Skip to content

Commit 5ec787a

Browse files
authored
NO-JIRA: remove SupportsTLSProfile (#1089)
* fix: enable tls support for troubleshooting plugin * feat: remove supports tls profile flag because all uiplugin support tls now * fix: lint
1 parent 687b0c2 commit 5ec787a

4 files changed

Lines changed: 67 additions & 245 deletions

File tree

pkg/controllers/uiplugin/compatibility_matrix.go

Lines changed: 65 additions & 84 deletions
Original file line numberDiff line numberDiff line change
@@ -29,85 +29,74 @@ type CompatibilityEntry struct {
2929
ImageKey string
3030
SupportLevel SupportLevel
3131
Features []string
32-
// SupportsTLSProfile indicates whether this plugin image supports
33-
// -tls-min-version and -tls-cipher-suites command flags.
34-
SupportsTLSProfile bool
3532
}
3633

3734
type ListFunction func(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error
3835

3936
var compatibilityMatrix = []CompatibilityEntry{
4037
{
41-
PluginType: uiv1alpha1.TypeDashboards,
42-
MinClusterVersion: "v4.11",
43-
MaxClusterVersion: "",
44-
ImageKey: "ui-dashboards",
45-
Features: []string{},
46-
SupportLevel: DevPreview,
47-
SupportsTLSProfile: true,
48-
},
49-
{
50-
PluginType: uiv1alpha1.TypeTroubleshootingPanel,
51-
MinClusterVersion: "v4.19",
52-
MaxClusterVersion: "v4.22",
53-
ImageKey: "ui-troubleshooting-panel-pf6",
54-
SupportLevel: GeneralAvailability,
55-
Features: []string{},
56-
SupportsTLSProfile: false,
57-
},
58-
{
59-
PluginType: uiv1alpha1.TypeTroubleshootingPanel,
60-
MinClusterVersion: "v4.22",
61-
MaxClusterVersion: "",
62-
ImageKey: "ui-troubleshooting-panel",
63-
SupportLevel: GeneralAvailability,
64-
Features: []string{},
65-
SupportsTLSProfile: false,
66-
},
67-
{
68-
PluginType: uiv1alpha1.TypeDistributedTracing,
69-
MinClusterVersion: "v4.11",
70-
MaxClusterVersion: "v4.15",
71-
ImageKey: "ui-distributed-tracing-pf4",
72-
SupportLevel: GeneralAvailability,
73-
Features: []string{},
74-
SupportsTLSProfile: true,
75-
},
76-
{
77-
PluginType: uiv1alpha1.TypeDistributedTracing,
78-
MinClusterVersion: "v4.15",
79-
MaxClusterVersion: "v4.19",
80-
ImageKey: "ui-distributed-tracing-pf5",
81-
SupportLevel: GeneralAvailability,
82-
Features: []string{},
83-
SupportsTLSProfile: true,
84-
},
85-
{
86-
PluginType: uiv1alpha1.TypeDistributedTracing,
87-
MinClusterVersion: "v4.19",
88-
MaxClusterVersion: "v4.22",
89-
ImageKey: "ui-distributed-tracing-pf6",
90-
SupportLevel: GeneralAvailability,
91-
Features: []string{},
92-
SupportsTLSProfile: true,
93-
},
94-
{
95-
PluginType: uiv1alpha1.TypeDistributedTracing,
96-
MinClusterVersion: "v4.22",
97-
MaxClusterVersion: "",
98-
ImageKey: "ui-distributed-tracing",
99-
SupportLevel: GeneralAvailability,
100-
Features: []string{},
101-
SupportsTLSProfile: true,
102-
},
103-
{
104-
PluginType: uiv1alpha1.TypeLogging,
105-
MinClusterVersion: "v4.11",
106-
MaxClusterVersion: "v4.12",
107-
ImageKey: "ui-logging-pf4",
108-
SupportLevel: GeneralAvailability,
109-
Features: []string{},
110-
SupportsTLSProfile: true,
38+
PluginType: uiv1alpha1.TypeDashboards,
39+
MinClusterVersion: "v4.11",
40+
MaxClusterVersion: "",
41+
ImageKey: "ui-dashboards",
42+
Features: []string{},
43+
SupportLevel: DevPreview,
44+
},
45+
{
46+
PluginType: uiv1alpha1.TypeTroubleshootingPanel,
47+
MinClusterVersion: "v4.19",
48+
MaxClusterVersion: "v4.22",
49+
ImageKey: "ui-troubleshooting-panel-pf6",
50+
SupportLevel: GeneralAvailability,
51+
Features: []string{},
52+
},
53+
{
54+
PluginType: uiv1alpha1.TypeTroubleshootingPanel,
55+
MinClusterVersion: "v4.22",
56+
