Rename auto-tls to external-domain-tls (#14482)

* Rename auto-tls to external-domain-tls * Fix lint warnings
knative · Oct 20, 2023 · 2c0b8dc · 2c0b8dc
1 parent 425abcb
commit 2c0b8dc
Show file tree

Hide file tree

Showing 34 changed files with 421 additions and 408 deletions.
diff --git a/docs/encryption/knative-encryption.md b/docs/encryption/knative-encryption.md
@@ -25,7 +25,7 @@ The different parts are independent of each other and (can) use different Certif
 * These certificates are either [provided manually](https://knative.dev/docs/serving/using-a-tls-cert/) or by using an implementation to the [Knative Certificate abstraction](https://github.com/knative/networking/blob/main/pkg/apis/networking/v1alpha1/certificate_types.go#L34). Currently, we support two implementations:
   * [net-certmanager](https://github.com/knative-extensions/net-certmanager) 
   * [net-http01](https://github.com/knative-extensions/net-http01)
-* Please refer to the [documentation](https://knative.dev/docs/serving/using-auto-tls/) for more information.
+* Please refer to the [documentation](https://knative.dev/docs/serving/using-external-domain-tls/) for more information.
 
 
 ### (2) Cluster-local certificates

diff --git a/pkg/apis/serving/v1/route_lifecycle.go b/pkg/apis/serving/v1/route_lifecycle.go
@@ -190,10 +190,10 @@ func (rs *RouteStatus) MarkCertificateNotOwned(name string) {
 }
 
 const (
-	// AutoTLSNotEnabledMessage is the message which is set on the
+	// ExternalDomainTLSNotEnabledMessage is the message which is set on the
 	// RouteConditionCertificateProvisioned condition when it is set to True
-	// because AutoTLS was not enabled.
-	AutoTLSNotEnabledMessage = "auto-tls is not enabled"
+	// because external-domain-tls was not enabled.
+	ExternalDomainTLSNotEnabledMessage = "external-domain-tls is not enabled"
 
 	// TLSNotEnabledForClusterLocalMessage is the message which is set on the
 	// RouteConditionCertificateProvisioned condition when it is set to True
@@ -202,7 +202,7 @@ const (
 )
 
 // MarkTLSNotEnabled sets RouteConditionCertificateProvisioned to true when
-// certificate config such as auto-tls is not enabled or private cluster-local service.
+// certificate config such as external-domain-tls is not enabled or private cluster-local service.
 func (rs *RouteStatus) MarkTLSNotEnabled(msg string) {
 	routeCondSet.Manage(rs).MarkTrueWithReason(RouteConditionCertificateProvisioned,
 		"TLSNotEnabled", msg)

diff --git a/pkg/apis/serving/v1/route_lifecycle_test.go b/pkg/apis/serving/v1/route_lifecycle_test.go
@@ -253,7 +253,7 @@ func TestTypicalRouteFlow(t *testing.T) {
 	apistest.CheckConditionOngoing(r, RouteConditionReady, t)
 
 	r.MarkTrafficAssigned()
-	r.MarkTLSNotEnabled(AutoTLSNotEnabledMessage)
+	r.MarkTLSNotEnabled(ExternalDomainTLSNotEnabledMessage)
 	apistest.CheckConditionSucceeded(r, RouteConditionAllTrafficAssigned, t)
 	apistest.CheckConditionOngoing(r, RouteConditionIngressReady, t)
 	apistest.CheckConditionOngoing(r, RouteConditionReady, t)
@@ -367,7 +367,7 @@ func TestIngressFailureRecovery(t *testing.T) {
 	apistest.CheckConditionOngoing(r, RouteConditionReady, t)
 
 	r.MarkTrafficAssigned()
-	r.MarkTLSNotEnabled(AutoTLSNotEnabledMessage)
+	r.MarkTLSNotEnabled(ExternalDomainTLSNotEnabledMessage)
 	r.PropagateIngressStatus(netv1alpha1.IngressStatus{
 		Status: duckv1.Status{
 			Conditions: duckv1.Conditions{{
@@ -467,10 +467,10 @@ func TestEndpointNotOwned(t *testing.T) {
 	apistest.CheckConditionFailed(r, RouteConditionIngressReady, t)
 }
 
