diff --git a/.golangci.yml b/.golangci.yml index 632ca1e2c..f6f2085f7 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -134,14 +134,6 @@ issues: exclude: - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked' - "should have a package comment, unless it's in another file for this package" - - 'SA1019: cfg.SSLRedirect is deprecated' - - 'SA1019: cfg.SSLTemporaryRedirect is deprecated' - - 'SA1019: cfg.SSLHost is deprecated' - - 'SA1019: cfg.SSLForceHost is deprecated' - - 'SA1019: cfg.FeaturePolicy is deprecated' - - 'SA1019: c.Providers.ConsulCatalog.Namespace is deprecated' - - 'SA1019: c.Providers.Consul.Namespace is deprecated' - - 'SA1019: c.Providers.Nomad.Namespace is deprecated' exclude-rules: - path: '(.+)_test.go' linters: diff --git a/cmd/traefik/traefik.go b/cmd/traefik/traefik.go index 15fe3f1f1..62d15e78d 100644 --- a/cmd/traefik/traefik.go +++ b/cmd/traefik/traefik.go @@ -204,10 +204,6 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err return nil, err } - if staticConfiguration.Pilot != nil { - log.Warn().Msg("Traefik Pilot has been removed.") - } - // Plugins pluginBuilder, err := createPluginBuilder(staticConfiguration) diff --git a/docs/content/deprecation/features.md b/docs/content/deprecation/features.md index 5b32fc1bf..6e8c1f740 100644 --- a/docs/content/deprecation/features.md +++ b/docs/content/deprecation/features.md @@ -2,33 +2,4 @@ This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation. -| Feature | Deprecated | End of Support | Removal | -|-------------------------------------------------------------|------------|----------------|---------| -| [Pilot](#pilot) | 2.7 | 2.8 | 2.9 | -| [Consul Enterprise Namespace](#consul-enterprise-namespace) | 2.8 | N/A | 3.0 | -| [TLS 1.0 and 1.1 Support](#tls-10-and-11) | N/A | 2.8 | N/A | -| [Nomad Namespace](#nomad-namespace) | 2.10 | N/A | 3.0 | - -## Impact - -### Pilot - -Metrics will continue to function normally up to 2.8, when they will be disabled. -In 2.9, the Pilot platform and all Traefik integration code will be permanently removed. - -Starting on 2.7 the pilot token will not be a requirement anymore for plugins. -Since 2.8, a [new plugin catalog](https://plugins.traefik.io) is available, decoupled from Pilot. - -### Consul Enterprise Namespace - -Starting on 2.8 the `namespace` option of Consul and Consul Catalog providers is deprecated, -please use the `namespaces` options instead. - -### TLS 1.0 and 1.1 - -Starting on 2.8 the default TLS options will use the minimum version of TLS 1.2. Of course, it can still be overridden with custom configuration. - -### Nomad Namespace - -Starting on 2.10 the `namespace` option of the Nomad provider is deprecated, -please use the `namespaces` options instead. +There is no feature deprecation in Traefik v3 for now. diff --git a/docs/content/middlewares/http/headers.md b/docs/content/middlewares/http/headers.md index b31b628ec..a8532e6be 100644 --- a/docs/content/middlewares/http/headers.md +++ b/docs/content/middlewares/http/headers.md @@ -364,43 +364,11 @@ The `allowedHosts` option lists fully qualified domain names that are allowed. The `hostsProxyHeaders` option is a set of header keys that may hold a proxied hostname value for the request. -### `sslRedirect` - -!!! warning - - Deprecated in favor of [EntryPoint redirection](../../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md). - -The `sslRedirect` only allow HTTPS requests when set to `true`. - -### `sslTemporaryRedirect` - -!!! warning - - Deprecated in favor of [EntryPoint redirection](../../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md). - -Set `sslTemporaryRedirect` to `true` to force an SSL redirection using a 302 (instead of a 301). - -### `sslHost` - -!!! warning - - Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md). - -The `sslHost` option is the host name that is used to redirect HTTP requests to HTTPS. - ### `sslProxyHeaders` The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid