internal packages tested

internal/forms/cluster_test.go

@@ -5,15 +5,383 @@ import (
 
 	"github.com/go-test/deep"
 	"github.com/porter-dev/porter/internal/forms"
+	"github.com/porter-dev/porter/internal/kubernetes/fixtures"
 	"github.com/porter-dev/porter/internal/models"
 	"gorm.io/gorm"
+	"k8s.io/client-go/tools/clientcmd"
 
 	ints "github.com/porter-dev/porter/internal/models/integrations"
 )
 
-func TestClusterLocal(t *testing.T) {
+type clusterTest struct {
+	name    string
+	raw     string
+	isLocal bool
+
+	resolver       *models.ClusterResolverAll
+	expIntegration interface{}
+	expCluster     *models.Cluster
+}
+
+var ClusterTests = []clusterTest{
+	clusterTest{
+		name:     "local test should preserve kubeconfig",
+		raw:      fixtures.ClusterCAWithData,
+		isLocal:  true,
+		resolver: &models.ClusterResolverAll{},
+		expIntegration: &ints.KubeIntegration{
+			Mechanism:  ints.KubeLocal,
+			UserID:     1,
+			ProjectID:  1,
+			Kubeconfig: []byte(fixtures.ClusterCAWithData),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:            models.Local,
+			ProjectID:                1,
+			Name:                     "cluster-test",
+			Server:                   "https://10.10.10.10",
+			KubeIntegrationID:        1,
+			CertificateAuthorityData: []byte("-----BEGIN CER"),
+		},
+	},
+	clusterTest{
+		name:     "cluster with data",
+		raw:      fixtures.ClusterCAWithData,
+		isLocal:  false,
+		resolver: &models.ClusterResolverAll{},
+		expIntegration: &ints.KubeIntegration{
+			Mechanism:             ints.KubeX509,
+			UserID:                1,
+			ProjectID:             1,
+			ClientCertificateData: []byte("-----BEGIN CER"),
+			ClientKeyData:         []byte("-----BEGIN CER"),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:            models.X509,
+			ProjectID:                1,
+			Name:                     "cluster-test",
+			Server:                   "https://10.10.10.10",
+			KubeIntegrationID:        2,
+			CertificateAuthorityData: []byte("-----BEGIN CER"),
+		},
+	},
+	clusterTest{
+		name:    "cluster without data",
+		raw:     fixtures.ClusterCAWithoutData,
+		isLocal: false,
+		resolver: &models.ClusterResolverAll{
+			ClusterCAData: "LS0tLS1CRUdJTiBDRVJ=",
+		},
+		expIntegration: &ints.KubeIntegration{
+			Mechanism:             ints.KubeX509,
+			UserID:                1,
+			ProjectID:             1,
+			ClientCertificateData: []byte("-----BEGIN CER"),
+			ClientKeyData:         []byte("-----BEGIN CER"),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:            models.X509,
+			ProjectID:                1,
+			Name:                     "cluster-test",
+			Server:                   "https://10.10.10.10",
+			KubeIntegrationID:        3,
+			CertificateAuthorityData: []byte("-----BEGIN CER"),
+		},
+	},
+	clusterTest{
+		name:    "cluster localhost",
+		raw:     fixtures.ClusterLocalhost,
+		isLocal: false,
+		resolver: &models.ClusterResolverAll{
+			ClusterHostname: "example.com",
+		},
+		expIntegration: &ints.KubeIntegration{
+			Mechanism:             ints.KubeX509,
+			UserID:                1,
+			ProjectID:             1,
+			ClientCertificateData: []byte("-----BEGIN CER"),
+			ClientKeyData:         []byte("-----BEGIN CER"),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:     models.X509,
+			ProjectID:         1,
+			Name:              "cluster-test",
+			Server:            "https://example.com:30000",
+			KubeIntegrationID: 4,
+		},
+	},
+	clusterTest{
+		name:     "x509 cert and key data",
+		raw:      fixtures.X509WithData,
+		isLocal:  false,
+		resolver: &models.ClusterResolverAll{},
+		expIntegration: &ints.KubeIntegration{
+			Mechanism:             ints.KubeX509,
+			UserID:                1,
+			ProjectID:             1,
+			ClientCertificateData: []byte("-----BEGIN CER"),
+			ClientKeyData:         []byte("-----BEGIN CER"),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:     models.X509,
+			ProjectID:         1,
+			Name:              "cluster-test",
+			Server:            "https://10.10.10.10",
+			KubeIntegrationID: 5,
+		},
+	},
+	clusterTest{
+		name:    "x509 no cert data",
+		raw:     fixtures.X509WithoutCertData,
+		isLocal: false,
+		resolver: &models.ClusterResolverAll{
+			ClientCertData: "LS0tLS1CRUdJTiBDRVJ=",
+		},
+		expIntegration: &ints.KubeIntegration{
+			Mechanism:             ints.KubeX509,
+			UserID:                1,
+			ProjectID:             1,
+			ClientCertificateData: []byte("-----BEGIN CER"),
+			ClientKeyData:         []byte("-----BEGIN CER"),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:     models.X509,
+			ProjectID:         1,
+			Name:              "cluster-test",
+			Server:            "https://10.10.10.10",
+			KubeIntegrationID: 6,
+		},
+	},
+	clusterTest{
+		name:    "x509 no key data",
+		raw:     fixtures.X509WithoutKeyData,
+		isLocal: false,
+		resolver: &models.ClusterResolverAll{
+			ClientKeyData: "LS0tLS1CRUdJTiBDRVJ=",
+		},
+		expIntegration: &ints.KubeIntegration{
+			Mechanism:             ints.KubeX509,
+			UserID:                1,
+			ProjectID:             1,
+			ClientCertificateData: []byte("-----BEGIN CER"),
+			ClientKeyData:         []byte("-----BEGIN CER"),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:     models.X509,
+			ProjectID:         1,
+			Name:              "cluster-test",
+			Server:            "https://10.10.10.10",
+			KubeIntegrationID: 7,
+		},
+	},
+	clusterTest{
+		name:    "x509 no cert and key data",
+		raw:     fixtures.X509WithoutCertAndKeyData,
+		isLocal: false,
+		resolver: &models.ClusterResolverAll{
+			ClientCertData: "LS0tLS1CRUdJTiBDRVJ=",
+			ClientKeyData:  "LS0tLS1CRUdJTiBDRVJ=",
+		},
+		expIntegration: &ints.KubeIntegration{
+			Mechanism:             ints.KubeX509,
+			UserID:                1,
+			ProjectID:             1,
+			ClientCertificateData: []byte("-----BEGIN CER"),
+			ClientKeyData:         []byte("-----BEGIN CER"),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:     models.X509,
+			ProjectID:         1,
+			Name:              "cluster-test",
+			Server:            "https://10.10.10.10",
