From 84cc42b2caf1aca6836c249c3b58986c557f806b Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Tue, 2 Mar 2021 12:23:32 -0800 Subject: [PATCH] Remove `tls` field from the impersonator config - Decided that we're not going to implement this now, although we may decide to add it in the future --- internal/concierge/impersonator/config.go | 18 ------------------ internal/concierge/impersonator/config_test.go | 15 ++------------- .../concierge_impersonation_proxy_test.go | 1 - 3 files changed, 2 insertions(+), 32 deletions(-) diff --git a/internal/concierge/impersonator/config.go b/internal/concierge/impersonator/config.go index 20d97647..a7bb8c2c 100644 --- a/internal/concierge/impersonator/config.go +++ b/internal/concierge/impersonator/config.go @@ -27,20 +27,6 @@ const ( ConfigMapDataKey = "config.yaml" ) -// When specified, both CertificateAuthoritySecretName and TLSSecretName are required. They may be specified to -// both point at the same Secret or to point at different Secrets. -type TLSConfig struct { - // CertificateAuthoritySecretName contains the name of a namespace-local Secret resource. The corresponding Secret - // must contain a key called "ca.crt" whose value is the CA certificate which clients should trust when connecting - // to the impersonation proxy. - CertificateAuthoritySecretName string `json:"certificateAuthoritySecretName"` - - // TLSSecretName contains the name of a namespace-local Secret resource. The corresponding Secret must be of type - // "kubernetes.io/tls" and contain keys called "tls.crt" and "tls.key" whose values are the TLS certificate and - // private key that will be used by the impersonation proxy to serve its endpoints. - TLSSecretName string `json:"tlsSecretName"` -} - type Config struct { // Enable or disable the impersonation proxy. Optional. Defaults to ModeAuto. Mode Mode `json:"mode,omitempty"` @@ -53,10 +39,6 @@ type Config struct { // for clients to use from outside the cluster. E.g. myhost.mycompany.com:8443. Clients should assume that they should // connect via HTTPS to this service. Endpoint string `json:"endpoint,omitempty"` - - // The TLS configuration of the impersonation proxy's endpoints. Optional. When not specified, a CA and TLS - // certificate will be automatically created based on the Endpoint setting. - TLS *TLSConfig `json:"tls,omitempty"` } func NewConfig() *Config { diff --git a/internal/concierge/impersonator/config_test.go b/internal/concierge/impersonator/config_test.go index 9b12b6ba..2e96a9af 100644 --- a/internal/concierge/impersonator/config_test.go +++ b/internal/concierge/impersonator/config_test.go @@ -33,20 +33,13 @@ func TestConfigFromConfigMap(t *testing.T) { Data: map[string]string{ "config.yaml": here.Doc(` mode: enabled - endpoint: https://proxy.example.com:8443/ - tls: - certificateAuthoritySecretName: my-ca-crt - tlsSecretName: my-tls-certificate-and-key + endpoint: proxy.example.com:8443 `), }, }, wantConfig: &Config{ Mode: "enabled", - Endpoint: "https://proxy.example.com:8443/", - TLS: &TLSConfig{ - CertificateAuthoritySecretName: "my-ca-crt", - TLSSecretName: "my-tls-certificate-and-key", - }, + Endpoint: "proxy.example.com:8443", }, }, { @@ -61,7 +54,6 @@ func TestConfigFromConfigMap(t *testing.T) { wantConfig: &Config{ Mode: "auto", Endpoint: "", - TLS: nil, }, }, { @@ -76,7 +68,6 @@ func TestConfigFromConfigMap(t *testing.T) { wantConfig: &Config{ Mode: "enabled", Endpoint: "", - TLS: nil, }, }, { @@ -91,7 +82,6 @@ func TestConfigFromConfigMap(t *testing.T) { wantConfig: &Config{ Mode: "disabled", Endpoint: "", - TLS: nil, }, }, { @@ -106,7 +96,6 @@ func TestConfigFromConfigMap(t *testing.T) { wantConfig: &Config{ Mode: "auto", Endpoint: "", - TLS: nil, }, }, { diff --git a/test/integration/concierge_impersonation_proxy_test.go b/test/integration/concierge_impersonation_proxy_test.go index ab67037b..f10f87af 100644 --- a/test/integration/concierge_impersonation_proxy_test.go +++ b/test/integration/concierge_impersonation_proxy_test.go @@ -135,7 +135,6 @@ func TestImpersonationProxy(t *testing.T) { configMap := configMapForConfig(t, env, impersonator.Config{ Mode: impersonator.ModeEnabled, Endpoint: proxyServiceEndpoint, - TLS: nil, }) t.Logf("creating configmap %s", configMap.Name) _, err = adminClient.CoreV1().ConfigMaps(env.ConciergeNamespace).Create(ctx, &configMap, metav1.CreateOptions{})