Skip to content

Commit

Permalink
Rename auto-tls to external-domain-tls (#14482)
Browse files Browse the repository at this point in the history
* Rename auto-tls to external-domain-tls

* Fix lint warnings
  • Loading branch information
ReToCode authored Oct 20, 2023
1 parent 425abcb commit 2c0b8dc
Show file tree
Hide file tree
Showing 34 changed files with 421 additions and 408 deletions.
2 changes: 1 addition & 1 deletion docs/encryption/knative-encryption.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ The different parts are independent of each other and (can) use different Certif
* These certificates are either [provided manually](https://knative.dev/docs/serving/using-a-tls-cert/) or by using an implementation to the [Knative Certificate abstraction](https://github.com/knative/networking/blob/main/pkg/apis/networking/v1alpha1/certificate_types.go#L34). Currently, we support two implementations:
* [net-certmanager](https://github.com/knative-extensions/net-certmanager)
* [net-http01](https://github.com/knative-extensions/net-http01)
* Please refer to the [documentation](https://knative.dev/docs/serving/using-auto-tls/) for more information.
* Please refer to the [documentation](https://knative.dev/docs/serving/using-external-domain-tls/) for more information.


### (2) Cluster-local certificates
Expand Down
8 changes: 4 additions & 4 deletions pkg/apis/serving/v1/route_lifecycle.go
Original file line number Diff line number Diff line change
Expand Up @@ -190,10 +190,10 @@ func (rs *RouteStatus) MarkCertificateNotOwned(name string) {
}

const (
// AutoTLSNotEnabledMessage is the message which is set on the
// ExternalDomainTLSNotEnabledMessage is the message which is set on the
// RouteConditionCertificateProvisioned condition when it is set to True
// because AutoTLS was not enabled.
AutoTLSNotEnabledMessage = "auto-tls is not enabled"
// because external-domain-tls was not enabled.
ExternalDomainTLSNotEnabledMessage = "external-domain-tls is not enabled"

// TLSNotEnabledForClusterLocalMessage is the message which is set on the
// RouteConditionCertificateProvisioned condition when it is set to True
Expand All @@ -202,7 +202,7 @@ const (
)

// MarkTLSNotEnabled sets RouteConditionCertificateProvisioned to true when
// certificate config such as auto-tls is not enabled or private cluster-local service.
// certificate config such as external-domain-tls is not enabled or private cluster-local service.
func (rs *RouteStatus) MarkTLSNotEnabled(msg string) {
routeCondSet.Manage(rs).MarkTrueWithReason(RouteConditionCertificateProvisioned,
"TLSNotEnabled", msg)
Expand Down
8 changes: 4 additions & 4 deletions pkg/apis/serving/v1/route_lifecycle_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ func TestTypicalRouteFlow(t *testing.T) {
apistest.CheckConditionOngoing(r, RouteConditionReady, t)

r.MarkTrafficAssigned()
r.MarkTLSNotEnabled(AutoTLSNotEnabledMessage)
r.MarkTLSNotEnabled(ExternalDomainTLSNotEnabledMessage)
apistest.CheckConditionSucceeded(r, RouteConditionAllTrafficAssigned, t)
apistest.CheckConditionOngoing(r, RouteConditionIngressReady, t)
apistest.CheckConditionOngoing(r, RouteConditionReady, t)
Expand Down Expand Up @@ -367,7 +367,7 @@ func TestIngressFailureRecovery(t *testing.T) {
apistest.CheckConditionOngoing(r, RouteConditionReady, t)

r.MarkTrafficAssigned()
r.MarkTLSNotEnabled(AutoTLSNotEnabledMessage)
r.MarkTLSNotEnabled(ExternalDomainTLSNotEnabledMessage)
r.PropagateIngressStatus(netv1alpha1.IngressStatus{
Status: duckv1.Status{
Conditions: duckv1.Conditions{{
Expand Down Expand Up @@ -467,10 +467,10 @@ func TestEndpointNotOwned(t *testing.T) {
apistest.CheckConditionFailed(r, RouteConditionIngressReady, t)
}