HTTPS request. It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`). -### `sslForceHost` - -!!! warning - - Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md). - -Set `sslForceHost` to `true` and set `sslHost` to force requests to use `SSLHost` regardless of whether they already use SSL. - ### `stsSeconds` The `stsSeconds` is the max-age of the `Strict-Transport-Security` header. @@ -452,14 +420,6 @@ The `publicKey` implements HPKP to prevent MITM attacks with forged certificates The `referrerPolicy` allows sites to control whether browsers forward the `Referer` header to other sites. -### `featurePolicy` - -!!! warning - - Deprecated in favor of `permissionsPolicy` - -The `featurePolicy` allows sites to control browser features. - ### `permissionsPolicy` The `permissionsPolicy` allows sites to control browser features. diff --git a/docs/content/middlewares/http/stripprefix.md b/docs/content/middlewares/http/stripprefix.md index ab4333486..afc20f2ac 100644 --- a/docs/content/middlewares/http/stripprefix.md +++ b/docs/content/middlewares/http/stripprefix.md @@ -88,85 +88,3 @@ For instance, `/products` also matches `/products/shoes` and `/products/shirts`. If your backend is serving assets (e.g., images or JavaScript files), it can use the `X-Forwarded-Prefix` header to properly construct relative URLs. Using the previous example, the backend should return `/products/shoes/image.png` (and not `/image.png`, which Traefik would likely not be able to associate with the same backend). - -### `forceSlash` - -_Optional, Default=true_ - -The `forceSlash` option ensures the resulting stripped path is not the empty string, by replacing it with `/` when necessary. - -This option was added to keep the initial (non-intuitive) behavior of this middleware, in order to avoid introducing a breaking change. - -It is recommended to explicitly set `forceSlash` to `false`. - -??? info "Behavior examples" - - - `forceSlash=true` - - | Path | Prefix to strip | Result | - |------------|-----------------|--------| - | `/` | `/` | `/` | - | `/foo` | `/foo` | `/` | - | `/foo/` | `/foo` | `/` | - | `/foo/` | `/foo/` | `/` | - | `/bar` | `/foo` | `/bar` | - | `/foo/bar` | `/foo` | `/bar` | - - - `forceSlash=false` - - | Path | Prefix to strip | Result | - |------------|-----------------|--------| - | `/` | `/` | empty | - | `/foo` | `/foo` | empty | - | `/foo/` | `/foo` | `/` | - | `/foo/` | `/foo/` | empty | - | `/bar` | `/foo` | `/bar` | - | `/foo/bar` | `/foo` | `/bar` | - -```yaml tab="Docker" -labels: - - "traefik.http.middlewares.example.stripprefix.prefixes=/foobar" - - "traefik.http.middlewares.example.stripprefix.forceSlash=false" -``` - -```yaml tab="Kubernetes" -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: example -spec: - stripPrefix: - prefixes: - - "/foobar" - forceSlash: false -``` - -```json tab="Marathon" -"labels": { - "traefik.http.middlewares.example.stripprefix.prefixes": "/foobar", - "traefik.http.middlewares.example.stripprefix.forceSlash": "false" -} -``` - -```yaml tab="Rancher" -labels: - - "traefik.http.middlewares.example.stripprefix.prefixes=/foobar" - - "traefik.http.middlewares.example.stripprefix.forceSlash=false" -``` - -```yaml tab="File (YAML)" -http: - middlewares: - example: - stripPrefix: - prefixes: - - "/foobar" - forceSlash: false -``` - -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.example.stripPrefix] - prefixes = ["/foobar"] - forceSlash = false -``` diff --git a/docs/content/migration/v2-to-v3.md b/docs/content/migration/v2-to-v3.md index 6a0a3273d..31218c466 100644 --- a/docs/content/migration/v2-to-v3.md +++ b/docs/content/migration/v2-to-v3.md @@ -19,4 +19,14 @@ In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing ## gRPC Metrics -In v3, the reported status code for gRPC requests is now the value of the `Grpc-Status` header. +In v3, the reported status code for gRPC requests is now the value of the `Grpc-Status` header. + +## Deprecated