+			KubeIntegrationID: 8,
+		},
+	},
+	clusterTest{
+		name:     "bearer token with data",
+		raw:      fixtures.BearerTokenWithData,
+		isLocal:  false,
+		resolver: &models.ClusterResolverAll{},
+		expIntegration: &ints.KubeIntegration{
+			Mechanism: ints.KubeBearer,
+			UserID:    1,
+			ProjectID: 1,
+			Token:     []byte("LS0tLS1CRUdJTiBDRVJ="),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:     models.Bearer,
+			ProjectID:         1,
+			Name:              "cluster-test",
+			Server:            "https://10.10.10.10",
+			KubeIntegrationID: 9,
+		},
+	},
+	clusterTest{
+		name:    "bearer token without data",
+		raw:     fixtures.BearerTokenWithoutData,
+		isLocal: false,
+		resolver: &models.ClusterResolverAll{
+			TokenData: "tokentoken",
+		},
+		expIntegration: &ints.KubeIntegration{
+			Mechanism: ints.KubeBearer,
+			UserID:    1,
+			ProjectID: 1,
+			Token:     []byte("tokentoken"),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:     models.Bearer,
+			ProjectID:         1,
+			Name:              "cluster-test",
+			Server:            "https://10.10.10.10",
+			KubeIntegrationID: 10,
+		},
+	},
+	clusterTest{
+		name:     "basic auth",
+		raw:      fixtures.BasicAuth,
+		isLocal:  false,
+		resolver: &models.ClusterResolverAll{},
+		expIntegration: &ints.KubeIntegration{
+			Mechanism: ints.KubeBasic,
+			UserID:    1,
+			ProjectID: 1,
+			Username:  []byte("admin"),
+			Password:  []byte("changeme"),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:            models.Basic,
+			ProjectID:                1,
+			Name:                     "cluster-test",
+			Server:                   "https://10.10.10.10",
+			KubeIntegrationID:        11,
+			CertificateAuthorityData: []byte("-----BEGIN CER"),
+		},
+	},
+	clusterTest{
+		name:    "gcp plugin",
+		raw:     fixtures.GCPPlugin,
+		isLocal: false,
+		resolver: &models.ClusterResolverAll{
+			GCPKeyData: `{"key":"data"}`,
+		},
+		expIntegration: &ints.GCPIntegration{
+			UserID:     1,
+			ProjectID:  1,
+			GCPKeyData: []byte(`{"key":"data"}`),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:            models.GCP,
+			ProjectID:                1,
+			Name:                     "cluster-test",
+			Server:                   "https://10.10.10.10",
+			GCPIntegrationID:         1,
+			CertificateAuthorityData: []byte("-----BEGIN CER"),
+		},
+	},
+	clusterTest{
+		name:    "aws iam authenticator",
+		raw:     fixtures.AWSIamAuthenticatorExec,
+		isLocal: false,
+		resolver: &models.ClusterResolverAll{
+			AWSAccessKeyID:     "accesskey",
+			AWSClusterID:       "cluster-test-aws-id-guess",
+			AWSSecretAccessKey: "secret",
+		},
+		expIntegration: &ints.AWSIntegration{
+			UserID:             1,
+			ProjectID:          1,
+			AWSAccessKeyID:     []byte("accesskey"),
+			AWSClusterID:       []byte("cluster-test-aws-id-guess"),
+			AWSSecretAccessKey: []byte("secret"),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:            models.AWS,
+			ProjectID:                1,
+			Name:                     "cluster-test",
+			Server:                   "https://10.10.10.10",
+			AWSIntegrationID:         1,
+			CertificateAuthorityData: []byte("-----BEGIN CER"),
+		},
+	},
+	clusterTest{
+		name:    "aws eks get token",
+		raw:     fixtures.AWSEKSGetTokenExec,
+		isLocal: false,
+		resolver: &models.ClusterResolverAll{
+			AWSAccessKeyID:     "accesskey",
+			AWSClusterID:       "cluster-test-aws-id-guess",
+			AWSSecretAccessKey: "secret",
+		},
+		expIntegration: &ints.AWSIntegration{
+			UserID:             1,
+			ProjectID:          1,
+			AWSAccessKeyID:     []byte("accesskey"),
+			AWSClusterID:       []byte("cluster-test-aws-id-guess"),
+			AWSSecretAccessKey: []byte("secret"),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:            models.AWS,
+			ProjectID:                1,
+			Name:                     "cluster-test",
+			Server:                   "https://10.10.10.10",
+			AWSIntegrationID:         2,
+			CertificateAuthorityData: []byte("-----BEGIN CER"),
+		},
+	},
+	clusterTest{
+		name:    "oidc without idp issuer data",
+		raw:     fixtures.OIDCAuthWithoutData,
+		isLocal: false,
+		resolver: &models.ClusterResolverAll{
+			OIDCIssuerCAData: "LS0tLS1CRUdJTiBDRVJ=",
+		},
+		expIntegration: &ints.OIDCIntegration{
+			Client:                   ints.OIDCKube,
+			UserID:                   1,
+			ProjectID:                1,
+			IssuerURL:                []byte("https://10.10.10.10"),
+			ClientID:                 []byte("porter-api"),
+			CertificateAuthorityData: []byte("LS0tLS1CRUdJTiBDRVJ="),
+			IDToken:                  []byte("token"),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:            models.OIDC,
+			ProjectID:                1,
+			Name:                     "cluster-test",
+			Server:                   "https://10.10.10.10",
+			OIDCIntegrationID:        1,
+			CertificateAuthorityData: []byte("-----BEGIN CER"),
+		},
+	},
+	clusterTest{
+		name:     "oidc with idp issuer data",
+		raw:      fixtures.OIDCAuthWithData,
+		isLocal:  false,
+		resolver: &models.ClusterResolverAll{},
+		expIntegration: &ints.OIDCIntegration{
+			Client:                   ints.OIDCKube,
+			UserID:                   1,
+			ProjectID:                1,
+			IssuerURL:                []byte("https://10.10.10.10"),
+			ClientID:                 []byte("porter-api"),
+			CertificateAuthorityData: []byte("LS0tLS1CRUdJTiBDRVJ="),
+			IDToken:                  []byte("token"),
+		},
+		expCluster: &models.Cluster{
+			AuthMechanism:            models.OIDC,
+			ProjectID:                1,
+			Name:                     "cluster-test",
+			Server:                   "https://10.10.10.10",
+			OIDCIntegrationID:        2,
+			CertificateAuthorityData: []byte("-----BEGIN CER"),
+		},
+	},
+}
+
+func TestClusters(t *testing.T) {
 	tester := &tester{
-		dbFileName: "./cluster_local.db",
+		dbFileName: "./cluster_test.db",
 	}
 
 	setupTestEnv(tester, t)
@@ -21,156 +389,167 @@ func TestClusterLocal(t *testing.T) {
 	initProject(tester, t)
 	defer cleanup(tester, t)
 
