Remove `tls` field from the impersonator config
- Decided that we're not going to implement this now, although we may decide to add it in the future
This commit is contained in:
parent
4c68050706
commit
84cc42b2ca
|
@ -27,20 +27,6 @@ const (
|
||||||
ConfigMapDataKey = "config.yaml"
|
ConfigMapDataKey = "config.yaml"
|
||||||
)
|
)
|
||||||
|
|
||||||
// When specified, both CertificateAuthoritySecretName and TLSSecretName are required. They may be specified to
|
|
||||||
// both point at the same Secret or to point at different Secrets.
|
|
||||||
type TLSConfig struct {
|
|
||||||
// CertificateAuthoritySecretName contains the name of a namespace-local Secret resource. The corresponding Secret
|
|
||||||
// must contain a key called "ca.crt" whose value is the CA certificate which clients should trust when connecting
|
|
||||||
// to the impersonation proxy.
|
|
||||||
CertificateAuthoritySecretName string `json:"certificateAuthoritySecretName"`
|
|
||||||
|
|
||||||
// TLSSecretName contains the name of a namespace-local Secret resource. The corresponding Secret must be of type
|
|
||||||
// "kubernetes.io/tls" and contain keys called "tls.crt" and "tls.key" whose values are the TLS certificate and
|
|
||||||
// private key that will be used by the impersonation proxy to serve its endpoints.
|
|
||||||
TLSSecretName string `json:"tlsSecretName"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type Config struct {
|
type Config struct {
|
||||||
// Enable or disable the impersonation proxy. Optional. Defaults to ModeAuto.
|
// Enable or disable the impersonation proxy. Optional. Defaults to ModeAuto.
|
||||||
Mode Mode `json:"mode,omitempty"`
|
Mode Mode `json:"mode,omitempty"`
|
||||||
|
@ -53,10 +39,6 @@ type Config struct {
|
||||||
// for clients to use from outside the cluster. E.g. myhost.mycompany.com:8443. Clients should assume that they should
|
// for clients to use from outside the cluster. E.g. myhost.mycompany.com:8443. Clients should assume that they should
|
||||||
// connect via HTTPS to this service.
|
// connect via HTTPS to this service.
|
||||||
Endpoint string `json:"endpoint,omitempty"`
|
Endpoint string `json:"endpoint,omitempty"`
|
||||||
|
|
||||||
// The TLS configuration of the impersonation proxy's endpoints. Optional. When not specified, a CA and TLS
|
|
||||||
// certificate will be automatically created based on the Endpoint setting.
|
|
||||||
TLS *TLSConfig `json:"tls,omitempty"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewConfig() *Config {
|
func NewConfig() *Config {
|
||||||
|
|
|
@ -33,20 +33,13 @@ func TestConfigFromConfigMap(t *testing.T) {
|
||||||
Data: map[string]string{
|
Data: map[string]string{
|
||||||
"config.yaml": here.Doc(`
|
"config.yaml": here.Doc(`
|
||||||
mode: enabled
|
mode: enabled
|
||||||
endpoint: https://proxy.example.com:8443/
|
endpoint: proxy.example.com:8443
|
||||||
tls:
|
|
||||||
certificateAuthoritySecretName: my-ca-crt
|
|
||||||
tlsSecretName: my-tls-certificate-and-key
|
|
||||||
`),
|
`),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
wantConfig: &Config{
|
wantConfig: &Config{
|
||||||
Mode: "enabled",
|
Mode: "enabled",
|
||||||
Endpoint: "https://proxy.example.com:8443/",
|
Endpoint: "proxy.example.com:8443",
|
||||||
TLS: &TLSConfig{
|
|
||||||
CertificateAuthoritySecretName: "my-ca-crt",
|
|
||||||
TLSSecretName: "my-tls-certificate-and-key",
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -61,7 +54,6 @@ func TestConfigFromConfigMap(t *testing.T) {
|
||||||
wantConfig: &Config{
|
wantConfig: &Config{
|
||||||
Mode: "auto",
|
Mode: "auto",
|
||||||
Endpoint: "",
|
Endpoint: "",
|
||||||
TLS: nil,
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -76,7 +68,6 @@ func TestConfigFromConfigMap(t *testing.T) {
|
||||||
wantConfig: &Config{
|
wantConfig: &Config{
|
||||||
Mode: "enabled",
|
Mode: "enabled",
|
||||||
Endpoint: "",
|
Endpoint: "",
|
||||||
TLS: nil,
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -91,7 +82,6 @@ func TestConfigFromConfigMap(t *testing.T) {
|
||||||
wantConfig: &Config{
|
wantConfig: &Config{
|
||||||
Mode: "disabled",
|
Mode: "disabled",
|
||||||
Endpoint: "",
|
Endpoint: "",
|
||||||
TLS: nil,
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -106,7 +96,6 @@ func TestConfigFromConfigMap(t *testing.T) {
|
||||||
wantConfig: &Config{
|
wantConfig: &Config{
|
||||||
Mode: "auto",
|
Mode: "auto",
|
||||||
Endpoint: "",
|
Endpoint: "",
|
||||||
TLS: nil,
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -135,7 +135,6 @@ func TestImpersonationProxy(t *testing.T) {
|
||||||
configMap := configMapForConfig(t, env, impersonator.Config{
|
configMap := configMapForConfig(t, env, impersonator.Config{
|
||||||
Mode: impersonator.ModeEnabled,
|
Mode: impersonator.ModeEnabled,
|
||||||
Endpoint: proxyServiceEndpoint,
|
Endpoint: proxyServiceEndpoint,
|
||||||
TLS: nil,
|
|
||||||
})
|
})
|
||||||
t.Logf("creating configmap %s", configMap.Name)
|
t.Logf("creating configmap %s", configMap.Name)
|
||||||
_, err = adminClient.CoreV1().ConfigMaps(env.ConciergeNamespace).Create(ctx, &configMap, metav1.CreateOptions{})
|
_, err = adminClient.CoreV1().ConfigMaps(env.ConciergeNamespace).Create(ctx, &configMap, metav1.CreateOptions{})
|
||||||
|
|
Loading…
Reference in New Issue