Options Removal + +- The `pilot` option has been removed from the static configuration. +- The `tracing.datadog.globaltag` option has been removed. +- The `namespace` option of Consul, Consul Catalog and Nomad providers has been removed. +- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Marathon, Consul Catalog, and Docker providers. +- `sslRedirect`, `sslTemporaryRedirect`, `sslHost`, `sslForceHost` and `featurePolicy` options of the Headers middleware have been removed. +- The `forceSlash` option of the StripPrefix middleware has been removed. +- the `preferServerCipherSuites` option has been removed. diff --git a/docs/content/observability/tracing/datadog.md b/docs/content/observability/tracing/datadog.md index 85e0ce469..a6c93f22a 100644 --- a/docs/content/observability/tracing/datadog.md +++ b/docs/content/observability/tracing/datadog.md @@ -65,30 +65,6 @@ tracing: --tracing.datadog.debug=true ``` -#### `globalTag` - -??? warning "Deprecated in favor of the [`globalTags`](#globaltags) option." - - _Optional, Default=empty_ - - Applies a shared key:value tag on all spans. - - ```yaml tab="File (YAML)" - tracing: - datadog: - globalTag: sample - ``` - - ```toml tab="File (TOML)" - [tracing] - [tracing.datadog] - globalTag = "sample" - ``` - - ```bash tab="CLI" - --tracing.datadog.globalTag=sample - ``` - #### `globalTags` _Optional, Default=empty_ diff --git a/docs/content/providers/consul-catalog.md b/docs/content/providers/consul-catalog.md index d177df93c..b85dba17f 100644 --- a/docs/content/providers/consul-catalog.md +++ b/docs/content/providers/consul-catalog.md @@ -667,41 +667,6 @@ providers: For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). -### `namespace` - -??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option." - - _Optional, Default=""_ - - The `namespace` option defines the namespace in which the consul catalog services will be discovered. - - !!! warning - - The namespace option only works with [Consul Enterprise](https://www.consul.io/docs/enterprise), - which provides the [Namespaces](https://www.consul.io/docs/enterprise/namespaces) feature. - - !!! warning - - One should only define either the `namespaces` option or the `namespace` option. - - ```yaml tab="File (YAML)" - providers: - consulCatalog: - namespace: "production" - # ... - ``` - - ```toml tab="File (TOML)" - [providers.consulCatalog] - namespace = "production" - # ... - ``` - - ```bash tab="CLI" - --providers.consulcatalog.namespace=production - # ... - ``` - ### `namespaces` _Optional, Default=""_ diff --git a/docs/content/providers/consul.md b/docs/content/providers/consul.md index cd82fd065..ba961fd54 100644 --- a/docs/content/providers/consul.md +++ b/docs/content/providers/consul.md @@ -59,40 +59,6 @@ providers: --providers.consul.rootkey=traefik ``` -### `namespace` - -??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option." - - _Optional, Default=""_ - - The `namespace` option defines the namespace to query. - - !!! warning - - The namespace option only works with [Consul Enterprise](https://www.consul.io/docs/enterprise), - which provides the [Namespaces](https://www.consul.io/docs/enterprise/namespaces) feature. - - !!! warning - - One should only define either the `namespaces` option or the `namespace` option. - - ```yaml tab="File (YAML)" - providers: - consul: - # ... - namespace: "production" - ``` - - ```toml tab="File (TOML)" - [providers.consul] - # ... - namespace = "production" - ``` - - ```bash tab="CLI" - --providers.consul.namespace=production - ``` - ### `namespaces` _Optional, Default=""_ diff --git a/docs/content/providers/nomad.md b/docs/content/providers/nomad.md index 572ccc0d6..3bc27d3b2 100644 --- a/docs/content/providers/nomad.md +++ b/docs/content/providers/nomad.md @@ -440,36 +440,6 @@ providers: For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). -### `namespace` - -??