diff --git a/deploy/concierge/deployment.yaml b/deploy/concierge/deployment.yaml index edef2fd8..c00ce5e4 100644 --- a/deploy/concierge/deployment.yaml +++ b/deploy/concierge/deployment.yaml @@ -49,7 +49,6 @@ data: servingCertificateSecret: (@= defaultResourceNameWithSuffix("api-tls-serving-certificate") @) credentialIssuer: (@= defaultResourceNameWithSuffix("config") @) apiService: (@= defaultResourceNameWithSuffix("api") @) - impersonationConfigMap: (@= defaultResourceNameWithSuffix("impersonation-proxy-config") @) impersonationLoadBalancerService: (@= defaultResourceNameWithSuffix("impersonation-proxy-load-balancer") @) impersonationClusterIPService: (@= defaultResourceNameWithSuffix("impersonation-proxy-cluster-ip") @) impersonationTLSCertificateSecret: (@= defaultResourceNameWithSuffix("impersonation-proxy-tls-serving-certificate") @) diff --git a/internal/config/concierge/config.go b/internal/config/concierge/config.go index bb7fbee8..cbe9d7f9 100644 --- a/internal/config/concierge/config.go +++ b/internal/config/concierge/config.go @@ -108,9 +108,6 @@ func validateNames(names *NamesConfigSpec) error { if names.APIService == "" { missingNames = append(missingNames, "apiService") } - if names.ImpersonationConfigMap == "" { - missingNames = append(missingNames, "impersonationConfigMap") - } if names.ImpersonationLoadBalancerService == "" { missingNames = append(missingNames, "impersonationLoadBalancerService") } diff --git a/internal/config/concierge/config_test.go b/internal/config/concierge/config_test.go index 5d4097ea..c29fb5f6 100644 --- a/internal/config/concierge/config_test.go +++ b/internal/config/concierge/config_test.go @@ -38,7 +38,6 @@ func TestFromPath(t *testing.T) { credentialIssuer: pinniped-config apiService: pinniped-api kubeCertAgentPrefix: kube-cert-agent-prefix - impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value @@ -46,6 +45,7 @@ func TestFromPath(t *testing.T) { impersonationSignerSecret: impersonationSignerSecret-value impersonationSignerSecret: impersonationSignerSecret-value agentServiceAccount: agentServiceAccount-value + extraName: extraName-value labels: myLabelKey1: myLabelValue1 myLabelKey2: myLabelValue2 @@ -70,7 +70,6 @@ func TestFromPath(t *testing.T) { ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate", CredentialIssuer: "pinniped-config", APIService: "pinniped-api", - ImpersonationConfigMap: "impersonationConfigMap-value", ImpersonationLoadBalancerService: "impersonationLoadBalancerService-value", ImpersonationClusterIPService: "impersonationClusterIPService-value", ImpersonationTLSCertificateSecret: "impersonationTLSCertificateSecret-value", @@ -98,7 +97,6 @@ func TestFromPath(t *testing.T) { servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate credentialIssuer: pinniped-config apiService: pinniped-api - impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value @@ -121,7 +119,6 @@ func TestFromPath(t *testing.T) { ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate", CredentialIssuer: "pinniped-config", APIService: "pinniped-api", - ImpersonationConfigMap: "impersonationConfigMap-value", ImpersonationLoadBalancerService: "impersonationLoadBalancerService-value", ImpersonationClusterIPService: "impersonationClusterIPService-value", ImpersonationTLSCertificateSecret: "impersonationTLSCertificateSecret-value", @@ -140,7 +137,7 @@ func TestFromPath(t *testing.T) { name: "Empty", yaml: here.Doc(``), wantError: "validate names: missing required names: servingCertificateSecret, credentialIssuer, " + - "apiService, impersonationConfigMap, impersonationLoadBalancerService, " + + "apiService, impersonationLoadBalancerService, " + "impersonationClusterIPService, impersonationTLSCertificateSecret, impersonationCACertificateSecret, " + "impersonationSignerSecret, agentServiceAccount", }, @@ -151,7 +148,6 @@ func TestFromPath(t *testing.T) { names: servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate credentialIssuer: pinniped-config - impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value @@ -168,7 +164,6 @@ func TestFromPath(t *testing.T) { names: servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate apiService: pinniped-api - impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value @@ -185,7 +180,6 @@ func TestFromPath(t *testing.T) { names: credentialIssuer: pinniped-config apiService: pinniped-api - impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value @@ -195,23 +189,6 @@ func TestFromPath(t *testing.T) { `), wantError: "validate names: missing required names: servingCertificateSecret", }, - { - name: "Missing impersonationConfigMap name", - yaml: here.Doc(` - --- - names: - servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate - credentialIssuer: pinniped-config - apiService: pinniped-api - impersonationLoadBalancerService: impersonationLoadBalancerService-value - impersonationClusterIPService: impersonationClusterIPService-value - impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value - impersonationCACertificateSecret: impersonationCACertificateSecret-value - impersonationSignerSecret: impersonationSignerSecret-value - agentServiceAccount: agentServiceAccount-value - `), - wantError: "validate names: missing required names: impersonationConfigMap", - }, { name: "Missing impersonationLoadBalancerService name", yaml: here.Doc(` @@ -220,7 +197,6 @@ func TestFromPath(t *testing.T) { servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate credentialIssuer: pinniped-config apiService: pinniped-api - impersonationConfigMap: impersonationConfigMap-value impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationCACertificateSecret: impersonationCACertificateSecret-value @@ -237,7 +213,6 @@ func TestFromPath(t *testing.T) { servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate credentialIssuer: pinniped-config apiService: pinniped-api - impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationCACertificateSecret: impersonationCACertificateSecret-value @@ -254,7 +229,6 @@ func TestFromPath(t *testing.T) { servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate credentialIssuer: pinniped-config apiService: pinniped-api - impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value impersonationClusterIPService: impersonationClusterIPService-value impersonationCACertificateSecret: impersonationCACertificateSecret-value @@ -271,7 +245,6 @@ func TestFromPath(t *testing.T) { servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate credentialIssuer: pinniped-config apiService: pinniped-api - impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value @@ -288,7 +261,6 @@ func TestFromPath(t *testing.T) { servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate credentialIssuer: pinniped-config apiService: pinniped-api - impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value @@ -310,7 +282,7 @@ func TestFromPath(t *testing.T) { impersonationSignerSecret: impersonationSignerSecret-value agentServiceAccount: agentServiceAccount-value `), - wantError: "validate names: missing required names: impersonationConfigMap, " + + wantError: "validate names: missing required names: " + "impersonationTLSCertificateSecret, impersonationCACertificateSecret", }, { @@ -325,7 +297,6 @@ func TestFromPath(t *testing.T) { servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate credentialIssuer: pinniped-config apiService: pinniped-api - impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationCACertificateSecret: impersonationCACertificateSecret-value @@ -345,7 +316,6 @@ func TestFromPath(t *testing.T) { servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate credentialIssuer: pinniped-config apiService: pinniped-api - impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationCACertificateSecret: impersonationCACertificateSecret-value @@ -365,7 +335,6 @@ func TestFromPath(t *testing.T) { servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate credentialIssuer: pinniped-config apiService: pinniped-api - impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationCACertificateSecret: impersonationCACertificateSecret-value @@ -386,7 +355,6 @@ func TestFromPath(t *testing.T) { servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate credentialIssuer: pinniped-config apiService: pinniped-api - impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationCACertificateSecret: impersonationCACertificateSecret-value diff --git a/internal/config/concierge/types.go b/internal/config/concierge/types.go index ea174e65..6aa6733a 100644 --- a/internal/config/concierge/types.go +++ b/internal/config/concierge/types.go @@ -33,12 +33,9 @@ type APIConfigSpec struct { // NamesConfigSpec configures the names of some Kubernetes resources for the Concierge. type NamesConfigSpec struct { - ServingCertificateSecret string `json:"servingCertificateSecret"` - CredentialIssuer string `json:"credentialIssuer"` - APIService string `json:"apiService"` - - // TODO: remove this key entirely - ImpersonationConfigMap string `json:"impersonationConfigMap"` + ServingCertificateSecret string `json:"servingCertificateSecret"` + CredentialIssuer string `json:"credentialIssuer"` + APIService string `json:"apiService"` ImpersonationLoadBalancerService string `json:"impersonationLoadBalancerService"` ImpersonationClusterIPService string `json:"impersonationClusterIPService"` ImpersonationTLSCertificateSecret string `json:"impersonationTLSCertificateSecret"`