-func TestRouteAutoTLSNotEnabled(t *testing.T) {
+func TestRouteExternalDomainTLSNotEnabled(t *testing.T) {
 	r := &RouteStatus{}
 	r.InitializeConditions()
-	r.MarkTLSNotEnabled(AutoTLSNotEnabledMessage)
+	r.MarkTLSNotEnabled(ExternalDomainTLSNotEnabledMessage)
 
 	apistest.CheckConditionSucceeded(r, RouteConditionCertificateProvisioned, t)
 }

diff --git a/pkg/apis/serving/v1beta1/domainmapping_lifecycle.go b/pkg/apis/serving/v1beta1/domainmapping_lifecycle.go
@@ -59,10 +59,10 @@ func (dms *DomainMappingStatus) InitializeConditions() {
 }
 
 const (
-	// AutoTLSNotEnabledMessage is the message which is set on the
+	// ExternalDomainTLSNotEnabledMessage is the message which is set on the
 	// DomainMappingConditionCertificateProvisioned condition when it is set to True
-	// because AutoTLS was not enabled.
-	AutoTLSNotEnabledMessage = "auto-tls is not enabled"
+	// because external-domain-tls was not enabled.
+	ExternalDomainTLSNotEnabledMessage = "external-domain-tls is not enabled"
 	// TLSCertificateProvidedExternally indicates that a TLS secret won't be created or managed
 	// instead a reference to an existing TLS secret should have been provided in the DomainMapping spec
 	TLSCertificateProvidedExternally = "TLS certificate was provided externally"

diff --git a/pkg/apis/serving/v1beta1/domainmapping_lifecycle_test.go b/pkg/apis/serving/v1beta1/domainmapping_lifecycle_test.go
@@ -71,7 +71,7 @@ func TestDomainClaimConditions(t *testing.T) {
 	dms := &DomainMappingStatus{}
 
 	dms.InitializeConditions()
-	dms.MarkTLSNotEnabled("AutoTLS not yet available for DomainMapping")
+	dms.MarkTLSNotEnabled("external-domain-tls not yet available for DomainMapping")
 	apistest.CheckConditionOngoing(dms, DomainMappingConditionDomainClaimed, t)
 	apistest.CheckConditionOngoing(dms, DomainMappingConditionReady, t)
 
@@ -103,7 +103,7 @@ func TestReferenceResolvedCondition(t *testing.T) {
 	dms := &DomainMappingStatus{}
 
 	dms.InitializeConditions()
-	dms.MarkTLSNotEnabled("AutoTLS not yet available for DomainMapping")
+	dms.MarkTLSNotEnabled("external-domain-tls not yet available for DomainMapping")
 	apistest.CheckConditionOngoing(dms, DomainMappingConditionReferenceResolved, t)
 	apistest.CheckConditionOngoing(dms, DomainMappingConditionReady, t)
 
@@ -157,10 +157,10 @@ func TestDomainMappingNotOwnCertificate(t *testing.T) {
 	apistest.CheckConditionFailed(dms, DomainMappingConditionCertificateProvisioned, t)
 }
 
-func TestDomainMappingAutoTLSNotEnabled(t *testing.T) {
+func TestDomainMappingExternalDomainTLSNotEnabled(t *testing.T) {
 	dms := &DomainMappingStatus{}
 	dms.InitializeConditions()
-	dms.MarkTLSNotEnabled(AutoTLSNotEnabledMessage)
+	dms.MarkTLSNotEnabled(ExternalDomainTLSNotEnabledMessage)
 
 	apistest.CheckConditionSucceeded(dms, DomainMappingConditionCertificateProvisioned, t)
 }
@@ -177,7 +177,7 @@ func TestPropagateIngressStatus(t *testing.T) {
 	dms := &DomainMappingStatus{}
 
 	dms.InitializeConditions()
-	dms.MarkTLSNotEnabled("AutoTLS not yet available for DomainMapping")
+	dms.MarkTLSNotEnabled("external-domain-tls not yet available for DomainMapping")
 	apistest.CheckConditionOngoing(dms, DomainMappingConditionIngressReady, t)
 	apistest.CheckConditionOngoing(dms, DomainMappingConditionReady, t)
 

diff --git a/pkg/reconciler/domainmapping/reconciler.go b/pkg/reconciler/domainmapping/reconciler.go
@@ -171,18 +171,18 @@ func (r *Reconciler) FinalizeKind(ctx context.Context, dm *v1beta1.DomainMapping
 	return r.netclient.NetworkingV1alpha1().ClusterDomainClaims().Delete(ctx, dm.Name, metav1.DeleteOptions{})
 }
 