-	// create cluster candidate
-	ccForm := &forms.CreateClusterCandidatesForm{
-		ProjectID:  tester.initProjects[0].ID,
-		Kubeconfig: ClusterCAWithData,
-		IsLocal:    true,
-	}
+	for _, c := range ClusterTests {
+		// create cluster candidate
+		ccForm := &forms.CreateClusterCandidatesForm{
+			ProjectID:  tester.initProjects[0].ID,
+			Kubeconfig: c.raw,
+			IsLocal:    c.isLocal,
+		}
 
-	ccs, err := ccForm.ToClusterCandidates(true)
+		ccs, err := ccForm.ToClusterCandidates(c.isLocal)
 
-	if err != nil {
-		t.Fatalf("%v\n", err)
-	}
+		if err != nil {
+			t.Fatalf("%v\n", err)
+		}
 
-	var cc *models.ClusterCandidate
+		var cc *models.ClusterCandidate
 
-	for _, _cc := range ccs {
-		cc, err = tester.repo.Cluster.CreateClusterCandidate(_cc)
+		for _, _cc := range ccs {
+			cc, err = tester.repo.Cluster.CreateClusterCandidate(_cc)
 
-		if err != nil {
-			t.Fatalf("%v\n", err)
+			if err != nil {
+				t.Fatalf("%v\n", err)
+			}
+
+			cc, err = tester.repo.Cluster.ReadClusterCandidate(cc.ID)
+
+			if err != nil {
+				t.Fatalf("%v\n", err)
+			}
+		}
+
+		form := &forms.ResolveClusterForm{
+			Resolver:           c.resolver,
+			ClusterCandidateID: cc.ID,
+			ProjectID:          tester.initProjects[0].ID,
+			UserID:             tester.initUsers[0].ID,
 		}
 
-		cc, err = tester.repo.Cluster.ReadClusterCandidate(cc.ID)
+		// resolve integration (should be kube with local)
+		err = form.ResolveIntegration(*tester.repo)
 
 		if err != nil {
 			t.Fatalf("%v\n", err)
 		}
-	}
 
-	form := &forms.ResolveClusterForm{
-		Resolver:           &models.ClusterResolverAll{},
-		ClusterCandidateID: cc.ID,
-		ProjectID:          tester.initProjects[0].ID,
-		UserID:             tester.initUsers[0].ID,
-	}
+		switch c.expIntegration.(type) {
+		case *ints.KubeIntegration:
+			// make sure integration is equal, read integration from DB
+			gotIntegration, err := tester.repo.KubeIntegration.ReadKubeIntegration(form.IntegrationID)
 
-	// resolve integration (should be kube with local)
-	err = form.ResolveIntegration(*tester.repo)
+			if err != nil {
+				t.Fatalf("%v\n", err)
+			}
 
-	if err != nil {
-		t.Fatalf("%v\n", err)
-	}
+			// reset got integration model
+			gotIntegration.Model = gorm.Model{}
 
-	expIntegration := &ints.KubeIntegration{
-		Mechanism:  ints.KubeLocal,
-		UserID:     tester.initUsers[0].ID,
-		ProjectID:  tester.initProjects[0].ID,
-		Kubeconfig: cc.Kubeconfig,
-	}
+			ki, _ := c.expIntegration.(*ints.KubeIntegration)
 
-	// make sure integration is equal, read integration from DB
-	gotIntegration, err := tester.repo.KubeIntegration.ReadKubeIntegration(form.IntegrationID)
+			// if kubeconfig, compare
+			if len(ki.Kubeconfig) > 0 {
+				compareKubeconfig(t, gotIntegration.Kubeconfig, ki.Kubeconfig)
 
-	if err != nil {
-		t.Fatalf("%v\n", err)
-	}
+				// reset kubeconfig fields for deep.Equal
+				gotIntegration.Kubeconfig = []byte{}
+				ki.Kubeconfig = []byte{}
+			}
 
-	// reset got integration model
-	gotIntegration.Model = gorm.Model{}
+			if diff := deep.Equal(ki, gotIntegration); diff != nil {
+				t.Errorf("incorrect kube integration")
+				t.Error(diff)
+			}
+		case *ints.OIDCIntegration:
+			// make sure integration is equal, read integration from DB
+			gotIntegration, err := tester.repo.OIDCIntegration.ReadOIDCIntegration(form.IntegrationID)
 
-	if diff := deep.Equal(expIntegration, gotIntegration); diff != nil {
-		t.Errorf("incorrect integration")
-		t.Error(diff)
-	}
+			if err != nil {
+				t.Fatalf("%v\n", err)
+			}
 
-	// resolve cluster
-	gotCluster, err := form.ResolveCluster(*tester.repo)
+			// reset got integration model
+			gotIntegration.Model = gorm.Model{}
 
-	if err != nil {
-		t.Fatalf("%v\n", err)
-	}
+			oidc, _ := c.expIntegration.(*ints.OIDCIntegration)
 
-	expCluster := &models.Cluster{
-		AuthMechanism:            models.Local,
-		ProjectID:                1,
-		Name:                     "cluster-test",
-		Server:                   "https://localhost",
-		KubeIntegrationID:        1,
-		CertificateAuthorityData: []byte("-----BEGIN CER"),
-	}
+			if diff := deep.Equal(oidc, gotIntegration); diff != nil {
+				t.Errorf("incorrect oidc integration")
+				t.Error(diff)
+			}
+		case *ints.GCPIntegration:
+			// make sure integration is equal, read integration from DB
+			gotIntegration, err := tester.repo.GCPIntegration.ReadGCPIntegration(form.IntegrationID)
 
-	gotCluster.Model = gorm.Model{}
+			if err != nil {
+				t.Fatalf("%v\n", err)
+			}
 
