From 4ff9897189884b9f74abc1dc897cb4edb8c48732 Mon Sep 17 00:00:00 2001 From: Ben Leggett <854255+bleggett@users.noreply.github.com> Date: Wed, 22 May 2024 15:54:02 -0400 Subject: [PATCH] Don't use trust_domain in zds (#1088) Signed-off-by: Benjamin Leggett --- proto/zds.proto | 3 ++- src/inpod/admin.rs | 3 +-- src/inpod/protocol.rs | 1 - src/inpod/statemanager.rs | 1 - src/state.rs | 21 +++------------------ 5 files changed, 6 insertions(+), 23 deletions(-) diff --git a/proto/zds.proto b/proto/zds.proto index 0a5051c3f..b0bcac181 100644 --- a/proto/zds.proto +++ b/proto/zds.proto @@ -16,10 +16,11 @@ message ZdsHello { } message WorkloadInfo { + reserved "trust_domain"; // Deprecated + reserved 4; string name = 1; string namespace = 2; string service_account = 3; - string trust_domain = 4; } // Add a workload to the ztunnel. this will be accompanied by ancillary data contianing diff --git a/src/inpod/admin.rs b/src/inpod/admin.rs index 9f09a9894..e4108297a 100644 --- a/src/inpod/admin.rs +++ b/src/inpod/admin.rs @@ -169,14 +169,13 @@ mod test { &Some(crate::state::WorkloadInfo { name: "name".to_string(), namespace: "ns".to_string(), - trust_domain: "td".to_string(), service_account: "sa".to_string(), }), None, ); assert_eq!( data(), - r#"{"uid1":{"info":{"name":"name","namespace":"ns","serviceAccount":"sa","trustDomain":"td"},"state":"Up"}}"# + r#"{"uid1":{"info":{"name":"name","namespace":"ns","serviceAccount":"sa"},"state":"Up"}}"# ); handler.proxy_down(&uid1); assert_eq!(data(), "{}"); diff --git a/src/inpod/protocol.rs b/src/inpod/protocol.rs index 11a80d914..159fee10b 100644 --- a/src/inpod/protocol.rs +++ b/src/inpod/protocol.rs @@ -288,7 +288,6 @@ mod tests { name: "test".to_string(), namespace: "default".to_string(), service_account: "defaultsvc".to_string(), - trust_domain: "cluster.local".to_string(), }; let uid = uid(0); let data = prep_request(zds::workload_request::Payload::Add( diff --git a/src/inpod/statemanager.rs b/src/inpod/statemanager.rs index f623e77d1..01db06982 100644 --- a/src/inpod/statemanager.rs +++ b/src/inpod/statemanager.rs @@ -121,7 +121,6 @@ impl WorkloadProxyManagerState { name: w.name, namespace: w.namespace, service_account: w.service_account, - trust_domain: w.trust_domain, }); self.add_workload(&poddata.workload_uid, info, netns) .await diff --git a/src/state.rs b/src/state.rs index 9d1a1a64c..4e6f46852 100644 --- a/src/state.rs +++ b/src/state.rs @@ -96,7 +96,6 @@ impl Upstream { pub struct WorkloadInfo { pub name: String, pub namespace: String, - pub trust_domain: String, pub service_account: String, } @@ -104,23 +103,17 @@ impl fmt::Display for WorkloadInfo { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { write!( f, - "{}.{}.{} ({})", - self.service_account, self.namespace, self.trust_domain, self.name + "{}.{} ({})", + self.service_account, self.namespace, self.name ) } } impl WorkloadInfo { - pub fn new( - name: String, - namespace: String, - trust_domain: String, - service_account: String, - ) -> Self { + pub fn new(name: String, namespace: String, service_account: String) -> Self { Self { name, namespace, - trust_domain, service_account, } } @@ -128,7 +121,6 @@ impl WorkloadInfo { pub fn matches(&self, w: &Workload) -> bool { self.name == w.name && self.namespace == w.namespace - && self.trust_domain == w.trust_domain && self.service_account == w.service_account } } @@ -1113,7 +1105,6 @@ mod tests { let wi = WorkloadInfo { name: "test".into(), namespace: "default".into(), - trust_domain: "cluster.local".into(), service_account: "defaultacct".into(), }; @@ -1153,12 +1144,6 @@ mod tests { ctx.dest_workload_info = Some(Arc::new(wi.clone())); assert!(!mock_proxy_state.assert_rbac(&ctx).await); } - { - let mut wi = wi.clone(); - wi.trust_domain = "not-test".into(); - ctx.dest_workload_info = Some(Arc::new(wi.clone())); - assert!(!mock_proxy_state.assert_rbac(&ctx).await); - } } #[tokio::test]