-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rename the allowlist route annotation #564
base: master
Are you sure you want to change the base?
Rename the allowlist route annotation #564
Conversation
Use the new annotation key "haproxy.router.openshift.io/ip_allowlist" in addition to the old "haproxy.router.openshift.io/ip_whitelist" annotation key. Continue to allow the old annotation key for now, but use the new one if it is present. If a route has annotations with both keys, the annotation with the new key is used, and the annotation with the old key is ignored. Also rename some template helper functions. Note that this is technically a breaking change for custom config templates! Also rename internal consts, variables, functions, struct fields, and HAProxy ACLs to change "whitelist" to "allowlist" and "blacklist" to "denylist". * images/router/haproxy/conf/haproxy-config.template: Check for both the old annotation and new annotation keys. Rename the associated acl and file name. * pkg/cmd/infra/router/router.go (RouterSelection): Rename BlacklistedDomains to DenylistedDomains and WhitelistedDomains to AllowlistedDomains. (AdmissionCheck, RouteAdmissionFunc): Update for changes in RouterSelection. * pkg/router/router_test.go (TestMain): Use the new HAProxy allowlist file name. (TestConfigTemplate): Update tests to use the new annotation key and to check for the new HAProxy ACL name and file name. Add a test for the old annotation key to ensure we don't break existing routes. * pkg/router/template/configmanager/haproxy/manager.go (modAnnotationsList): Add the new annotation key (but keep the old one as well as it is still recognized in the template). * pkg/router/template/router.go (whitelistDir): Rename... (allowlistDir): ...to this. * pkg/router/template/template_helper.go (validateHAProxyWhiteList): Rename... (validateHAProxyAllowlist): ...to this. Use the new ValidateAllowlist helper. (generateHAProxyWhiteListFile): Rename... (generateHAProxyAllowlistFile): ...to this. Use the new ValidateAllowlist helper and allowlistDir const, and update an error message. (helperFunctions): Rename validateHAProxyWhiteList and generateHAProxyWhiteListFile to validateHAProxyAllowlist and generateHAProxyAllowlistFile, respectively. * pkg/router/template/template_helper_test.go (TestGenerateHAProxyWhiteListFile): Rename... (Test_generateHAProxyAllowlistFile): ...to this. Use the new allowlistDir const. Update some error messages and internal struct field names. * pkg/router/template/util/haproxy/whitelist.go: Rename file... * pkg/router/template/util/haproxy/allowlist.go: ...to this. (HAPROXY_MAX_WHITELIST_LENGTH): Rename const... (HAPROXY_MAX_ALLOWLIST_LENGTH): ...to this. (ValidateWhiteList): Rename... (ValidateAllowlist): ...to this. * pkg/router/template/util/haproxy/whitelist_test.go: Rename file... * pkg/router/template/util/haproxy/allowlist_test.go: ...to this. (TestValidateWhitelist): Rename... (Test_ValidateAllowlist): ...to this.
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@Miciah: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Use the new annotation key "haproxy.router.openshift.io/ip_allowlist" in addition to the old "haproxy.router.openshift.io/ip_whitelist" annotation key. Continue to allow the old annotation key for now, but use the new one if it is present.
If a route has annotations with both keys, the annotation with the new key is used, and the annotation with the old key is ignored.
Also rename some template helper functions. Note that this is technically a breaking change for custom config templates!
Also rename internal consts, variables, functions, struct fields, and HAProxy ACLs to change "whitelist" to "allowlist" and "blacklist" to "denylist".
images/router/haproxy/conf/haproxy-config.template
: Check for both the old annotation and new annotation keys. Rename the associated acl and file name.pkg/cmd/infra/router/router.go
(RouterSelection
): RenameBlacklistedDomains
toDenylistedDomains
andWhitelistedDomains
toAllowlistedDomains
.(
AdmissionCheck
,RouteAdmissionFunc
): Update for changes inRouterSelection
.pkg/router/router_test.go
(TestMain
): Use the new HAProxy allowlist file name.(
TestConfigTemplate
): Update tests to use the new annotation key and to check for the new HAProxy ACL name and file name. Add a test for the old annotation key to ensure we don't break existing routes.pkg/router/template/configmanager/haproxy/manager.go
(modAnnotationsList
): Add the new annotation key (but keep the old one as well as it is still recognized in the template).pkg/router/template/router.go
(whitelistDir
): Rename...(
allowlistDir
): ...to this.pkg/router/template/template_helper.go
(validateHAProxyWhiteList
): Rename...(
validateHAProxyAllowlist
): ...to this. Use the newValidateAllowlist
helper.(
generateHAProxyWhiteListFile
): Rename...(
generateHAProxyAllowlistFile
): ...to this. Use the newValidateAllowlist
helper andallowlistDir
const, and update an error message.(
helperFunctions
): RenamevalidateHAProxyWhiteList
andgenerateHAProxyWhiteListFile
tovalidateHAProxyAllowlist
andgenerateHAProxyAllowlistFile
, respectively.pkg/router/template/template_helper_test.go
(TestGenerateHAProxyWhiteListFile
): Rename...(
Test_generateHAProxyAllowlistFile
): ...to this. Use the newallowlistDir
const. Update some error messages and internal struct field names.pkg/router/template/util/haproxy/whitelist.go
: Rename file...pkg/router/template/util/haproxy/allowlist.go
: ...to this.(
HAPROXY_MAX_WHITELIST_LENGTH
): Rename const...(
HAPROXY_MAX_ALLOWLIST_LENGTH
): ...to this.(
ValidateWhiteList
): Rename...(
ValidateAllowlist
): ...to this.pkg/router/template/util/haproxy/whitelist_test.go
: Rename file...pkg/router/template/util/haproxy/allowlist_test.go
: ...to this.(
TestValidateWhitelist
): Rename...(
Test_ValidateAllowlist
): ...to this.