Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove deprecated TLS flags #2790

Merged
merged 7 commits into from
Feb 5, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,17 @@ Changes by Version

#### Breaking Changes

* Remove deprecated TLS flags ([#2790](https://github.com/jaegertracing/jaeger/issues/2790), [@albertteoh](https://github.com/albertteoh)):
* `--cassandra.tls` is replaced by `--cassandra.tls.enabled`
* `--cassandra-archive.tls` is replaced by `--cassandra-archive.tls.enabled`
* `--collector.grpc.tls` is replaced by `--collector.grpc.tls.enabled`
yurishkuro marked this conversation as resolved.
Show resolved Hide resolved
* `--collector.grpc.tls.client.ca` is replaced by `--collector.grpc.tls.client-ca`
* `--es.tls` is replaced by `--es.tls.enabled`
* `--es-archive.tls` is replaced by `--es-archive.tls.enabled`
* `--kafka.consumer.tls` is replaced by `--kafka.consumer.tls.enabled`
* `--kafka.producer.tls` is replaced by `--kafka.producer.tls.enabled`
* `--reporter.grpc.tls` is replaced by `--reporter.grpc.tls.enabled`

* Remove deprecated flags of Query Server `--query.port` and `--query.host-port`, please use dedicated HTTP `--query.http-server.host-port` (defaults to `:16686`) and gRPC `--query.grpc-server.host-port` (defaults to `:16685`) host-ports flags instead ([#2772](https://github.com/jaegertracing/jaeger/pull/2772), [@rjs211](https://github.com/rjs211))
* By default, if no flags are set, the query server starts on the dedicated ports. To use common port for gRPC and HTTP endpoints, the host-port flags have to be explicitly set

Expand Down
17 changes: 0 additions & 17 deletions pkg/config/tlscfg/flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,14 +22,12 @@ import (

const (
tlsPrefix = ".tls"
tlsEnabledOld = tlsPrefix
tlsEnabled = tlsPrefix + ".enabled"
tlsCA = tlsPrefix + ".ca"
tlsCert = tlsPrefix + ".cert"
tlsKey = tlsPrefix + ".key"
tlsServerName = tlsPrefix + ".server-name"
tlsClientCA = tlsPrefix + ".client-ca"
tlsClientCAOld = tlsPrefix + ".client.ca"
tlsSkipHostVerify = tlsPrefix + ".skip-host-verify"
)

Expand All @@ -51,7 +49,6 @@ type ServerFlagsConfig struct {
func (c ClientFlagsConfig) AddFlags(flags *flag.FlagSet) {
if c.ShowEnabled {
flags.Bool(c.Prefix+tlsEnabled, false, "Enable TLS when talking to the remote server(s)")
flags.Bool(c.Prefix+tlsEnabledOld, false, "(deprecated) see --"+c.Prefix+tlsEnabled)
}
flags.String(c.Prefix+tlsCA, "", "Path to a TLS CA (Certification Authority) file used to verify the remote server(s) (by default will use the system truststore)")
flags.String(c.Prefix+tlsCert, "", "Path to a TLS Certificate file, used to identify this process to the remote server(s)")
Expand All @@ -66,23 +63,17 @@ func (c ClientFlagsConfig) AddFlags(flags *flag.FlagSet) {
func (c ServerFlagsConfig) AddFlags(flags *flag.FlagSet) {
if c.ShowEnabled {
flags.Bool(c.Prefix+tlsEnabled, false, "Enable TLS on the server")
flags.Bool(c.Prefix+tlsEnabledOld, false, "(deprecated) see --"+c.Prefix+tlsEnabled)
}
flags.String(c.Prefix+tlsCert, "", "Path to a TLS Certificate file, used to identify this server to clients")
flags.String(c.Prefix+tlsKey, "", "Path to a TLS Private Key file, used to identify this server to clients")
flags.String(c.Prefix+tlsClientCA, "", "Path to a TLS CA (Certification Authority) file used to verify certificates presented by clients (if unset, all clients are permitted)")
flags.String(c.Prefix+tlsClientCAOld, "", "(deprecated) see --"+c.Prefix+tlsClientCA)
}

// InitFromViper creates tls.Config populated with values retrieved from Viper.
func (c ClientFlagsConfig) InitFromViper(v *viper.Viper) Options {
var p Options
if c.ShowEnabled {
p.Enabled = v.GetBool(c.Prefix + tlsEnabled)

if !p.Enabled {
p.Enabled = v.GetBool(c.Prefix + tlsEnabledOld)
}
}
p.CAPath = v.GetString(c.Prefix + tlsCA)
p.CertPath = v.GetString(c.Prefix + tlsCert)
Expand All @@ -99,19 +90,11 @@ func (c ServerFlagsConfig) InitFromViper(v *viper.Viper) Options {
var p Options
if c.ShowEnabled {
p.Enabled = v.GetBool(c.Prefix + tlsEnabled)

if !p.Enabled {
p.Enabled = v.GetBool(c.Prefix + tlsEnabledOld)
}
}
p.CertPath = v.GetString(c.Prefix + tlsCert)
p.KeyPath = v.GetString(c.Prefix + tlsKey)
if c.ShowClientCA {
p.ClientCAPath = v.GetString(c.Prefix + tlsClientCA)
if s := v.GetString(c.Prefix + tlsClientCAOld); s != "" {
// using legacy flag
p.ClientCAPath = s
}
}
return p
}
9 changes: 1 addition & 8 deletions pkg/config/tlscfg/flags_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,6 @@ func TestClientFlags(t *testing.T) {
tests := []struct {
option string
}{
{
option: "--prefix.tls=true",
},
{
option: "--prefix.tls.enabled=true",
},
Expand Down Expand Up @@ -76,7 +73,7 @@ func TestClientFlags(t *testing.T) {
func TestServerFlags(t *testing.T) {
cmdLine := []string{
"##placeholder##", // replaced in each test below
"--prefix.tls=true",
"--prefix.tls.enabled=true",
"--prefix.tls.cert=cert-file",
"--prefix.tls.key=key-file",
}
Expand All @@ -89,10 +86,6 @@ func TestServerFlags(t *testing.T) {
option: "--prefix.tls.client-ca=client-ca-file",
file: "client-ca-file",
},
{
option: "--prefix.tls.client.ca=legacy-client-ca-file",
file: "legacy-client-ca-file",
},
}

for _, test := range tests {
Expand Down
14 changes: 7 additions & 7 deletions plugin/storage/es/mappings/gen_assets.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion scripts/travis/es-integration-test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ setup_es() {
setup_query() {
local arch=$(go env GOARCH)
local params=(
--es.tls=false
--es.tls.enabled=false
--es.version=7
--es.server-urls=http://127.0.0.1:9200
--query.bearer-token-propagation=true
Expand Down