-	if diff := deep.Equal(expCluster, gotCluster); diff != nil {
-		t.Errorf("incorrect cluster")
-		t.Error(diff)
-	}
-}
+			// reset got integration model
+			gotIntegration.Model = gorm.Model{}
 
-// func TestPopulateServiceAccountBasic(t *testing.T) {
-// 	// create the in-memory repository
-// 	repo := test.NewRepository(true)
+			gcp, _ := c.expIntegration.(*ints.GCPIntegration)
 
-// 	// create a new project
-// 	repo.Project.CreateProject(&models.Project{
-// 		Name: "test-project",
-// 	})
+			if diff := deep.Equal(gcp, gotIntegration); diff != nil {
+				t.Errorf("incorrect gcp integration")
+				t.Error(diff)
+			}
+		case *ints.AWSIntegration:
+			// make sure integration is equal, read integration from DB
+			gotIntegration, err := tester.repo.AWSIntegration.ReadAWSIntegration(form.IntegrationID)
 
-// 	// create a ServiceAccountCandidate from a kubeconfig
-// 	saCandidates, err := kubernetes.GetServiceAccountCandidates([]byte(ClusterCAWithData), false)
+			if err != nil {
+				t.Fatalf("%v\n", err)
+			}
 
-// 	if err != nil {
-// 		t.Fatalf("%v\n", err)
-// 	}
+			// reset got integration model
+			gotIntegration.Model = gorm.Model{}
 
-// 	for _, saCandidate := range saCandidates {
-// 		repo.ServiceAccount.CreateServiceAccountCandidate(saCandidate)
-// 	}
+			aws, _ := c.expIntegration.(*ints.AWSIntegration)
 
-// 	// create a new form
-// 	form := forms.ServiceAccountActionResolver{
-// 		ServiceAccountCandidateID: 1,
-// 	}
+			if diff := deep.Equal(aws, gotIntegration); diff != nil {
+				t.Errorf("incorrect aws integration")
+				t.Error(diff)
+			}
+		}
 
-// 	err = form.PopulateServiceAccount(repo.ServiceAccount)
+		// resolve cluster
+		gotCluster, err := form.ResolveCluster(*tester.repo)
 
-// 	if err != nil {
-// 		t.Fatalf("%v\n", err)
-// 	}
+		if err != nil {
+			t.Fatalf("%v\n", err)
+		}
 
-// 	sa, err := repo.ServiceAccount.CreateServiceAccount(form.SA)
-// 	decodedStr, _ := base64.StdEncoding.DecodeString("LS0tLS1CRUdJTiBDRVJ=")
+		gotCluster.Model = gorm.Model{}
 
-// 	if len(sa.Clusters) != 1 {
-// 		t.Fatalf("cluster not written\n")
-// 	}
+		if diff := deep.Equal(c.expCluster, gotCluster); diff != nil {
+			t.Errorf("incorrect cluster")
+			t.Error(diff)
+		}
+	}
+}
 
-// 	if sa.Clusters[0].ServiceAccountID != 1 {
-// 		t.Errorf("service account ID of joined cluster is not 1")
-// 	}
+func compareKubeconfig(t *testing.T, resKube []byte, expKube []byte) {
+	// compare kubeconfig by transforming into a client config
+	resConfig, _ := clientcmd.NewClientConfigFromBytes(resKube)
+	expConfig, err := clientcmd.NewClientConfigFromBytes(expKube)
 
-// 	if string(sa.Clusters[0].CertificateAuthorityData) != string(decodedStr) {
-// 		t.Errorf("cluster ca data and input do not match: expected %s, got %s\n",
-// 			string(sa.Clusters[0].CertificateAuthorityData), string(decodedStr))
-// 	}
+	if err != nil {
+		t.Fatalf("config from bytes, error occurred %v\n", err)
+	}
 
-// 	if sa.Integration != "x509" {
-// 		t.Errorf("service account auth mechanism is not x509")
-// 	}
+	resRawConf, _ := resConfig.RawConfig()
+	expRawConf, err := expConfig.RawConfig()
 
-// 	if string(sa.ClientCertificateData) != string(decodedStr) {
-// 		t.Errorf("service account cert data and input do not match: expected %s, got %s\n",
-// 			string(sa.ClientCertificateData), string(decodedStr))
-// 	}
+	if err != nil {
+		t.Fatalf("raw config conversion, error occurred %v\n", err)
+	}
 
-// 	if string(sa.ClientKeyData) != string(decodedStr) {
-// 		t.Errorf("service account key data and input do not match: expected %s, got %s\n",
-// 			string(sa.ClientKeyData), string(decodedStr))
-// 	}
-// }
+	if diff := deep.Equal(expRawConf, resRawConf); diff != nil {
+		t.Errorf("incorrect kubeconfigs")
+		t.Error(diff)
+	}
+}
 
