Always set service-account-jwks-uri to LB URL even with custom issuer

Signed-off-by: Shaza Aldawamneh <[email protected]>

Author: ShazaAldawamneh

pkg/operator/configobservation/auth/auth_serviceaccountissuer_test.go

@@ -54,11 +54,12 @@ func TestObservedConfig(t *testing.T) {
 			expectedChange:     true,
 		},
 		{
-			name:           "issuer set, no previous issuer",
-			existingIssuer: "",
-			issuer:         "https://example.com",
-			expectedIssuer: "https://example.com",
-			expectedChange: true,
+			name:               "issuer set, no previous issuer",
+			existingIssuer:     "",
+			issuer:             "https://example.com",
+			expectedIssuer:     "https://example.com",
+			expectInternalJWKI: true,
+			expectedChange:     true,
 		},
 		{
 			name:                   "previous issuer was default, new is custom value",
@@ -71,10 +72,11 @@ func TestObservedConfig(t *testing.T) {
 			expectedChange:         true,
 		},
 		{
-			name:           "issuer set, previous issuer same",
-			existingIssuer: "https://example.com",
-			issuer:         "https://example.com",
-			expectedIssuer: "https://example.com",
+			name:               "issuer set, previous issuer same",
+			existingIssuer:     "https://example.com",
+			issuer:             "https://example.com",
+			expectedIssuer:     "https://example.com",
+			expectInternalJWKI: true,
 		},
 		{
 			name:                   "issuer set, previous issuer and trusted issuers same",
@@ -83,20 +85,23 @@ func TestObservedConfig(t *testing.T) {
 			trustedIssuers:         []string{"https://trusted.example.com"},
 			expectedIssuer:         "https://example.com",
 			expectedTrustedIssuers: []string{"https://trusted.example.com"},
+			expectInternalJWKI:     true,
 		},
 		{
-			name:           "issuer set, previous issuer different",
-			existingIssuer: "https://example.com",
-			issuer:         "https://example2.com",
-			expectedIssuer: "https://example2.com",
-			expectedChange: true,
+			name:               "issuer set, previous issuer different",
+			existingIssuer:     "https://example.com",
+			issuer:             "https://example2.com",
+			expectedIssuer:     "https://example2.com",
+			expectInternalJWKI: true,
+			expectedChange:     true,
 		},
 		{
-			name:           "auth getter error",
-			existingIssuer: "https://example2.com",
-			issuer:         "https://example.com",
-			authError:      expectedErrAuth,
-			expectedIssuer: "https://example2.com",
+			name:               "auth getter error",
+			existingIssuer:     "https://example2.com",
+			issuer:             "https://example.com",
+			authError:          expectedErrAuth,
+			expectedIssuer:     "https://example2.com",
+			expectInternalJWKI: true,
 		},
 		{
 			name:               "infra getter error",

tls.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIIe7neVFYhm+swDQYJKoZIhvcNAQELBQAwRDESMBAGA1UE
+CxMJb3BlbnNoaWZ0MS4wLAYDVQQDEyVrdWJlLWFwaXNlcnZlci1zZXJ2aWNlLW5l
+dHdvcmstc2lnbmVyMB4XDTI1MDkwNDExMTczOFoXDTM1MDkwMjExMTczOFowRDES
+MBAGA1UECxMJb3BlbnNoaWZ0MS4wLAYDVQQDEyVrdWJlLWFwaXNlcnZlci1zZXJ2
+aWNlLW5ldHdvcmstc2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA4JAzAjXHWK/idRjIySdCVnDemD5O3um3UbnU4Ls8zH+ZfNz2wddgBI4/z19L
+qQ8f7sXnGMYx+MawKA794c9nNzYTO2lvZpKhDS8wBe2AEM0wiUqAs9rOZ04r9sQd
+312rOmEJzQP8yO4JkPK8N+LfIFIRIdnTiThG29tkyZZPlOdXXWM7Uv+1/BI6fHVM
+bO6DYWBVmeAjYQhvXmL2i1J5+HQcRVQDtEmB8cBFgBuiDo1Me7AmegxpPxYpU55G
+hFBFZquie4au/wcl2IAAOnv7op8Rv3FMdXfxcvEM7WD68hbEvHI9kzFdPx/L5uL+
+a2Rxk4WD6wZ7m9KGlvYIzo2edwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUz3cMq9xAZLTSR7iv3xPjRouKPoswDQYJ
+KoZIhvcNAQELBQADggEBAAyeuB/1ii/WwK4SamiVrBg3sV9U85icko3VMDUOTALv
+JjMCtRBicFEJTtqLxfYUwz1EIXxxfW26UxZGgu/UWm4NVwLYrRk+f9AfzozfZsXu
+uBuJ0p83cbBYWKVP8H3N8y0H9FFeMXWfM3ZRR1MVVvNgA4s/GPyprRB70FybbAhv
+sbKNyFZHDCd0iQ9eZ9ZJCSARUl90uU7G6Ak0j+q/+YRQ2yMn3bBq84AXG37mJiAd
+M0bGqIMJAh0B1xUZkgNsyB9DMfUwr1XW90LuLO+HzrEcKgO6TOYMl0olGQObhx3F
+I7hos2ZVxP+UtQKIytuw49cIdM0aaKQ27YydcPmLib4=
+-----END CERTIFICATE-----

