testdata/tls-server-name-kubeconfig.yaml';
4443

44+
const testCertFileName = 'testdata/certs/test-cert.pem';
45+
const testKeyFileName = 'testdata/certs/test-key.pem';
46+
4547
const __dirname = dirname(fileURLToPath(import.meta.url));
4648

4749
describe('Config', () => {});
@@ -521,8 +523,8 @@ describe('KubeConfig', () => {
521523
const originalValue = process.env.NODE_TLS_REJECT_UNAUTHORIZED;
522524
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
523525
after(() => {
524-
server.close();
525526
process.env.NODE_TLS_REJECT_UNAUTHORIZED = originalValue;
527+
server.close();
526528
});
527529

528530
const kc = new KubeConfig();
@@ -547,8 +549,6 @@ describe('KubeConfig', () => {
547549
const res2 = await fetch(`https://${host}:${port}`, await kc.applyToFetchOptions({}));
548550
strictEqual(res2.status, 200);
549551
strictEqual(await res2.text(), 'ok');
550-
551-
delete process.env.NODE_TLS_REJECT_UNAUTHORIZED;
552552
});
553553
});
554554

@@ -1897,7 +1897,9 @@ async function createTestHttpsServer(
18971897
ca: string;
18981898
}> {
18991899
const host = 'localhost';
1900-
const { private: key, cert } = selfsigned.generate([{ name: 'commonName', value: host }]);
1900+
1901+
const cert = readFileSync(testCertFileName, 'utf8');
1902+
const key = readFileSync(testKeyFileName, 'utf8');
19011903

19021904
const defaultHandler = (req: http.IncomingMessage, res: http.ServerResponse) => {
19031905
res.writeHead(200);

testdata/certs/test-cert.pem

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIDCzCCAfOgAwIBAgIUPTyeIJ44dN2PZYW0a3WGYfcB6iwwDQYJKoZIhvcNAQEL
3+
BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTI1MDkwNjEwNDAzN1oYDzQ3NjMw
4+
ODAzMTA0MDM3WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
5+
AQUAA4IBDwAwggEKAoIBAQCdDiYdfXRhzDLum5pqa6BICCPfQ+vqTfF3aYrqAwV1
6+
C63hYs/yU+IK83ohiPScmShmAP2ofHsP/8R9HK7LEWkvO5ZlGxebE9ARkXa51Gs9
7+
g8IBjH+10EL5BcTHnb+T187rTlSaSpM59LVXhlsI/zzDB6VnvApPyLFpYJ0YoYau
8+
4gA4rMrkZGkziCx85ONdWxYyjh4RemwNxOIzmEHg5R7v7g5yPxmNcmK4BQ0XLFAf
9+
4KgMAlhIpGz03vOz8mP/JTKO8PoB9rmKmsEANB3MQW9C/n4yosVjqN9lyaJXLII3
10+
6QPRi7bxqH5sq2rRfNNA9KbiszySWda7jupB8JgiBcnDAgMBAAGjUzBRMB0GA1Ud
11+
DgQWBBTuleDZd59erSUzMOu46Yz1q9iDoDAfBgNVHSMEGDAWgBTuleDZd59erSUz
12+
MOu46Yz1q9iDoDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBB
13+
dfUNSeJj5oZi9QCFkjqIW0Zr3x1ODjaPVtlvp0lfcRF2qUBbaA8qvvDTbhWrS4Xl
14+
NLzgK+aFhgJOcTj13BYNy1yag7ZnkwunInzsEGYJgC/JgZ93De/gWs88icOUHTo0
15+
Eg/eco6usqykz/1ZDbUwNf5rOItdXt+cp6kpWkrapz4RISddgN0kIdwEOjCKh0+b
16+
EvJ5lH/UUwVrfZ2KI4kz1A1gQzgA1flqwLm7CNxZtRywfZR4F2mpX9dafBFqzm4w
17+
Y9jCrrhS7Y9p3Q0muHLjOOXOAYO+w/Z0av3JqvbQC1bxz3ybjSPjL8bhP3ptJarW
18+
yd4YH2zt3+0omzYwHfRs
19+
-----END CERTIFICATE-----