 // func TestPopulateServiceAccountClusterDataAction(t *testing.T) {
 // 	// create the in-memory repository
@@ -672,202 +1051,3 @@ func TestClusterLocal(t *testing.T) {
 // 			string(sa.OIDCCertificateAuthorityData), "LS0tLS1CRUdJTiBDRVJ=")
 // 	}
 // }
-
-const ClusterCAWithData string = `
-apiVersion: v1
-kind: Config
-clusters:
-- name: cluster-test
-  cluster:
-    server: https://localhost
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-users:
-- name: test-admin
-  user:
-    client-certificate-data: LS0tLS1CRUdJTiBDRVJ=
-    client-key-data: LS0tLS1CRUdJTiBDRVJ=
-current-context: context-test
-`
-
-const ClusterCAWithoutData string = `
-apiVersion: v1
-kind: Config
-clusters:
-- name: cluster-test
-  cluster:
-    server: https://localhost
-    certificate-authority: /fake/path/to/ca.pem
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-users:
-- name: test-admin
-  user:
-    client-certificate-data: LS0tLS1CRUdJTiBDRVJ=
-    client-key-data: LS0tLS1CRUdJTiBDRVJ=
-current-context: context-test
-`
-
-const ClusterLocalhost string = `
-apiVersion: v1
-kind: Config
-clusters:
-- name: cluster-test
-  cluster:
-    server: https://localhost:30000
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-users:
-- name: test-admin
-  user:
-    client-certificate-data: LS0tLS1CRUdJTiBDRVJ=
-    client-key-data: LS0tLS1CRUdJTiBDRVJ=
-current-context: context-test
-`
-
-const ClientWithoutCertData string = `
-apiVersion: v1
-kind: Config
-clusters:
-- name: cluster-test
-  cluster:
-    server: https://localhost
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-users:
-- name: test-admin
-  user:
-    client-certificate: /fake/path/to/ca.pem
-    client-key-data: LS0tLS1CRUdJTiBDRVJ=
-current-context: context-test
-`
-
-const ClientWithoutCertAndKeyData string = `
-apiVersion: v1
-kind: Config
-clusters:
-- name: cluster-test
-  cluster:
-    server: https://localhost
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-users:
-- name: test-admin
-  user:
-    client-certificate: /fake/path/to/ca.pem
-    client-key: /fake/path/to/ca.pem
-current-context: context-test
-`
-
-const BearerTokenWithoutData string = `
-apiVersion: v1
-kind: Config
-preferences: {}
-current-context: context-test
-clusters:
-- cluster:
-    server: https://localhost
-  name: cluster-test
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-users:
-- name: test-admin
-  user:
-    tokenFile: /path/to/token/file.txt
-`
-const GCPPlugin string = `
-apiVersion: v1
-kind: Config
-clusters:
-- name: cluster-test
-  cluster:
-    server: https://localhost
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
-users:
-- name: test-admin
-  user:
-    auth-provider:
-      name: gcp
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-current-context: context-test
-`
-
-const AWSEKSGetTokenExec string = `
-apiVersion: v1
-clusters:
-- cluster:
-    server: https://localhost
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
-  name: cluster-test
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-current-context: context-test
-kind: Config
-preferences: {}
-users:
-- name: test-admin
-  user:
-    exec:
-      apiVersion: client.authentication.k8s.io/v1alpha1
-      command: aws
-      args:
-        - "eks"
-        - "get-token"
-        - "--cluster-name"
-        - "cluster-test"
-`
-
-const OIDCAuthWithoutData string = `
-apiVersion: v1
-clusters:
-- cluster:
-    server: https://localhost
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
-  name: cluster-test
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-current-context: context-test
-kind: Config
-preferences: {}
-users:
-- name: test-admin
-  user:
-    auth-provider:
-      config:
-        client-id: porter-api
-        id-token: token
-        idp-issuer-url: https://localhost
-        idp-certificate-authority: /fake/path/to/ca.pem
-      name: oidc
-`

internal/kubernetes/fixtures/kubeconfig.go

@@ -0,0 +1,344 @@
+package fixtures
+
+// This file contains test fixtures to test various packages.
+// These are not meant to be workable kubeconfigs, but rather
+// are meant to test parsers and auth mechanism detection.
+// As a result, certificates are simply base-64 encoded versions
+// of "-----BEGIN CER", and all paths + key data are fake.
+
+const ClusterCAWithData string = `
+apiVersion: v1
+kind: Config
+clusters:
+- name: cluster-test
+  cluster:
+    server: https://10.10.10.10
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+users:
+- name: test-admin
+  user:
+    client-certificate-data: LS0tLS1CRUdJTiBDRVJ=
+    client-key-data: LS0tLS1CRUdJTiBDRVJ=
+current-context: context-test
+`
+
+const ClusterCAWithoutData string = `
+apiVersion: v1
+kind: Config
+clusters:
+- name: cluster-test
+  cluster:
+    server: https://10.10.10.10
+    certificate-authority: /fake/path/to/ca.pem
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+users:
+- name: test-admin
+  user:
+    client-certificate-data: LS0tLS1CRUdJTiBDRVJ=
+    client-key-data: LS0tLS1CRUdJTiBDRVJ=
+current-context: context-test
+`
+
+const ClusterLocalhost string = `
+apiVersion: v1
+kind: Config
+clusters:
+- name: cluster-test
+  cluster:
+    server: https://localhost:30000
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+users:
+- name: test-admin
+  user:
+    client-certificate-data: LS0tLS1CRUdJTiBDRVJ=
+    client-key-data: LS0tLS1CRUdJTiBDRVJ=
+current-context: context-test
+`
+
+const X509WithData string = `
+apiVersion: v1
+kind: Config
+preferences: {}
+current-context: context-test
+clusters:
+- cluster:
+    server: https://10.10.10.10
+  name: cluster-test
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+users:
+- name: test-admin
+  user:
+    client-certificate-data: LS0tLS1CRUdJTiBDRVJ=
+    client-key-data: LS0tLS1CRUdJTiBDRVJ=
+`
+
+const X509WithoutCertData string = `
+apiVersion: v1
+kind: Config
+preferences: {}
+current-context: context-test
+clusters:
+- cluster:
+    server: https://10.10.10.10
+  name: cluster-test
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+users:
+- name: test-admin
+  user:
+    client-certificate: /fake/path/to/cert.pem
+    client-key-data: LS0tLS1CRUdJTiBDRVJ=
+`
+
+const X509WithoutKeyData string = `
+apiVersion: v1
+kind: Config
+preferences: {}
+current-context: context-test
+clusters:
+- cluster:
+    server: https://10.10.10.10
+  name: cluster-test
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+users:
+- name: test-admin
+  user:
+    client-certificate-data: LS0tLS1CRUdJTiBDRVJ=
+    client-key: /fake/path/to/key.pem
+`
+
+const X509WithoutCertAndKeyData string = `
+apiVersion: v1
+kind: Config
+preferences: {}
+current-context: context-test
+clusters:
+- cluster:
+    server: https://10.10.10.10
+  name: cluster-test
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+users:
+- name: test-admin
+  user:
+    client-certificate: /fake/path/to/cert.pem
+    client-key: /fake/path/to/key.pem
+`
+
+const BearerTokenWithData string = `
+apiVersion: v1
+kind: Config
+preferences: {}
+current-context: context-test
+clusters:
+- cluster:
+    server: https://10.10.10.10
+  name: cluster-test
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+users:
+- name: test-admin
+  user:
+    token: LS0tLS1CRUdJTiBDRVJ=
+`
+
+const BearerTokenWithoutData string = `
+apiVersion: v1
+kind: Config
+preferences: {}
+current-context: context-test
+clusters:
+- cluster:
+    server: https://10.10.10.10
+  name: cluster-test
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+users:
+- name: test-admin
+  user:
+    tokenFile: /path/to/token/file.txt
+`
+const GCPPlugin string = `
+apiVersion: v1
+kind: Config
+clusters:
+- name: cluster-test
+  cluster:
+    server: https://10.10.10.10
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
+users:
+- name: test-admin
+  user:
+    auth-provider:
+      name: gcp
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+current-context: context-test
+`
+
+const AWSIamAuthenticatorExec = `
+apiVersion: v1
+clusters:
+- cluster:
+    server: https://10.10.10.10
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
+  name: cluster-test
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+current-context: context-test
+kind: Config
+preferences: {}
+users:
+- name: test-admin
+  user:
+    exec:
+      apiVersion: client.authentication.k8s.io/v1alpha1
+      command: aws-iam-authenticator
+      args:
+        - "token"
+        - "-i"
+        - "cluster-test-aws-id-guess"
+`
+
+const AWSEKSGetTokenExec = `
+apiVersion: v1
+clusters:
+- cluster:
+    server: https://10.10.10.10
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
+  name: cluster-test
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+current-context: context-test
+kind: Config
+preferences: {}
+users:
+- name: test-admin
+  user:
+    exec:
+      apiVersion: client.authentication.k8s.io/v1alpha1
+      command: aws
+      args:
+        - "eks"
+        - "get-token"
+        - "--cluster-name"
+        - "cluster-test-aws-id-guess"
+`
+
+const OIDCAuthWithoutData = `
+apiVersion: v1
+clusters:
+- cluster:
+    server: https://10.10.10.10
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
+  name: cluster-test
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+current-context: context-test
+kind: Config
+preferences: {}
+users:
+- name: test-admin
+  user:
+    auth-provider:
+      config:
+        client-id: porter-api
+        id-token: token
+        idp-issuer-url: https://10.10.10.10
+        idp-certificate-authority: /fake/path/to/ca.pem
+      name: oidc
+`
+
+const OIDCAuthWithData = `
+apiVersion: v1
+clusters:
+- cluster:
+    server: https://10.10.10.10
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
+  name: cluster-test
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+current-context: context-test
+kind: Config
+preferences: {}
+users:
+- name: test-admin
+  user:
+    auth-provider:
+      config:
+        client-id: porter-api
+        id-token: token
+        idp-issuer-url: https://10.10.10.10
+        idp-certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
+      name: oidc
+`
+
+const BasicAuth = `
+apiVersion: v1
+clusters:
+- cluster:
+    server: https://10.10.10.10
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
+  name: cluster-test
+contexts:
+- context:
+    cluster: cluster-test
+    user: test-admin
+  name: context-test
+current-context: context-test
+kind: Config
+preferences: {}
+users:
+- name: test-admin
+  user:
+    username: admin
+    password: changeme
+`

