From a63a8b3f346389fe8bbccdcd8496b1f9cd1d4836 Mon Sep 17 00:00:00 2001 From: shaun-nx Date: Wed, 1 Nov 2023 11:32:33 +0000 Subject: [PATCH 1/2] Remove deprecated preview policy flag --- charts/nginx-ingress/README.md | 1 - .../nginx-ingress/templates/controller-daemonset.yaml | 1 - .../nginx-ingress/templates/controller-deployment.yaml | 1 - charts/nginx-ingress/values.schema.json | 10 ---------- charts/nginx-ingress/values.yaml | 3 --- cmd/nginx-ingress/flags.go | 8 -------- .../global-configuration/command-line-arguments.md | 8 -------- tests/suite/test_auth_basic_policies.py | 2 -- tests/suite/test_auth_basic_policies_vsr.py | 2 -- 9 files changed, 36 deletions(-) diff --git a/charts/nginx-ingress/README.md b/charts/nginx-ingress/README.md index a6fb962196..bf00d17873 100644 --- a/charts/nginx-ingress/README.md +++ b/charts/nginx-ingress/README.md @@ -378,7 +378,6 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |`controller.watchNamespaceLabel` | Configures the Ingress Controller to watch only those namespaces with label foo=bar. By default the Ingress Controller watches all namespaces. Mutually exclusive with `controller.watchNamespace`. | "" | |`controller.watchSecretNamespace` | Comma separated list of namespaces the Ingress Controller should watch for resources of type Secret. If this arg is not configured, the Ingress Controller watches the same namespaces for all resources. See `controller.watchNamespace` and `controller.watchNamespaceLabel`. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. `--set controller.watchSecretNamespace="default\,nginx-ingress"`. | "" | |`controller.enableCustomResources` | Enable the custom resources. | true | -|`controller.enablePreviewPolicies` | Enable preview policies. This parameter is deprecated. To enable OIDC Policies please use `controller.enableOIDC` instead. | false | |`controller.enableOIDC` | Enable OIDC policies. | false | |`controller.enableTLSPassthrough` | Enable TLS Passthrough on default port 443. Requires `controller.enableCustomResources`. | false | |`controller.tlsPassThroughPort` | Set the port for the TLS Passthrough. Requires `controller.enableCustomResources` and `controller.enableTLSPassthrough`. | 443 | diff --git a/charts/nginx-ingress/templates/controller-daemonset.yaml b/charts/nginx-ingress/templates/controller-daemonset.yaml index fafc597da3..243907770a 100644 --- a/charts/nginx-ingress/templates/controller-daemonset.yaml +++ b/charts/nginx-ingress/templates/controller-daemonset.yaml @@ -233,7 +233,6 @@ spec: {{ if .Values.controller.enableTLSPassthrough }} - -tls-passthrough-port={{ .Values.controller.tlsPassthroughPort }} {{ end }} - - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }} - -enable-cert-manager={{ .Values.controller.enableCertManager }} - -enable-oidc={{ .Values.controller.enableOIDC }} - -enable-external-dns={{ .Values.controller.enableExternalDNS }} diff --git a/charts/nginx-ingress/templates/controller-deployment.yaml b/charts/nginx-ingress/templates/controller-deployment.yaml index 0658cba140..febddbdc5d 100644 --- a/charts/nginx-ingress/templates/controller-deployment.yaml +++ b/charts/nginx-ingress/templates/controller-deployment.yaml @@ -240,7 +240,6 @@ spec: {{ if .Values.controller.enableTLSPassthrough }} - -tls-passthrough-port={{ .Values.controller.tlsPassthroughPort }} {{ end }} - - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }} - -enable-cert-manager={{ .Values.controller.enableCertManager }} - -enable-oidc={{ .Values.controller.enableOIDC }} - -enable-external-dns={{ .Values.controller.enableExternalDNS }} diff --git a/charts/nginx-ingress/values.schema.json b/charts/nginx-ingress/values.schema.json index b6a1bc98f9..26686284a8 100644 --- a/charts/nginx-ingress/values.schema.json +++ b/charts/nginx-ingress/values.schema.json @@ -632,14 +632,6 @@ true ] }, - "enablePreviewPolicies": { - "type": "boolean", - "default": false, - "title": "The enablePreviewPolicies", - "examples": [ - false - ] - }, "enableOIDC": { "type": "boolean", "default": false, @@ -1354,7 +1346,6 @@ "setAsDefaultIngress": false, "watchNamespace": "", "enableCustomResources": true, - "enablePreviewPolicies": false, "enableOIDC": false, "includeYear": false, "enableTLSPassthrough": false, @@ -1720,7 +1711,6 @@ "setAsDefaultIngress": false, "watchNamespace": "", "enableCustomResources": true, - "enablePreviewPolicies": false, "enableOIDC": false, "includeYear": false, "enableTLSPassthrough": false, diff --git