MaxClusterVersion: "",
57+
ImageKey: "ui-troubleshooting-panel",
58+
SupportLevel: GeneralAvailability,
59+
Features: []string{},
60+
},
61+
{
62+
PluginType: uiv1alpha1.TypeDistributedTracing,
63+
MinClusterVersion: "v4.11",
64+
MaxClusterVersion: "v4.15",
65+
ImageKey: "ui-distributed-tracing-pf4",
66+
SupportLevel: GeneralAvailability,
67+
Features: []string{},
68+
},
69+
{
70+
PluginType: uiv1alpha1.TypeDistributedTracing,
71+
MinClusterVersion: "v4.15",
72+
MaxClusterVersion: "v4.19",
73+
ImageKey: "ui-distributed-tracing-pf5",
74+
SupportLevel: GeneralAvailability,
75+
Features: []string{},
76+
},
77+
{
78+
PluginType: uiv1alpha1.TypeDistributedTracing,
79+
MinClusterVersion: "v4.19",
80+
MaxClusterVersion: "v4.22",
81+
ImageKey: "ui-distributed-tracing-pf6",
82+
SupportLevel: GeneralAvailability,
83+
Features: []string{},
84+
},
85+
{
86+
PluginType: uiv1alpha1.TypeDistributedTracing,
87+
MinClusterVersion: "v4.22",
88+
MaxClusterVersion: "",
89+
ImageKey: "ui-distributed-tracing",
90+
SupportLevel: GeneralAvailability,
91+
Features: []string{},
92+
},
93+
{
94+
PluginType: uiv1alpha1.TypeLogging,
95+
MinClusterVersion: "v4.11",
96+
MaxClusterVersion: "v4.12",
97+
ImageKey: "ui-logging-pf4",
98+
SupportLevel: GeneralAvailability,
99+
Features: []string{},
111100
},
112101
{
113102
PluginType: uiv1alpha1.TypeLogging,
@@ -118,7 +107,6 @@ var compatibilityMatrix = []CompatibilityEntry{
118107
Features: []string{
119108
"dev-console",
120109
},
121-
SupportsTLSProfile: true,
122110
},
123111
{
124112
PluginType: uiv1alpha1.TypeLogging,
@@ -130,7 +118,6 @@ var compatibilityMatrix = []CompatibilityEntry{
130118
"dev-console",
131119
"alerts",
132120
},
133-
SupportsTLSProfile: true,
134121
},
135122
{
136123
PluginType: uiv1alpha1.TypeLogging,
@@ -143,7 +130,6 @@ var compatibilityMatrix = []CompatibilityEntry{
143130
"alerts",
144131
"dev-alerts",
145132
},
146-
SupportsTLSProfile: true,
147133
},
148134
{
149135
PluginType: uiv1alpha1.TypeLogging,
@@ -156,7 +142,6 @@ var compatibilityMatrix = []CompatibilityEntry{
156142
"alerts",
157143
"dev-alerts",
158144
},
159-
SupportsTLSProfile: true,
160145
},
161146
{
162147
PluginType: uiv1alpha1.TypeLogging,
@@ -169,7 +154,6 @@ var compatibilityMatrix = []CompatibilityEntry{
169154
"alerts",
170155
"dev-alerts",
171156
},
172-
SupportsTLSProfile: true,
173157
},
174158
{
175159
PluginType: uiv1alpha1.TypeMonitoring,
@@ -179,8 +163,7 @@ var compatibilityMatrix = []CompatibilityEntry{
179163
SupportLevel: TechPreview,
180164
// feature flags for montioring are dynamically injected
181165
// based on the cluster version and and UIPlugin CR configurations
182-
Features: []string{},
183-
SupportsTLSProfile: true,
166+
Features: []string{},
184167
},
185168
{
186169
PluginType: uiv1alpha1.TypeMonitoring,
@@ -190,8 +173,7 @@ var compatibilityMatrix = []CompatibilityEntry{
190173
SupportLevel: GeneralAvailability,
191174
// feature flags for montioring are dynamically injected
192175
// based on the cluster version and and UIPlugin CR configurations
193-
Features: []string{},
194-
SupportsTLSProfile: true,
176+
Features: []string{},
195177
},
196178
{
197179
PluginType: uiv1alpha1.TypeMonitoring,
@@ -201,8 +183,7 @@ var compatibilityMatrix = []CompatibilityEntry{
201183
SupportLevel: GeneralAvailability,
202184
// feature flags for montioring are dynamically injected
203185
// based on the cluster version and and UIPlugin CR configurations
204-
Features: []string{},
205-
SupportsTLSProfile: true,
186+
Features: []string{},
206187
},
207188
}
208189