func TestRouteAutoTLSNotEnabled(t *testing.T) {
func TestRouteExternalDomainTLSNotEnabled(t *testing.T) {
r := &RouteStatus{}
r.InitializeConditions()
r.MarkTLSNotEnabled(AutoTLSNotEnabledMessage)
r.MarkTLSNotEnabled(ExternalDomainTLSNotEnabledMessage)

apistest.CheckConditionSucceeded(r, RouteConditionCertificateProvisioned, t)
}
Expand Down
6 changes: 3 additions & 3 deletions pkg/apis/serving/v1beta1/domainmapping_lifecycle.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,10 +59,10 @@ func (dms *DomainMappingStatus) InitializeConditions() {
}

const (
// AutoTLSNotEnabledMessage is the message which is set on the
// ExternalDomainTLSNotEnabledMessage is the message which is set on the
// DomainMappingConditionCertificateProvisioned condition when it is set to True
// because AutoTLS was not enabled.
AutoTLSNotEnabledMessage = "auto-tls is not enabled"
// because external-domain-tls was not enabled.
ExternalDomainTLSNotEnabledMessage = "external-domain-tls is not enabled"
// TLSCertificateProvidedExternally indicates that a TLS secret won't be created or managed
// instead a reference to an existing TLS secret should have been provided in the DomainMapping spec
TLSCertificateProvidedExternally = "TLS certificate was provided externally"
Expand Down
10 changes: 5 additions & 5 deletions pkg/apis/serving/v1beta1/domainmapping_lifecycle_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ func TestDomainClaimConditions(t *testing.T) {
dms := &DomainMappingStatus{}

dms.InitializeConditions()
dms.MarkTLSNotEnabled("AutoTLS not yet available for DomainMapping")
dms.MarkTLSNotEnabled("external-domain-tls not yet available for DomainMapping")
apistest.CheckConditionOngoing(dms, DomainMappingConditionDomainClaimed, t)
apistest.CheckConditionOngoing(dms, DomainMappingConditionReady, t)

Expand Down Expand Up @@ -103,7 +103,7 @@ func TestReferenceResolvedCondition(t *testing.T) {
dms := &DomainMappingStatus{}

dms.InitializeConditions()
dms.MarkTLSNotEnabled("AutoTLS not yet available for DomainMapping")
dms.MarkTLSNotEnabled("external-domain-tls not yet available for DomainMapping")
apistest.CheckConditionOngoing(dms, DomainMappingConditionReferenceResolved, t)
apistest.CheckConditionOngoing(dms, DomainMappingConditionReady, t)

Expand Down Expand Up @@ -157,10 +157,10 @@ func TestDomainMappingNotOwnCertificate(t *testing.T) {
apistest.CheckConditionFailed(dms, DomainMappingConditionCertificateProvisioned, t)
}

func TestDomainMappingAutoTLSNotEnabled(t *testing.T) {
func TestDomainMappingExternalDomainTLSNotEnabled(t *testing.T) {
dms := &DomainMappingStatus{}
dms.InitializeConditions()
dms.MarkTLSNotEnabled(AutoTLSNotEnabledMessage)
dms.MarkTLSNotEnabled(ExternalDomainTLSNotEnabledMessage)

apistest.CheckConditionSucceeded(dms, DomainMappingConditionCertificateProvisioned, t)
}
Expand All @@ -177,7 +177,7 @@ func TestPropagateIngressStatus(t *testing.T) {
dms := &DomainMappingStatus{}

dms.InitializeConditions()
dms.MarkTLSNotEnabled("AutoTLS not yet available for DomainMapping")
dms.MarkTLSNotEnabled("external-domain-tls not yet available for DomainMapping")
apistest.CheckConditionOngoing(dms, DomainMappingConditionIngressReady, t)
apistest.CheckConditionOngoing(dms, DomainMappingConditionReady, t)

