Remove `tls` field from the impersonator config

- Decided that we're not going to implement this now, although we may decide to add it in the future
2021-03-02 12:23:32 -08:00 · 2021-03-02 12:23:32 -08:00 · 84cc42b2ca
parent 4c68050706
commit 84cc42b2ca
3 changed files with 2 additions and 32 deletions
--- a/internal/concierge/impersonator/config.go
+++ b/internal/concierge/impersonator/config.go
@ -27,20 +27,6 @@ const (
 	ConfigMapDataKey = "config.yaml"
 )

-// When specified, both CertificateAuthoritySecretName and TLSSecretName are required. They may be specified to
-// both point at the same Secret or to point at different Secrets.
-type TLSConfig struct {
-	// CertificateAuthoritySecretName contains the name of a namespace-local Secret resource. The corresponding Secret
-	// must contain a key called "ca.crt" whose value is the CA certificate which clients should trust when connecting
-	// to the impersonation proxy.
-	CertificateAuthoritySecretName string `json:"certificateAuthoritySecretName"`
-
-	// TLSSecretName contains the name of a namespace-local Secret resource. The corresponding Secret must be of type
-	// "kubernetes.io/tls" and contain keys called "tls.crt" and "tls.key" whose values are the TLS certificate and
-	// private key that will be used by the impersonation proxy to serve its endpoints.
-	TLSSecretName string `json:"tlsSecretName"`
-}
-
 type Config struct {
 	// Enable or disable the impersonation proxy. Optional. Defaults to ModeAuto.
 	Mode Mode `json:"mode,omitempty"`
@ -53,10 +39,6 @@ type Config struct {
 	// for clients to use from outside the cluster. E.g. myhost.mycompany.com:8443. Clients should assume that they should
 	// connect via HTTPS to this service.
 	Endpoint string `json:"endpoint,omitempty"`
-
-	// The TLS configuration of the impersonation proxy's endpoints. Optional. When not specified, a CA and TLS
-	// certificate will be automatically created based on the Endpoint setting.
-	TLS *TLSConfig `json:"tls,omitempty"`
 }

 func NewConfig() *Config {
--- a/internal/concierge/impersonator/config_test.go
+++ b/internal/concierge/impersonator/config_test.go
@ -33,20 +33,13 @@ func TestConfigFromConfigMap(t *testing.T) {
 				Data: map[string]string{
 					"config.yaml": here.Doc(`
 						mode: enabled
-						endpoint: https://proxy.example.com:8443/
-						tls:
-							certificateAuthoritySecretName: my-ca-crt
-							tlsSecretName: my-tls-certificate-and-key
+						endpoint: proxy.example.com:8443
 					`),
 				},
 			},
 			wantConfig: &Config{
 				Mode:     "enabled",
-				Endpoint: "https://proxy.example.com:8443/",
-				TLS: &TLSConfig{
-					CertificateAuthoritySecretName: "my-ca-crt",
-					TLSSecretName:                  "my-tls-certificate-and-key",
-				},
+				Endpoint: "proxy.example.com:8443",
 			},
 		},
 		{
@ -61,7 +54,6 @@ func TestConfigFromConfigMap(t *testing.T) {
 			wantConfig: &Config{
 				Mode:     "auto",
 				Endpoint: "",
-				TLS:      nil,
 			},
 		},
 		{
@ -76,7 +68,6 @@ func TestConfigFromConfigMap(t *testing.T) {
 			wantConfig: &Config{
 				Mode:     "enabled",
 				Endpoint: "",
-				TLS:      nil,
 			},
 		},
 		{
@ -91,7 +82,6 @@ func TestConfigFromConfigMap(t *testing.T) {
 			wantConfig: &Config{
 				Mode:     "disabled",
 				Endpoint: "",
-				TLS:      nil,
 			},
 		},
 		{
@ -106,7 +96,6 @@ func TestConfigFromConfigMap(t *testing.T) {
 			wantConfig: &Config{
 				Mode:     "auto",
 				Endpoint: "",
-				TLS:      nil,
 			},
 		},
 		{
--- a/test/integration/concierge_impersonation_proxy_test.go
+++ b/test/integration/concierge_impersonation_proxy_test.go
@ -135,7 +135,6 @@ func TestImpersonationProxy(t *testing.T) {
 		configMap := configMapForConfig(t, env, impersonator.Config{
 			Mode:     impersonator.ModeEnabled,
 			Endpoint: proxyServiceEndpoint,
-			TLS:      nil,
 		})
 		t.Logf("creating configmap %s", configMap.Name)
 		_, err = adminClient.CoreV1().ConfigMaps(env.ConciergeNamespace).Create(ctx, &configMap, metav1.CreateOptions{})