refactor: centralize kubeconfig authentication handling

[msivasubramaniaan]

Fix: https://redhat.atlassian.net/browse/CRW-11310

[coderabbitai]

Warning

Review limit reached

@adietish, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 47 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: c88ea739-6457-487d-87d9-dea43b59d28a

📥 Commits

Reviewing files that changed from the base of the PR and between f53e3eb and 19921cc.

📒 Files selected for processing (4)

• src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigEntries.kt
• src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigUpdate.kt
• src/test/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigTestHelpers.kt
• src/test/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigUpdateTest.kt

📝 Walkthrough

Walkthrough

Adds tokenOnly and clientCertOnly factory methods to KubeConfigUser.Companion, removes getUserClientCertForCluster, fixes a Map cast in getByName, and introduces protected helpers on KubeConfigUpdate for token and client-certificate field mutation. Tests and test helpers are updated to cover the new field-clearing behavior.

Changes

KubeConfig auth field centralization

Layer / File(s)	Summary
KubeConfigUser factory methods and getByName cast fix src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigEntries.kt	Fixes Map<String, Any> cast to Map<*, *> in getByName, removes getUserClientCertForCluster, and adds tokenOnly(token) and clientCertOnly(cert, key) factory methods on KubeConfigUser.Companion.
Centralized auth helpers and call-site refactors src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigUpdate.kt	Adds setTokenAuthentication and setClientCertificateAuthentication protected helpers on KubeConfigUpdate; refactors UpdateToken, UpdateClientCert, CreateContext, and CreateContextWithClientCert to delegate to these helpers and the new factory methods.
Updated kubeconfig auth test coverage src/test/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigTestHelpers.kt, src/test/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigUpdateTest.kt	Expands the client-cert test helper to include file-path and data-path fields, and adds update tests that verify token-only and client-certificate persistence semantics.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 8.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: consolidating kubeconfig authentication handling.
Description check	✅ Passed	The description references the linked issue that the pull request is meant to fix.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[codecov-commenter]

Codecov Report

❌ Patch coverage is 96.77419% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 23.77%. Comparing base (71098f6) to head (19921cc).
⚠️ Report is 366 commits behind head on main.

Files with missing lines	Patch %	Lines
...t/devtools/gateway/kubeconfig/KubeConfigEntries.kt	88.88%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##            main     #322       +/-   ##
==========================================
+ Coverage   0.00%   23.77%   +23.77%     
==========================================
  Files          4      101       +97     
  Lines         26     4214     +4188     
  Branches       0      774      +774     
==========================================
+ Hits           0     1002     +1002     
- Misses        26     3081     +3055     
- Partials       0      131      +131     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigUpdate.kt`:
- Around line 117-133: The auth switch helpers in KubeConfigUpdate should also
clear the file-path certificate fields, not just the data fields. Update
setTokenAuthentication and setClientCertificateAuthentication to remove
client-certificate and client-key alongside
token/client-certificate-data/client-key-data, using the existing
Utils.removeValue calls so an existing kubeconfig is fully converted to the new
auth mode. Keep the fix localized to these helper methods so
KubeConfigUser.fromMap() entries are normalized regardless of whether they were
created from file paths or inline PEM data.
- Around line 126-133: The client certificate auth path in
setClientCertificateAuthentication is writing raw PEM into the same
user.client-certificate-data and user.client-key-data fields that
CreateContextWithClientCert produces via KubeConfigUser.toMap(), so the
persisted kubeconfig shape is inconsistent. Update this helper to encode the
certificate and key content the same way the create path does before calling
Utils.setValue, and keep removing user.token afterward so both create and update
flows store matching base64 inline data.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: a0c6e9ba-6c9b-4c5d-9e6a-ea3942a88351

📥 Commits

Reviewing files that changed from the base of the PR and between 99b4d5c and 16c9b60.

📒 Files selected for processing (2)

• src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigEntries.kt
• src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigUpdate.kt

[adietish]

great work. LGTM. I added a commit on top where I extracted constants and added tests.