Merge pull request #888 from tigrato/tls-server-name

k8s-ci-robot · web-flow · commit a01b704db482 · 2022-09-29T15:10:30.000-07:00
Add `tls-server-name` to https requests if provided
diff --git a/src/config.ts b/src/config.ts
@@ -161,6 +161,10 @@ export class KubeConfig {
                 username: user.username,
             };
         }
+
+        if (cluster && cluster.tlsServerName) {
+            opts.agentOptions = { servername: cluster.tlsServerName } as https.RequestOptions;
+        }
     }
 
     public loadFromString(config: string, opts?: Partial<ConfigOptions>): void {
diff --git a/src/config_test.ts b/src/config_test.ts
@@ -11,6 +11,7 @@ import { CoreV1Api } from './api';
 import { bufferFromFileOrString, findHomeDir, findObject, KubeConfig, makeAbsolutePath } from './config';
 import { Cluster, newClusters, newContexts, newUsers, User, ActionOnInvalid } from './config_types';
 import { ExecAuth } from './exec_auth';
+import { request } from 'http';
 
 const kcFileName = 'testdata/kubeconfig.yaml';
 const kc2FileName = 'testdata/kubeconfig-2.yaml';
@@ -240,6 +241,44 @@ describe('KubeConfig', () => {
     });
 
     describe('applyHTTPSOptions', () => {
+        it('should apply tls-server-name to https.RequestOptions', async () => {
+            const kc = new KubeConfig();
+            kc.loadFromFile(kcTlsServerNameFileName);
+
+            const opts: https.RequestOptions = {};
+            await kc.applytoHTTPSOptions(opts);
+
+            expect(opts).to.deep.equal({
+                headers: {},
+                ca: new Buffer('CADATA2', 'utf-8'),
+                cert: new Buffer('USER_CADATA', 'utf-8'),
+                key: new Buffer('USER_CKDATA', 'utf-8'),
+                rejectUnauthorized: false,
+                servername: 'kube.example2.com',
+            });
+        });
+        it('should apply tls-server-name to request.Options', async () => {
+            const kc = new KubeConfig();
+            kc.loadFromFile(kcTlsServerNameFileName);
+
+            const opts: requestlib.Options = {
+                url: 'https://company.com',
+            };
+            await kc.applyToRequest(opts);
+
+            expect(opts).to.deep.equal({
+                url: 'https://company.com',
+                headers: {},
+                ca: new Buffer('CADATA2', 'utf-8'),
+                cert: new Buffer('USER_CADATA', 'utf-8'),
+                key: new Buffer('USER_CKDATA', 'utf-8'),
+                rejectUnauthorized: false,
+                strictSSL: false,
+                agentOptions: {
+                    servername: 'kube.example2.com',
+                },
+            });
+        });
         it('should apply cert configs', () => {
             const kc = new KubeConfig();
             kc.loadFromFile(kcFileName);

Original file line number	Diff line number	Diff line change
`@@ -161,6 +161,10 @@ export class KubeConfig {`
`161`	`161`	`username: user.username,`
`162`	`162`	`};`
`163`	`163`	`}`
	`164`	`+`
	`165`	`+ if (cluster && cluster.tlsServerName) {`
	`166`	`+ opts.agentOptions = { servername: cluster.tlsServerName } as https.RequestOptions;`
	`167`	`+ }`
`164`	`168`	`}`
`165`	`169`
`166`	`170`	`public loadFromString(config: string, opts?: Partial<ConfigOptions>): void {`