wantAuth: true,
		},
		{
			test:       "Server does not require client auth, client provides it",
			clientCert: clientCert, clientKey: clientKey, clientCA: caCert,
			serverCert: serverCert, serverKey: serverKey,
			wantAuth: true,
		},
		{
			test:       "Client does not trust server",
			clientCert: clientCert, clientKey: clientKey,
			serverCert: serverCert, serverKey: serverKey,
			wantErr: true,
		},
		{

)

func getGvk(obj any) (config.GroupVersionKind, bool) {
	switch obj.(type) {
{{- range .Entries }}
	case *{{ .ClientImport }}.{{ .Resource.Kind }}:
		return gvk.{{ .Resource.Identifier }}, true
	{{- if and (not (eq .ClientImport .IstioAwareClientImport)) (not .Resource.Synthetic) }}
	case *{{ .IstioAwareClientImport }}.{{ .Resource.Kind }}:
		return gvk.{{ .Resource.Identifier }}, true

		return
	}

	// Asserts the clientCert is signed by the signinCa
	certstestutil.AssertCertificateIsSignedByCa(t, currentClientCert, signinCa)

	// Assert the clientCert has expected NotAfter
	certstestutil.AssertCertificateHasNotAfter(t, currentClientCert, expectedNotAfter)

	// Asserts the clientCert has ClientAuth ExtKeyUsage

		},
		{
			test:       "Server does not require client auth, client provides it",
			clientCert: clientCert, clientKey: clientKey, clientCA: caCert,
			serverCert: serverCert, serverKey: serverKey,
		},
		{
			test:       "Client does not trust server",
			clientCert: clientCert, clientKey: clientKey,
			serverCert: serverCert, serverKey: serverKey,
			wantErr: true,
		},
		{

			wantAuth: true,
		},
		{
			test:       "Server does not require client auth, client provides it",
			clientCert: clientCert, clientKey: clientKey, clientCA: caCert,
			serverCert: serverCert, serverKey: serverKey,
			wantAuth: true,
		},
		{
			test:       "Client does not trust server",
			clientCert: clientCert, clientKey: clientKey,
			serverCert: serverCert, serverKey: serverKey,
			wantErr: true,
		},
		{

        url: "https://127.0.0.1:8131"
        tlsConfig:
          caBundle: "/etc/srv/kubernetes/pki/konnectivity-server/ca.crt"
          clientKey: "/etc/srv/kubernetes/pki/konnectivity-server/client.key"
          clientCert: "/etc/srv/kubernetes/pki/konnectivity-server/client.crt"
- name: "controlplane"
  connection:
    proxyProtocol: "HTTPConnect"
    transport:
      tcp:
        url: "https://127.0.0.1:8132"
        tlsConfig:

			if err != nil {
				return nil, err
			}
			clientCert, err := tls.X509KeyPair(key.CertificateChain, key.PrivateKey)
			if err != nil {
				return nil, err
			}
			return &clientCert, nil
		}
	}
	if config.CertDir != "" {
		return func(requestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error) {
			certName := config.CertDir + "/cert-chain.pem"
			clientCert, err := tls.LoadX509KeyPair(certName, config.CertDir+"/key.pem")

		},
		{
			test:       "client does not trust server",
			clientCert: clientCert, clientKey: clientKey,
			serverCert: serverCert, serverKey: serverKey,
			errRegex: errSignedByUnknownCA,
		},
		{
			test:       "server does not trust client",
			clientCert: clientCert, clientKey: clientKey, clientCA: badCACert,
			serverCert: serverCert, serverKey: serverKey, serverCA: caCert,

var kindTemplate string

//go:embed templates/collections.go.tmpl
var collectionsTemplate string

type colEntry struct {
	Resource *ast.Resource

	// ClientImport represents the import alias for the client. Example: clientnetworkingv1alpha3.
	ClientImport string
	// ClientImport represents the import alias for the status. Example: clientnetworkingv1alpha3.
	StatusImport string

Roland Shoemaker <******@****.***> 1715710936 -0700