From d0c6e3ff677aedea42b6ad14a086cc69773e3702 Mon Sep 17 00:00:00 2001 From: Stanislav Burtsev Date: Tue, 30 Jul 2024 17:59:05 +0200 Subject: [PATCH] Revert deprecation of useInsecureCookies in #310 --- api/v1/ytsaurus_types.go | 4 +-- api/v1/ytsaurus_webhook.go | 25 ++++++++----------- api/v1/zz_generated.deepcopy.go | 5 ---- .../bases/cluster.ytsaurus.tech_ytsaurus.yaml | 1 + docs/api.md | 2 +- pkg/components/ui.go | 2 +- ytop-chart/templates/ytsaurus-crd.yaml | 1 + 7 files changed, 16 insertions(+), 24 deletions(-) diff --git a/api/v1/ytsaurus_types.go b/api/v1/ytsaurus_types.go index ece09f11..c3f28605 100644 --- a/api/v1/ytsaurus_types.go +++ b/api/v1/ytsaurus_types.go @@ -480,9 +480,9 @@ type UISpec struct { ServiceType corev1.ServiceType `json:"serviceType,omitempty"` HttpNodePort *int32 `json:"httpNodePort,omitempty"` // If defined allows insecure (over http) authentication. - // Deprecated: use `secure` instead. + //+kubebuilder:default:=true //+optional - UseInsecureCookies *bool `json:"useInsecureCookies"` + UseInsecureCookies bool `json:"useInsecureCookies"` // Use secure connection to the cluster's http-proxies. //+kubebuilder:default:=false //+optional diff --git a/api/v1/ytsaurus_webhook.go b/api/v1/ytsaurus_webhook.go index ceaaee87..e778fff9 100644 --- a/api/v1/ytsaurus_webhook.go +++ b/api/v1/ytsaurus_webhook.go @@ -401,22 +401,17 @@ func (r *Ytsaurus) validateYQLAgents(*Ytsaurus) field.ErrorList { func (r *Ytsaurus) validateUi(*Ytsaurus) field.ErrorList { var allErrors field.ErrorList - if r.Spec.UI != nil { - if r.Spec.UI.UseInsecureCookies != nil && !*r.Spec.UI.UseInsecureCookies && !r.Spec.UI.Secure { - allErrors = append(allErrors, field.Invalid(field.NewPath("spec", "ui", "useInsecureCookies"), r.Spec.UI.UseInsecureCookies, "useInsecureCookies is deprecated, use secure instead")) - } - if r.Spec.UI.Secure { - for i, hp := range r.Spec.HTTPProxies { - if hp.Role != consts.DefaultHTTPProxyRole { - continue - } - if hp.Transport.HTTPSSecret == nil { - allErrors = append(allErrors, field.Required( - field.NewPath("spec", "httpProxies").Index(i).Child("transport", "httpsSecret"), - fmt.Sprintf("configured HTTPS for proxy with `%s` role is required for ui.secure", consts.DefaultHTTPProxyRole))) - } - break + if r.Spec.UI != nil && r.Spec.UI.Secure { + for i, hp := range r.Spec.HTTPProxies { + if hp.Role != consts.DefaultHTTPProxyRole { + continue + } + if hp.Transport.HTTPSSecret == nil { + allErrors = append(allErrors, field.Required( + field.NewPath("spec", "httpProxies").Index(i).Child("transport", "httpsSecret"), + fmt.Sprintf("configured HTTPS for proxy with `%s` role is required for ui.secure", consts.DefaultHTTPProxyRole))) } + break } } diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index b5dcd8e2..5c705428 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -1479,11 +1479,6 @@ func (in *UISpec) DeepCopyInto(out *UISpec) { *out = new(int32) **out = **in } - if in.UseInsecureCookies != nil { - in, out := &in.UseInsecureCookies, &out.UseInsecureCookies - *out = new(bool) - **out = **in - } in.Resources.DeepCopyInto(&out.Resources) if in.ExternalProxy != nil { in, out := &in.ExternalProxy, &out.ExternalProxy diff --git a/config/crd/bases/cluster.ytsaurus.tech_ytsaurus.yaml b/config/crd/bases/cluster.ytsaurus.tech_ytsaurus.yaml index 13558ed6..ec1b34f5 100644 --- a/config/crd/bases/cluster.ytsaurus.tech_ytsaurus.yaml +++ b/config/crd/bases/cluster.ytsaurus.tech_ytsaurus.yaml @@ -34566,6 +34566,7 @@ spec: default: lavander type: string useInsecureCookies: + default: true description: If defined allows insecure (over http) authentication. type: boolean type: object diff --git a/docs/api.md b/docs/api.md index bf5a88ff..1302e94c 100644 --- a/docs/api.md +++ b/docs/api.md @@ -1541,7 +1541,7 @@ _Appears in:_ | `image` _string_ | | | | | `serviceType` _[ServiceType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#servicetype-v1-core)_ | | NodePort | | | `httpNodePort` _integer_ | | | | -| `useInsecureCookies` _boolean_ | If defined allows insecure (over http) authentication.
Deprecated: use `secure` instead. | | | +| `useInsecureCookies` _boolean_ | If defined allows insecure (over http) authentication. | true | | | `secure` _boolean_ | Use secure connection to the cluster's http-proxies. | false | | | `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#resourcerequirements-v1-core)_ | | | | | `instanceCount` _integer_ | | | | diff --git a/pkg/components/ui.go b/pkg/components/ui.go index 9a8c31a5..bde5e80b 100644 --- a/pkg/components/ui.go +++ b/pkg/components/ui.go @@ -168,7 +168,7 @@ func (u *UI) syncComponents(ctx context.Context) (err error) { }, } - if !ytsaurusResource.Spec.UI.Secure { + if ytsaurusResource.Spec.UI.UseInsecureCookies { env = append(env, corev1.EnvVar{ Name: "YT_AUTH_ALLOW_INSECURE", Value: "1", diff --git a/ytop-chart/templates/ytsaurus-crd.yaml b/ytop-chart/templates/ytsaurus-crd.yaml index 226bf343..ec6e2798 100644 --- a/ytop-chart/templates/ytsaurus-crd.yaml +++ b/ytop-chart/templates/ytsaurus-crd.yaml @@ -34353,6 +34353,7 @@ spec: default: lavander type: string useInsecureCookies: + default: true description: If defined allows insecure (over http) authentication. type: boolean type: object