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option." - - _Optional, Default=""_ - - The `namespace` option defines the namespace in which the Nomad services will be discovered. - - !!! warning - - One should only define either the `namespaces` option or the `namespace` option. - - ```yaml tab="File (YAML)" - providers: - nomad: - namespace: "production" - # ... - ``` - - ```toml tab="File (TOML)" - [providers.nomad] - namespace = "production" - # ... - ``` - - ```bash tab="CLI" - --providers.nomad.namespace=production - # ... - ``` - ### `namespaces` _Optional, Default=""_ diff --git a/docs/content/reference/dynamic-configuration/docker-labels.yml b/docs/content/reference/dynamic-configuration/docker-labels.yml index ad2419ca4..37c7917b2 100644 --- a/docs/content/reference/dynamic-configuration/docker-labels.yml +++ b/docs/content/reference/dynamic-configuration/docker-labels.yml @@ -31,7 +31,6 @@ - "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex=foobar" - "traefik.http.middlewares.middleware09.forwardauth.authrequestheaders=foobar, foobar" - "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar" -- "traefik.http.middlewares.middleware09.forwardauth.tls.caoptional=true" - "traefik.http.middlewares.middleware09.forwardauth.tls.cert=foobar" - "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify=true" - "traefik.http.middlewares.middleware09.forwardauth.tls.key=foobar" @@ -54,7 +53,6 @@ - "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1=foobar" - "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0=foobar" - "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1=foobar" -- "traefik.http.middlewares.middleware10.headers.featurepolicy=foobar" - "traefik.http.middlewares.middleware10.headers.forcestsheader=true" - "traefik.http.middlewares.middleware10.headers.framedeny=true" - "traefik.http.middlewares.middleware10.headers.hostsproxyheaders=foobar, foobar" @@ -62,12 +60,8 @@ - "traefik.http.middlewares.middleware10.headers.permissionspolicy=foobar" - "traefik.http.middlewares.middleware10.headers.publickey=foobar" - "traefik.http.middlewares.middleware10.headers.referrerpolicy=foobar" -- "traefik.http.middlewares.middleware10.headers.sslforcehost=true" -- "traefik.http.middlewares.middleware10.headers.sslhost=foobar" - "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0=foobar" - "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1=foobar" -- "traefik.http.middlewares.middleware10.headers.sslredirect=true" -- "traefik.http.middlewares.middleware10.headers.ssltemporaryredirect=true" - "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true" - "traefik.http.middlewares.middleware10.headers.stspreload=true" - "traefik.http.middlewares.middleware10.headers.stsseconds=42" @@ -118,7 +112,6 @@ - "traefik.http.middlewares.middleware19.replacepathregex.replacement=foobar" - "traefik.http.middlewares.middleware20.retry.attempts=42" - "traefik.http.middlewares.middleware20.retry.initialinterval=42" -- "traefik.http.middlewares.middleware21.stripprefix.forceslash=true" - "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar" - "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar" - "traefik.http.middlewares.middleware23.grpcweb.alloworigins=foobar, foobar" diff --git a/docs/content/reference/dynamic-configuration/file.toml b/docs/content/reference/dynamic-configuration/file.toml index fc2b54961..76d27806f 100644 --- a/docs/content/reference/dynamic-configuration/file.toml +++ b/docs/content/reference/dynamic-configuration/file.toml @@ -159,7 +159,6 @@ authRequestHeaders = ["foobar", "foobar"] [http.middlewares.Middleware09.forwardAuth.tls] ca = "foobar" - caOptional = true cert = "foobar" key = "foobar" insecureSkipVerify = true @@ -175,10 +174,6 @@ addVaryHeader = true allowedHosts = ["foobar", "foobar"] hostsProxyHeaders = ["foobar", "foobar"] - sslRedirect = true - sslTemporaryRedirect = true - sslHost = "foobar" - sslForceHost = true stsSeconds = 42 stsIncludeSubdomains = true stsPreload = true @@ -191,7 +186,6 @@ contentSecurityPolicy = "foobar" publicKey = "foobar" referrerPolicy = "foobar" - featurePolicy = "foobar" permissionsPolicy = "foobar" isDevelopment = true [http.middlewares.Middleware10.headers.customRequestHeaders] @@ -282,7 +276,6 @@ [http.middlewares.Middleware21] [http.middlewares.Middleware21.stripPrefix] prefixes = ["foobar", "foobar"] - forceSlash = true [http.middlewares.Middleware22] [http.middlewares.Middleware22.stripPrefixRegex] regex = ["foobar", "foobar"] @@ -458,7 +451,6 @@ cipherSuites = ["foobar", "foobar"] curvePreferences = ["foobar", "foobar"] sniStrict = true - preferServerCipherSuites = true alpnProtocols = ["foobar", "foobar"] [tls.options.Options0.clientAuth] caFiles = ["foobar", "foobar"] @@ -469,7 +461,6 @@ cipherSuites = ["foobar", "foobar"] curvePreferences = ["foobar", "foobar"] sniStrict = true - preferServerCipherSuites = true alpnProtocols = ["foobar", "foobar"] [tls.options.Options1.clientAuth] caFiles = ["foobar", "foobar"] diff --git a/docs/content/reference/dynamic-configuration/file.yaml b/docs/content/reference/dynamic-configuration/file.yaml index d97d030f3..fd04e88d5 100644 --- a/docs/content/reference/dynamic-configuration/file.yaml +++ b/docs/content/reference/dynamic-configuration/file.yaml @@ -164,7 +164,6 @@ http: address: foobar tls: ca: foobar - caOptional: true cert: foobar key: foobar insecureSkipVerify: true @@ -208,13 +207,9 @@ http: hostsProxyHeaders: - foobar - foobar - sslRedirect: true - sslTemporaryRedirect: true - sslHost: foobar sslProxyHeaders: name0: foobar name1: foobar - sslForceHost: true stsSeconds: 42 stsIncludeSubdomains: true stsPreload: true @@ -227,7 +222,6 @@ http: contentSecurityPolicy: foobar publicKey: foobar referrerPolicy: foobar - featurePolicy: foobar permissionsPolicy: foobar isDevelopment: true Middleware11: @@ -319,7 +313,6 @@ http: prefixes: - foobar - foobar - forceSlash: true Middleware22: stripPrefixRegex: regex: @@ -509,7 +502,6 @@ tls: - foobar clientAuthType: foobar sniStrict: true - preferServerCipherSuites: true alpnProtocols: - foobar - foobar @@ -528,7 +520,6 @@ tls: - foobar clientAuthType: foobar sniStrict: true - preferServerCipherSuites: true alpnProtocols: - foobar - foobar diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml index 18411243e..0681cb3d3 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml @@ -946,8 +946,6 @@ spec: description: TLS defines the configuration used to secure the connection to the authentication server. properties: - caOptional: - type: boolean caSecret: description: CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate. @@ -1066,9 +1064,6 @@ spec: description: CustomResponseHeaders defines the header names and values to apply to the response. type: object - featurePolicy: - description: 'Deprecated: use PermissionsPolicy instead.' - type: string forceSTSHeader: description: ForceSTSHeader defines whether to add the STS header even when the connection is HTTP. @@ -1104,12 +1099,6 @@ spec: value. This allows sites to control whether browsers forward the Referer header to other sites. type: string - sslForceHost: - description: 'Deprecated: use RedirectRegex instead.' - type: boolean - sslHost: - description: 'Deprecated: use RedirectRegex instead.' - type: string sslProxyHeaders: additionalProperties: type: string @@ -1118,14 +1107,6 @@ spec: useful when using other proxies (example: "X-Forwarded-Proto": "https").' type: object - sslRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' - type: boolean - sslTemporaryRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' - type: boolean stsIncludeSubdomains: description: STSIncludeSubdomains defines whether the includeSubDomains directive is appended to the Strict-Transport-Security header. @@ -1467,11 +1448,6 @@ spec: This middleware removes the specified prefixes from the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/' properties: - forceSlash: - description: 'ForceSlash ensures that the resulting