Remove deprecated parameters

Signed-off-by: Keegan Witt <[email protected]>

pkg/sidecar/config.go

@@ -32,10 +32,8 @@ type Config struct {
 	RenewSignalDeprecated              string `hcl:"renewSignal"`
 
 	// JWT configuration
-	JwtSvids                  []JwtConfig `hcl:"jwt_svids"`
-	JWTAudienceDeprecated     string      `hcl:"jwt_audience"`
-	JWTSvidFilenameDeprecated string      `hcl:"jwt_svid_file_name"`
-	JWTBundleFilename         string      `hcl:"jwt_bundle_file_name"`
+	JwtSvids          []JwtConfig `hcl:"jwt_svids"`
+	JWTBundleFilename string      `hcl:"jwt_bundle_file_name"`
 
 	// TODO: is there a reason for this to be exposed? and inside of config?
 	ReloadExternalProcess func() error
@@ -133,28 +131,15 @@ func ValidateConfig(c *Config) error {
 	}
 
 	x509EmptyCount := countEmpty(c.SvidFileName, c.SvidBundleFileName, c.SvidKeyFileName)
-	jwtSVIDEmptyCount := countEmpty(c.JWTSvidFilenameDeprecated, c.JWTAudienceDeprecated)
 	jwtBundleEmptyCount := countEmpty(c.SvidBundleFileName)
-	if x509EmptyCount == 3 && jwtSVIDEmptyCount == 2 && c.JwtSvids == nil && jwtBundleEmptyCount == 1 {
+	if x509EmptyCount == 3 && c.JwtSvids == nil && jwtBundleEmptyCount == 1 {
 		return errors.New("at least one of the sets ('svid_file_name', 'svid_key_file_name', 'svid_bundle_file_name'), ('jwt_file_name', 'jwt_audience'), 'jwt_svids', or ('jwt_bundle_file_name') must be fully specified")
 	}
 
 	if x509EmptyCount != 0 && x509EmptyCount != 3 {
 		return errors.New("all or none of 'svid_file_name', 'svid_key_file_name', 'svid_bundle_file_name' must be specified")
 	}
 
-	if jwtSVIDEmptyCount != 0 && jwtSVIDEmptyCount != 2 {
-		return errors.New("all or none of 'jwt_file_name', 'jwt_audience' must be specified")
-	}
-
-	if jwtSVIDEmptyCount == 0 {
-		c.Log.Warn(getWarning("jwt_file_name and jwt_audience", "jwt_svids"))
-	}
-
-	if jwtSVIDEmptyCount != 0 && c.JwtSvids == nil {
-		return errors.New("must not specify deprecated JWT configs ('jwt_file_name' and 'jwt_audience') and new JWT config ('jwt_svids')")
-	}
-
 	return nil
 }
 

pkg/sidecar/config_test.go

@@ -34,9 +34,9 @@ func TestParseConfig(t *testing.T) {
 	assert.Equal(t, expectedSvidFileName, c.SvidFileName)
 	assert.Equal(t, expectedKeyFileName, c.SvidKeyFileName)
 	assert.Equal(t, expectedSvidBundleFileName, c.SvidBundleFileName)
-	assert.Equal(t, expectedJWTSVIDFileName, c.JWTSvidFilenameDeprecated)
+	assert.Equal(t, expectedJWTSVIDFileName, c.JwtSvids[0].JWTSvidFilename)
 	assert.Equal(t, expectedJWTBundleFileName, c.JWTBundleFilename)
-	assert.Equal(t, expectedJWTAudience, c.JWTAudienceDeprecated)
+	assert.Equal(t, expectedJWTAudience, c.JwtSvids[0].JWTAudience)
 	assert.True(t, c.AddIntermediatesToBundle)
 }
 
@@ -56,21 +56,6 @@ func TestValidateConfig(t *testing.T) {
 				SvidBundleFileName: "bundle.pem",
 			},
 		},
-		{
-			name: "warns on deprecated jwt configs",
-			config: &Config{
-				AgentAddress:              "path",
-				JWTAudienceDeprecated:     "your-audience",
-				JWTSvidFilenameDeprecated: "jwt.token",
-				JWTBundleFilename:         "bundle.json",
-			},
-			expectLogs: []shortEntry{
-				{
-					Level:   logrus.WarnLevel,
-					Message: "jwt_file_name and jwt_audience will be deprecated, should be used as jwt_svids",
-				},
-			},
-		},
 		{
 			name: "no error",
 			config: &Config{
@@ -100,8 +85,10 @@ func TestValidateConfig(t *testing.T) {
 		{
 			name: "missing jwt config",
 			config: &Config{
-				AgentAddress:              "path",
-				JWTSvidFilenameDeprecated: "cert.pem",
+				AgentAddress: "path",
+				JwtSvids: []JwtConfig{{
+					JWTSvidFilename: "jwt.token",
+				}},
 			},
 			expectError: "all or none of 'jwt_file_name', 'jwt_audience' must be specified",
 		},

pkg/sidecar/sidecar.go

@@ -103,28 +103,20 @@ func (s *Sidecar) RunDaemon(ctx context.Context) error {
 		}()
 	}
 
-	if s.config.JWTSvidFilenameDeprecated != "" && s.config.JWTAudienceDeprecated != "" {
+	if s.config.JwtSvids != nil {
 		jwtSource, err := workloadapi.NewJWTSource(ctx, workloadapi.WithClientOptions(s.getWorkloadAPIAdress()))
 		if err != nil {
 			s.config.Log.Fatalf("Error watching JWT svid updates: %v", err)
 		}
 		s.jwtSource = jwtSource
 		defer s.jwtSource.Close()
 
-		if s.config.JwtSvids != nil {
-			for _, jwtConfig := range s.config.JwtSvids {
-				jwtConfig := jwtConfig
-				wg.Add(1)
-				go func() {
-					defer wg.Done()
-					s.updateJWTSVID(ctx, jwtConfig.JWTAudience, jwtConfig.JWTSvidFilename)
-				}()
-			}
-		} else {
+		for _, jwtConfig := range s.config.JwtSvids {
+			jwtConfig := jwtConfig
 			wg.Add(1)
 			go func() {
 				defer wg.Done()
-				s.updateJWTSVID(ctx, s.config.JWTAudienceDeprecated, s.config.JWTSvidFilenameDeprecated)
+				s.updateJWTSVID(ctx, jwtConfig.JWTAudience, jwtConfig.JWTSvidFilename)
 			}()
 		}
 	}

test/fixture/config/helper.conf

@@ -6,8 +6,12 @@ renew_signal = "SIGHUP"
 svid_file_name = "svid.pem"
 svid_key_file_name = "svid_key.pem"
 svid_bundle_file_name = "svid_bundle.pem"
-jwt_svid_file_name = "jwt_svid.token"
 jwt_bundle_file_name = "jwt_bundle.json"
-jwt_audience = "your-audience"
+jwt_svids = [
+  {
+    jwt_svid_file_name = "jwt_svid.token"
+    jwt_audience = "your-audience"
+  }
+]
 timeout = "10s"
 add_intermediates_to_bundle = true