Remove deprecated annotation secure-upstream (#9862)

2023-04-16 21:22:43 -03:00 · 2023-04-16 21:22:43 -03:00 · 6778c3ec44
commit 6778c3ec44
parent d3e75b056f
3 changed files with 0 additions and 213 deletions
--- a/internal/ingress/annotations/annotations.go
+++ b/internal/ingress/annotations/annotations.go
@ -58,7 +58,6 @@ import (
 	"k8s.io/ingress-nginx/internal/ingress/annotations/redirect"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/rewrite"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/satisfy"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/secureupstream"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/serversnippet"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/serviceupstream"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/sessionaffinity"
@ -103,7 +102,6 @@ type Ingress struct {
 	Redirect           redirect.Config
 	Rewrite            rewrite.Config
 	Satisfy            string
 	SecureUpstream     secureupstream.Config
 	ServerSnippet      string
 	ServiceUpstream    bool
 	SessionAffinity    sessionaffinity.Config
@ -155,7 +153,6 @@ func NewAnnotationExtractor(cfg resolver.Resolver) Extractor {
 			"Redirect":             redirect.NewParser(cfg),
 			"Rewrite":              rewrite.NewParser(cfg),
 			"Satisfy":              satisfy.NewParser(cfg),
 			"SecureUpstream":       secureupstream.NewParser(cfg),
 			"ServerSnippet":        serversnippet.NewParser(cfg),
 			"ServiceUpstream":      serviceupstream.NewParser(cfg),
 			"SessionAffinity":      sessionaffinity.NewParser(cfg),
--- a/internal/ingress/annotations/secureupstream/main.go
+++ b/internal/ingress/annotations/secureupstream/main.go
@ -1,48 +0,0 @@
 /*
 Copyright 2016 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package secureupstream
 import (
 	networking "k8s.io/api/networking/v1"
 	"k8s.io/klog/v2"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
 	"k8s.io/ingress-nginx/internal/ingress/resolver"
 )
 // Config describes SSL backend configuration
 type Config struct {
 	CACert resolver.AuthSSLCert `json:"caCert"`
 }
 type su struct {
 	r resolver.Resolver
 }
 // NewParser creates a new secure upstream annotation parser
 func NewParser(r resolver.Resolver) parser.IngressAnnotation {
 	return su{r}
 }
 // Parse parses the annotations contained in the ingress
 // rule used to indicate if the upstream servers should use SSL
 func (a su) Parse(ing *networking.Ingress) (secure interface{}, err error) {
 	if ca, _ := parser.GetStringAnnotation("secure-verify-ca-secret", ing); ca != "" {
 		klog.Warningf("NOTE! secure-verify-ca-secret is not supported anymore. Please use proxy-ssl-secret instead")
 	}
 	return
 }
--- a/internal/ingress/annotations/secureupstream/main_test.go
+++ b/internal/ingress/annotations/secureupstream/main_test.go
@ -1,162 +0,0 @@
 /*
 Copyright 2016 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package secureupstream
 import (
 	"fmt"
 	"testing"
 	api "k8s.io/api/core/v1"
 	networking "k8s.io/api/networking/v1"
 	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/parser"
 	"k8s.io/ingress-nginx/internal/ingress/resolver"
 )
 func buildIngress() *networking.Ingress {
 	defaultBackend := networking.IngressBackend{
 		Service: &networking.IngressServiceBackend{
 			Name: "default-backend",
 			Port: networking.ServiceBackendPort{