stripped path - is not the empty string, by replacing it with / when necessary. - Default: true.' - type: boolean prefixes: description: Prefixes defines the prefixes to strip from the request URL. @@ -1807,12 +1783,6 @@ spec: will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. Default: VersionTLS10.' type: string - preferServerCipherSuites: - description: 'PreferServerCipherSuites defines whether the server - chooses a cipher suite among his own instead of among the client''s. - It is enabled automatically when minVersion or maxVersion is set. - Deprecated: https://github.com/golang/go/issues/45430' - type: boolean sniStrict: description: SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension. diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml index 9a3d40e1c..abe361b9a 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml @@ -193,7 +193,6 @@ spec: - foobar clientAuthType: RequireAndVerifyClientCert sniStrict: true - preferServerCipherSuites: true alpnProtocols: - foobar - foobar diff --git a/docs/content/reference/dynamic-configuration/kv-ref.md b/docs/content/reference/dynamic-configuration/kv-ref.md index 9c0c3e41f..2a1310905 100644 --- a/docs/content/reference/dynamic-configuration/kv-ref.md +++ b/docs/content/reference/dynamic-configuration/kv-ref.md @@ -37,7 +37,6 @@ | `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/1` | `foobar` | | `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeadersRegex` | `foobar` | | `traefik/http/middlewares/Middleware09/forwardAuth/tls/ca` | `foobar` | -| `traefik/http/middlewares/Middleware09/forwardAuth/tls/caOptional` | `true` | | `traefik/http/middlewares/Middleware09/forwardAuth/tls/cert` | `foobar` | | `traefik/http/middlewares/Middleware09/forwardAuth/tls/insecureSkipVerify` | `true` | | `traefik/http/middlewares/Middleware09/forwardAuth/tls/key` | `foobar` | @@ -66,7 +65,6 @@ | `traefik/http/middlewares/Middleware10/headers/customRequestHeaders/name1` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name0` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name1` | `foobar` | -| `traefik/http/middlewares/Middleware10/headers/featurePolicy` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/forceSTSHeader` | `true` | | `traefik/http/middlewares/Middleware10/headers/frameDeny` | `true` | | `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/0` | `foobar` | @@ -75,12 +73,8 @@ | `traefik/http/middlewares/Middleware10/headers/permissionsPolicy` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/publicKey` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/referrerPolicy` | `foobar` | -| `traefik/http/middlewares/Middleware10/headers/sslForceHost` | `true` | -| `traefik/http/middlewares/Middleware10/headers/sslHost` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name0` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name1` | `foobar` | -| `traefik/http/middlewares/Middleware10/headers/sslRedirect` | `true` | -| `traefik/http/middlewares/Middleware10/headers/sslTemporaryRedirect` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` | @@ -135,7 +129,6 @@ | `traefik/http/middlewares/Middleware19/replacePathRegex/replacement` | `foobar` | | `traefik/http/middlewares/Middleware20/retry/attempts` | `42` | | `traefik/http/middlewares/Middleware20/retry/initialInterval` | `42s` | -| `traefik/http/middlewares/Middleware21/stripPrefix/forceSlash` | `true` | | `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/0` | `foobar` | | `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` | | `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` | @@ -312,7 +305,6 @@ | `traefik/tls/options/Options0/curvePreferences/1` | `foobar` | | `traefik/tls/options/Options0/maxVersion` | `foobar` | | `traefik/tls/options/Options0/minVersion` | `foobar` | -| `traefik/tls/options/Options0/preferServerCipherSuites` | `true` | | `traefik/tls/options/Options0/sniStrict` | `true` | | `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` | | `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` | @@ -325,7 +317,6 @@ | `traefik/tls/options/Options1/curvePreferences/1` | `foobar` | | `traefik/tls/options/Options1/maxVersion` | `foobar` | | `traefik/tls/options/Options1/minVersion` | `foobar` | -| `traefik/tls/options/Options1/preferServerCipherSuites` | `true` | | `traefik/tls/options/Options1/sniStrict` | `true` | | `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` | | `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` | diff --git a/docs/content/reference/dynamic-configuration/marathon-labels.json b/docs/content/reference/dynamic-configuration/marathon-labels.json index 2bd780b0c..01c2af0fc 100644 --- a/docs/content/reference/dynamic-configuration/marathon-labels.json +++ b/docs/content/reference/dynamic-configuration/marathon-labels.json @@ -31,7 +31,6 @@ "traefik.http.middlewares.middleware09.forwardauth.authresponseheaders": "foobar, foobar", "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex": "foobar", "traefik.http.middlewares.middleware09.forwardauth.tls.ca": "foobar", -"traefik.http.middlewares.middleware09.forwardauth.tls.caoptional": "true", "traefik.http.middlewares.middleware09.forwardauth.tls.cert": "foobar", "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify": "true", "traefik.http.middlewares.middleware09.forwardauth.tls.key": "foobar", @@ -54,7 +53,6 @@ "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1": "foobar", "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0": "foobar", "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1": "foobar", -"traefik.http.middlewares.middleware10.headers.featurepolicy": "foobar", "traefik.http.middlewares.middleware10.headers.forcestsheader": "true", "traefik.http.middlewares.middleware10.headers.framedeny": "true", "traefik.http.middlewares.middleware10.headers.hostsproxyheaders": "foobar, foobar", @@ -62,12 +60,8 @@ "traefik.http.middlewares.middleware10.headers.permissionspolicy": "foobar", "traefik.http.middlewares.middleware10.headers.publickey": "foobar", "traefik.http.middlewares.middleware10.headers.referrerpolicy": "foobar", -"traefik.http.middlewares.middleware10.headers.sslforcehost": "true", -"traefik.http.middlewares.middleware10.headers.sslhost": "foobar", "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0": "foobar", "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1": "foobar", -"traefik.http.middlewares.middleware10.headers.sslredirect": "true", -"traefik.http.middlewares.middleware10.headers.ssltemporaryredirect": "true", "traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true", "traefik.http.middlewares.middleware10.headers.stspreload": "true", "traefik.http.middlewares.middleware10.headers.stsseconds": "42", @@ -118,7 +112,6 @@ "traefik.http.middlewares.middleware19.replacepathregex.replacement": "foobar", "traefik.http.middlewares.middleware20.retry.attempts": "42", "traefik.http.middlewares.middleware20.retry.initialinterval": "42", -"traefik.http.middlewares.middleware21.stripprefix.forceslash": "true", "traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar", "traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar", "traefik.http.middlewares.middleware23.grpcweb.alloworigins": "foobar, foobar", diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml index 0715292d5..f332eb5f6 100644 --- a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml @@ -369,8 +369,6 @@ spec: description: TLS defines the configuration used to secure the connection to the authentication server. properties: - caOptional: - type: boolean caSecret: description: CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate. @@ -489,9 +487,6 @@ spec: description: CustomResponseHeaders defines the header names and values to apply to the response. type: object - featurePolicy: - description: 'Deprecated: use PermissionsPolicy instead.' - type: string forceSTSHeader: description: ForceSTSHeader defines whether to add the