testdata/certs/test-key.pem

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
-----BEGIN PRIVATE KEY-----
2+
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCdDiYdfXRhzDLu
3+
m5pqa6BICCPfQ+vqTfF3aYrqAwV1C63hYs/yU+IK83ohiPScmShmAP2ofHsP/8R9
4+
HK7LEWkvO5ZlGxebE9ARkXa51Gs9g8IBjH+10EL5BcTHnb+T187rTlSaSpM59LVX
5+
hlsI/zzDB6VnvApPyLFpYJ0YoYau4gA4rMrkZGkziCx85ONdWxYyjh4RemwNxOIz
6+
mEHg5R7v7g5yPxmNcmK4BQ0XLFAf4KgMAlhIpGz03vOz8mP/JTKO8PoB9rmKmsEA
7+
NB3MQW9C/n4yosVjqN9lyaJXLII36QPRi7bxqH5sq2rRfNNA9KbiszySWda7jupB
8+
8JgiBcnDAgMBAAECggEAD0Uk55EfE7Mq8JAof1hfiSFhe3+7HFjftWCJpR8OFMdB
9+
7LwSw9jsDWyG32PVhLRPfTtzbkJMJM4VaKS1SgEzXOhKQyJTNTzD6jFefcrtclmx
10+
Lz1d3WuWV2f8LfxkeBdvgulmyGmfzu7AAvaJO2K1obDIoEFkL0WwGjLOk2qBEde4
11+
V3hXEoBiHkoEE5mEgfUarCL8tLmyiIc0gpE231vKrbuSjyi1V/nV2elYujeVmJ/F
12+
23c5/SodcQnI/tUrN+rIvhBoP6V0ddrieTBtzf/jKrAvvYge3o+X/Z0idIQowyQs
13+
boUD2XHieImMEXwfuGyKj2dtCd8rbhOI5Mfroqa04QKBgQDZWOO1iv2vrz8VevCn
14+
se4n3mBaxfScdbVLNKnwe/7FW+4UKuxB5F5lMMAWPwgN85+NSH7YbcvUkFcLf/Ge
15+
zBPXtDrvkTeQxyzAfvmjrD+1dMgP6wM5PDJ1e7Cz2yo4Hsql1VJ1H+nd1JFfJysL
16+
YwkcDcrIx6aEAdw8qxUZLDdOVwKBgQC4/Fz9IS1UKpuYoU60YPSKABB7JqAJCUlm
17+
trS6eI8qwJW9vpg+9w1T/y+lOYPiYq16u+rF59vdh2883mwJnYiR8QCsv5VfRPuR
18+
dLzZAMMqWtqSXnLbHMHXdyZEZOxh6Qfix0tSRd0A6y876kWE1OkDCi6ARkXVAWnC
19+
oPLxHeNkdQKBgG2v0GskE9b/yARdIOpgf2IbdeEZmdMEDFRB5al5yh9rv4DqEIVI
20+
bOMAcVBIyxXPZyvz9B/heUZy+ZrSHOwY7cKkMEIKtVIZUlprOi0Blr1KjFSMM/pE
21+
iOqFW63I40ujLn32ZEC7tFjBGAQ/ThfXCRfhVf9x0nU4Qx9S77jeeaLNAoGBALVL
22+
N0MpkcgsHeQfKwhjASaCW6SmPS+99z8ADu21m/I1XkvgkEsdSuWociSG0rc7KHPh
23+
2Xxt+LAKvL0160IdLyyAur2S4azF6Zsrgq1WLu/CrPXINN6DN4KYlltvYa+vd3gN
24+
A8e1CpyM4fTha5J8K4U8JEi5FlVklicWICKovSPFAoGAYSgPvteAo2RAN6su9d8O
25+
s7oLXnFLqaF+Fo9vdc9uEKzzdROf7GCpz/6uOb9NCiRFpu8bNyDKK4UpNqMbO97E
26+
Km+QQuBOms16ic/lOUT6sWVe3V6FIs18xBxNNE7LrfPfa8Vory7YoVsXji6SWikT
27+
oLTjd9Tt7SOW/v7q9GHW798=
28+
-----END PRIVATE KEY-----

0 commit comments

Comments
 (0)