Remove tls field from the impersonator config

- Decided that we're not going to implement this now, although
  we may decide to add it in the future
This commit is contained in:
Ryan Richard 2021-03-02 12:23:32 -08:00
parent 4c68050706
commit 84cc42b2ca
3 changed files with 2 additions and 32 deletions

View File

@ -27,20 +27,6 @@ const (
ConfigMapDataKey = "config.yaml"
)
// When specified, both CertificateAuthoritySecretName and TLSSecretName are required. They may be specified to
// both point at the same Secret or to point at different Secrets.
type TLSConfig struct {
// CertificateAuthoritySecretName contains the name of a namespace-local Secret resource. The corresponding Secret
// must contain a key called "ca.crt" whose value is the CA certificate which clients should trust when connecting
// to the impersonation proxy.
CertificateAuthoritySecretName string `json:"certificateAuthoritySecretName"`
// TLSSecretName contains the name of a namespace-local Secret resource. The corresponding Secret must be of type
// "kubernetes.io/tls" and contain keys called "tls.crt" and "tls.key" whose values are the TLS certificate and
// private key that will be used by the impersonation proxy to serve its endpoints.
TLSSecretName string `json:"tlsSecretName"`
}
type Config struct {
// Enable or disable the impersonation proxy. Optional. Defaults to ModeAuto.
Mode Mode `json:"mode,omitempty"`
@ -53,10 +39,6 @@ type Config struct {
// for clients to use from outside the cluster. E.g. myhost.mycompany.com:8443. Clients should assume that they should
// connect via HTTPS to this service.
Endpoint string `json:"endpoint,omitempty"`
// The TLS configuration of the impersonation proxy's endpoints. Optional. When not specified, a CA and TLS
// certificate will be automatically created based on the Endpoint setting.
TLS *TLSConfig `json:"tls,omitempty"`
}
func NewConfig() *Config {

View File

@ -33,20 +33,13 @@ func TestConfigFromConfigMap(t *testing.T) {
Data: map[string]string{
"config.yaml": here.Doc(`
mode: enabled
endpoint: https://proxy.example.com:8443/
tls:
certificateAuthoritySecretName: my-ca-crt
tlsSecretName: my-tls-certificate-and-key
endpoint: proxy.example.com:8443
`),
},
},
wantConfig: &Config{
Mode: "enabled",
Endpoint: "https://proxy.example.com:8443/",
TLS: &TLSConfig{
CertificateAuthoritySecretName: "my-ca-crt",
TLSSecretName: "my-tls-certificate-and-key",
},
Endpoint: "proxy.example.com:8443",
},
},
{
@ -61,7 +54,6 @@ func TestConfigFromConfigMap(t *testing.T) {
wantConfig: &Config{
Mode: "auto",
Endpoint: "",
TLS: nil,
},
},
{
@ -76,7 +68,6 @@ func TestConfigFromConfigMap(t *testing.T) {
wantConfig: &Config{
Mode: "enabled",
Endpoint: "",
TLS: nil,
},
},
{
@ -91,7 +82,6 @@ func TestConfigFromConfigMap(t *testing.T) {
wantConfig: &Config{
Mode: "disabled",
Endpoint: "",
TLS: nil,
},
},
{
@ -106,7 +96,6 @@ func TestConfigFromConfigMap(t *testing.T) {
wantConfig: &Config{
Mode: "auto",
Endpoint: "",
TLS: nil,
},
},
{

View File

@ -135,7 +135,6 @@ func TestImpersonationProxy(t *testing.T) {
configMap := configMapForConfig(t, env, impersonator.Config{
Mode: impersonator.ModeEnabled,
Endpoint: proxyServiceEndpoint,
TLS: nil,
})
t.Logf("creating configmap %s", configMap.Name)
_, err = adminClient.CoreV1().ConfigMaps(env.ConciergeNamespace).Create(ctx, &configMap, metav1.CreateOptions{})