Expand Down
12 changes: 6 additions & 6 deletions pkg/reconciler/domainmapping/reconciler.go
Original file line number Diff line number Diff line change
Expand Up @@ -171,18 +171,18 @@ func (r *Reconciler) FinalizeKind(ctx context.Context, dm *v1beta1.DomainMapping
return r.netclient.NetworkingV1alpha1().ClusterDomainClaims().Delete(ctx, dm.Name, metav1.DeleteOptions{})
}

func autoTLSEnabled(ctx context.Context, dm *v1beta1.DomainMapping) bool {
if !config.FromContext(ctx).Network.AutoTLS {
func externalDomainTLSEnabled(ctx context.Context, dm *v1beta1.DomainMapping) bool {
if !config.FromContext(ctx).Network.ExternalDomainTLS {
return false
}
annotationValue := netapi.GetDisableAutoTLS(dm.Annotations)
annotationValue := netapi.GetDisableExternalDomainTLS(dm.Annotations)
disabledByAnnotation, err := strconv.ParseBool(annotationValue)
if annotationValue != "" && err != nil {
logger := logging.FromContext(ctx)
// Validation should've caught an invalid value here.
// If we have one anyway, assume not disabled and log a warning.
logger.Warnf("DM.Annotations[%s] = %q is invalid",
netapi.DisableAutoTLSAnnotationKey, annotationValue)
netapi.DisableExternalDomainTLSAnnotation, annotationValue)
}

return !disabledByAnnotation
Expand All @@ -203,8 +203,8 @@ func (r *Reconciler) tls(ctx context.Context, dm *v1beta1.DomainMapping) ([]netv
}}, nil, nil
}

if !autoTLSEnabled(ctx, dm) {
dm.Status.MarkTLSNotEnabled(v1.AutoTLSNotEnabledMessage)
if !externalDomainTLSEnabled(ctx, dm) {
dm.Status.MarkTLSNotEnabled(v1.ExternalDomainTLSNotEnabledMessage)
return nil, nil, nil
}

Expand Down
74 changes: 37 additions & 37 deletions pkg/reconciler/domainmapping/reconciler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,65 +25,65 @@ import (
"knative.dev/serving/pkg/reconciler/domainmapping/config"
)

func TestAutoTLSEnabled(t *testing.T) {
func TestExternalDomainTLSEnabled(t *testing.T) {
dm := domainMapping("test-ns", "test-route")