internal/kubernetes/kubeconfig.go

@@ -381,3 +381,14 @@ func getConfigForContext(
 
 	return copyConf, nil
 }
+
+// CreateAllowedContextMap creates a dummy map from context name to context name
+func CreateAllowedContextMap(contexts []string) map[string]string {
+	aContextMap := make(map[string]string)
+
+	for _, context := range contexts {
+		aContextMap[context] = context
+	}
+
+	return aContextMap
+}

internal/kubernetes/kubeconfig_test.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/go-test/deep"
 	"github.com/porter-dev/porter/internal/kubernetes"
+	"github.com/porter-dev/porter/internal/kubernetes/fixtures"
 	"github.com/porter-dev/porter/internal/models"
 	"k8s.io/client-go/tools/clientcmd"
 )
@@ -18,7 +19,7 @@ type ccsTest struct {
 var ClusterCandidatesTests = []ccsTest{
 	ccsTest{
 		name: "test without cluster ca data",
-		raw:  []byte(ClusterCAWithoutData),
+		raw:  []byte(fixtures.ClusterCAWithoutData),
 		expected: []*models.ClusterCandidate{
 			&models.ClusterCandidate{
 				AuthMechanism: models.X509,
@@ -33,14 +34,14 @@ var ClusterCandidatesTests = []ccsTest{
 				Name:              "cluster-test",
 				Server:            "https://10.10.10.10",
 				ContextName:       "context-test",
-				Kubeconfig:        []byte(ClusterCAWithoutData),
+				Kubeconfig:        []byte(fixtures.ClusterCAWithoutData),
 				AWSClusterIDGuess: []byte{},
 			},
 		},
 	},
 	ccsTest{
 		name: "test cluster localhost",
-		raw:  []byte(ClusterLocalhost),
+		raw:  []byte(fixtures.ClusterLocalhost),
 		expected: []*models.ClusterCandidate{
 			&models.ClusterCandidate{
 				AuthMechanism: models.X509,
@@ -52,16 +53,16 @@ var ClusterCandidatesTests = []ccsTest{
 					},
 				},
 				Name:              "cluster-test",
-				Server:            "https://localhost",
+				Server:            "https://localhost:30000",
 				ContextName:       "context-test",
-				Kubeconfig:        []byte(ClusterLocalhost),
+				Kubeconfig:        []byte(fixtures.ClusterLocalhost),
 				AWSClusterIDGuess: []byte{},
 			},
 		},
 	},
 	ccsTest{
 		name: "x509 test with cert and key data",
-		raw:  []byte(x509WithData),
+		raw:  []byte(fixtures.X509WithData),
 		expected: []*models.ClusterCandidate{
 			&models.ClusterCandidate{
 				AuthMechanism:     models.X509,
@@ -70,14 +71,14 @@ var ClusterCandidatesTests = []ccsTest{
 				Name:              "cluster-test",
 				Server:            "https://10.10.10.10",
 				ContextName:       "context-test",
-				Kubeconfig:        []byte(x509WithData),
+				Kubeconfig:        []byte(fixtures.X509WithData),
 				AWSClusterIDGuess: []byte{},
 			},
 		},
 	},
 	ccsTest{
 		name: "x509 test without cert data",
-		raw:  []byte(x509WithoutCertData),
+		raw:  []byte(fixtures.X509WithoutCertData),
 		expected: []*models.ClusterCandidate{
 			&models.ClusterCandidate{
 				AuthMechanism: models.X509,
@@ -92,14 +93,14 @@ var ClusterCandidatesTests = []ccsTest{
 				Name:              "cluster-test",
 				Server:            "https://10.10.10.10",
 				ContextName:       "context-test",
-				Kubeconfig:        []byte(x509WithoutCertData),
+				Kubeconfig:        []byte(fixtures.X509WithoutCertData),
 				AWSClusterIDGuess: []byte{},
 			},
 		},
 	},
 	ccsTest{
 		name: "x509 test without key data",
-		raw:  []byte(x509WithoutKeyData),
+		raw:  []byte(fixtures.X509WithoutKeyData),
 		expected: []*models.ClusterCandidate{
 			&models.ClusterCandidate{
 				AuthMechanism: models.X509,
@@ -114,14 +115,14 @@ var ClusterCandidatesTests = []ccsTest{
 				Name:              "cluster-test",
 				Server:            "https://10.10.10.10",
 				ContextName:       "context-test",
-				Kubeconfig:        []byte(x509WithoutKeyData),
+				Kubeconfig:        []byte(fixtures.X509WithoutKeyData),
 				AWSClusterIDGuess: []byte{},
 			},
 		},
 	},
 	ccsTest{
 		name: "x509 test without cert and key data",
-		raw:  []byte(x509WithoutCertAndKeyData),
+		raw:  []byte(fixtures.X509WithoutCertAndKeyData),
 		expected: []*models.ClusterCandidate{
 			&models.ClusterCandidate{
 				AuthMechanism: models.X509,
@@ -141,14 +142,14 @@ var ClusterCandidatesTests = []ccsTest{
 				Name:              "cluster-test",
 				Server:            "https://10.10.10.10",
 				ContextName:       "context-test",
-				Kubeconfig:        []byte(x509WithoutCertAndKeyData),
+				Kubeconfig:        []byte(fixtures.X509WithoutCertAndKeyData),
 				AWSClusterIDGuess: []byte{},
 			},
 		},
 	},
 	ccsTest{
 		name: "bearer token test with data",
-		raw:  []byte(BearerTokenWithData),
+		raw:  []byte(fixtures.BearerTokenWithData),
 		expected: []*models.ClusterCandidate{
 			&models.ClusterCandidate{
 				AuthMechanism:     models.Bearer,
@@ -157,14 +158,14 @@ var ClusterCandidatesTests = []ccsTest{
 				Name:              "cluster-test",
 				Server:            "https://10.10.10.10",
 				ContextName:       "context-test",
-				Kubeconfig:        []byte(BearerTokenWithData),
+				Kubeconfig:        []byte(fixtures.BearerTokenWithData),
 				AWSClusterIDGuess: []byte{},
 			},
 		},
 	},
 	ccsTest{