tls.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA4JAzAjXHWK/idRjIySdCVnDemD5O3um3UbnU4Ls8zH+ZfNz2
+wddgBI4/z19LqQ8f7sXnGMYx+MawKA794c9nNzYTO2lvZpKhDS8wBe2AEM0wiUqA
+s9rOZ04r9sQd312rOmEJzQP8yO4JkPK8N+LfIFIRIdnTiThG29tkyZZPlOdXXWM7
+Uv+1/BI6fHVMbO6DYWBVmeAjYQhvXmL2i1J5+HQcRVQDtEmB8cBFgBuiDo1Me7Am
+egxpPxYpU55GhFBFZquie4au/wcl2IAAOnv7op8Rv3FMdXfxcvEM7WD68hbEvHI9
+kzFdPx/L5uL+a2Rxk4WD6wZ7m9KGlvYIzo2edwIDAQABAoIBAQCox5ie+56VqLRT
+AErA7THt2C1lTcdnwU+YLEy0j+XVab4J2+XWsTKomeWZze0G5qhAhRv5QdWDPopd
+wU7OLl1MYOc5izhAZsqHJ0U331aWyjHFrmpnQ3hIqrdeY+5z2Gn+mbqNDYcr2cT0
+3YvbkTfUifn4cEiOZO7VBeONo9yyc3mJqKWuGKaI/DXGlReRGOZQMV4ysnZaBja1
+iRkCmZ6JZWvcXnDn9ZRfDQijHt9nOpql141OAXt0LgjPKiAlPtJA//bnUOrH/FpY
+kBn/PTTYFBF6hYJGz5+46OngWi4LNtKkVR4aLzayg/ZbBK2J24r/QOKq/oHbrDrx
+HSOLKUmRAoGBAPCW0dA/5/wVWhu7PRnEO/0JA8q8G1XbggtjXxF1S8NuFlye4zff
+uyNMjfGNOE8ed2I88dX0lbQgvbLFLOQSDsPCRuLhrbchUwR9wJiqC+sk09XKlkB7
+cg72t1W5ywkJJdm3zPbT8xn9dZLaqiD5pv9Va8BVlvSQEfqLslLYfvWvAoGBAO7y
+lm6MM7hqrvVqxPwiQ2vkCeoy4WB/KnKeAwOByvBhYY06S4kseaQ0+yfeyaL0MP5E
+iDc+ixwD26GBW0tyVtak0DpJDA/LafQk6umw0hVxX3okujeIcXbw/lf0pvQUj+hD
+R1gz9gLtNN1mXjBKYtv54eTotGw7gk/tBCUuKt25AoGBAI1xDX6x42+3GdeN15kL
+Xf0fzKPmvOdX+nc5f42i+Ny3Htxq6MhTdxCElDp7PKx/C86sZ7zSYySXzw6HjyGy
+YA3EbKo75UXxiH3udEkMR5+BciyRQo48RMz5TMVQSkZQo3kA7rX520TfVrz0Yuqp
++vzHumZDq1CyVm+Gq1q7PsCvAoGAYrvKfRNhq6opcS8VBjoCMeqgTi2IAx+IoqO4
+CxLukDUs4fZcj+nYuYlK3kaoerT8KZSX1Hv7bzAI6MtStfIg/8BKaksUuNIMjd1T
+VAzEQif+k7HpYFj4yXT7I8zrz59Pd2GVcVTHKp5pYbKS6NFT2CGAvd2J788HIY+G
+Tvasr8ECgYB7gBuXQfViq2qqXYjn2R7/Petk7lsa/wnvxS2Eu2pSCyRGhY2MSAPh
+nrCAOdBKQp+qHonr25iCF55WfOnraFSmCL/6HO9uDyDcTbJfO/XBhSZ9CaZEm3gZ
+/To2cXnUiqwFfIGWS7PeF9i6gwWsSYt3Dpan9GsGDSK0L00laVHpbw==
+-----END RSA PRIVATE KEY-----