Remove deprecated TLS flags (jaegertracing#2790)

* Remove deprecated TLS flags

Signed-off-by: albertteoh <[email protected]>

* Add PR ref to changelog

Signed-off-by: albertteoh <[email protected]>

* Fix integration test

Signed-off-by: albertteoh <[email protected]>

* Add changelog deprecate entry for --es.tls

Signed-off-by: albertteoh <[email protected]>

* Add changelog deprecate entries for other storage types

Signed-off-by: albertteoh <[email protected]>

* Add remaining deprecated flags as identified by @yurishkuro

Signed-off-by: albertteoh <[email protected]>

CHANGELOG.md

@@ -8,6 +8,17 @@ Changes by Version
 
 #### Breaking Changes
 
+* Remove deprecated TLS flags ([#2790](https://github.com/jaegertracing/jaeger/issues/2790), [@albertteoh](https://github.com/albertteoh)):
+    * `--cassandra.tls` is replaced by `--cassandra.tls.enabled`
+    * `--cassandra-archive.tls` is replaced by `--cassandra-archive.tls.enabled`
+    * `--collector.grpc.tls` is replaced by `--collector.grpc.tls.enabled`
+    * `--collector.grpc.tls.client.ca` is replaced by `--collector.grpc.tls.client-ca`
+    * `--es.tls` is replaced by `--es.tls.enabled`
+    * `--es-archive.tls` is replaced by `--es-archive.tls.enabled`
+    * `--kafka.consumer.tls` is replaced by `--kafka.consumer.tls.enabled`
+    * `--kafka.producer.tls` is replaced by `--kafka.producer.tls.enabled`
+    * `--reporter.grpc.tls` is replaced by `--reporter.grpc.tls.enabled`
+
 * Remove deprecated flags of Query Server  `--query.port` and `--query.host-port`, please use dedicated HTTP `--query.http-server.host-port` (defaults to `:16686`) and gRPC `--query.grpc-server.host-port` (defaults to `:16685`)  host-ports flags instead ([#2772](https://github.com/jaegertracing/jaeger/pull/2772), [@rjs211](https://github.com/rjs211))
     * By default, if no flags are set, the query server starts on the dedicated ports.  To use common port for gRPC and  HTTP endpoints, the host-port flags have to be explicitly set
 

pkg/config/tlscfg/flags.go

@@ -22,14 +22,12 @@ import (
 
 const (
 	tlsPrefix         = ".tls"
-	tlsEnabledOld     = tlsPrefix
 	tlsEnabled        = tlsPrefix + ".enabled"
 	tlsCA             = tlsPrefix + ".ca"
 	tlsCert           = tlsPrefix + ".cert"
 	tlsKey            = tlsPrefix + ".key"
 	tlsServerName     = tlsPrefix + ".server-name"
 	tlsClientCA       = tlsPrefix + ".client-ca"
-	tlsClientCAOld    = tlsPrefix + ".client.ca"
 	tlsSkipHostVerify = tlsPrefix + ".skip-host-verify"
 )
 
@@ -51,7 +49,6 @@ type ServerFlagsConfig struct {
 func (c ClientFlagsConfig) AddFlags(flags *flag.FlagSet) {
 	if c.ShowEnabled {
 		flags.Bool(c.Prefix+tlsEnabled, false, "Enable TLS when talking to the remote server(s)")
-		flags.Bool(c.Prefix+tlsEnabledOld, false, "(deprecated) see --"+c.Prefix+tlsEnabled)
 	}
 	flags.String(c.Prefix+tlsCA, "", "Path to a TLS CA (Certification Authority) file used to verify the remote server(s) (by default will use the system truststore)")
 	flags.String(c.Prefix+tlsCert, "", "Path to a TLS Certificate file, used to identify this process to the remote server(s)")
@@ -66,23 +63,17 @@ func (c ClientFlagsConfig) AddFlags(flags *flag.FlagSet) {
 func (c ServerFlagsConfig) AddFlags(flags *flag.FlagSet) {
 	if c.ShowEnabled {
 		flags.Bool(c.Prefix+tlsEnabled, false, "Enable TLS on the server")
-		flags.Bool(c.Prefix+tlsEnabledOld, false, "(deprecated) see --"+c.Prefix+tlsEnabled)
 	}
 	flags.String(c.Prefix+tlsCert, "", "Path to a TLS Certificate file, used to identify this server to clients")
 	flags.String(c.Prefix+tlsKey, "", "Path to a TLS Private Key file, used to identify this server to clients")
 	flags.String(c.Prefix+tlsClientCA, "", "Path to a TLS CA (Certification Authority) file used to verify certificates presented by clients (if unset, all clients are permitted)")
-	flags.String(c.Prefix+tlsClientCAOld, "", "(deprecated) see --"+c.Prefix+tlsClientCA)
 }
 
 // InitFromViper creates tls.Config populated with values retrieved from Viper.
 func (c ClientFlagsConfig) InitFromViper(v *viper.Viper) Options {
 	var p Options
 	if c.ShowEnabled {
 		p.Enabled = v.GetBool(c.Prefix + tlsEnabled)
-
-		if !p.Enabled {
-			p.Enabled = v.GetBool(c.Prefix + tlsEnabledOld)
-		}
 	}
 	p.CAPath = v.GetString(c.Prefix + tlsCA)
 	p.CertPath = v.GetString(c.Prefix + tlsCert)
@@ -99,19 +90,11 @@ func (c ServerFlagsConfig) InitFromViper(v *viper.Viper) Options {
 	var p Options
 	if c.ShowEnabled {
 		p.Enabled = v.GetBool(c.Prefix + tlsEnabled)
-
-		if !p.Enabled {
-			p.Enabled = v.GetBool(c.Prefix + tlsEnabledOld)
-		}
 	}
 	p.CertPath = v.GetString(c.Prefix + tlsCert)
 	p.KeyPath = v.GetString(c.Prefix + tlsKey)
 	if c.ShowClientCA {
 		p.ClientCAPath = v.GetString(c.Prefix + tlsClientCA)
-		if s := v.GetString(c.Prefix + tlsClientCAOld); s != "" {
-			// using legacy flag
-			p.ClientCAPath = s
-		}
 	}
 	return p
 }

pkg/config/tlscfg/flags_test.go

@@ -36,9 +36,6 @@ func TestClientFlags(t *testing.T) {
 	tests := []struct {
 		option string
 	}{
-		{
-			option: "--prefix.tls=true",
-		},
 		{
 			option: "--prefix.tls.enabled=true",
 		},
@@ -76,7 +73,7 @@ func TestClientFlags(t *testing.T) {
 func TestServerFlags(t *testing.T) {
 	cmdLine := []string{
 		"##placeholder##", // replaced in each test below
-		"--prefix.tls=true",
+		"--prefix.tls.enabled=true",
 		"--prefix.tls.cert=cert-file",
 		"--prefix.tls.key=key-file",
 	}
@@ -89,10 +86,6 @@ func TestServerFlags(t *testing.T) {
 			option: "--prefix.tls.client-ca=client-ca-file",
 			file:   "client-ca-file",
 		},
-		{
-			option: "--prefix.tls.client.ca=legacy-client-ca-file",
-			file:   "legacy-client-ca-file",
-		},
 	}
 
 	for _, test := range tests {

scripts/travis/es-integration-test.sh

@@ -33,7 +33,7 @@ setup_es() {
 setup_query() {
   local arch=$(go env GOARCH)
   local params=(
-    --es.tls=false
+    --es.tls.enabled=false
     --es.version=7
     --es.server-urls=http://127.0.0.1:9200
     --query.bearer-token-propagation=true