 		name: "bearer token test without data",
-		raw:  []byte(BearerTokenWithoutData),
+		raw:  []byte(fixtures.BearerTokenWithoutData),
 		expected: []*models.ClusterCandidate{
 			&models.ClusterCandidate{
 				AuthMechanism: models.Bearer,
@@ -179,14 +180,14 @@ var ClusterCandidatesTests = []ccsTest{
 				Name:              "cluster-test",
 				Server:            "https://10.10.10.10",
 				ContextName:       "context-test",
-				Kubeconfig:        []byte(BearerTokenWithoutData),
+				Kubeconfig:        []byte(fixtures.BearerTokenWithoutData),
 				AWSClusterIDGuess: []byte{},
 			},
 		},
 	},
 	ccsTest{
 		name: "gcp test",
-		raw:  []byte(GCPPlugin),
+		raw:  []byte(fixtures.GCPPlugin),
 		expected: []*models.ClusterCandidate{
 			&models.ClusterCandidate{
 				AuthMechanism: models.GCP,
@@ -200,14 +201,14 @@ var ClusterCandidatesTests = []ccsTest{
 				Name:              "cluster-test",
 				Server:            "https://10.10.10.10",
 				ContextName:       "context-test",
-				Kubeconfig:        []byte(GCPPlugin),
+				Kubeconfig:        []byte(fixtures.GCPPlugin),
 				AWSClusterIDGuess: []byte{},
 			},
 		},
 	},
 	ccsTest{
 		name: "aws iam authenticator test",
-		raw:  []byte(AWSIamAuthenticatorExec),
+		raw:  []byte(fixtures.AWSIamAuthenticatorExec),
 		expected: []*models.ClusterCandidate{
 			&models.ClusterCandidate{
 				AuthMechanism: models.AWS,
@@ -221,14 +222,14 @@ var ClusterCandidatesTests = []ccsTest{
 				Name:              "cluster-test",
 				Server:            "https://10.10.10.10",
 				ContextName:       "context-test",
-				Kubeconfig:        []byte(AWSIamAuthenticatorExec),
+				Kubeconfig:        []byte(fixtures.AWSIamAuthenticatorExec),
 				AWSClusterIDGuess: []byte("cluster-test-aws-id-guess"),
 			},
 		},
 	},
 	ccsTest{
 		name: "aws eks get-token test",
-		raw:  []byte(AWSEKSGetTokenExec),
+		raw:  []byte(fixtures.AWSEKSGetTokenExec),
 		expected: []*models.ClusterCandidate{
 			&models.ClusterCandidate{
 				AuthMechanism: models.AWS,
@@ -242,14 +243,14 @@ var ClusterCandidatesTests = []ccsTest{
 				Name:              "cluster-test",
 				Server:            "https://10.10.10.10",
 				ContextName:       "context-test",
-				Kubeconfig:        []byte(AWSEKSGetTokenExec),
+				Kubeconfig:        []byte(fixtures.AWSEKSGetTokenExec),
 				AWSClusterIDGuess: []byte("cluster-test-aws-id-guess"),
 			},
 		},
 	},
 	ccsTest{
 		name: "oidc without ca data",
-		raw:  []byte(OIDCAuthWithoutData),
+		raw:  []byte(fixtures.OIDCAuthWithoutData),
 		expected: []*models.ClusterCandidate{
 			&models.ClusterCandidate{
 				AuthMechanism: models.OIDC,
@@ -264,14 +265,14 @@ var ClusterCandidatesTests = []ccsTest{
 				Name:              "cluster-test",
 				Server:            "https://10.10.10.10",
 				ContextName:       "context-test",
-				Kubeconfig:        []byte(OIDCAuthWithoutData),
+				Kubeconfig:        []byte(fixtures.OIDCAuthWithoutData),
 				AWSClusterIDGuess: []byte{},
 			},
 		},
 	},
 	ccsTest{
 		name: "oidc with ca data",
-		raw:  []byte(OIDCAuthWithData),
+		raw:  []byte(fixtures.OIDCAuthWithData),
 		expected: []*models.ClusterCandidate{
 			&models.ClusterCandidate{
 				AuthMechanism:     models.OIDC,
@@ -280,14 +281,14 @@ var ClusterCandidatesTests = []ccsTest{
 				Name:              "cluster-test",
 				Server:            "https://10.10.10.10",
 				ContextName:       "context-test",
-				Kubeconfig:        []byte(OIDCAuthWithData),
+				Kubeconfig:        []byte(fixtures.OIDCAuthWithData),
 				AWSClusterIDGuess: []byte{},
 			},
 		},
 	},
 	ccsTest{
 		name: "basic auth test",
-		raw:  []byte(BasicAuth),
+		raw:  []byte(fixtures.BasicAuth),
 		expected: []*models.ClusterCandidate{
 			&models.ClusterCandidate{
 				AuthMechanism:     models.Basic,
@@ -296,7 +297,7 @@ var ClusterCandidatesTests = []ccsTest{
 				Name:              "cluster-test",
 				Server:            "https://10.10.10.10",
 				ContextName:       "context-test",
-				Kubeconfig:        []byte(BasicAuth),
+				Kubeconfig:        []byte(fixtures.BasicAuth),
 				AWSClusterIDGuess: []byte{},
 			},
 		},
@@ -357,319 +358,3 @@ func TestGetClusterCandidatesNonLocal(t *testing.T) {
 		}
 	}
 }
-
-const ClusterCAWithoutData string = `
-apiVersion: v1
-kind: Config
-clusters:
-- name: cluster-test
-  cluster:
-    server: https://10.10.10.10
-    certificate-authority: /fake/path/to/ca.pem
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-users:
-- name: test-admin
-  user:
-    client-certificate-data: LS0tLS1CRUdJTiBDRVJ=
-    client-key-data: LS0tLS1CRUdJTiBDRVJ=
-current-context: context-test
-`
-
-const ClusterLocalhost string = `
-apiVersion: v1
-kind: Config
-clusters:
-- name: cluster-test
-  cluster:
-    server: https://localhost
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-users:
-- name: test-admin
-  user:
-    client-certificate-data: LS0tLS1CRUdJTiBDRVJ=
-    client-key-data: LS0tLS1CRUdJTiBDRVJ=
-current-context: context-test
-`
-
-const x509WithData string = `
-apiVersion: v1
-kind: Config
-preferences: {}