for _, tc := range []struct {
name string
configAutoTLSEnabled bool
tlsDisabledAnnotation string
wantAutoTLSEnabled bool
name string
configExternalDomainTLSEnabled bool
tlsDisabledAnnotation string
wantExternalDomainTLSEnabled bool
}{{
name: "AutoTLS enabled by config, not disabled by annotation",
configAutoTLSEnabled: true,
wantAutoTLSEnabled: true,
name: "ExternalDomainTLS enabled by config, not disabled by annotation",
configExternalDomainTLSEnabled: true,
wantExternalDomainTLSEnabled: true,
}, {
name: "AutoTLS enabled by config, disabled by annotation",
configAutoTLSEnabled: true,
tlsDisabledAnnotation: "true",
wantAutoTLSEnabled: false,
name: "ExternalDomainTLS enabled by config, disabled by annotation",
configExternalDomainTLSEnabled: true,
tlsDisabledAnnotation: "true",
wantExternalDomainTLSEnabled: false,
}, {
name: "AutoTLS disabled by config, not disabled by annotation",
configAutoTLSEnabled: false,
wantAutoTLSEnabled: false,
name: "ExternalDomainTLS disabled by config, not disabled by annotation",
configExternalDomainTLSEnabled: false,
wantExternalDomainTLSEnabled: false,
}, {
name: "AutoTLS disabled by config, disabled by annotation",
configAutoTLSEnabled: false,
tlsDisabledAnnotation: "true",
wantAutoTLSEnabled: false,
name: "ExternalDomainTLS disabled by config, disabled by annotation",
configExternalDomainTLSEnabled: false,
tlsDisabledAnnotation: "true",
wantExternalDomainTLSEnabled: false,
}, {
name: "AutoTLS enabled by config, invalid annotation",
configAutoTLSEnabled: true,
tlsDisabledAnnotation: "foo",
wantAutoTLSEnabled: true,
name: "ExternalDomainTLS enabled by config, invalid annotation",
configExternalDomainTLSEnabled: true,
tlsDisabledAnnotation: "foo",
wantExternalDomainTLSEnabled: true,
}, {
name: "AutoTLS disabled by config, invalid annotation",
configAutoTLSEnabled: false,
tlsDisabledAnnotation: "foo",
wantAutoTLSEnabled: false,
name: "ExternalDomainTLS disabled by config, invalid annotation",
configExternalDomainTLSEnabled: false,
tlsDisabledAnnotation: "foo",
wantExternalDomainTLSEnabled: false,
}, {
name: "AutoTLS disabled by config nil annotations",
configAutoTLSEnabled: false,
wantAutoTLSEnabled: false,
name: "ExternalDomainTLS disabled by config nil annotations",
configExternalDomainTLSEnabled: false,
wantExternalDomainTLSEnabled: false,
}, {
name: "AutoTLS enabled by config, nil annotations",
configAutoTLSEnabled: true,
wantAutoTLSEnabled: true,
name: "ExternalDomainTLS enabled by config, nil annotations",
configExternalDomainTLSEnabled: true,
wantExternalDomainTLSEnabled: true,
}} {
t.Run(tc.name, func(t *testing.T) {
ctx := logtesting.TestContextWithLogger(t)
ctx = config.ToContext(ctx, &config.Config{
Network: &netcfg.Config{
AutoTLS: tc.configAutoTLSEnabled,
ExternalDomainTLS: tc.configExternalDomainTLSEnabled,
},
})
if tc.tlsDisabledAnnotation != "" {
dm.Annotations = map[string]string{
netapi.DisableAutoTLSAnnotationKey: tc.tlsDisabledAnnotation,
netapi.DisableExternalDomainTLSAnnotationKey: tc.tlsDisabledAnnotation,
}
}
if got := autoTLSEnabled(ctx, dm); got != tc.wantAutoTLSEnabled {
t.Errorf("autoTLSEnabled = %t, want %t", got, tc.wantAutoTLSEnabled)
if got := externalDomainTLSEnabled(ctx, dm); got != tc.wantExternalDomainTLSEnabled {
t.Errorf("externalDomainTLSEnabled = %t, want %t", got, tc.wantExternalDomainTLSEnabled)
}
})
}
Expand Down
6 changes: 3 additions & 3 deletions pkg/reconciler/domainmapping/table_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1251,7 +1251,7 @@ func TestReconcileTLSEnabled(t *testing.T) {
Network: &netcfg.Config{
DefaultIngressClass: "the-ingress-class",
DefaultCertificateClass: "the-cert-class",
AutoTLS: true,
ExternalDomainTLS: true,
HTTPProtocol: netcfg.HTTPRedirected,
DefaultExternalScheme: "http",
},
Expand Down Expand Up @@ -1318,7 +1318,7 @@ func TestReconcileTLSEnabledButDowngraded(t *testing.T) {
Network: &netcfg.Config{
DefaultIngressClass: "the-ingress-class",
DefaultCertificateClass: "the-cert-class",
AutoTLS: true,
ExternalDomainTLS: true,
HTTPProtocol: netcfg.HTTPEnabled,
DefaultExternalScheme: "http",
},
Expand Down Expand Up @@ -1425,7 +1425,7 @@ func withInitDomainMappingConditions(dm *v1beta1.DomainMapping) {
}

func withTLSNotEnabled(dm *v1beta1.DomainMapping) {
dm.Status.MarkTLSNotEnabled(servingv1.AutoTLSNotEnabledMessage)
dm.Status.MarkTLSNotEnabled(servingv1.ExternalDomainTLSNotEnabledMessage)
}

