removing ingressClassParam support

apis/elbv2/v1beta1/ingressclassparams_types.go

@@ -84,8 +84,6 @@ type Attribute struct {
 	Value string `json:"value"`
 }
 
-type MutualAuthentication string
-
 // IngressClassParamsSpec defines the desired state of IngressClassParams
 type IngressClassParamsSpec struct {
 	// NamespaceSelector restrict the namespaces of Ingresses that are allowed to specify the IngressClass with this IngressClassParams.
@@ -109,10 +107,6 @@ type IngressClassParamsSpec struct {
 	// +optional
 	SSLPolicy string `json:"sslPolicy,omitEmpty"`
 
-	// MutualAuthentication specifies the mutual TLS authentication config for all Ingresses that belong to IngressClass with this IngressClassParams.
-	// +optional
-	MutualAuthentication *MutualAuthentication `json:"mutualAuthentication,omitempty"`
-
 	// Subnets defines the subnets for all Ingresses that belong to IngressClass with this IngressClassParams.
 	// +optional
 	Subnets *SubnetSelector `json:"subnets,omitempty"`

config/crd/bases/elbv2.k8s.aws_ingressclassparams.yaml

@@ -92,10 +92,6 @@ spec:
                   - value
                   type: object
                 type: array
-              mutualAuthentication:
-                description: MutualAuthentication specifies the mutual TLS authentication
-                  config for all Ingresses that belong to IngressClass with this IngressClassParams.
-                type: string
               namespaceSelector:
                 description: NamespaceSelector restrict the namespaces of Ingresses
                   that are allowed to specify the IngressClass with this IngressClassParams.

go.mod

@@ -136,14 +136,14 @@ require (
 	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
-	golang.org/x/crypto v0.18.0 // indirect
-	golang.org/x/net v0.20.0 // indirect
+	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
-	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.16.0 // indirect
-	golang.org/x/term v0.16.0 // indirect
+	golang.org/x/sync v0.2.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/term v0.15.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/tools v0.17.0 // indirect
+	golang.org/x/tools v0.9.3 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect
 	google.golang.org/grpc v1.49.0 // indirect

helm/aws-load-balancer-controller/crds/crds.yaml

@@ -149,10 +149,6 @@ spec:
                 description: SSLPolicy specifies the SSL Policy for all Ingresses
                   that belong to IngressClass with this IngressClassParams.
                 type: string
-              mutualAuthentication:
-                description: mutualAuthentication specifies the mutual TLS authentication config for all Ingresses
-                  that belong to IngressClass with this IngressClassParams.
-                type: string
               subnets:
                 description: Subnets defines the subnets for all Ingresses that belong
                   to IngressClass with this IngressClassParams.

pkg/ingress/model_build_listener.go

@@ -6,7 +6,6 @@ import (
 	"fmt"
 	elbv2sdk "github.com/aws/aws-sdk-go/service/elbv2"
 	"k8s.io/utils/strings/slices"
-	"maps"
 	"net"
 	"strings"
 
@@ -266,75 +265,29 @@ type MutualAuthenticationConfig struct {
 }
 
 func (t *defaultModelBuildTask) computeIngressMutualAuthentication(ctx context.Context, ing *ClassifiedIngress) (map[int64]*elbv2model.MutualAuthenticationAttributes, error) {
-	var rawMtlsConfigStringFromIngressClassParam string
-	var fromIngressClassParams bool
 	var rawMtlsConfigString string
 
-	if ing.IngClassConfig.IngClassParams != nil && ing.IngClassConfig.IngClassParams.Spec.MutualAuthentication != nil {
-		rawMtlsConfigStringFromIngressClassParam = string(*ing.IngClassConfig.IngClassParams.Spec.MutualAuthentication)
-		fromIngressClassParams = true
-	}
-	// If both Ingress and IngressClassParam is missing mutualAuthentication config, return default mutualAuthentication mode
+	// If both Ingress annotation is missing mutual-authentication config, return default mutualAuthentication mode
 	if exists := t.annotationParser.ParseStringAnnotation(annotations.IngressSuffixMutualAuthentication, &rawMtlsConfigString, ing.Ing.Annotations); !exists {
-		if !fromIngressClassParams {
-			return map[int64]*elbv2model.MutualAuthenticationAttributes{443: {
-				Mode: string(elbv2model.MutualAuthenticationOffMode),
-			}}, nil
-		}
-	}
+		return map[int64]*elbv2model.MutualAuthenticationAttributes{443: {
+			Mode: string(elbv2model.MutualAuthenticationOffMode),
+		}}, nil
 
