From 2c0b8dcb386f7fbf1877236abae4792de4031e0c Mon Sep 17 00:00:00 2001 From: Reto Lehmann Date: Fri, 20 Oct 2023 18:06:18 +0200 Subject: [PATCH] Rename auto-tls to external-domain-tls (#14482) * Rename auto-tls to external-domain-tls * Fix lint warnings --- docs/encryption/knative-encryption.md | 2 +- pkg/apis/serving/v1/route_lifecycle.go | 8 +- pkg/apis/serving/v1/route_lifecycle_test.go | 8 +- .../v1beta1/domainmapping_lifecycle.go | 6 +- .../v1beta1/domainmapping_lifecycle_test.go | 10 +- pkg/reconciler/domainmapping/reconciler.go | 12 +- .../domainmapping/reconciler_test.go | 74 +++--- pkg/reconciler/domainmapping/table_test.go | 6 +- pkg/reconciler/nscert/nscert_test.go | 24 +- pkg/reconciler/route/route.go | 16 +- pkg/reconciler/route/route_test.go | 62 ++--- pkg/reconciler/route/table_test.go | 86 +++---- pkg/testing/v1/route.go | 6 +- .../caissuer/config-certmanager.yaml | 0 .../certmanager/caissuer/generate.sh | 2 +- .../certmanager/caissuer/issuer.yaml | 0 .../certmanager/caissuer/secret.yaml | 0 .../http01/config-certmanager.yaml | 0 .../certmanager/http01/issuer.yaml | 0 .../certmanager/http01/mesh-issuer.yaml | 0 .../selfsigned/config-certmanager.yaml | 0 .../certmanager/selfsigned/issuer.yaml | 0 test/e2e-auto-tls-tests.sh | 215 +----------------- test/e2e-common.sh | 10 +- test/e2e-external-domain-tls-tests.sh | 214 +++++++++++++++++ test/e2e-tests.sh | 10 +- .../{autotls => externaldomaintls}/README.md | 29 ++- .../auto_tls_test.go | 12 +- .../config/dnscleanup/main.go | 4 +- .../config/dnssetup/main.go | 2 +- .../config/util.go | 0 .../domain_mapping_test.go | 7 +- .../http_redirect_test.go | 2 +- .../util_test.go | 2 +- 34 files changed, 421 insertions(+), 408 deletions(-) rename test/config/{autotls => externaldomaintls}/certmanager/caissuer/config-certmanager.yaml (100%) rename test/config/{autotls => externaldomaintls}/certmanager/caissuer/generate.sh (95%) rename test/config/{autotls => externaldomaintls}/certmanager/caissuer/issuer.yaml (100%) rename test/config/{autotls => externaldomaintls}/certmanager/caissuer/secret.yaml (100%) rename test/config/{autotls => externaldomaintls}/certmanager/http01/config-certmanager.yaml (100%) rename test/config/{autotls => externaldomaintls}/certmanager/http01/issuer.yaml (100%) rename test/config/{autotls => externaldomaintls}/certmanager/http01/mesh-issuer.yaml (100%) rename test/config/{autotls => externaldomaintls}/certmanager/selfsigned/config-certmanager.yaml (100%) rename test/config/{autotls => externaldomaintls}/certmanager/selfsigned/issuer.yaml (100%) mode change 100755 => 120000 test/e2e-auto-tls-tests.sh create mode 100755 test/e2e-external-domain-tls-tests.sh rename test/e2e/{autotls => externaldomaintls}/README.md (50%) rename test/e2e/{autotls => externaldomaintls}/auto_tls_test.go (95%) rename test/e2e/{autotls => externaldomaintls}/config/dnscleanup/main.go (87%) rename test/e2e/{autotls => externaldomaintls}/config/dnssetup/main.go (98%) rename test/e2e/{autotls => externaldomaintls}/config/util.go (100%) rename test/e2e/{autotls => externaldomaintls}/domain_mapping_test.go (94%) rename test/e2e/{autotls => externaldomaintls}/http_redirect_test.go (98%) rename test/e2e/{autotls => externaldomaintls}/util_test.go (99%) diff --git a/docs/encryption/knative-encryption.md b/docs/encryption/knative-encryption.md index 1d3eda277581..71aa082ca4fa 100644 --- a/docs/encryption/knative-encryption.md +++ b/docs/encryption/knative-encryption.md @@ -25,7 +25,7 @@ The different parts are independent of each other and (can) use different Certif * These certificates are either [provided manually](https://knative.dev/docs/serving/using-a-tls-cert/) or by using an implementation to the [Knative Certificate abstraction](https://github.com/knative/networking/blob/main/pkg/apis/networking/v1alpha1/certificate_types.go#L34). Currently, we support two implementations: * [net-certmanager](https://github.com/knative-extensions/net-certmanager) * [net-http01](https://github.com/knative-extensions/net-http01) -* Please refer to the [documentation](https://knative.dev/docs/serving/using-auto-tls/) for more information. +* Please refer to the [documentation](https://knative.dev/docs/serving/using-external-domain-tls/) for more information. ### (2) Cluster-local certificates diff --git a/pkg/apis/serving/v1/route_lifecycle.go b/pkg/apis/serving/v1/route_lifecycle.go index fe2a43223bd1..c03b38b4b71d 100644 --- a/pkg/apis/serving/v1/route_lifecycle.go +++ b/pkg/apis/serving/v1/route_lifecycle.go @@ -190,10 +190,10 @@ func (rs *RouteStatus) MarkCertificateNotOwned(name string) { } const ( - // AutoTLSNotEnabledMessage is the message which is set on the + // ExternalDomainTLSNotEnabledMessage is the message which is set on the // RouteConditionCertificateProvisioned condition when it is set to True - // because AutoTLS was not enabled. - AutoTLSNotEnabledMessage = "auto-tls is not enabled" + // because external-domain-tls was not enabled. + ExternalDomainTLSNotEnabledMessage = "external-domain-tls is not enabled" // TLSNotEnabledForClusterLocalMessage is the message which is set on the // RouteConditionCertificateProvisioned condition when it is set to True @@ -202,7 +202,7 @@ const ( ) // MarkTLSNotEnabled sets RouteConditionCertificateProvisioned to true when -// certificate config such as auto-tls is not enabled or private cluster-local service. +// certificate config such as external-domain-tls is not enabled or private cluster-local service. func (rs *RouteStatus) MarkTLSNotEnabled(msg string) { routeCondSet.Manage(rs).MarkTrueWithReason(RouteConditionCertificateProvisioned, "TLSNotEnabled", msg) diff --git a/pkg/apis/serving/v1/route_lifecycle_test.go b/pkg/apis/serving/v1/route_lifecycle_test.go index 434ee92d1691..f58a2fa228d1 100644 --- a/pkg/apis/serving/v1/route_lifecycle_test.go +++ b/pkg/apis/serving/v1/route_lifecycle_test.go @@ -253,7 +253,7 @@ func TestTypicalRouteFlow(t *testing.T) { apistest.CheckConditionOngoing(r, RouteConditionReady, t) r.MarkTrafficAssigned() - r.MarkTLSNotEnabled(AutoTLSNotEnabledMessage) + r.MarkTLSNotEnabled(ExternalDomainTLSNotEnabledMessage) apistest.CheckConditionSucceeded(r, RouteConditionAllTrafficAssigned, t) apistest.CheckConditionOngoing(r, RouteConditionIngressReady, t) apistest.CheckConditionOngoing(r, RouteConditionReady, t) @@ -367,7 +367,7 @@ func TestIngressFailureRecovery(t *testing.T) { apistest.CheckConditionOngoing(r, RouteConditionReady, t) r.MarkTrafficAssigned() - r.MarkTLSNotEnabled(AutoTLSNotEnabledMessage) + r.MarkTLSNotEnabled(ExternalDomainTLSNotEnabledMessage) r.PropagateIngressStatus(netv1alpha1.IngressStatus{ Status: duckv1.Status{ Conditions: duckv1.Conditions{{ @@ -467,10 +467,10 @@ func TestEndpointNotOwned(t *testing.T) { apistest.CheckConditionFailed(r, RouteConditionIngressReady, t) } -func TestRouteAutoTLSNotEnabled(t *testing.T) { +func TestRouteExternalDomainTLSNotEnabled(t *testing.T) { r := &RouteStatus{} r.InitializeConditions() - r.MarkTLSNotEnabled(AutoTLSNotEnabledMessage) + r.MarkTLSNotEnabled(ExternalDomainTLSNotEnabledMessage) apistest.CheckConditionSucceeded(r, RouteConditionCertificateProvisioned, t) } diff --git a/pkg/apis/serving/v1beta1/domainmapping_lifecycle.go b/pkg/apis/serving/v1beta1/domainmapping_lifecycle.go index 830a65c96436..06ede3d3152a 100644 --- a/pkg/apis/serving/v1beta1/domainmapping_lifecycle.go +++ b/pkg/apis/serving/v1beta1/domainmapping_lifecycle.go @@ -59,10 +59,10 @@ func (dms *DomainMappingStatus) InitializeConditions() { } const ( - // AutoTLSNotEnabledMessage is the message which is set on the + // ExternalDomainTLSNotEnabledMessage is the message which is set on the // DomainMappingConditionCertificateProvisioned condition when it is set to True - // because AutoTLS was not enabled. - AutoTLSNotEnabledMessage = "auto-tls is not enabled" + // because external-domain-tls was not enabled. + ExternalDomainTLSNotEnabledMessage = "external-domain-tls is not enabled" // TLSCertificateProvidedExternally indicates that a TLS secret won't be created or managed // instead a reference to an existing TLS secret should have been provided in the DomainMapping spec TLSCertificateProvidedExternally = "TLS certificate was provided externally" diff --git a/pkg/apis/serving/v1beta1/domainmapping_lifecycle_test.go b/pkg/apis/serving/v1beta1/domainmapping_lifecycle_test.go index 7491dd277ca4..479188140180 100644 --- a/pkg/apis/serving/v1beta1/domainmapping_lifecycle_test.go +++ b/pkg/apis/serving/v1beta1/domainmapping_lifecycle_test.go @@ -71,7 +71,7 @@ func TestDomainClaimConditions(t *testing.T) { dms := &DomainMappingStatus{} dms.InitializeConditions() - dms.MarkTLSNotEnabled("AutoTLS not yet available for DomainMapping") + dms.MarkTLSNotEnabled("external-domain-tls not yet available for DomainMapping") apistest.CheckConditionOngoing(dms, DomainMappingConditionDomainClaimed, t) apistest.CheckConditionOngoing(dms, DomainMappingConditionReady, t) @@ -103,7 +103,7 @@ func TestReferenceResolvedCondition(t *testing.T) { dms := &DomainMappingStatus{} dms.InitializeConditions() - dms.MarkTLSNotEnabled("AutoTLS not yet available for DomainMapping") + dms.MarkTLSNotEnabled("external-domain-tls not yet available for DomainMapping") apistest.CheckConditionOngoing(dms, DomainMappingConditionReferenceResolved, t) apistest.CheckConditionOngoing(dms, DomainMappingConditionReady, t) @@ -157,10 +157,10 @@ func TestDomainMappingNotOwnCertificate(t *testing.T) { apistest.CheckConditionFailed(dms, DomainMappingConditionCertificateProvisioned, t) } -func TestDomainMappingAutoTLSNotEnabled(t *testing.T) { +func TestDomainMappingExternalDomainTLSNotEnabled(t *testing.T) { dms := &DomainMappingStatus{} dms.InitializeConditions() - dms.MarkTLSNotEnabled(AutoTLSNotEnabledMessage) + dms.MarkTLSNotEnabled(ExternalDomainTLSNotEnabledMessage) apistest.CheckConditionSucceeded(dms, DomainMappingConditionCertificateProvisioned, t) } @@ -177,7 +177,7 @@ func TestPropagateIngressStatus(t *testing.T) { dms := &DomainMappingStatus{} dms.InitializeConditions() - dms.MarkTLSNotEnabled("AutoTLS not yet available for DomainMapping") + dms.MarkTLSNotEnabled("external-domain-tls not yet available for DomainMapping") apistest.CheckConditionOngoing(dms, DomainMappingConditionIngressReady, t) apistest.CheckConditionOngoing(dms, DomainMappingConditionReady, t) diff --git a/pkg/reconciler/domainmapping/reconciler.go b/pkg/reconciler/domainmapping/reconciler.go index 1b50168375cd..3a9dbfc23f90 100644 --- a/pkg/reconciler/domainmapping/reconciler.go +++ b/pkg/reconciler/domainmapping/reconciler.go @@ -171,18 +171,18 @@ func (r *Reconciler) FinalizeKind(ctx context.Context, dm *v1beta1.DomainMapping return r.netclient.NetworkingV1alpha1().ClusterDomainClaims().Delete(ctx, dm.Name, metav1.DeleteOptions{}) } -func autoTLSEnabled(ctx context.Context, dm *v1beta1.DomainMapping) bool { - if !config.FromContext(ctx).Network.AutoTLS { +func externalDomainTLSEnabled(ctx context.Context, dm *v1beta1.DomainMapping) bool { + if !config.FromContext(ctx).Network.ExternalDomainTLS { return false } - annotationValue := netapi.GetDisableAutoTLS(dm.Annotations) + annotationValue := netapi.GetDisableExternalDomainTLS(dm.Annotations) disabledByAnnotation, err := strconv.ParseBool(annotationValue) if annotationValue != "" && err != nil { logger := logging.FromContext(ctx) // Validation should've caught an invalid value here. // If we have one anyway, assume not disabled and log a warning. logger.Warnf("DM.Annotations[%s] = %q is invalid", - netapi.DisableAutoTLSAnnotationKey, annotationValue) + netapi.DisableExternalDomainTLSAnnotation, annotationValue) } return !disabledByAnnotation @@ -203,8 +203,8 @@ func (r *Reconciler) tls(ctx context.Context, dm *v1beta1.DomainMapping) ([]netv }}, nil, nil } - if !autoTLSEnabled(ctx, dm) { - dm.Status.MarkTLSNotEnabled(v1.AutoTLSNotEnabledMessage) + if !externalDomainTLSEnabled(ctx, dm) { + dm.Status.MarkTLSNotEnabled(v1.ExternalDomainTLSNotEnabledMessage) return nil, nil, nil } diff --git a/pkg/reconciler/domainmapping/reconciler_test.go b/pkg/reconciler/domainmapping/reconciler_test.go index 95eba9efb5a6..dd66e14cdb42 100644 --- a/pkg/reconciler/domainmapping/reconciler_test.go +++ b/pkg/reconciler/domainmapping/reconciler_test.go @@ -25,65 +25,65 @@ import ( "knative.dev/serving/pkg/reconciler/domainmapping/config" ) -func TestAutoTLSEnabled(t *testing.T) { +func TestExternalDomainTLSEnabled(t *testing.T) { dm := domainMapping("test-ns", "test-route") for _, tc := range []struct { - name string - configAutoTLSEnabled bool - tlsDisabledAnnotation string - wantAutoTLSEnabled bool + name string + configExternalDomainTLSEnabled bool + tlsDisabledAnnotation string + wantExternalDomainTLSEnabled bool }{{ - name: "AutoTLS enabled by config, not disabled by annotation", - configAutoTLSEnabled: true, - wantAutoTLSEnabled: true, + name: "ExternalDomainTLS enabled by config, not disabled by annotation", + configExternalDomainTLSEnabled: true, + wantExternalDomainTLSEnabled: true, }, { - name: "AutoTLS enabled by config, disabled by annotation", - configAutoTLSEnabled: true, - tlsDisabledAnnotation: "true", - wantAutoTLSEnabled: false, + name: "ExternalDomainTLS enabled by config, disabled by annotation", + configExternalDomainTLSEnabled: true, + tlsDisabledAnnotation: "true", + wantExternalDomainTLSEnabled: false, }, { - name: "AutoTLS disabled by config, not disabled by annotation", - configAutoTLSEnabled: false, - wantAutoTLSEnabled: false, + name: "ExternalDomainTLS disabled by config, not disabled by annotation", + configExternalDomainTLSEnabled: false, + wantExternalDomainTLSEnabled: false, }, { - name: "AutoTLS disabled by config, disabled by annotation", - configAutoTLSEnabled: false, - tlsDisabledAnnotation: "true", - wantAutoTLSEnabled: false, + name: "ExternalDomainTLS disabled by config, disabled by annotation", + configExternalDomainTLSEnabled: false, + tlsDisabledAnnotation: "true", + wantExternalDomainTLSEnabled: false, }, { - name: "AutoTLS enabled by config, invalid annotation", - configAutoTLSEnabled: true, - tlsDisabledAnnotation: "foo", - wantAutoTLSEnabled: true, + name: "ExternalDomainTLS enabled by config, invalid annotation", + configExternalDomainTLSEnabled: true, + tlsDisabledAnnotation: "foo", + wantExternalDomainTLSEnabled: true, }, { - name: "AutoTLS disabled by config, invalid annotation", - configAutoTLSEnabled: false, - tlsDisabledAnnotation: "foo", - wantAutoTLSEnabled: false, + name: "ExternalDomainTLS disabled by config, invalid annotation", + configExternalDomainTLSEnabled: false, + tlsDisabledAnnotation: "foo", + wantExternalDomainTLSEnabled: false, }, { - name: "AutoTLS disabled by config nil annotations", - configAutoTLSEnabled: false, - wantAutoTLSEnabled: false, + name: "ExternalDomainTLS disabled by config nil annotations", + configExternalDomainTLSEnabled: false, + wantExternalDomainTLSEnabled: false, }, { - name: "AutoTLS enabled by config, nil annotations", - configAutoTLSEnabled: true, - wantAutoTLSEnabled: true, + name: "ExternalDomainTLS enabled by config, nil annotations", + configExternalDomainTLSEnabled: true, + wantExternalDomainTLSEnabled: true, }} { t.Run(tc.name, func(t *testing.T) { ctx := logtesting.TestContextWithLogger(t) ctx = config.ToContext(ctx, &config.Config{ Network: &netcfg.Config{ - AutoTLS: tc.configAutoTLSEnabled, + ExternalDomainTLS: tc.configExternalDomainTLSEnabled, }, }) if tc.tlsDisabledAnnotation != "" { dm.Annotations = map[string]string{ - netapi.DisableAutoTLSAnnotationKey: tc.tlsDisabledAnnotation, + netapi.DisableExternalDomainTLSAnnotationKey: tc.tlsDisabledAnnotation, } } - if got := autoTLSEnabled(ctx, dm); got != tc.wantAutoTLSEnabled { - t.Errorf("autoTLSEnabled = %t, want %t", got, tc.wantAutoTLSEnabled) + if got := externalDomainTLSEnabled(ctx, dm); got != tc.wantExternalDomainTLSEnabled { + t.Errorf("externalDomainTLSEnabled = %t, want %t", got, tc.wantExternalDomainTLSEnabled) } }) } diff --git a/pkg/reconciler/domainmapping/table_test.go b/pkg/reconciler/domainmapping/table_test.go index 4df125db1e28..65cad5ca667f 100644 --- a/pkg/reconciler/domainmapping/table_test.go +++ b/pkg/reconciler/domainmapping/table_test.go @@ -1251,7 +1251,7 @@ func TestReconcileTLSEnabled(t *testing.T) { Network: &netcfg.Config{ DefaultIngressClass: "the-ingress-class", DefaultCertificateClass: "the-cert-class", - AutoTLS: true, + ExternalDomainTLS: true, HTTPProtocol: netcfg.HTTPRedirected, DefaultExternalScheme: "http", }, @@ -1318,7 +1318,7 @@ func TestReconcileTLSEnabledButDowngraded(t *testing.T) { Network: &netcfg.Config{ DefaultIngressClass: "the-ingress-class", DefaultCertificateClass: "the-cert-class", - AutoTLS: true, + ExternalDomainTLS: true, HTTPProtocol: netcfg.HTTPEnabled, DefaultExternalScheme: "http", }, @@ -1425,7 +1425,7 @@ func withInitDomainMappingConditions(dm *v1beta1.DomainMapping) { } func withTLSNotEnabled(dm *v1beta1.DomainMapping) { - dm.Status.MarkTLSNotEnabled(servingv1.AutoTLSNotEnabledMessage) + dm.Status.MarkTLSNotEnabled(servingv1.ExternalDomainTLSNotEnabledMessage) } func withCertificateNotReady(dm *v1beta1.DomainMapping) { diff --git a/pkg/reconciler/nscert/nscert_test.go b/pkg/reconciler/nscert/nscert_test.go index 2e4305dc650f..4f8bf12f28d3 100644 --- a/pkg/reconciler/nscert/nscert_test.go +++ b/pkg/reconciler/nscert/nscert_test.go @@ -99,8 +99,8 @@ func newTestSetup(t *testing.T, configs ...*corev1.ConfigMap) ( Namespace: system.Namespace(), }, Data: map[string]string{ - "domain-template": defaultDomainTemplate, - "auto-tls": "true", + "domain-template": defaultDomainTemplate, + "external-domain-tls": "true", // Apply to all namespaces "namespace-wildcard-cert-selector": "{}", }, @@ -323,7 +323,7 @@ func TestUpdateDomainTemplate(t *testing.T) { }, Data: map[string]string{ "namespace-wildcard-cert-selector": "{}", - "auto-tls": "Enabled", + "external-domain-tls": "Enabled", }, } ctx, cancel, certEvents, watcher := newTestSetup(t, netCfg) @@ -348,7 +348,7 @@ func TestUpdateDomainTemplate(t *testing.T) { Data: map[string]string{ "domain-template": "{{.Name}}-suffix.{{.Namespace}}.{{.Domain}}", "namespace-wildcard-cert-selector": "{}", - "auto-tls": "Enabled", + "external-domain-tls": "Enabled", }, } watcher.OnChange(netCfg) @@ -369,7 +369,7 @@ func TestUpdateDomainTemplate(t *testing.T) { Data: map[string]string{ "domain-template": "{{.Name}}.subdomain.{{.Namespace}}.{{.Domain}}", "namespace-wildcard-cert-selector": `{}`, - "auto-tls": "Enabled", + "external-domain-tls": "Enabled", }, } watcher.OnChange(netCfg) @@ -389,8 +389,8 @@ func TestUpdateDomainTemplate(t *testing.T) { Namespace: system.Namespace(), }, Data: map[string]string{ - "domain-template": "{{.Namespace}}.{{.Name}}.{{.Domain}}", - "auto-tls": "Enabled", + "domain-template": "{{.Namespace}}.{{.Name}}.