func withCertificateNotReady(dm *v1beta1.DomainMapping) {
Expand Down
24 changes: 12 additions & 12 deletions pkg/reconciler/nscert/nscert_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,8 +99,8 @@ func newTestSetup(t *testing.T, configs ...*corev1.ConfigMap) (
Namespace: system.Namespace(),
},
Data: map[string]string{
"domain-template": defaultDomainTemplate,
"auto-tls": "true",
"domain-template": defaultDomainTemplate,
"external-domain-tls": "true",
// Apply to all namespaces
"namespace-wildcard-cert-selector": "{}",
},
Expand Down Expand Up @@ -323,7 +323,7 @@ func TestUpdateDomainTemplate(t *testing.T) {
},
Data: map[string]string{
"namespace-wildcard-cert-selector": "{}",
"auto-tls": "Enabled",
"external-domain-tls": "Enabled",
},
}
ctx, cancel, certEvents, watcher := newTestSetup(t, netCfg)
Expand All @@ -348,7 +348,7 @@ func TestUpdateDomainTemplate(t *testing.T) {
Data: map[string]string{
"domain-template": "{{.Name}}-suffix.{{.Namespace}}.{{.Domain}}",
"namespace-wildcard-cert-selector": "{}",
"auto-tls": "Enabled",
"external-domain-tls": "Enabled",
},
}
watcher.OnChange(netCfg)
Expand All @@ -369,7 +369,7 @@ func TestUpdateDomainTemplate(t *testing.T) {
Data: map[string]string{
"domain-template": "{{.Name}}.subdomain.{{.Namespace}}.{{.Domain}}",
"namespace-wildcard-cert-selector": `{}`,
"auto-tls": "Enabled",
"external-domain-tls": "Enabled",
},
}
watcher.OnChange(netCfg)
Expand All @@ -389,8 +389,8 @@ func TestUpdateDomainTemplate(t *testing.T) {
Namespace: system.Namespace(),
},
Data: map[string]string{
"domain-template": "{{.Namespace}}.{{.Name}}.{{.Domain}}",
"auto-tls": "Enabled",
"domain-template": "{{.Namespace}}.{{.Name}}.{{.Domain}}",
"external-domain-tls": "Enabled",
},
}
watcher.OnChange(netCfg)
Expand All @@ -416,7 +416,7 @@ func TestChangeDefaultDomain(t *testing.T) {
Namespace: system.Namespace(),
},
Data: map[string]string{
"auto-tls": "Enabled",
"external-domain-tls": "Enabled",
"namespace-wildcard-cert-selector": "{}",
},
}
Expand Down Expand Up @@ -472,15 +472,15 @@ func TestDomainConfigDomain(t *testing.T) {
name: "no domainmapping without config",
domainCfg: map[string]string{},
netCfg: map[string]string{
"auto-tls": "Enabled",
"external-domain-tls": "Enabled",
},
}, {
name: "default domain",
domainCfg: map[string]string{
"other.com": "selector:\n app: dev",
},
netCfg: map[string]string{
"auto-tls": "Enabled",
"external-domain-tls": "Enabled",
"namespace-wildcard-cert-selector": "{}",
},
wantCertName: "testns.svc.cluster.local",
Expand All @@ -491,7 +491,7 @@ func TestDomainConfigDomain(t *testing.T) {
"default.com": "",
},
netCfg: map[string]string{
"auto-tls": "Enabled",
"external-domain-tls": "Enabled",
"namespace-wildcard-cert-selector": "{}",
},
wantCertName: "testns.default.com",
Expand Down Expand Up @@ -614,7 +614,7 @@ func kubeNamespaceWithLabelValue(name string, labels map[string]string) *corev1.
func networkConfig() *netcfg.Config {
return &netcfg.Config{
DomainTemplate: defaultDomainTemplate,
AutoTLS: true,
ExternalDomainTLS: true,
DefaultCertificateClass: testCertClass,
NamespaceWildcardCertSelector: &metav1.LabelSelector{},
}
Expand Down
Loading

0 comments on commit 2c0b8dc

Please sign in to comment.