-func autoTLSEnabled(ctx context.Context, dm *v1beta1.DomainMapping) bool {
-	if !config.FromContext(ctx).Network.AutoTLS {
+func externalDomainTLSEnabled(ctx context.Context, dm *v1beta1.DomainMapping) bool {
+	if !config.FromContext(ctx).Network.ExternalDomainTLS {
 		return false
 	}
-	annotationValue := netapi.GetDisableAutoTLS(dm.Annotations)
+	annotationValue := netapi.GetDisableExternalDomainTLS(dm.Annotations)
 	disabledByAnnotation, err := strconv.ParseBool(annotationValue)
 	if annotationValue != "" && err != nil {
 		logger := logging.FromContext(ctx)
 		// Validation should've caught an invalid value here.
 		// If we have one anyway, assume not disabled and log a warning.
 		logger.Warnf("DM.Annotations[%s] = %q is invalid",
-			netapi.DisableAutoTLSAnnotationKey, annotationValue)
+			netapi.DisableExternalDomainTLSAnnotation, annotationValue)
 	}
 
 	return !disabledByAnnotation
@@ -203,8 +203,8 @@ func (r *Reconciler) tls(ctx context.Context, dm *v1beta1.DomainMapping) ([]netv
 		}}, nil, nil
 	}
 
-	if !autoTLSEnabled(ctx, dm) {
-		dm.Status.MarkTLSNotEnabled(v1.AutoTLSNotEnabledMessage)
+	if !externalDomainTLSEnabled(ctx, dm) {
+		dm.Status.MarkTLSNotEnabled(v1.ExternalDomainTLSNotEnabledMessage)
 		return nil, nil, nil
 	}
 

diff --git a/pkg/reconciler/domainmapping/reconciler_test.go b/pkg/reconciler/domainmapping/reconciler_test.go
@@ -25,65 +25,65 @@ import (
 	"knative.dev/serving/pkg/reconciler/domainmapping/config"
 )
 
-func TestAutoTLSEnabled(t *testing.T) {
+func TestExternalDomainTLSEnabled(t *testing.T) {
 	dm := domainMapping("test-ns", "test-route")
 