{{.Domain}}", + "external-domain-tls": "Enabled", }, } watcher.OnChange(netCfg) @@ -416,7 +416,7 @@ func TestChangeDefaultDomain(t *testing.T) { Namespace: system.Namespace(), }, Data: map[string]string{ - "auto-tls": "Enabled", + "external-domain-tls": "Enabled", "namespace-wildcard-cert-selector": "{}", }, } @@ -472,7 +472,7 @@ func TestDomainConfigDomain(t *testing.T) { name: "no domainmapping without config", domainCfg: map[string]string{}, netCfg: map[string]string{ - "auto-tls": "Enabled", + "external-domain-tls": "Enabled", }, }, { name: "default domain", @@ -480,7 +480,7 @@ func TestDomainConfigDomain(t *testing.T) { "other.com": "selector:\n app: dev", }, netCfg: map[string]string{ - "auto-tls": "Enabled", + "external-domain-tls": "Enabled", "namespace-wildcard-cert-selector": "{}", }, wantCertName: "testns.svc.cluster.local", @@ -491,7 +491,7 @@ func TestDomainConfigDomain(t *testing.T) { "default.com": "", }, netCfg: map[string]string{ - "auto-tls": "Enabled", + "external-domain-tls": "Enabled", "namespace-wildcard-cert-selector": "{}", }, wantCertName: "testns.default.com", @@ -614,7 +614,7 @@ func kubeNamespaceWithLabelValue(name string, labels map[string]string) *corev1. func networkConfig() *netcfg.Config { return &netcfg.Config{ DomainTemplate: defaultDomainTemplate, - AutoTLS: true, + ExternalDomainTLS: true, DefaultCertificateClass: testCertClass, NamespaceWildcardCertSelector: &metav1.LabelSelector{}, } diff --git a/pkg/reconciler/route/route.go b/pkg/reconciler/route/route.go index eb2b70f182ac..5705a3641d4f 100644 --- a/pkg/reconciler/route/route.go +++ b/pkg/reconciler/route/route.go @@ -184,8 +184,8 @@ func (c *Reconciler) tls(ctx context.Context, host string, r *v1.Route, traffic logger := logging.FromContext(ctx) tls := []netv1alpha1.IngressTLS{} - if !autoTLSEnabled(ctx, r) { - r.Status.MarkTLSNotEnabled(v1.AutoTLSNotEnabledMessage) + if !externalDomainTLSEnabled(ctx, r) { + r.Status.MarkTLSNotEnabled(v1.ExternalDomainTLSNotEnabledMessage) return tls, nil, nil } @@ -268,7 +268,7 @@ func (c *Reconciler) tls(ctx context.Context, host string, r *v1.Route, traffic r.Status.MarkCertificateNotReady(cert.Name) // When httpProtocol is enabled, downgrade http scheme. // Explicitly not using the override settings here as to not to muck with - // AutoTLS semantics. + // external-domain-tls semantics. if config.FromContext(ctx).Network.HTTPProtocol == netcfg.HTTPEnabled { if dnsNames.Has(host) { r.Status.URL = &apis.URL{ @@ -491,20 +491,20 @@ func setTargetsScheme(rs *v1.RouteStatus, dnsNames []string, scheme string) { } } -func autoTLSEnabled(ctx context.Context, r *v1.Route) bool { - if !config.FromContext(ctx).Network.AutoTLS { +func externalDomainTLSEnabled(ctx context.Context, r *v1.Route) bool { + if !config.FromContext(ctx).Network.ExternalDomainTLS { return false } logger := logging.FromContext(ctx) - annotationValue := networking.GetDisableAutoTLS(r.Annotations) + annotationValue := networking.GetDisableExternalDomainTLS(r.Annotations) disabledByAnnotation, err := strconv.ParseBool(annotationValue) if annotationValue != "" && err != nil { // validation should've caught an invalid value here. - // if we have one anyways, assume not disabled and log a warning. + // if we have one anyway, assume not disabled and log a warning. logger.Warnf("Invalid annotation value for %q. Value: %q", - networking.DisableAutoTLSAnnotationKey, annotationValue) + networking.DisableExternalDomainTLSAnnotationKey, annotationValue) } return !disabledByAnnotation diff --git a/pkg/reconciler/route/route_test.go b/pkg/reconciler/route/route_test.go index dca464aeaf5a..74d565e23a6a 100644 --- a/pkg/reconciler/route/route_test.go +++ b/pkg/reconciler/route/route_test.go @@ -1588,40 +1588,40 @@ func TestRouteDomain(t *testing.T) { } } -func TestAutoTLSEnabled(t *testing.T) { +func TestExternalDomainTLSEnabled(t *testing.T) { tests := []struct { - name string - configAutoTLSEnabled bool - tlsDisabledAnnotation string - wantAutoTLSEnabled bool + name string + configExternalDomainTLSEnabled bool + tlsDisabledAnnotation string + wantExternalDomainTLSEnabled bool }{{ - name: "AutoTLS enabled by config, not disabled by annotation", - configAutoTLSEnabled: true, - wantAutoTLSEnabled: true, + name: "ExternalDomainTLS enabled by config, not disabled by annotation", + configExternalDomainTLSEnabled: true, + wantExternalDomainTLSEnabled: true, }, { - name: "AutoTLS enabled by config, disabled by annotation", - configAutoTLSEnabled: true, - tlsDisabledAnnotation: "true", - wantAutoTLSEnabled: false, + name: "ExternalDomainTLS enabled by config, disabled by annotation", + configExternalDomainTLSEnabled: true, + tlsDisabledAnnotation: "true", + wantExternalDomainTLSEnabled: false, }, { - name: "AutoTLS disabled by config, not disabled by annotation", - configAutoTLSEnabled: false, - wantAutoTLSEnabled: false, + name: "ExternalDomainTLS disabled by config, not disabled by annotation", + configExternalDomainTLSEnabled: false, + wantExternalDomainTLSEnabled: false, }, { - name: "AutoTLS disabled by config, disabled by annotation", - configAutoTLSEnabled: false, - tlsDisabledAnnotation: "true", - wantAutoTLSEnabled: false, + name: "ExternalDomainTLS disabled by config, disabled by annotation", + configExternalDomainTLSEnabled: false, + tlsDisabledAnnotation: "true", + wantExternalDomainTLSEnabled: false, }, { - name: "AutoTLS enabled by config, invalid annotation", - configAutoTLSEnabled: true, - tlsDisabledAnnotation: "foo", - wantAutoTLSEnabled: true, + name: "ExternalDomainTLS enabled by config, invalid annotation", + configExternalDomainTLSEnabled: true, + tlsDisabledAnnotation: "foo", + wantExternalDomainTLSEnabled: true, }, { - name: "AutoTLS disabled by config, invalid annotation", - configAutoTLSEnabled: false, - tlsDisabledAnnotation: "foo", - wantAutoTLSEnabled: false, + name: "ExternalDomainTLS disabled by config, invalid annotation", + configExternalDomainTLSEnabled: false, + tlsDisabledAnnotation: "foo", + wantExternalDomainTLSEnabled: false, }} r := Route("test-ns", "test-route") @@ -1632,14 +1632,14 @@ func TestAutoTLSEnabled(t *testing.T) { ctx := logtesting.TestContextWithLogger(t) ctx = config.ToContext(ctx, &config.Config{ Network: &netcfg.Config{ - AutoTLS: test.configAutoTLSEnabled, + ExternalDomainTLS: test.configExternalDomainTLSEnabled, }, }) - r.Annotations[networking.DisableAutoTLSAnnotationKey] = test.tlsDisabledAnnotation + r.Annotations[networking.DisableExternalDomainTLSAnnotationKey] = test.tlsDisabledAnnotation - if got := autoTLSEnabled(ctx, r); got != test.wantAutoTLSEnabled { - t.Errorf("autoTLSEnabled = %t, want %t", got, test.wantAutoTLSEnabled) + if got := externalDomainTLSEnabled(ctx, r); got != test.wantExternalDomainTLSEnabled { + t.Errorf("externalDomainTLSEnabled = %t, want %t", got, test.wantExternalDomainTLSEnabled) } }) } diff --git a/pkg/reconciler/route/table_test.go b/pkg/reconciler/route/table_test.go index 654f5fd843e2..d96b647aacd0 100644 --- a/pkg/reconciler/route/table_test.go +++ b/pkg/reconciler/route/table_test.go @@ -73,7 +73,7 @@ type key int const ( rolloutDurationKey key = iota externalSchemeKey - enableAutoTLSKey + enableExternalDomainTLSKey ) // This is heavily based on the way the OpenShift Ingress controller tests its reconciliation method. @@ -177,7 +177,7 @@ func TestReconcile(t *testing.T) { Object: Route("default", "becomes-ready", WithConfigTarget("ing-unknown"), WithRouteUID("12-34"), WithRouteGeneration(1955), WithRouteObservedGeneration, // Populated