From dd5f11e1e6c625b80a7f08cd095b7e2663a51824 Mon Sep 17 00:00:00 2001
From: Andrew Lytvynov <awly@google.com>
Date: Wed, 25 Jul 2018 16:22:32 -0700
Subject: [PATCH] Set connrotation dialer via restclient.Config.Dialer

Instead of Transport. This fixes ExecPlugin, which fails if
restclient.Config.Transport is set.

Kubernetes-commit: 3357b5ecf42db9bcf6e54c9d2b6712cfbae077bf
---
 plugin/pkg/client/auth/exec/exec.go | 18 ++++--------------
 1 file changed, 4 insertions(+), 14 deletions(-)

diff --git a/plugin/pkg/client/auth/exec/exec.go b/plugin/pkg/client/auth/exec/exec.go
index c7a86f18..cae9d0d6 100644
--- a/plugin/pkg/client/auth/exec/exec.go
+++ b/plugin/pkg/client/auth/exec/exec.go
@@ -20,6 +20,7 @@ import (
 	"bytes"
 	"context"
 	"crypto/tls"
+	"errors"
 	"fmt"
 	"io"
 	"net"
@@ -179,21 +180,10 @@ func (a *Authenticator) UpdateTransportConfig(c *transport.Config) error {
 		return &roundTripper{a, rt}
 	}
 
-	getCert := c.TLS.GetCert
-	c.TLS.GetCert = func() (*tls.Certificate, error) {
-		// If previous GetCert is present and returns a valid non-nil
-		// certificate, use that. Otherwise use cert from exec plugin.
-		if getCert != nil {
-			cert, err := getCert()
-			if err != nil {
-				return nil, err
-			}
-			if cert != nil {
-				return cert, nil
-			}
-		}
-		return a.cert()
+	if c.TLS.GetCert != nil {
+		return errors.New("can't add TLS certificate callback: transport.Config.TLS.GetCert already set")
 	}
+	c.TLS.GetCert = a.cert
 
 	var dial func(ctx context.Context, network, addr string) (net.Conn, error)
 	if c.Dial != nil {