Remove tls
field from the impersonator config
- Decided that we're not going to implement this now, although we may decide to add it in the future
This commit is contained in:
parent
4c68050706
commit
84cc42b2ca
@ -27,20 +27,6 @@ const (
|
||||
ConfigMapDataKey = "config.yaml"
|
||||
)
|
||||
|
||||
// When specified, both CertificateAuthoritySecretName and TLSSecretName are required. They may be specified to
|
||||
// both point at the same Secret or to point at different Secrets.
|
||||
type TLSConfig struct {
|
||||
// CertificateAuthoritySecretName contains the name of a namespace-local Secret resource. The corresponding Secret
|
||||
// must contain a key called "ca.crt" whose value is the CA certificate which clients should trust when connecting
|
||||
// to the impersonation proxy.
|
||||
CertificateAuthoritySecretName string `json:"certificateAuthoritySecretName"`
|
||||
|
||||
// TLSSecretName contains the name of a namespace-local Secret resource. The corresponding Secret must be of type
|
||||
// "kubernetes.io/tls" and contain keys called "tls.crt" and "tls.key" whose values are the TLS certificate and
|
||||
// private key that will be used by the impersonation proxy to serve its endpoints.
|
||||
TLSSecretName string `json:"tlsSecretName"`
|
||||
}
|
||||
|
||||
type Config struct {
|
||||
// Enable or disable the impersonation proxy. Optional. Defaults to ModeAuto.
|
||||
Mode Mode `json:"mode,omitempty"`
|
||||
@ -53,10 +39,6 @@ type Config struct {
|
||||
// for clients to use from outside the cluster. E.g. myhost.mycompany.com:8443. Clients should assume that they should
|
||||
// connect via HTTPS to this service.
|
||||
Endpoint string `json:"endpoint,omitempty"`
|
||||
|
||||
// The TLS configuration of the impersonation proxy's endpoints. Optional. When not specified, a CA and TLS
|
||||
// certificate will be automatically created based on the Endpoint setting.
|
||||
TLS *TLSConfig `json:"tls,omitempty"`
|
||||
}
|
||||
|
||||
func NewConfig() *Config {
|
||||
|
@ -33,20 +33,13 @@ func TestConfigFromConfigMap(t *testing.T) {
|
||||
Data: map[string]string{
|
||||
"config.yaml": here.Doc(`
|
||||
mode: enabled
|
||||
endpoint: https://proxy.example.com:8443/
|
||||
tls:
|
||||
certificateAuthoritySecretName: my-ca-crt
|
||||
tlsSecretName: my-tls-certificate-and-key
|
||||
endpoint: proxy.example.com:8443
|
||||
`),
|
||||
},
|
||||
},
|
||||
wantConfig: &Config{
|
||||
Mode: "enabled",
|
||||
Endpoint: "https://proxy.example.com:8443/",
|
||||
TLS: &TLSConfig{
|
||||
CertificateAuthoritySecretName: "my-ca-crt",
|
||||
TLSSecretName: "my-tls-certificate-and-key",
|
||||
},
|
||||
Endpoint: "proxy.example.com:8443",
|
||||
},
|
||||
},
|
||||
{
|
||||
@ -61,7 +54,6 @@ func TestConfigFromConfigMap(t *testing.T) {
|
||||
wantConfig: &Config{
|
||||
Mode: "auto",
|
||||
Endpoint: "",
|
||||
TLS: nil,
|
||||
},
|
||||
},
|
||||
{
|
||||
@ -76,7 +68,6 @@ func TestConfigFromConfigMap(t *testing.T) {
|
||||
wantConfig: &Config{
|
||||
Mode: "enabled",
|
||||
Endpoint: "",
|
||||
TLS: nil,
|
||||
},
|
||||
},
|
||||
{
|
||||
@ -91,7 +82,6 @@ func TestConfigFromConfigMap(t *testing.T) {
|
||||
wantConfig: &Config{
|
||||
Mode: "disabled",
|
||||
Endpoint: "",
|
||||
TLS: nil,
|
||||
},
|
||||
},
|
||||
{
|
||||
@ -106,7 +96,6 @@ func TestConfigFromConfigMap(t *testing.T) {
|
||||
wantConfig: &Config{
|
||||
Mode: "auto",
|
||||
Endpoint: "",
|
||||
TLS: nil,
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -135,7 +135,6 @@ func TestImpersonationProxy(t *testing.T) {
|
||||
configMap := configMapForConfig(t, env, impersonator.Config{
|
||||
Mode: impersonator.ModeEnabled,
|
||||
Endpoint: proxyServiceEndpoint,
|
||||
TLS: nil,
|
||||
})
|
||||
t.Logf("creating configmap %s", configMap.Name)
|
||||
_, err = adminClient.CoreV1().ConfigMaps(env.ConciergeNamespace).Create(ctx, &configMap, metav1.CreateOptions{})
|
||||
|
Loading…
Reference in New Issue
Block a user