by reconciliation when all traffic has been assigned. - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, MarkTrafficAssigned, MarkIngressNotConfigured, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "ing-unknown-00001", @@ -222,7 +222,7 @@ func TestReconcile(t *testing.T) { Object: Route("default", "ingress-failed", WithConfigTarget("config"), WithRouteUID("12-34"), WithRouteGeneration(1), WithRouteObservedGeneration, // Populated by reconciliation when all traffic has been assigned. - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithInitRouteConditions, + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithInitRouteConditions, MarkTrafficAssigned, WithStatusTraffic( v1.TrafficTarget{ @@ -273,7 +273,7 @@ func TestReconcile(t *testing.T) { WithRouteUID("12-34"), WithIngressClass("custom-ingress-class"), WithRouteGeneration(1), WithRouteObservedGeneration, // Populated by reconciliation when all traffic has been assigned. - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, MarkTrafficAssigned, MarkIngressNotConfigured, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -329,7 +329,7 @@ func TestReconcile(t *testing.T) { Object: Route("default", "becomes-ready", WithConfigTarget("config"), WithRouteUID("65-23"), WithRouteGeneration(1), WithRouteObservedGeneration, // Populated by reconciliation when all traffic has been assigned. - WithLocalDomain, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithLocalDomain, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteLabel(map[string]string{netapi.VisibilityLabelKey: "cluster-local"}), MarkTrafficAssigned, MarkIngressNotConfigured, WithStatusTraffic( v1.TrafficTarget{ @@ -376,7 +376,7 @@ func TestReconcile(t *testing.T) { WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: Route("default", "becomes-ready", WithConfigTarget("config"), // Populated by reconciliation when the route becomes ready. - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(2009), WithRouteObservedGeneration, MarkTrafficAssigned, MarkIngressReady, WithStatusTraffic( v1.TrafficTarget{ @@ -475,7 +475,7 @@ func TestReconcile(t *testing.T) { WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: Route("default", "becomes-ready", WithConfigTarget("config"), // Populated by reconciliation when the route becomes ready. - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(2009), WithRouteObservedGeneration, MarkTrafficAssigned, MarkInRollout, WithStatusTraffic( v1.TrafficTarget{ @@ -559,7 +559,7 @@ func TestReconcile(t *testing.T) { WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: Route("default", "becomes-ready", WithConfigTarget("config"), // Populated by reconciliation when the route becomes ready. - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(2009), WithRouteObservedGeneration, MarkTrafficAssigned, MarkIngressReady, WithStatusTraffic( v1.TrafficTarget{ @@ -660,7 +660,7 @@ func TestReconcile(t *testing.T) { WithRouteFinalizer, WithRouteGeneration(1), MarkIngressNotConfigured, WithRouteObservedGeneration, // Populated by reconciliation when we fail to create the ingress. - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, MarkTrafficAssigned, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -678,7 +678,7 @@ func TestReconcile(t *testing.T) { Name: "steady state", Objects: []runtime.Object{ Route("default", "steady-state", WithConfigTarget("config"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteGeneration(1), WithRouteObservedGeneration, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ @@ -717,7 +717,7 @@ func TestReconcile(t *testing.T) { WantErr: true, Objects: []runtime.Object{ Route("default", "unhappy-owner", WithConfigTarget("config"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -734,7 +734,7 @@ func TestReconcile(t *testing.T) { }, WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: Route("default", "unhappy-owner", WithConfigTarget("config"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -756,7 +756,7 @@ func TestReconcile(t *testing.T) { Objects: []runtime.Object{ Route("default", "different-domain", WithConfigTarget("config"), WithAnotherDomain, WithAddress, WithRouteGeneration(1), WithRouteObservedGeneration, - WithRouteConditionsAutoTLSDisabled, MarkTrafficAssigned, MarkIngressReady, + WithRouteConditionsExternalDomainTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -813,7 +813,7 @@ func TestReconcile(t *testing.T) { Name: "new latest created revision", Objects: []runtime.Object{ Route("default", "new-latest-created", WithConfigTarget("config"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -852,7 +852,7 @@ func TestReconcile(t *testing.T) { Ctx: context.WithValue(context.Background(), rolloutDurationKey, 120), Objects: []runtime.Object{ Route("default", "new-latest-ready", WithConfigTarget("config"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -923,7 +923,7 @@ func TestReconcile(t *testing.T) { }}, WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: Route("default", "new-latest-ready", WithConfigTarget("config"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkInRollout, WithRouteObservedGeneration, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -941,7 +941,7 @@ func TestReconcile(t *testing.T) { Name: "new latest ready revision, rollout disabled", Objects: []runtime.Object{ Route("default", "new-latest-ready", WithConfigTarget("config"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -995,7 +995,7 @@ func TestReconcile(t *testing.T) { }}, WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: Route("default", "new-latest-ready", WithConfigTarget("config"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00002", @@ -1058,7 +1058,7 @@ func TestReconcile(t *testing.T) { Object: Route("default", "becomes-local", WithConfigTarget("config"), WithRouteUID("65-23"), WithRouteGeneration(1), WithRouteObservedGeneration, MarkTrafficAssigned, MarkIngressNotConfigured, - WithLocalDomain, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithLocalDomain, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteLabel(map[string]string{netapi.VisibilityLabelKey: "cluster-local"}), WithStatusTraffic( v1.TrafficTarget{ @@ -1120,7 +1120,7 @@ func TestReconcile(t *testing.T) { Object: Route("default", "becomes-public", WithConfigTarget("config"), WithRouteUID("65-23"), WithRouteGeneration(1), WithRouteObservedGeneration, MarkTrafficAssigned, MarkIngressNotConfigured, - WithAddress, WithRouteConditionsAutoTLSDisabled, WithURL, + WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithURL, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1138,7 +1138,7 @@ func TestReconcile(t *testing.T) { }, Objects: []runtime.Object{ Route("default", "update-ci-failure", WithConfigTarget("config"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1191,7 +1191,7 @@ func TestReconcile(t *testing.T) { }}, WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: Route("default", "update-ci-failure", WithConfigTarget("config"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00002", @@ -1207,7 +1207,7 @@ func TestReconcile(t *testing.T) { Name: "reconcile service mutation", Objects: []runtime.Object{ Route("default", "svc-mutation", WithConfigTarget("config"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1252,7 +1252,7 @@ func TestReconcile(t *testing.T) { }, Objects: []runtime.Object{ Route("default", "svc-mutation", WithConfigTarget("config"), WithRouteFinalizer, - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1298,7 +1298,7 @@ func TestReconcile(t *testing.T) { Name: "drop cluster ip", Objects: []runtime.Object{ Route("default", "cluster-ip", WithConfigTarget("config"), WithRouteFinalizer, - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1339,7 +1339,7 @@ func TestReconcile(t *testing.T) { Name: "preserve the cluster ip of the service on steady state", Objects: []runtime.Object{ Route("default", "preserve-cluster-ip", WithConfigTarget("config"), WithRouteFinalizer, - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1397,7 +1397,7 @@ func TestReconcile(t *testing.T) { Name: "fix external name", Objects: []runtime.Object{ Route("default", "external-name", WithConfigTarget("config"), WithRouteFinalizer, - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1437,7 +1437,7 @@ func TestReconcile(t *testing.T) { Name: "reconcile ingress mutation", Objects: []runtime.Object{ Route("default", "ingress-mutation", WithConfigTarget("config"), WithRouteFinalizer, - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, WithRouteGeneration(1), + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1561,7 +1561,7 @@ func TestReconcile(t *testing.T) { Object: Route("default", "pinned-becomes-ready", // Use the Revision name from the config WithRevTarget("config-00001"), WithRouteFinalizer, WithRouteGeneration(1), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "config-00001", @@ -1643,7 +1643,7 @@ func TestReconcile(t *testing.T) { ConfigurationName: "green", Percent: ptr.Int64(50), }), WithRouteUID("34-78"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, MarkTrafficAssigned, MarkIngressNotConfigured, WithStatusTraffic( v1.TrafficTarget{ RevisionName: "blue-00001", @@ -1780,7 +1780,7 @@ func TestReconcile(t *testing.T) { RevisionName: "gray-00001", Percent: ptr.Int64(50), }), WithRouteUID("1-2"), WithRouteFinalizer, - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, MarkTrafficAssigned, MarkIngressNotConfigured, WithStatusTraffic( v1.TrafficTarget{ Tag: "gray", @@ -1815,7 +1815,7 @@ func TestReconcile(t *testing.T) { // Start from a steady state referencing "blue", and modify the route spec to point to "green" instead. Objects: []runtime.Object{ Route("default", "switch-configs", WithConfigTarget("green"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteGeneration(1984), WithRouteObservedGeneration, WithStatusTraffic( v1.TrafficTarget{ @@ -1872,7 +1872,7 @@ func TestReconcile(t *testing.T) { }}, WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: Route("default", "switch-configs", WithConfigTarget("green"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, WithRouteGeneration(1984), MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, WithStatusTraffic( v1.TrafficTarget{ @@ -1939,7 +1939,7 @@ func TestReconcile(t *testing.T) { Name: "deletes service when route no longer references service", Objects: []runtime.Object{ Route("default", "my-route", WithConfigTarget("config"), - WithURL, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithURL, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteGeneration(1), WithRouteObservedGeneration, WithRouteFinalizer, @@ -2057,7 +2057,7 @@ func TestReconcile(t *testing.T) { Ctx: context.WithValue(context.Background(), externalSchemeKey, "https"), Objects: []runtime.Object{ Route("default", "steady-state", WithConfigTarget("config"), - WithHTTPSDomain, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithHTTPSDomain, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteGeneration(1), WithRouteObservedGeneration, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ @@ -2097,7 +2097,7 @@ func TestReconcile(t *testing.T) { Objects: []runtime.Object{ Route("default", "steady-state", WithConfigTarget("config"), WithRouteLabel(map[string]string{netapi.VisibilityLabelKey: serving.VisibilityClusterLocal}), - WithLocalDomain, WithAddress, WithRouteConditionsAutoTLSDisabled, + WithLocalDomain, WithAddress, WithRouteConditionsExternalDomainTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteGeneration(1), WithRouteObservedGeneration, WithRouteFinalizer, WithStatusTraffic( v1.TrafficTarget{ @@ -2150,7 +2150,7 @@ func TestReconcile_ServiceLifecycle(t *testing.T) { WithRouteUID("12-34"), WithAddress, WithURL, - WithRouteConditionsAutoTLSDisabled, + WithRouteConditionsExternalDomainTLSDisabled, MarkTrafficAssigned, MarkIngressReady, WithRouteObservedGeneration, @@ -2342,7 +2342,7 @@ func TestReconcile_ServiceLifecycle(t *testing.T) { table.Test(t, MakeFactory(NewTestReconciler)) } -func TestReconcileEnableAutoTLS(t *testing.T) { +func TestReconcileEnableExternalDomainTLS(t *testing.T) { table := TableTest{{ Name: "check that existing wildcard cert is used when creating a Route", Objects: []runtime.Object{ @@ -3121,8 +3121,8 @@ func TestReconcileEnableAutoTLS(t *testing.T) { }}, Key: "default/becomes-ready", }, { - // This test is a same with "public becomes cluster local" above, but confirm it does not create certs with auto-tls for cluster-local. - Name: "public becomes cluster local w/ auto-tls", + // This test is a same with "public becomes cluster local" above, but confirm it does not create certs with external-domain-tls for cluster-local. + Name: "public becomes cluster local w/ external-domain-tls", Objects: []runtime.Object{ Route("default", "becomes-local", WithConfigTarget("config"), WithRouteGeneration(1), WithRouteLabel(map[string]string{netapi.VisibilityLabelKey: serving.VisibilityClusterLocal}), @@ -3192,7 +3192,7 @@ func TestReconcileEnableAutoTLS(t *testing.T) { if row.Ctx == nil { row.Ctx = context.Background() } - table[i].Ctx = context.WithValue(row.Ctx, enableAutoTLSKey, true) + table[i].Ctx = context.WithValue(row.Ctx, enableExternalDomainTLSKey, true) } table.Test(t, MakeFactory(NewTestReconciler)) } @@ -3214,8 +3214,8 @@ func NewTestReconciler(ctx context.Context, listers *Listers, cmw configmap.Watc } cfg := reconcilerTestConfig() - if v := ctx.Value(enableAutoTLSKey); v != nil { - cfg.Network.AutoTLS = v.