fix: impresonation regression for service accounts

[rgruchalski-klarrio]

Fixes service account impresonation regression discussed in #388 (comment).

[rgruchalski-klarrio]

Yay! The checks are passing! :)

[maxgio92]

Welcome to Capsule and thank you a lot @rgruchalski-klarrio!

[maxgio92]

Looks good to me @rgruchalski-klarrio!
Just left a couple of minor points.

cc @prometherion PTAL

[maxgio92]

Thank you @rgruchalski-klarrio! LGTM

[oliverbaehler]

@rgruchalski-klarrio thanks for your contribution. Please fix the commit syntax. We have good documentation here: https://github.com/projectcapsule/capsule/blob/main/CONTRIBUTING.md#semantics

[oliverbaehler]

Also run make golint to get semantic passing for your code.

[rgruchalski-klarrio]

@maxgio92 what does this even mean?

/Users/radek/dev/golang/src/github.com/projectcapsule/capsule-proxy/bin/golangci-lint run -c .golangci.yml
internal/request/http_test.go:17: File is not `gci`-ed with --skip-generated -s standard -s default -s prefix(github.com/projectcapsule/capsule-proxy) (gci)
	"sigs.k8s.io/controller-runtime/pkg/client"

internal/request/http_test.go:20: File is not `gci`-ed with --skip-generated -s standard -s default -s prefix(github.com/projectcapsule/capsule-proxy) (gci)
	"k8s.io/apiserver/pkg/authentication/user"

[oliverbaehler]

@rgruchalski-klarrio That means your imports are not correctly ordered

1. Core imports
2. 3-P imports
3. Project local Imports

[rgruchalski-klarrio]

Okay, thank you @oliverbaehler, this seems to be a puzzle I really don't want to think about, what's the correct order?

http.go

import (
	"fmt"
	h "net/http"
	"regexp"
	"strings"

	authenticationv1 "k8s.io/api/authentication/v1"
	authorizationv1 "k8s.io/api/authorization/v1"
	"k8s.io/apiserver/pkg/authentication/serviceaccount"
	"k8s.io/apiserver/pkg/authentication/user"
	"sigs.k8s.io/controller-runtime/pkg/client"
)

http_tets.go:

import (
	"context"
	"crypto/tls"
	"crypto/x509"
	"crypto/x509/pkix"
	"fmt"
	"net/http"
	"reflect"
	"regexp"
	"sort"
	"testing"

	authenticationv1 "k8s.io/api/authentication/v1"
	authorizationv1 "k8s.io/api/authorization/v1"
	"sigs.k8s.io/controller-runtime/pkg/client"

	"k8s.io/apiserver/pkg/authentication/serviceaccount"
	"k8s.io/apiserver/pkg/authentication/user"

	"github.com/projectcapsule/capsule-proxy/internal/request"
)

[oliverbaehler]

They should look like this, not really a puzzle:

import (
	"context"
	"crypto/tls"
	"crypto/x509"
	"crypto/x509/pkix"
	"fmt"
	"net/http"
	"reflect"
	"regexp"
	"sort"
	"testing"

	authenticationv1 "k8s.io/api/authentication/v1"
	authorizationv1 "k8s.io/api/authorization/v1"
	"k8s.io/apiserver/pkg/authentication/serviceaccount"
	"k8s.io/apiserver/pkg/authentication/user"
	"sigs.k8s.io/controller-runtime/pkg/client"

	"github.com/projectcapsule/capsule-proxy/internal/request"
)

[rgruchalski-klarrio]

Ah, thank you, alphabetical order within a group. All resolved and the CI is passing.

[oliverbaehler]

@rgruchalski-klarrio We only accept GPG signed commits, please sign your commit

[rgruchalski-klarrio]

omg... yes, let me configure gpg and have a look at this once again for you.

[rgruchalski-klarrio]

There we go. Should be much better now.

[oliverbaehler]

It's not for me, no need to get upset ☺️

[rgruchalski-klarrio]

Nobody got upset, just extremely busy and the ping ping kinda annoyed me. Glad we're done with it!