 	for _, tc := range []struct {
-		name                  string
-		configAutoTLSEnabled  bool
-		tlsDisabledAnnotation string
-		wantAutoTLSEnabled    bool
+		name                           string
+		configExternalDomainTLSEnabled bool
+		tlsDisabledAnnotation          string
+		wantExternalDomainTLSEnabled   bool
 	}{{
-		name:                 "AutoTLS enabled by config, not disabled by annotation",
-		configAutoTLSEnabled: true,
-		wantAutoTLSEnabled:   true,
+		name:                           "ExternalDomainTLS enabled by config, not disabled by annotation",
+		configExternalDomainTLSEnabled: true,
+		wantExternalDomainTLSEnabled:   true,
 	}, {
-		name:                  "AutoTLS enabled by config, disabled by annotation",
-		configAutoTLSEnabled:  true,
-		tlsDisabledAnnotation: "true",
-		wantAutoTLSEnabled:    false,
+		name:                           "ExternalDomainTLS enabled by config, disabled by annotation",
+		configExternalDomainTLSEnabled: true,
+		tlsDisabledAnnotation:          "true",
+		wantExternalDomainTLSEnabled:   false,
 	}, {
-		name:                 "AutoTLS disabled by config, not disabled by annotation",
-		configAutoTLSEnabled: false,
-		wantAutoTLSEnabled:   false,
+		name:                           "ExternalDomainTLS disabled by config, not disabled by annotation",
+		configExternalDomainTLSEnabled: false,
+		wantExternalDomainTLSEnabled:   false,
 	}, {
-		name:                  "AutoTLS disabled by config, disabled by annotation",
-		configAutoTLSEnabled:  false,
-		tlsDisabledAnnotation: "true",
-		wantAutoTLSEnabled:    false,
+		name:                           "ExternalDomainTLS disabled by config, disabled by annotation",
+		configExternalDomainTLSEnabled: false,
+		tlsDisabledAnnotation:          "true",
+		wantExternalDomainTLSEnabled:   false,
 	}, {
-		name:                  "AutoTLS enabled by config, invalid annotation",
-		configAutoTLSEnabled:  true,
-		tlsDisabledAnnotation: "foo",
-		wantAutoTLSEnabled:    true,
+		name:                           "ExternalDomainTLS enabled by config, invalid annotation",
+		configExternalDomainTLSEnabled: true,
+		tlsDisabledAnnotation:          "foo",
+		wantExternalDomainTLSEnabled:   true,
 	}, {
-		name:                  "AutoTLS disabled by config, invalid annotation",
-		configAutoTLSEnabled:  false,
-		tlsDisabledAnnotation: "foo",
-		wantAutoTLSEnabled:    false,
+		name:                           "ExternalDomainTLS disabled by config, invalid annotation",
+		configExternalDomainTLSEnabled: false,
+		tlsDisabledAnnotation:          "foo",
+		wantExternalDomainTLSEnabled:   false,
 	}, {
-		name:                 "AutoTLS disabled by config nil annotations",
-		configAutoTLSEnabled: false,
-		wantAutoTLSEnabled:   false,
+		name:                           "ExternalDomainTLS disabled by config nil annotations",
+		configExternalDomainTLSEnabled: false,
+		wantExternalDomainTLSEnabled:   false,
 	}, {
-		name:                 "AutoTLS enabled by config, nil annotations",
-		configAutoTLSEnabled: true,
-		wantAutoTLSEnabled:   true,
+		name:                           "ExternalDomainTLS enabled by config, nil annotations",
+		configExternalDomainTLSEnabled: true,
+		wantExternalDomainTLSEnabled:   true,
 	}} {
 		t.Run(tc.name, func(t *testing.T) {
 			ctx := logtesting.TestContextWithLogger(t)
 			ctx = config.ToContext(ctx, &config.Config{
 				Network: &netcfg.Config{
-					AutoTLS: tc.configAutoTLSEnabled,
+					ExternalDomainTLS: tc.configExternalDomainTLSEnabled,
 				},
 			})
 			if tc.tlsDisabledAnnotation != "" {
 				dm.Annotations = map[string]string{
-					netapi.DisableAutoTLSAnnotationKey: tc.tlsDisabledAnnotation,
+					netapi.DisableExternalDomainTLSAnnotationKey: tc.tlsDisabledAnnotation,
 				}
 			}
-			if got := autoTLSEnabled(ctx, dm); got != tc.wantAutoTLSEnabled {
-				t.Errorf("autoTLSEnabled = %t, want %t", got, tc.wantAutoTLSEnabled)
+			if got := externalDomainTLSEnabled(ctx, dm); got != tc.wantExternalDomainTLSEnabled {
+				t.Errorf("externalDomainTLSEnabled = %t, want %t", got, tc.wantExternalDomainTLSEnabled)
 			}
 		})
 	}

diff --git a/pkg/reconciler/domainmapping/table_test.go b/pkg/reconciler/domainmapping/table_test.go
@@ -1251,7 +1251,7 @@ func TestReconcileTLSEnabled(t *testing.T) {
 					Network: &netcfg.Config{
 						DefaultIngressClass:     "the-ingress-class",
 						DefaultCertificateClass: "the-cert-class",
-						AutoTLS:                 true,
+						ExternalDomainTLS:       true,
 						HTTPProtocol:            netcfg.HTTPRedirected,
 						DefaultExternalScheme:   "http",
 					},
@@ -1318,7 +1318,7 @@ func TestReconcileTLSEnabledButDowngraded(t *testing.T) {
 					Network: &netcfg.Config{
 						DefaultIngressClass:     "the-ingress-class",
 						DefaultCertificateClass: "the-cert-class",
-						AutoTLS:                 true,
+						ExternalDomainTLS:       true,
 						HTTPProtocol:            netcfg.HTTPEnabled,
 						DefaultExternalScheme:   "http",
 					},
@@ -1425,7 +1425,7 @@ func withInitDomainMappingConditions(dm *v1beta1.DomainMapping) {
 }
 
 func withTLSNotEnabled(dm *v1beta1.DomainMapping) {
-	dm.Status.MarkTLSNotEnabled(servingv1.AutoTLSNotEnabledMessage)
+	dm.Status.MarkTLSNotEnabled(servingv1.ExternalDomainTLSNotEnabledMessage)
 }
 