(bool) + if v := ctx.Value(enableExternalDomainTLSKey); v != nil { + cfg.Network.ExternalDomainTLS = v.(bool) } if v := ctx.Value(rolloutDurationKey); v != nil { cfg.Network.RolloutDurationSecs = v.(int) diff --git a/pkg/testing/v1/route.go b/pkg/testing/v1/route.go index e0cbe353afcf..70dabf3c47aa 100644 --- a/pkg/testing/v1/route.go +++ b/pkg/testing/v1/route.go @@ -173,11 +173,11 @@ func WithInitRouteConditions(rt *v1.Route) { rt.Status.InitializeConditions() } -// WithRouteConditionsAutoTLSDisabled calls MarkTLSNotEnabled with AutoTLSNotEnabledMessage +// WithRouteConditionsExternalDomainTLSDisabled calls MarkTLSNotEnabled with ExternalDomainTLSNotEnabledMessage // after initialized the Service's conditions. -func WithRouteConditionsAutoTLSDisabled(rt *v1.Route) { +func WithRouteConditionsExternalDomainTLSDisabled(rt *v1.Route) { rt.Status.InitializeConditions() - rt.Status.MarkTLSNotEnabled(v1.AutoTLSNotEnabledMessage) + rt.Status.MarkTLSNotEnabled(v1.ExternalDomainTLSNotEnabledMessage) } // WithRouteConditionsTLSNotEnabledForClusterLocalMessage calls diff --git a/test/config/autotls/certmanager/caissuer/config-certmanager.yaml b/test/config/externaldomaintls/certmanager/caissuer/config-certmanager.yaml similarity index 100% rename from test/config/autotls/certmanager/caissuer/config-certmanager.yaml rename to test/config/externaldomaintls/certmanager/caissuer/config-certmanager.yaml diff --git a/test/config/autotls/certmanager/caissuer/generate.sh b/test/config/externaldomaintls/certmanager/caissuer/generate.sh similarity index 95% rename from test/config/autotls/certmanager/caissuer/generate.sh rename to test/config/externaldomaintls/certmanager/caissuer/generate.sh index bb8ddf078837..a83c0778946c 100755 --- a/test/config/autotls/certmanager/caissuer/generate.sh +++ b/test/config/externaldomaintls/certmanager/caissuer/generate.sh @@ -14,7 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# This script generates test/config/autotls/certmanager/caissuer/secret.yaml. +# This script generates test/config/externaldomaintls/certmanager/caissuer/secret.yaml. openssl genrsa -out rootCAKey.pem 2048 openssl req -x509 -sha256 -new -nodes -key rootCAKey.pem -days 36500 -out rootCACert.pem -subj '/CN=example.com/O=Knative Community/C=US' diff --git a/test/config/autotls/certmanager/caissuer/issuer.yaml b/test/config/externaldomaintls/certmanager/caissuer/issuer.yaml similarity index 100% rename from test/config/autotls/certmanager/caissuer/issuer.yaml rename to test/config/externaldomaintls/certmanager/caissuer/issuer.yaml diff --git a/test/config/autotls/certmanager/caissuer/secret.yaml b/test/config/externaldomaintls/certmanager/caissuer/secret.yaml similarity index 100% rename from test/config/autotls/certmanager/caissuer/secret.yaml rename to test/config/externaldomaintls/certmanager/caissuer/secret.yaml diff --git a/test/config/autotls/certmanager/http01/config-certmanager.yaml b/test/config/externaldomaintls/certmanager/http01/config-certmanager.yaml similarity index 100% rename from test/config/autotls/certmanager/http01/config-certmanager.yaml rename to test/config/externaldomaintls/certmanager/http01/config-certmanager.yaml diff --git a/test/config/autotls/certmanager/http01/issuer.yaml b/test/config/externaldomaintls/certmanager/http01/issuer.yaml similarity index 100% rename from test/config/autotls/certmanager/http01/issuer.yaml rename to test/config/externaldomaintls/certmanager/http01/issuer.yaml diff --git a/test/config/autotls/certmanager/http01/mesh-issuer.yaml b/test/config/externaldomaintls/certmanager/http01/mesh-issuer.yaml similarity index 100% rename from test/config/autotls/certmanager/http01/mesh-issuer.yaml rename to test/config/externaldomaintls/certmanager/http01/mesh-issuer.yaml diff --git a/test/config/autotls/certmanager/selfsigned/config-certmanager.yaml b/test/config/externaldomaintls/certmanager/selfsigned/config-certmanager.yaml similarity index 100% rename from test/config/autotls/certmanager/selfsigned/config-certmanager.yaml rename to test/config/externaldomaintls/certmanager/selfsigned/config-certmanager.yaml diff --git a/test/config/autotls/certmanager/selfsigned/issuer.yaml b/test/config/externaldomaintls/certmanager/selfsigned/issuer.yaml similarity index 100% rename from test/config/autotls/certmanager/selfsigned/issuer.yaml rename to test/config/externaldomaintls/certmanager/selfsigned/issuer.yaml diff --git a/test/e2e-auto-tls-tests.sh b/test/e2e-auto-tls-tests.sh deleted file mode 100755 index 7b6af7ee7e3f..000000000000 --- a/test/e2e-auto-tls-tests.sh +++ /dev/null @@ -1,214 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2020 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -source $(dirname "$0")/e2e-common.sh - -function setup_auto_tls_env_variables() { - # DNS zone for the testing domain. - export AUTO_TLS_TEST_DNS_ZONE="knative-e2e" - # Google Cloud project that hosts the DNS server for the testing domain `kn-e2e.dev` - export AUTO_TLS_TEST_CLOUD_DNS_PROJECT="knative-e2e-dns" - # The service account credential file used to access the DNS server. - export AUTO_TLS_TEST_CLOUD_DNS_SERVICE_ACCOUNT_KEY_FILE="${GOOGLE_APPLICATION_CREDENTIALS}" - - export AUTO_TLS_TEST_DOMAIN_NAME="kn-e2e.dev" - - export CUSTOM_DOMAIN_SUFFIX="$(($RANDOM % 10000)).${E2E_PROJECT_ID}.${AUTO_TLS_TEST_DOMAIN_NAME}" - - export TLS_TEST_NAMESPACE="tls" - - local INGRESS_NAMESPACE=${GATEWAY_NAMESPACE_OVERRIDE} - if [[ -z "${GATEWAY_NAMESPACE_OVERRIDE}" ]]; then - INGRESS_NAMESPACE="istio-system" - fi - local INGRESS_SERVICE=${GATEWAY_OVERRIDE} - if [[ -z "${GATEWAY_OVERRIDE}" ]]; then - INGRESS_SERVICE="istio-ingressgateway" - fi - local IP=$(kubectl get svc -n ${INGRESS_NAMESPACE} ${INGRESS_SERVICE} -o jsonpath="{.status.loadBalancer.ingress[0].ip}") - export AUTO_TLS_TEST_INGRESS_IP=${IP} -} - -function setup_custom_domain() { - echo ">> Configuring custom domain for Auto TLS tests: ${CUSTOM_DOMAIN_SUFFIX}" - cat <> Configuring custom domain for External Domain TLS tests: ${CUSTOM_DOMAIN_SUFFIX}" + cat <":""}}'` 1. Add a DNS A record to map host `http01.serving-tests.