 				Number: 80,
 			},
 		},
 	}
 	return &networking.Ingress{
 		ObjectMeta: meta_v1.ObjectMeta{
 			Name:      "foo",
 			Namespace: api.NamespaceDefault,
 		},
 		Spec: networking.IngressSpec{
 			DefaultBackend: &networking.IngressBackend{
 				Service: &networking.IngressServiceBackend{
 					Name: "default-backend",
 					Port: networking.ServiceBackendPort{
 						Number: 80,
 					},
 				},
 			},
 			Rules: []networking.IngressRule{
 				{
 					Host: "foo.bar.com",
 					IngressRuleValue: networking.IngressRuleValue{
 						HTTP: &networking.HTTPIngressRuleValue{
 							Paths: []networking.HTTPIngressPath{
 								{
 									Path:    "/foo",
 									Backend: defaultBackend,
 								},
 							},
 						},
 					},
 				},
 			},
 		},
 	}
 }
 type mockCfg struct {
 	resolver.Mock
 	certs map[string]resolver.AuthSSLCert
 }
 func (cfg mockCfg) GetAuthCertificate(secret string) (*resolver.AuthSSLCert, error) {
 	if cert, ok := cfg.certs[secret]; ok {
 		return &cert, nil
 	}
 	return nil, fmt.Errorf("secret not found: %v", secret)
 }
 func TestNoCA(t *testing.T) {
 	ing := buildIngress()
 	data := map[string]string{}
 	data[parser.GetAnnotationWithPrefix("backend-protocol")] = "HTTPS"
 	ing.SetAnnotations(data)
 	_, err := NewParser(mockCfg{
 		certs: map[string]resolver.AuthSSLCert{
 			"default/secure-verify-ca": {},
 		},
 	}).Parse(ing)
 	if err != nil {
 		t.Errorf("Unexpected error on ingress: %v", err)
 	}
 }
 func TestAnnotations(t *testing.T) {
 	ing := buildIngress()
 	data := map[string]string{}
 	data[parser.GetAnnotationWithPrefix("backend-protocol")] = "HTTPS"
 	data[parser.GetAnnotationWithPrefix("secure-verify-ca-secret")] = "secure-verify-ca"
 	ing.SetAnnotations(data)
 	_, err := NewParser(mockCfg{
 		certs: map[string]resolver.AuthSSLCert{
 			"default/secure-verify-ca": {},
 		},
 	}).Parse(ing)
 	if err != nil {
 		t.Errorf("Unexpected error on ingress: %v", err)
 	}
 }
 func TestSecretNotFound(t *testing.T) {
 	ing := buildIngress()
 	data := map[string]string{}
 	data[parser.GetAnnotationWithPrefix("backend-protocol")] = "HTTPS"
 	data[parser.GetAnnotationWithPrefix("secure-verify-ca-secret")] = "secure-verify-ca"
 	ing.SetAnnotations(data)
 	_, err := NewParser(mockCfg{}).Parse(ing)
 	if err != nil {
 		t.Error("Expected secret not found error on ingress")
 	}
 }
 func TestSecretOnNonSecure(t *testing.T) {
 	ing := buildIngress()
 	data := map[string]string{}
 	data[parser.GetAnnotationWithPrefix("backend-protocol")] = "HTTP"
 	data[parser.GetAnnotationWithPrefix("secure-verify-ca-secret")] = "secure-verify-ca"
 	ing.SetAnnotations(data)
 	_, err := NewParser(mockCfg{
 		certs: map[string]resolver.AuthSSLCert{
 			"default/secure-verify-ca": {},
 		},
 	}).Parse(ing)
 	if err != nil {
 		t.Error("Expected CA secret on non secure backend error on ingress")
 	}
 }
 func TestUnsupportedAnnotation(t *testing.T) {
 	ing := buildIngress()
 	data := map[string]string{}
 	data[parser.GetAnnotationWithPrefix("backend-protocol")] = "HTTPS"
 	data[parser.GetAnnotationWithPrefix("secure-verify-ca-secret")] = "secure-verify-ca"
 	ing.SetAnnotations(data)
 	_, err := NewParser(mockCfg{
 		certs: map[string]resolver.AuthSSLCert{
 			"default/secure-verify-ca": {},
 		},
 	}).Parse(ing)
 	if err != nil {
 		t.Errorf("Unexpected error on ingress: %v", err)
 	}
 }