 func withCertificateNotReady(dm *v1beta1.DomainMapping) {

diff --git a/pkg/reconciler/nscert/nscert_test.go b/pkg/reconciler/nscert/nscert_test.go
@@ -99,8 +99,8 @@ func newTestSetup(t *testing.T, configs ...*corev1.ConfigMap) (
 			Namespace: system.Namespace(),
 		},
 		Data: map[string]string{
-			"domain-template": defaultDomainTemplate,
-			"auto-tls":        "true",
+			"domain-template":     defaultDomainTemplate,
+			"external-domain-tls": "true",
 			// Apply to all namespaces
 			"namespace-wildcard-cert-selector": "{}",
 		},
@@ -323,7 +323,7 @@ func TestUpdateDomainTemplate(t *testing.T) {
 		},
 		Data: map[string]string{
 			"namespace-wildcard-cert-selector": "{}",
-			"auto-tls":                         "Enabled",
+			"external-domain-tls":              "Enabled",
 		},
 	}
 	ctx, cancel, certEvents, watcher := newTestSetup(t, netCfg)
@@ -348,7 +348,7 @@ func TestUpdateDomainTemplate(t *testing.T) {
 		Data: map[string]string{
 			"domain-template":                  "{{.Name}}-suffix.{{.Namespace}}.{{.Domain}}",
 			"namespace-wildcard-cert-selector": "{}",
-			"auto-tls":                         "Enabled",
+			"external-domain-tls":              "Enabled",
 		},
 	}
 	watcher.OnChange(netCfg)
@@ -369,7 +369,7 @@ func TestUpdateDomainTemplate(t *testing.T) {
 		Data: map[string]string{
 			"domain-template":                  "{{.Name}}.subdomain.{{.Namespace}}.{{.Domain}}",
 			"namespace-wildcard-cert-selector": `{}`,
-			"auto-tls":                         "Enabled",
+			"external-domain-tls":              "Enabled",
 		},
 	}
 	watcher.OnChange(netCfg)
@@ -389,8 +389,8 @@ func TestUpdateDomainTemplate(t *testing.T) {
 			Namespace: system.Namespace(),
 		},
 		Data: map[string]string{
-			"domain-template": "{{.Namespace}}.{{.Name}}.{{.Domain}}",
-			"auto-tls":        "Enabled",
+			"domain-template":     "{{.Namespace}}.{{.Name}}.{{.Domain}}",
+			"external-domain-tls": "Enabled",
 		},
 	}
 	watcher.OnChange(netCfg)
@@ -416,7 +416,7 @@ func TestChangeDefaultDomain(t *testing.T) {
 			Namespace: system.Namespace(),
 		},
 		Data: map[string]string{
-			"auto-tls":                         "Enabled",
+			"external-domain-tls":              "Enabled",
 			"namespace-wildcard-cert-selector": "{}",
 		},
 	}
@@ -472,15 +472,15 @@ func TestDomainConfigDomain(t *testing.T) {
 		name:      "no domainmapping without config",
 		domainCfg: map[string]string{},
 		netCfg: map[string]string{
-			"auto-tls": "Enabled",
+			"external-domain-tls": "Enabled",
 		},
 	}, {
 		name: "default domain",
 		domainCfg: map[string]string{
 			"other.com": "selector:\n app: dev",
 		},
 		netCfg: map[string]string{
-			"auto-tls":                         "Enabled",
+			"external-domain-tls":              "Enabled",
 			"namespace-wildcard-cert-selector": "{}",
 		},
 		wantCertName: "testns.svc.cluster.local",
@@ -491,7 +491,7 @@ func TestDomainConfigDomain(t *testing.T) {
 			"default.com": "",
 		},
 		netCfg: map[string]string{
-			"auto-tls":                         "Enabled",
+			"external-domain-tls":              "Enabled",
 			"namespace-wildcard-cert-selector": "{}",
 		},
 		wantCertName: "testns.default.com",
@@ -614,7 +614,7 @@ func kubeNamespaceWithLabelValue(name string, labels map[string]string) *corev1.
 func networkConfig() *netcfg.Config {
 	return &netcfg.Config{
 		DomainTemplate:                defaultDomainTemplate,
-		AutoTLS:                       true,
+		ExternalDomainTLS:             true,
 		DefaultCertificateClass:       testCertClass,
 		NamespaceWildcardCertSelector: &metav1.LabelSelector{},
 	}