pkg/controllers/uiplugin/compatibility_matrix_test.go

Lines changed: 0 additions & 89 deletions
Original file line numberDiff line numberDiff line change
@@ -417,92 +417,3 @@ func TestLookupImageAndFeatures(t *testing.T) {
417417
})
418418
}
419419
}
420-
421-
func TestSupportsTLSProfile(t *testing.T) {
422-
for _, tc := range []struct {
423-
pluginType uiv1alpha1.UIPluginType
424-
clusterVersion string
425-
expectedTLSSupport bool
426-
description string
427-
}{
428-
{
429-
pluginType: uiv1alpha1.TypeDashboards,
430-
clusterVersion: "4.11",
431-
expectedTLSSupport: true,
432-
description: "Dashboards plugin should support TLS profile",
433-
},
434-
{
435-
pluginType: uiv1alpha1.TypeLogging,
436-
clusterVersion: "4.11",
437-
expectedTLSSupport: true,
438-
description: "Logging plugin should support TLS profile",
439-
},
440-
{
441-
pluginType: uiv1alpha1.TypeLogging,
442-
clusterVersion: "4.13",
443-
expectedTLSSupport: true,
444-
description: "Logging plugin v4.13 should support TLS profile",
445-
},
446-
{
447-
pluginType: uiv1alpha1.TypeLogging,
448-
clusterVersion: "4.15",
449-
expectedTLSSupport: true,
450-
description: "Logging plugin v4.15 should support TLS profile",
451-
},
452-
{
453-
pluginType: uiv1alpha1.TypeLogging,
454-
clusterVersion: "4.22",
455-
expectedTLSSupport: true,
456-
description: "Logging plugin v4.22 should support TLS profile",
457-
},
458-
{
459-
pluginType: uiv1alpha1.TypeMonitoring,
460-
clusterVersion: "4.15",
461-
expectedTLSSupport: true,
462-
description: "Monitoring plugin v4.15 should support TLS profile",
463-
},
464-
{
465-
pluginType: uiv1alpha1.TypeMonitoring,
466-
clusterVersion: "4.19",
467-
expectedTLSSupport: true,
468-
description: "Monitoring plugin v4.19 should support TLS profile",
469-
},
470-
{
471-
pluginType: uiv1alpha1.TypeMonitoring,
472-
clusterVersion: "4.22",
473-
expectedTLSSupport: true,
474-
description: "Monitoring plugin v4.22 should support TLS profile",
475-
},
476-
{
477-
pluginType: uiv1alpha1.TypeDistributedTracing,
478-
clusterVersion: "4.11",
479-
expectedTLSSupport: true,
480-
description: "DistributedTracing plugin should support TLS profile",
481-
},
482-
{
483-
pluginType: uiv1alpha1.TypeDistributedTracing,
484-
clusterVersion: "4.22",
485-
expectedTLSSupport: true,
486-
description: "DistributedTracing plugin v4.22 should support TLS profile",
487-
},
488-
{
489-
pluginType: uiv1alpha1.TypeTroubleshootingPanel,
490-
clusterVersion: "4.19",
491-
expectedTLSSupport: false,
492-
description: "TroubleshootingPanel plugin should support TLS profile",
493-
},
494-
{
495-
pluginType: uiv1alpha1.TypeTroubleshootingPanel,
496-
clusterVersion: "4.22",
497-
expectedTLSSupport: false,
498-
description: "TroubleshootingPanel plugin v4.22 should support TLS profile",
499-
},
500-
} {
501-
t.Run(fmt.Sprintf("%s/%s", tc.pluginType, tc.clusterVersion), func(t *testing.T) {
502-
info, err := lookupImageAndFeatures(tc.pluginType, tc.clusterVersion)
503-
assert.NilError(t, err, "Should successfully lookup plugin info")
504-
505-
assert.Equal(t, tc.expectedTLSSupport, info.SupportsTLSProfile, tc.description)
506-
})
507-
}
508-
}