-	var ingressClassParamEntries []MutualAuthenticationConfig
+	}
 	var ingressAnnotationEntries []MutualAuthenticationConfig
-	ingressClassParamPortAndMtlsAttributes := make(map[int64]*elbv2model.MutualAuthenticationAttributes)
-	ingressAnnotationPortAndMtlsAttributes := make(map[int64]*elbv2model.MutualAuthenticationAttributes)
-	parsedPortAndMtlsAttributes := make(map[int64]*elbv2model.MutualAuthenticationAttributes)
 
-	if rawMtlsConfigStringFromIngressClassParam != "" {
-		if err := json.Unmarshal([]byte(rawMtlsConfigStringFromIngressClassParam), &ingressClassParamEntries); err != nil {
-			return nil, errors.Wrapf(err, "failed to parse mutualAuthentication configuration from ingress class: `%s`", rawMtlsConfigStringFromIngressClassParam)
-		}
-		if len(ingressClassParamEntries) == 0 {
-			return nil, errors.Errorf("empty mutualAuthentication configuration from ingress class: `%s`", rawMtlsConfigStringFromIngressClassParam)
-		}
-
-		portAndMtlsAttributesMap, err := t.parseMtlsConfigEntries(ctx, ingressClassParamEntries)
-		if err != nil {
-			return nil, err
-		}
-		ingressClassParamPortAndMtlsAttributes = portAndMtlsAttributesMap
-		if rawMtlsConfigString == "" {
-			parsedPortAndMtlsAttributes, err = t.parseMtlsAttributesForTrustStoreNames(ctx, ingressClassParamPortAndMtlsAttributes)
-			if err != nil {
-				return nil, err
-			}
-			return parsedPortAndMtlsAttributes, nil
-		}
+	if err := json.Unmarshal([]byte(rawMtlsConfigString), &ingressAnnotationEntries); err != nil {
+		return nil, errors.Wrapf(err, "failed to parse mutualAuthentication configuration from ingress annotation: `%s`", rawMtlsConfigString)
 	}
-
-	if rawMtlsConfigString != "" {
-		if err := json.Unmarshal([]byte(rawMtlsConfigString), &ingressAnnotationEntries); err != nil {
-			return nil, errors.Wrapf(err, "failed to parse mutualAuthentication configuration from ingress annotation: `%s`", rawMtlsConfigString)
-		}
-		if len(ingressAnnotationEntries) == 0 {
-			return nil, errors.Errorf("empty mutualAuthentication configuration from ingress annotation: `%s`", rawMtlsConfigString)
-		}
-		portAndMtlsAttributesMap, err := t.parseMtlsConfigEntries(ctx, ingressAnnotationEntries)
-		if err != nil {
-			return nil, err
-		}
-		ingressAnnotationPortAndMtlsAttributes = portAndMtlsAttributesMap
-		if rawMtlsConfigStringFromIngressClassParam == "" {
-			parsedPortAndMtlsAttributes, err = t.parseMtlsAttributesForTrustStoreNames(ctx, ingressAnnotationPortAndMtlsAttributes)
-			if err != nil {
-				return nil, err
-			}
-			return parsedPortAndMtlsAttributes, nil
-		}
+	if len(ingressAnnotationEntries) == 0 {
+		return nil, errors.Errorf("empty mutualAuthentication configuration from ingress annotation: `%s`", rawMtlsConfigString)
+	}
+	portAndMtlsAttributesMap, err := t.parseMtlsConfigEntries(ctx, ingressAnnotationEntries)
+	if err != nil {
+		return nil, err
 	}
 
-	maps.Copy(ingressAnnotationPortAndMtlsAttributes, ingressClassParamPortAndMtlsAttributes)
-
-	parsedPortAndMtlsAttributes, err := t.parseMtlsAttributesForTrustStoreNames(ctx, ingressAnnotationPortAndMtlsAttributes)
+	parsedPortAndMtlsAttributes, err := t.parseMtlsAttributesForTrustStoreNames(ctx, portAndMtlsAttributesMap)
 	if err != nil {
 		return nil, err
 	}