pkg/authn: fix nil pointer dereference

[dimityrmirchev]

Fix a nil pointer dereference introduced with 06bdb53.

Assigning nil type to an interface fails a nil check later on since the interface contains the type and its value.

Sorry for introducing this in the first place.

Before the change:

go run cmd/kube-rbac-proxy/main.go --kubeconfig=$KUBECONFIG --insecure-listen-address=0.0.0.0:8100 --oidc-clientID=foo  --oidc-issuer=https://accounts.google.com --upstream=http://localhost:3000
W0224 15:09:48.670407   81616 options.go:150] 
==== Deprecation Warning ======================

Insecure listen address will be removed.
Using --insecure-listen-address won't be possible!

The ability to run kube-rbac-proxy without TLS certificates will be removed.
Not using --tls-cert-file and --tls-private-key-file won't be possible!

For more information, please go to https://github.com/brancz/kube-rbac-proxy/issues/187

===============================================


panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x1018e42b8]

goroutine 1 [running]:
k8s.io/apiserver/pkg/server/dynamiccertificates.(*DynamicFileCAContent).CurrentCABundleContent(0x102254600?)
        /Users/user/go/pkg/mod/k8s.io/[email protected]/pkg/server/dynamiccertificates/dynamic_cafile_content.go:254 +0x18
k8s.io/apiserver/plugin/pkg/authenticator/token/oidc.New({_, _}, {{{{0x16f5c2f0b, 0x1b}, {0x0, 0x0}, {0x0, 0x0}, {0x1400029cdb0, 0x1, ...}, ...}, ...}, ...})
        /Users/user/go/pkg/mod/k8s.io/[email protected]/plugin/pkg/authenticator/token/oidc/oidc.go:286 +0x2c4
github.com/brancz/kube-rbac-proxy/pkg/authn.NewOIDCAuthenticator({0x10255c870, 0x1400020a410}, 0x140000345a0)
        /Users/user/go/src/github.com/brancz/kube-rbac-proxy/pkg/authn/oidc.go:50 +0x154
github.com/brancz/kube-rbac-proxy/cmd/kube-rbac-proxy/app.Run(0x14000598320)
        /Users/user/go/src/github.com/brancz/kube-rbac-proxy/cmd/kube-rbac-proxy/app/kube-rbac-proxy.go:225 +0x7c
github.com/brancz/kube-rbac-proxy/cmd/kube-rbac-proxy/app.NewKubeRBACProxyCommand.func2(0x14000714608, {0x14000132780?, 0x0?, 0x5?})
        /Users/user/go/src/github.com/brancz/kube-rbac-proxy/cmd/kube-rbac-proxy/app/kube-rbac-proxy.go:98 +0x70
github.com/spf13/cobra.(*Command).execute(0x14000714608, {0x1400004c1f0, 0x5, 0x5})
        /Users/user/go/pkg/mod/github.com/spf13/[email protected]/command.go:985 +0x834
github.com/spf13/cobra.(*Command).ExecuteC(0x14000714608)
        /Users/user/go/pkg/mod/github.com/spf13/[email protected]/command.go:1117 +0x344
github.com/spf13/cobra.(*Command).Execute(...)
        /Users/user/go/pkg/mod/github.com/spf13/[email protected]/command.go:1041
k8s.io/component-base/cli.run(0x14000714608)
        /Users/user/go/pkg/mod/k8s.io/[email protected]/cli/run.go:143 +0x20c
k8s.io/component-base/cli.Run(0x1035076c8?)
        /Users/user/go/pkg/mod/k8s.io/[email protected]/cli/run.go:44 +0x1c
main.main()
        /Users/user/go/src/github.com/brancz/kube-rbac-proxy/cmd/kube-rbac-proxy/main.go:29 +0x20
exit status 2

After the change:

go run cmd/kube-rbac-proxy/main.go --kubeconfig=$KUBECONFIG --insecure-listen-address=0.0.0.0:8100 --oidc-clientID=foo  --oidc-issuer=https://accounts.google.com --upstream=http://localhost:3000 
W0224 15:09:17.666065   81492 options.go:150] 
==== Deprecation Warning ======================

Insecure listen address will be removed.
Using --insecure-listen-address won't be possible!

The ability to run kube-rbac-proxy without TLS certificates will be removed.
Not using --tls-cert-file and --tls-private-key-file won't be possible!

For more information, please go to https://github.com/brancz/kube-rbac-proxy/issues/187

===============================================


I0224 15:09:17.670629   81492 oidc.go:291] OIDC: No x509 certificates provided, will use host's root CA set
I0224 15:09:17.671809   81492 kube-rbac-proxy.go:473] Listening insecurely on 0.0.0.0:8100

[ibihim]

Sorry, that it took me so long. I will take a look now.

[ibihim]

/lgtm

[ibihim]

Maybe a comment for the reason would be useful 😅

I will ping @stlaz for review as well.

[dimityrmirchev]

Thanks for reviewing @ibihim !

Maybe a comment for the reason would be useful 😅

I will ping @stlaz for review as well.

I can add a comment that explains the reasoning. Let's wait for input by @stlaz and I will address the comments at once.

[stlaz]

This is about typed nils, right? Please, add a comment, these are always counterintuitive 😐

[dimityrmirchev]

Thanks for reviewing! Should be addressed with 2240906

[stlaz]

The PR looks good, but if you'd add a comment it might make the next person not want to try to refactor it :)