kubernetes · k8s-ci-robot · Apr 21, 2021 · Apr 21, 2021 · Apr 21, 2021
diff --git a/prow/config/config.go b/prow/config/config.go
@@ -836,10 +836,6 @@ type Deck struct {
 	Branding *Branding `json:"branding,omitempty"`
 	// GoogleAnalytics, if specified, include a Google Analytics tracking code on each page.
 	GoogleAnalytics string `json:"google_analytics,omitempty"`
-	// Deprecated: RerunAuthConfig specifies who is able to trigger job reruns if that feature is enabled.
-	// The permissions here apply to all jobs.
-	// This option will be removed in favor of RerunAuthConfigs in July 2020.
-	RerunAuthConfig *prowapi.RerunAuthConfig `json:"rerun_auth_config,omitempty"`
 	// RerunAuthConfigs is a map of configs that specify who is able to trigger job reruns. The field
 	// accepts a key of: `org/repo`, `org` or `*` (wildcard) to define what GitHub org (or repo) a particular
 	// config applies to and a value of: `RerunAuthConfig` struct to define the users/groups authorized to rerun jobs.
@@ -864,17 +860,6 @@ func (d *Deck) Validate() error {
 		return fmt.Errorf("deck.skip_storage_path_validation is enabled despite deck.additional_allowed_buckets being configured: %v", d.AdditionalAllowedBuckets)
 	}
 
-	// TODO(@clarketm): Remove "rerun_auth_config" validation in July 2020
-	if d.RerunAuthConfig != nil {
-		logrus.Warning("rerun_auth_config will be deprecated in July 2020, and it will be replaced with rerun_auth_configs['*'].")
-
-		if d.RerunAuthConfigs != nil {
-			return errors.New("rerun_auth_config and rerun_auth_configs['*'] are mutually exclusive")
-		}
-
-		d.RerunAuthConfigs = RerunAuthConfigs{"*": *d.RerunAuthConfig}
-	}
-
 	// Note: The RerunAuthConfigs logic isn't deprecated, only the above RerunAuthConfig stuff is
 	if d.RerunAuthConfigs != nil {
 		for k, config := range d.RerunAuthConfigs {

diff --git a/prow/config/config_test.go b/prow/config/config_test.go
@@ -2797,78 +2797,6 @@ github_reporter:
 	}
 }
 
-func TestValidRerunAuthConfig(t *testing.T) {
-	var testCases = []struct {
-		name        string
-		prowConfig  string
-		expectError bool
-	}{
-		{
-			name: "valid rerun auth config",
-			prowConfig: `
-deck:
-  rerun_auth_config:
-    allow_anyone: false
-    github_users:
-    - someperson
-    - someotherperson
-`,
-			expectError: false,
-		},
-		{
-			name: "allow anyone and allowed users specified",
-			prowConfig: `
-deck:
-  rerun_auth_config:
-    allow_anyone: true
-    github_users:
-    - someperson
-    - anotherperson
-`,
-			expectError: true,
-		},
-		{
-			name: "empty config",
-			prowConfig: `
-deck:
-  rerun_auth_config:
-`,
-			expectError: false,
-		},
-		{
-			name: "allow anyone with an empty allowlist",
-			prowConfig: `
-deck:
-  rerun_auth_config:
-    allow_anyone: true
-    github_users:
-`,
-			expectError: false,
-		},
-	}
-
-	for _, tc := range testCases {
-		// save the config
-		prowConfigDir, err := ioutil.TempDir("", "prowConfig")
-		if err != nil {
-			t.Fatalf("fail to make tempdir: %v", err)
-		}
-		defer os.RemoveAll(prowConfigDir)
-
-		prowConfig := filepath.Join(prowConfigDir, "config.yaml")
-		if err := ioutil.WriteFile(prowConfig, []byte(tc.prowConfig), 0666); err != nil {
-			t.Fatalf("fail to write prow config: %v", err)
-		}
-
-		_, err = Load(prowConfig, "", nil, "")
-		if tc.expectError && err == nil {
-			t.Errorf("tc %s: Expect error, but got nil", tc.name)
-		} else if !tc.expectError && err != nil {
-			t.Errorf("tc %s: Expect no error, but got error %v", tc.name, err)
-		}
-	}
-}
-
 func TestRerunAuthConfigsGetRerunAuthConfig(t *testing.T) {
 	var testCases = []struct {
 		name     string
@@ -3254,28 +3182,6 @@ func TestValidateComponentConfig(t *testing.T) {
 				}}}},
 			errExpected: true,
 		},
-		{
-			name: "Both RerunAuthConfig and RerunAuthConfigs are invalid, err",
-			config: &Config{ProwConfig: ProwConfig{Deck: Deck{
-				RerunAuthConfig:  &prowapi.RerunAuthConfig{AllowAnyone: true},
-				RerunAuthConfigs: RerunAuthConfigs{"*": prowapi.RerunAuthConfig{AllowAnyone: true}},
-			}}},
-			errExpected: true,
-		},
-		{
-			name: "RerunAuthConfig and not RerunAuthConfigs is valid, no err",
-			config: &Config{ProwConfig: ProwConfig{Deck: Deck{
-				RerunAuthConfig: &prowapi.RerunAuthConfig{AllowAnyone: false, GitHubUsers: []string{"grantsmith"}},
-			}}},
-			errExpected: false,
-		},
-		{
-			name: "RerunAuthConfig only and validation fails, err",
-			config: &Config{ProwConfig: ProwConfig{Deck: Deck{
-				RerunAuthConfig: &prowapi.RerunAuthConfig{AllowAnyone: true, GitHubUsers: []string{"grantsmith"}},
-			}}},
-			errExpected: true,
-		},
 		{
 			name: "RerunAuthConfigs and not RerunAuthConfig is valid, no err",
 			config: &Config{ProwConfig: ProwConfig{Deck: Deck{

diff --git a/prow/config/prow-config-documented.yaml b/prow/config/prow-config-documented.yaml
@@ -277,32 +277,6 @@ deck:
     hidden_repos:
       - ""
 
-    # Deprecated: RerunAuthConfig specifies who is able to trigger job reruns if that feature is enabled.
-    # The permissions here apply to all jobs.
-    # This option will be removed in favor of RerunAuthConfigs in July 2020.
-    rerun_auth_config:
-        # GitHubOrgs contains names of GitHub organizations whose members can rerun the job
-        github_orgs:
-          - ""
-
-        # GitHubTeams contains IDs of GitHub teams of users who can rerun the job
-        # If you know the name of a team and the org it belongs to,
-        # you can look up its ID using this command, where the team slug is the hyphenated name:
-        # curl -H "Authorization: token <token>" "https://api.github.com/orgs/<org-name>/teams/<team slug>"
-        # or, to list all teams in a given org, use
-        # curl -H "Authorization: token <token>" "https://api.github.com/orgs/<org-name>/teams"
-        github_team_ids:
-          - 0
-
-        # GitHubTeamSlugs contains slugs and orgs of teams of users who can rerun the job
-        github_team_slugs:
-          - org: ' '
-            slug: ' '
-
-        # GitHubUsers contains names of individual users who can rerun the job
-        github_users:
-          - ""
-
     # RerunAuthConfigs is a map of configs that specify who is able to trigger job reruns. The field
     # accepts a key of: `org/repo`, `org` or `*` (wildcard) to define what GitHub org (or repo) a particular
     # config applies to and a value of: `RerunAuthConfig` struct to define the users/groups authorized to rerun jobs.