pkg/controllers/uiplugin/components_test.go

Lines changed: 0 additions & 63 deletions
Original file line numberDiff line numberDiff line change
@@ -168,66 +168,3 @@ func indexOfArg(args []string, target string) int {
168168
}
169169
return -1
170170
}
171-
172-
func TestPluginComponentReconcilersTLSProfile(t *testing.T) {
173-
testCases := []struct {
174-
name string
175-
tlsMinVersion string
176-
tlsCiphers []string
177-
expectTLS bool
178-
}{
179-
{
180-
name: "TLS profile applied when SupportsTLSProfile populates fields",
181-
tlsMinVersion: "VersionTLS12",
182-
tlsCiphers: []string{"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384"},
183-
expectTLS: true,
184-
},
185-
{
186-
name: "no TLS args when plugin does not support TLS profile",
187-
tlsMinVersion: "",
188-
tlsCiphers: nil,
189-
expectTLS: false,
190-
},
191-
}
192-
193-
for _, tc := range testCases {
194-
t.Run(tc.name, func(t *testing.T) {
195-
info := UIPluginInfo{
196-
Name: "test-plugin",
197-
ConsoleName: "test-console-plugin",
198-
Image: "test-image:latest",
199-
ResourceNamespace: "test-ns",
200-
ExtraArgs: []string{"-config-path=/opt/app-root/config"},
201-
TLSMinVersion: tc.tlsMinVersion,
202-
TLSCiphers: tc.tlsCiphers,
203-
}
204-
205-
deploy := newDeployment(info, "test-ns", nil)
206-
args := deploy.Spec.Template.Spec.Containers[0].Args
207-
208-
if tc.expectTLS {
209-
assert.Assert(t, containsArg(args, "-tls-min-version="+tc.tlsMinVersion),
210-
"expected -tls-min-version arg in %v", args)
211-
assert.Assert(t, containsArgPrefix(args, "-tls-cipher-suites="),
212-
"expected -tls-cipher-suites arg in %v", args)
213-
214-
// TLS args must come after plugin-specific extra args
215-
extraIdx := indexOfArg(args, "-config-path=/opt/app-root/config")
216-
tlsIdx := indexOfArg(args, "-tls-min-version="+tc.tlsMinVersion)
217-
assert.Assert(t, extraIdx < tlsIdx,
218-
"TLS args (idx %d) should appear after extra args (idx %d)", tlsIdx, extraIdx)
219-
} else {
220-
assert.Assert(t, !containsArgPrefix(args, "-tls-min-version="),
221-
"unexpected -tls-min-version arg in %v", args)
222-
assert.Assert(t, !containsArgPrefix(args, "-tls-cipher-suites="),
223-
"unexpected -tls-cipher-suites arg in %v", args)
224-
}
225-
226-
// Base args must always be present regardless of TLS
227-
assert.Assert(t, containsArg(args, "-port=9443"))
228-
assert.Assert(t, containsArg(args, "-cert=/var/serving-cert/tls.crt"))
229-
assert.Assert(t, containsArg(args, "-key=/var/serving-cert/tls.key"))
230-
assert.Assert(t, containsArg(args, "-config-path=/opt/app-root/config"))
231-
})
232-
}
233-
}

pkg/controllers/uiplugin/plugin_info_builder.go

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -114,15 +114,8 @@ func PluginInfoBuilder(ctx context.Context, k client.Client, dk dynamic.Interfac
114114
return nil, fmt.Errorf("plugin type not supported: %s", plugin.Spec.Type)
115115
}
116116

117-
if compatibilityInfo.SupportsTLSProfile {
118-
pluginInfo.TLSMinVersion = string(pluginConf.TLSProfile.MinTLSVersion)
119-
pluginInfo.TLSCiphers = libgocrypto.OpenSSLToIANACipherSuites(pluginConf.TLSProfile.Ciphers)
120-
} else {
121-
logger.Info("TLS profile not applied: plugin image does not support TLS profile flags",
122-
"plugin", plugin.Name,
123-
"pluginType", plugin.Spec.Type,
124-
"imageKey", compatibilityInfo.ImageKey)
125-
}
117+
pluginInfo.TLSMinVersion = string(pluginConf.TLSProfile.MinTLSVersion)
118+
pluginInfo.TLSCiphers = libgocrypto.OpenSSLToIANACipherSuites(pluginConf.TLSProfile.Ciphers)
126119

127120
return pluginInfo, err
128121
}

0 commit comments

Comments
 (0)