` to the Ingress IP. - 1. `go test -v -tags=e2e -count=1 -timeout=600s ./test/e2e/autotls/... -run ^TestTLS` + 1. `go test -v -tags=e2e -count=1 -timeout=600s ./test/e2e/externaldomaintls/... -run ^TestTLS` diff --git a/test/e2e/autotls/auto_tls_test.go b/test/e2e/externaldomaintls/auto_tls_test.go similarity index 95% rename from test/e2e/autotls/auto_tls_test.go rename to test/e2e/externaldomaintls/auto_tls_test.go index 5750393402f0..5bec8823985f 100644 --- a/test/e2e/autotls/auto_tls_test.go +++ b/test/e2e/externaldomaintls/auto_tls_test.go @@ -17,7 +17,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package autotls +package externaldomaintls import ( "context" @@ -45,8 +45,8 @@ type config struct { // It is not required for self-signed CA or for the HTTP01 challenge when wildcard domain // is mapped to the Ingress IP. TLSServiceName string `envconfig:"tls_service_name" required:"false"` - // AutoTLSTestName is the name of the auto tls. It is not required for local test. - AutoTLSTestName string `envconfig:"auto_tls_test_name" required:"false" default:"TestAutoTLS"` + // ExternalDomainTLSTestName is the name of the external domain tls test. It is not required for local test. + ExternalDomainTLSTestName string `envconfig:"external_domain_tls_test_name" required:"false" default:"TestExternalDomainTLS"` } var env config @@ -55,7 +55,7 @@ func TestTLS(t *testing.T) { if err := envconfig.Process("", &env); err != nil { t.Fatalf("Failed to process environment variable: %v.", err) } - t.Run(env.AutoTLSTestName, testAutoTLS) + t.Run(env.ExternalDomainTLSTestName, testExternalDomainTLS) } func TestTLSDisabledWithAnnotation(t *testing.T) { @@ -67,7 +67,7 @@ func TestTLSDisabledWithAnnotation(t *testing.T) { } test.EnsureTearDown(t, clients, &names) - objects, err := v1test.CreateServiceReady(t, clients, &names, rtesting.WithServiceAnnotations(map[string]string{networking.DisableAutoTLSAnnotationKey: "true"})) + objects, err := v1test.CreateServiceReady(t, clients, &names, rtesting.WithServiceAnnotations(map[string]string{networking.DisableExternalDomainTLSAnnotationKey: "true"})) if err != nil { t.Fatalf("Failed to create initial Service: %v: %v", names.Service, err) } @@ -84,7 +84,7 @@ func TestTLSDisabledWithAnnotation(t *testing.T) { RuntimeRequest(context.Background(), t, httpClient, objects.Route.Status.URL.String()) } -func testAutoTLS(t *testing.T) { +func testExternalDomainTLS(t *testing.T) { clients := test.Setup(t, test.Options{Namespace: test.ServingFlags.TLSTestNamespace}) names := test.ResourceNames{ diff --git a/test/e2e/autotls/config/dnscleanup/main.go b/test/e2e/externaldomaintls/config/dnscleanup/main.go similarity index 87% rename from test/e2e/autotls/config/dnscleanup/main.go rename to test/e2e/externaldomaintls/config/dnscleanup/main.go index 47bf81bee3cd..d9f9352c7f28 100644 --- a/test/e2e/autotls/config/dnscleanup/main.go +++ b/test/e2e/externaldomaintls/config/dnscleanup/main.go @@ -21,13 +21,13 @@ import ( "github.com/kelseyhightower/envconfig" - "knative.dev/serving/test/e2e/autotls/config" + "knative.dev/serving/test/e2e/externaldomaintls/config" ) var env config.EnvConfig func main() { - if err := envconfig.Process("auto_tls_test", &env); err != nil { + if err := envconfig.Process("external_domain_tls_test", &env); err != nil { log.Fatalf("Failed to process environment variable: %v.", err) } record := &config.DNSRecord{ diff --git a/test/e2e/autotls/config/dnssetup/main.go b/test/e2e/externaldomaintls/config/dnssetup/main.go similarity index 98% rename from test/e2e/autotls/config/dnssetup/main.go rename to test/e2e/externaldomaintls/config/dnssetup/main.go index e33e59897570..d215050cbb1c 100644 --- a/test/e2e/autotls/config/dnssetup/main.go +++ b/test/e2e/externaldomaintls/config/dnssetup/main.go @@ -30,7 +30,7 @@ import ( "k8s.io/apimachinery/pkg/util/wait" - "knative.dev/serving/test/e2e/autotls/config" + "knative.dev/serving/test/e2e/externaldomaintls/config" ) var env config.EnvConfig diff --git a/test/e2e/autotls/config/util.go b/test/e2e/externaldomaintls/config/util.go similarity index 100% rename from test/e2e/autotls/config/util.go rename to test/e2e/externaldomaintls/config/util.go diff --git a/test/e2e/autotls/domain_mapping_test.go b/test/e2e/externaldomaintls/domain_mapping_test.go similarity index 94% rename from test/e2e/autotls/domain_mapping_test.go rename to test/e2e/externaldomaintls/domain_mapping_test.go index 47f22a94b7bc..95bdfddc32f3 100644 --- a/test/e2e/autotls/domain_mapping_test.go +++ b/test/e2e/externaldomaintls/domain_mapping_test.go @@ -17,7 +17,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package autotls +package externaldomaintls import ( "context" @@ -26,6 +26,7 @@ import ( "github.com/kelseyhightower/envconfig" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" + "knative.dev/networking/pkg/apis/networking" duckv1 "knative.dev/pkg/apis/duck/v1" "knative.dev/pkg/reconciler" v1 "knative.dev/serving/pkg/apis/serving/v1" @@ -45,7 +46,7 @@ type dmConfig struct { CustomDomainSuffix string `envconfig:"custom_domain_suffix" required:"false"` } -func TestDomainMappingAutoTLS(t *testing.T) { +func TestDomainMappingExternalDomainTLS(t *testing.T) { if !test.ServingFlags.EnableBetaFeatures { t.Skip("Beta features not enabled") } @@ -75,7 +76,7 @@ func TestDomainMappingAutoTLS(t *testing.T) { // Set up initial Service. svc, err := v1test.CreateServiceReady(t, clients, &names, func(service *v1.Service) { - service.Annotations = map[string]string{"networking.knative.dev/disableAutoTLS": "True"} + service.Annotations = map[string]string{networking.DisableExternalDomainTLSAnnotationKey: "true"} }) if err != nil { t.Fatalf("Failed to create initial Service %q: %v", names.Service, err) diff --git a/test/e2e/autotls/http_redirect_test.go b/test/e2e/externaldomaintls/http_redirect_test.go similarity index 98% rename from test/e2e/autotls/http_redirect_test.go rename to test/e2e/externaldomaintls/http_redirect_test.go index f941bc4a6c3e..1ca3bd18af22 100644 --- a/test/e2e/autotls/http_redirect_test.go +++ b/test/e2e/externaldomaintls/http_redirect_test.go @@ -17,7 +17,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package autotls +package externaldomaintls import ( "context" diff --git a/test/e2e/autotls/util_test.go b/test/e2e/externaldomaintls/util_test.go similarity index 99% rename from test/e2e/autotls/util_test.go rename to test/e2e/externaldomaintls/util_test.go index 76cdf88a4ed6..eaa02d2905e1 100644 --- a/test/e2e/autotls/util_test.go +++ b/test/e2e/externaldomaintls/util_test.go @@ -17,7 +17,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package autotls +package externaldomaintls import ( "context"