Our tests for the Spin CA don't validate that the resulting TLS bundle is used by the shim, so migrate the core of the tests to lighterweight integration and unit tests.
A future E2E that installs a bundle and validates outbound-tls would also be excellent.
I've avoided adding net-new tests here (as a refactor), but intend to follow up in a new PR with tests that cover the pre-existing secret cases, alongside drafts of how we may version the CA bundle.
Our tests for the Spin CA don't validate that the resulting TLS bundle is used by the shim, so migrate the core of the tests to lighterweight integration and unit tests.
A future E2E that installs a bundle and validates outbound-tls would also be excellent.
I've avoided adding net-new tests here (as a refactor), but intend to follow up in a new PR with tests that cover the pre-existing secret cases, alongside drafts of how we may version the CA bundle.