fix: authorization config gen

We were appending to existing slice, fix by using a variable.

Signed-off-by: Noel Georgi <git@frezbo.dev>

internal/app/machined/pkg/controllers/k8s/control_plane.go

@@ -7,6 +7,7 @@ package k8s
 import (
 	"context"
 	"fmt"
+	"slices"
 	"strconv"
 	"strings"
 
@@ -127,20 +128,24 @@ func NewControlPlaneAuthorizationController() *ControlPlaneAuthorizationControll
 					return nil
 				}
 
+				var authorizers []k8s.AuthorizationAuthorizersSpec
+
 				for _, authorizer := range cfgProvider.Cluster().APIServer().AuthorizationConfig() {
 					// skip Node and RBAC authorizers as we add them by default later on.
 					if authorizer.Type() == "Node" || authorizer.Type() == "RBAC" {
 						continue
 					}
 
-					res.TypedSpec().Config = append(res.TypedSpec().Config, k8s.AuthorizationAuthorizersSpec{
-						Type:    authorizer.Type(),
-						Name:    authorizer.Name(),
-						Webhook: authorizer.Webhook(),
+					authorizers = slices.Concat(authorizers, []k8s.AuthorizationAuthorizersSpec{
+						{
+							Type:    authorizer.Type(),
+							Name:    authorizer.Name(),
+							Webhook: authorizer.Webhook(),
+						},
 					})
 				}
 
-				res.TypedSpec().Config = append(v1alpha1.APIServerDefaultAuthorizationConfigAuthorizers, res.TypedSpec().Config...)
+				res.TypedSpec().Config = slices.Concat(v1alpha1.APIServerDefaultAuthorizationConfigAuthorizers, authorizers)
 
 				return nil
 			},

internal/app/machined/pkg/controllers/k8s/control_plane_test.go

@@ -6,6 +6,7 @@ package k8s_test
 
 import (
 	"net/url"
+	"slices"
 	"strings"
 	"testing"
 	"time"
@@ -208,16 +209,18 @@ func (suite *K8sControlPlaneSuite) TestReconcileAdditionalAuthorizationConfigAut
 
 	suite.setupMachine(cfg)
 
-	expectedAuthorizers := append(v1alpha1.APIServerDefaultAuthorizationConfigAuthorizers, k8s.AuthorizationAuthorizersSpec{ //nolint:gocritic
-		Type: "Webhook",
-		Name: "webhook",
-		Webhook: map[string]any{
-			"timeout":                    "3s",
-			"subjectAccessReviewVersion": "v1",
-			"matchConditionSubjectAccessReviewVersion": "v1",
-			"failurePolicy": "NoOpinion",
-			"connectionInfo": map[string]any{
-				"type": "InClusterConfig",
+	expectedAuthorizers := slices.Concat(v1alpha1.APIServerDefaultAuthorizationConfigAuthorizers, []k8s.AuthorizationAuthorizersSpec{
+		{
+			Type: "Webhook",
+			Name: "webhook",
+			Webhook: map[string]any{
+				"timeout":                    "3s",
+				"subjectAccessReviewVersion": "v1",
+				"matchConditionSubjectAccessReviewVersion": "v1",
+				"failurePolicy": "NoOpinion",
+				"connectionInfo": map[string]any{
+					"type": "InClusterConfig",
+				},
 			},
 		},
 	})
@@ -280,16 +283,18 @@ func (suite *K8sControlPlaneSuite) TestReconcileAdditionalAuthorizationConfigAut
 
 	suite.setupMachine(cfg)
 
-	expectedAuthorizers := append(v1alpha1.APIServerDefaultAuthorizationConfigAuthorizers, k8s.AuthorizationAuthorizersSpec{ //nolint:gocritic
-		Type: "Webhook",
-		Name: "webhook",
-		Webhook: map[string]any{
-			"timeout":                    "3s",
-			"subjectAccessReviewVersion": "v1",
-			"matchConditionSubjectAccessReviewVersion": "v1",
-			"failurePolicy": "NoOpinion",
-			"connectionInfo": map[string]any{
-				"type": "InClusterConfig",
+	expectedAuthorizers := slices.Concat(v1alpha1.APIServerDefaultAuthorizationConfigAuthorizers, []k8s.AuthorizationAuthorizersSpec{
+		{
+			Type: "Webhook",
+			Name: "webhook",
+			Webhook: map[string]any{
+				"timeout":                    "3s",
+				"subjectAccessReviewVersion": "v1",
+				"matchConditionSubjectAccessReviewVersion": "v1",
+				"failurePolicy": "NoOpinion",
+				"connectionInfo": map[string]any{
+					"type": "InClusterConfig",
+				},
 			},
 		},
 	})