refactor: remove dead TLS code in applySecurityAuthentication, drop nock dependency, migrate cache_test to MockAgent

davidgamero · davidgamero · commit 300c014c902e · 2026-03-25T23:10:37.000-04:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -81,7 +81,6 @@
         "eslint-plugin-erasable-syntax-only": "^0.4.0",
         "husky": "^9.0.6",
         "mock-fs": "^5.2.0",
-        "nock": "^14.0.5",
         "prettier": "^3.0.0",
         "pretty-quick": "^4.0.0",
         "ts-mockito": "^2.3.1",
diff --git a/src/cache_test.ts b/src/cache_test.ts
@@ -8,7 +8,7 @@ import { KubeConfig } from './config.js';
 import { Cluster, Context, User } from './config_types.js';
 import { ListPromise } from './informer.js';
 
-import nock from 'nock';
+import { MockAgent, setGlobalDispatcher, getGlobalDispatcher } from 'undici';
 import { Watch } from './watch.js';
 
 const server = 'https://foo.company.com';
@@ -1474,51 +1474,56 @@ describe('ListWatchCache', () => {
 
         const informer = new ListWatch(path, watch, listFn, false, APP_LABEL_SELECTOR);
 
-        const scope = nock(fakeConfig.clusters[0].server);
-        const s = scope
-            .get(path)
-            .query({
-                watch: true,
-                resourceVersion: '12345',
-                labelSelector: APP_LABEL_SELECTOR,
-            })
-            .reply(
+        const originalDispatcher = getGlobalDispatcher();
+        const mockAgent = new MockAgent();
+        setGlobalDispatcher(mockAgent);
+        mockAgent.disableNetConnect();
+
+        try {
+            const pool = mockAgent.get(fakeConfig.clusters[0].server);
+            pool.intercept({
+                path: `${path}?watch=true&resourceVersion=12345&labelSelector=app%3Dfoo`,
+                method: 'GET',
+            }).reply(
                 200,
-                () =>
-                    JSON.stringify({
-                        type: 'ADDED',
-                        object: {
-                            metadata: {
-                                name: 'name3',
-                                labels: {
-                                    app: 'foo3',
-                                },
-                            } as V1ObjectMeta,
-                        },
-                    }) + '\n',
+                JSON.stringify({
+                    type: 'ADDED',
+                    object: {
+                        metadata: {
+                            name: 'name3',
+                            labels: {
+                                app: 'foo3',
+                            },
+                        } as V1ObjectMeta,
+                    },
+                }) + '\n',
             );
 
-        await informer.start();
+            await informer.start();
 
-        let doneResolve: any;
-        const donePromise = new Promise((resolve) => {
-            doneResolve = resolve;
-        });
+            let doneResolve: any;
+            const donePromise = new Promise((resolve) => {
+                doneResolve = resolve;
+            });
 
-        informer.on('add', doneResolve);
+            informer.on('add', doneResolve);
 
-        const value = await donePromise;
+            const value = await donePromise;
 
-        deepStrictEqual(value, {
-            metadata: {
-                labels: {
-                    app: 'foo3',
+            deepStrictEqual(value, {
+                metadata: {
+                    labels: {
+                        app: 'foo3',
+                    },
+                    name: 'name3',
                 },
-                name: 'name3',
-            },
-        });
+            });
 
-        s.done();
+            mockAgent.assertNoPendingInterceptors();
+        } finally {
+            await mockAgent.close();
+            setGlobalDispatcher(originalDispatcher);
+        }
     });
 });
 
diff --git a/src/config.ts b/src/config.ts
@@ -284,14 +284,6 @@ export class KubeConfig implements SecurityAuthentication {
 
         await this.applyOptions(httpsOptions);
 
-        if (cluster && cluster.skipTLSVerify) {
-            agentOptions.rejectUnauthorized = false;
-        }
-
-        if (cluster && cluster.tlsServerName) {
-            agentOptions.servername = cluster.tlsServerName;
-        }
-
         if (user && user.username) {
             const auth = Buffer.from(`${user.username}:${user.password}`).toString('base64');
             context.setHeaderParam('Authorization', `Basic ${auth}`);