a/charts/nginx-ingress/values.yaml b/charts/nginx-ingress/values.yaml index 43e676a591..1aae822dd8 100644 --- a/charts/nginx-ingress/values.yaml +++ b/charts/nginx-ingress/values.yaml @@ -252,9 +252,6 @@ controller: ## Enable the custom resources. enableCustomResources: true - ## Enable preview policies. This parameter is deprecated. To enable OIDC Policies please use controller.enableOIDC instead. - enablePreviewPolicies: false - ## Enable OIDC policies. enableOIDC: false diff --git a/cmd/nginx-ingress/flags.go b/cmd/nginx-ingress/flags.go index 83515d58a0..62c5ee4b9d 100644 --- a/cmd/nginx-ingress/flags.go +++ b/cmd/nginx-ingress/flags.go @@ -151,9 +151,6 @@ var ( enableCustomResources = flag.Bool("enable-custom-resources", true, "Enable custom resources") - enablePreviewPolicies = flag.Bool("enable-preview-policies", false, - "Enable preview policies. This flag is deprecated. To enable OIDC Policies please use -enable-oidc instead.") - enableOIDC = flag.Bool("enable-oidc", false, "Enable OIDC Policies.") @@ -219,11 +216,6 @@ func parseFlags() { glog.Fatal("enable-tls-passthrough flag requires -enable-custom-resources") } - if *enablePreviewPolicies { - glog.Warning("enable-preview-policies is universally deprecated. To enable OIDC Policies please use -enable-oidc instead.") - } - *enableOIDC = *enablePreviewPolicies || *enableOIDC - if *appProtect && !*nginxPlus { glog.Fatal("NGINX App Protect support is for NGINX Plus only") } diff --git a/docs/content/configuration/global-configuration/command-line-arguments.md b/docs/content/configuration/global-configuration/command-line-arguments.md index def9a0273f..e5a371b703 100644 --- a/docs/content/configuration/global-configuration/command-line-arguments.md +++ b/docs/content/configuration/global-configuration/command-line-arguments.md @@ -55,14 +55,6 @@ Enables custom resources. Default `true`.   - - -### -enable-preview-policies - -Enables preview policies. This flag is deprecated. To enable OIDC Policies please use [-enable-oidc](#cmdoption-enable-oidc) instead. - -Default `false`. -  ### -enable-oidc diff --git a/tests/suite/test_auth_basic_policies.py b/tests/suite/test_auth_basic_policies.py index ba3bafa97f..40b80b9d22 100644 --- a/tests/suite/test_auth_basic_policies.py +++ b/tests/suite/test_auth_basic_policies.py @@ -49,7 +49,6 @@ def to_base64(b64_string): return b64encode(b64_string.encode("ascii")).decode("ascii") - @pytest.mark.policies @pytest.mark.parametrize( "crd_ingress_controller, virtual_server_setup", @@ -59,7 +58,6 @@ def to_base64(b64_string): "type": "complete", "extra_args": [ f"-enable-custom-resources", - f"-enable-preview-policies", f"-enable-leader-election=false", ], }, diff --git a/tests/suite/test_auth_basic_policies_vsr.py b/tests/suite/test_auth_basic_policies_vsr.py index b1e3d59a36..f7517eaf4e 100644 --- a/tests/suite/test_auth_basic_policies_vsr.py +++ b/tests/suite/test_auth_basic_policies_vsr.py @@ -39,7 +39,6 @@ def to_base64(b64_string): return b64encode(b64_string.encode("ascii")).decode("ascii") - @pytest.mark.policies @pytest.mark.parametrize( "crd_ingress_controller, v_s_route_setup", @@ -49,7 +48,6 @@ def to_base64(b64_string): "type": "complete", "extra_args": [ f"-enable-custom-resources", - f"-enable-preview-policies", f"-enable-leader-election=false", ], }, From 5c70c19e7ad8eea41cd0d8d810f641d16da5d56e Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 1 Nov 2023 11:36:35 +0000 Subject: [PATCH 2/2] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- tests/suite/test_auth_basic_policies.py | 1 + tests/suite/test_auth_basic_policies_vsr.py | 1 + 2 files changed, 2 insertions(+) diff --git a/tests/suite/test_auth_basic_policies.py b/tests/suite/test_auth_basic_policies.py index 40b80b9d22..2a4bd380d0 100644 --- a/tests/suite/test_auth_basic_policies.py +++ b/tests/suite/test_auth_basic_policies.py @@ -49,6 +49,7 @@ def to_base64(b64_string): return b64encode(b64_string.encode("ascii")).decode("ascii") + @pytest.mark.policies @pytest.mark.parametrize( "crd_ingress_controller, virtual_server_setup", diff --git a/tests/suite/test_auth_basic_policies_vsr.py b/tests/suite/test_auth_basic_policies_vsr.py index f7517eaf4e..b527f7858f 100644 --- a/tests/suite/test_auth_basic_policies_vsr.py +++ b/tests/suite/test_auth_basic_policies_vsr.py @@ -39,6 +39,7 @@ def to_base64(b64_string): return b64encode(b64_string.encode("ascii")).decode("ascii") + @pytest.mark.policies @pytest.mark.parametrize( "crd_ingress_controller, v_s_route_setup",