-current-context: context-test
-clusters:
-- cluster:
-    server: https://10.10.10.10
-  name: cluster-test
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-users:
-- name: test-admin
-  user:
-    client-certificate-data: LS0tLS1CRUdJTiBDRVJ=
-    client-key-data: LS0tLS1CRUdJTiBDRVJ=
-`
-
-const x509WithoutCertData string = `
-apiVersion: v1
-kind: Config
-preferences: {}
-current-context: context-test
-clusters:
-- cluster:
-    server: https://10.10.10.10
-  name: cluster-test
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-users:
-- name: test-admin
-  user:
-    client-certificate: /fake/path/to/cert.pem
-    client-key-data: LS0tLS1CRUdJTiBDRVJ=
-`
-
-const x509WithoutKeyData string = `
-apiVersion: v1
-kind: Config
-preferences: {}
-current-context: context-test
-clusters:
-- cluster:
-    server: https://10.10.10.10
-  name: cluster-test
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-users:
-- name: test-admin
-  user:
-    client-certificate-data: LS0tLS1CRUdJTiBDRVJ=
-    client-key: /fake/path/to/key.pem
-`
-
-const x509WithoutCertAndKeyData string = `
-apiVersion: v1
-kind: Config
-preferences: {}
-current-context: context-test
-clusters:
-- cluster:
-    server: https://10.10.10.10
-  name: cluster-test
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-users:
-- name: test-admin
-  user:
-    client-certificate: /fake/path/to/cert.pem
-    client-key: /fake/path/to/key.pem
-`
-
-const BearerTokenWithData string = `
-apiVersion: v1
-kind: Config
-preferences: {}
-current-context: context-test
-clusters:
-- cluster:
-    server: https://10.10.10.10
-  name: cluster-test
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-users:
-- name: test-admin
-  user:
-    token: LS0tLS1CRUdJTiBDRVJ=
-`
-
-const BearerTokenWithoutData string = `
-apiVersion: v1
-kind: Config
-preferences: {}
-current-context: context-test
-clusters:
-- cluster:
-    server: https://10.10.10.10
-  name: cluster-test
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-users:
-- name: test-admin
-  user:
-    tokenFile: /path/to/token/file.txt
-`
-const GCPPlugin string = `
-apiVersion: v1
-kind: Config
-clusters:
-- name: cluster-test
-  cluster:
-    server: https://10.10.10.10
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
-users:
-- name: test-admin
-  user:
-    auth-provider:
-      name: gcp
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-current-context: context-test
-`
-
-const AWSIamAuthenticatorExec = `
-apiVersion: v1
-clusters:
-- cluster:
-    server: https://10.10.10.10
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
-  name: cluster-test
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-current-context: context-test
-kind: Config
-preferences: {}
-users:
-- name: test-admin
-  user:
-    exec:
-      apiVersion: client.authentication.k8s.io/v1alpha1
-      command: aws-iam-authenticator
-      args:
-        - "token"
-        - "-i"
-        - "cluster-test-aws-id-guess"
-`
-
-const AWSEKSGetTokenExec = `
-apiVersion: v1
-clusters:
-- cluster:
-    server: https://10.10.10.10
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
-  name: cluster-test
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-current-context: context-test
-kind: Config
-preferences: {}
-users:
-- name: test-admin
-  user:
-    exec:
-      apiVersion: client.authentication.k8s.io/v1alpha1
-      command: aws
-      args:
-        - "eks"
-        - "get-token"
-        - "--cluster-name"
-        - "cluster-test-aws-id-guess"
-`
-
-const OIDCAuthWithoutData = `
-apiVersion: v1
-clusters:
-- cluster:
-    server: https://10.10.10.10
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
-  name: cluster-test
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-current-context: context-test
-kind: Config
-preferences: {}
-users:
-- name: test-admin
-  user:
-    auth-provider:
-      config:
-        client-id: porter-api
-        id-token: token
-        idp-issuer-url: https://10.10.10.10
-        idp-certificate-authority: /fake/path/to/ca.pem
-      name: oidc
-`
-
-const OIDCAuthWithData = `
-apiVersion: v1
-clusters:
-- cluster:
-    server: https://10.10.10.10
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
-  name: cluster-test
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-current-context: context-test
-kind: Config
-preferences: {}
-users:
-- name: test-admin
-  user:
-    auth-provider:
-      config:
-        client-id: porter-api
-        id-token: token
-        idp-issuer-url: https://10.10.10.10
-        idp-certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
-      name: oidc
-`
-
-const BasicAuth = `
-apiVersion: v1
-clusters:
-- cluster:
-    server: https://10.10.10.10
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJ=
-  name: cluster-test
-contexts:
-- context:
-    cluster: cluster-test
-    user: test-admin
-  name: context-test
-current-context: context-test
-kind: Config
-preferences: {}
-users:
-- name: test-admin
-  user:
-    username: admin
-    password: changeme
-`