MAISTRA-1856: Disable ClusterRbacConfig resources

maistra · Oct 6, 2020 · 75f3e66 · 75f3e66
1 parent f3bf790
commit 75f3e66
Show file tree

Hide file tree

Showing 16 changed files with 0 additions and 387 deletions.
diff --git a/galley/testdatasets/validation/dataset.gen.go b/galley/testdatasets/validation/dataset.gen.go
diff --git a/galley/testdatasets/validation/dataset/rbac-v1alpha1-ClusterRbacConfig-invalid.yaml b/galley/testdatasets/validation/dataset/rbac-v1alpha1-ClusterRbacConfig-invalid.yaml
diff --git a/galley/testdatasets/validation/dataset/rbac-v1alpha1-ClusterRbacConfig-valid.yaml b/galley/testdatasets/validation/dataset/rbac-v1alpha1-ClusterRbacConfig-valid.yaml
diff --git a/pilot/pkg/config/kube/crd/types.gen.go b/pilot/pkg/config/kube/crd/types.gen.go
diff --git a/pilot/pkg/model/config.go b/pilot/pkg/model/config.go
@@ -284,9 +284,6 @@ type IstioConfigStore interface {
 	// RbacConfig selects the RbacConfig of name DefaultRbacConfigName.
 	RbacConfig() *Config
 
-	// ClusterRbacConfig selects the ClusterRbacConfig of name DefaultRbacConfigName.
-	ClusterRbacConfig() *Config
-
 	// AuthorizationPolicies selects AuthorizationPolicies in the specified namespace.
 	AuthorizationPolicies(namespace string) []Config
 }
@@ -610,19 +607,6 @@ func (store *istioConfigStore) ServiceRoleBindings(namespace string) []Config {
 	return bindings
 }
 
-func (store *istioConfigStore) ClusterRbacConfig() *Config {
-	clusterRbacConfig, err := store.List(collections.IstioRbacV1Alpha1Clusterrbacconfigs.Resource().GroupVersionKind(), "")
-	if err != nil {
-		log.Errorf("failed to get ClusterRbacConfig: %v", err)
-	}
-	for _, rc := range clusterRbacConfig {
-		if rc.Name == constants.DefaultRbacConfigName {
-			return &rc
-		}
-	}
-	return nil
-}
-
 func (store *istioConfigStore) RbacConfig() *Config {
 	rbacConfigs, err := store.List(collections.IstioRbacV1Alpha1Rbacconfigs.Resource().GroupVersionKind(), "")
 	if err != nil {

diff --git a/pilot/pkg/model/config_test.go b/pilot/pkg/model/config_test.go
@@ -477,15 +477,6 @@ func TestRbacConfig(t *testing.T) {
 	}
 }
 
-func TestClusterRbacConfig(t *testing.T) {
-	store := model.MakeIstioStore(memory.Make(collections.Pilot))
-	addRbacConfigToStore(collections.IstioRbacV1Alpha1Clusterrbacconfigs.Resource().Kind(), constants.DefaultRbacConfigName, "", store, t)
-	rbacConfig := store.ClusterRbacConfig()
-	if rbacConfig.Name != constants.DefaultRbacConfigName {
-		t.Errorf("model.ClusterRbacConfig: expecting %s, but got %s", constants.DefaultRbacConfigName, rbacConfig.Name)
-	}
-}
-
 func TestAuthorizationPolicies(t *testing.T) {
 	store := model.MakeIstioStore(memory.Make(collections.Pilot))
 	addRbacConfigToStore(collections.IstioSecurityV1Beta1Authorizationpolicies.Resource().Kind(), "policy1", "istio-system", store, t)
@@ -541,10 +532,6 @@ func addRbacConfigToStore(kind, name, namespace string, store model.IstioConfigS
 		group = collections.IstioRbacV1Alpha1Rbacconfigs.Resource().Group()
 		version = collections.IstioRbacV1Alpha1Rbacconfigs.Resource().Version()
 		value = &rbacproto.RbacConfig{Mode: rbacproto.RbacConfig_ON}
-	case collections.IstioRbacV1Alpha1Clusterrbacconfigs.Resource().Kind():
-		group = collections.IstioRbacV1Alpha1Clusterrbacconfigs.Resource().Group()
-		version = collections.IstioRbacV1Alpha1Clusterrbacconfigs.Resource().Version()
-		value = &rbacproto.RbacConfig{Mode: rbacproto.RbacConfig_ON}
 	default:
 		panic("Unknown kind: " + kind)
 	}

diff --git a/pilot/pkg/model/push_context.go b/pilot/pkg/model/push_context.go
@@ -920,7 +920,6 @@ func (ps *PushContext) updateContext(
 			envoyFiltersChanged = true
 		case collections.IstioRbacV1Alpha1Servicerolebindings.Resource().GroupVersionKind(),
 			collections.IstioRbacV1Alpha1Serviceroles.Resource().GroupVersionKind(),
-			collections.IstioRbacV1Alpha1Clusterrbacconfigs.Resource().GroupVersionKind(),
 			collections.IstioRbacV1Alpha1Rbacconfigs.Resource().GroupVersionKind(),
 			collections.IstioSecurityV1Beta1Authorizationpolicies.Resource().GroupVersionKind():
 			authzChanged = true

diff --git a/pilot/pkg/networking/core/v1alpha3/fakes/fake_istio_config_store.gen.go b/pilot/pkg/networking/core/v1alpha3/fakes/fake_istio_config_store.gen.go
diff --git a/pilot/pkg/proxy/envoy/v2/ads_common.go b/pilot/pkg/proxy/envoy/v2/ads_common.go
@@ -144,7 +144,6 @@ func PushTypeFor(proxy *model.Proxy, pushEv *XdsEvent) map[XdsType]bool {
 			case collections.IstioRbacV1Alpha1Serviceroles.Resource().GroupVersionKind(),
 				collections.IstioRbacV1Alpha1Servicerolebindings.Resource().GroupVersionKind(),
 				collections.IstioRbacV1Alpha1Rbacconfigs.Resource().GroupVersionKind(),
-				collections.IstioRbacV1Alpha1Clusterrbacconfigs.Resource().GroupVersionKind(),
 				collections.IstioSecurityV1Beta1Authorizationpolicies.Resource().GroupVersionKind(),
 				collections.IstioSecurityV1Beta1Requestauthentications.Resource().GroupVersionKind():
 				out[LDS] = true
@@ -192,7 +191,6 @@ func PushTypeFor(proxy *model.Proxy, pushEv *XdsEvent) map[XdsType]bool {
 			case collections.IstioRbacV1Alpha1Serviceroles.Resource().GroupVersionKind(),
 				collections.IstioRbacV1Alpha1Servicerolebindings.Resource().GroupVersionKind(),
 				collections.IstioRbacV1Alpha1Rbacconfigs.Resource().GroupVersionKind(),
-				collections.IstioRbacV1Alpha1Clusterrbacconfigs.Resource().GroupVersionKind(),
 				collections.IstioSecurityV1Beta1Authorizationpolicies.Resource().GroupVersionKind(),
 				collections.IstioSecurityV1Beta1Requestauthentications.Resource().GroupVersionKind():
 				out[LDS] = true