STS header even when the connection is HTTP. @@ -527,12 +522,6 @@ spec: value. This allows sites to control whether browsers forward the Referer header to other sites. type: string - sslForceHost: - description: 'Deprecated: use RedirectRegex instead.' - type: boolean - sslHost: - description: 'Deprecated: use RedirectRegex instead.' - type: string sslProxyHeaders: additionalProperties: type: string @@ -541,14 +530,6 @@ spec: useful when using other proxies (example: "X-Forwarded-Proto": "https").' type: object - sslRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' - type: boolean - sslTemporaryRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' - type: boolean stsIncludeSubdomains: description: STSIncludeSubdomains defines whether the includeSubDomains directive is appended to the Strict-Transport-Security header. @@ -890,11 +871,6 @@ spec: This middleware removes the specified prefixes from the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/' properties: - forceSlash: - description: 'ForceSlash ensures that the resulting stripped path - is not the empty string, by replacing it with / when necessary. - Default: true.' - type: boolean prefixes: description: Prefixes defines the prefixes to strip from the request URL. diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml index 16ea46008..098a0068f 100644 --- a/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml @@ -88,12 +88,6 @@ spec: will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. Default: VersionTLS10.' type: string - preferServerCipherSuites: - description: 'PreferServerCipherSuites defines whether the server - chooses a cipher suite among his own instead of among the client''s. - It is enabled automatically when minVersion or maxVersion is set. - Deprecated: https://github.com/golang/go/issues/45430' - type: boolean sniStrict: description: SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension. diff --git a/docs/content/reference/static-configuration/cli-ref.md b/docs/content/reference/static-configuration/cli-ref.md index 88935c8cd..3b40890e7 100644 --- a/docs/content/reference/static-configuration/cli-ref.md +++ b/docs/content/reference/static-configuration/cli-ref.md @@ -417,9 +417,6 @@ Enable Consul backend with default settings. (Default: ```false```) `--providers.consul.endpoints`: KV store endpoints. (Default: ```127.0.0.1:8500```) -`--providers.consul.namespace`: -Sets the namespace used to discover the configuration (Consul Enterprise only). - `--providers.consul.namespaces`: Sets the namespaces used to discover the configuration (Consul Enterprise only). @@ -429,9 +426,6 @@ Root key used for KV store. (Default: ```traefik```) `--providers.consul.tls.ca`: TLS CA -`--providers.consul.tls.caoptional`: -TLS CA.Optional (Default: ```false```) - `--providers.consul.tls.cert`: TLS cert @@ -483,9 +477,6 @@ The URI scheme for the Consul server `--providers.consulcatalog.endpoint.tls.ca`: TLS CA -`--providers.consulcatalog.endpoint.tls.caoptional`: -TLS CA.Optional (Default: ```false```) - `--providers.consulcatalog.endpoint.tls.cert`: TLS cert @@ -501,9 +492,6 @@ Token is used to provide a per-request ACL token which overrides the agent's def `--providers.consulcatalog.exposedbydefault`: Expose containers by default. (Default: ```true```) -`--providers.consulcatalog.namespace`: -Sets the namespace used to discover services (Consul Enterprise only). - `--providers.consulcatalog.namespaces`: Sets the namespaces used to discover services (Consul Enterprise only). @@ -558,9 +546,6 @@ Polling interval for swarm mode. (Default: ```15```) `--providers.docker.tls.ca`: TLS CA -`--providers.docker.tls.caoptional`: -TLS CA.Optional (Default: ```false```) - `--providers.docker.tls.cert`: TLS cert @@ -627,9 +612,6 @@ Root key used for KV store. (Default: ```traefik```) `--providers.etcd.tls.ca`: TLS CA -`--providers.etcd.tls.caoptional`: -TLS CA.Optional (Default: ```false```) - `--providers.etcd.tls.cert`: TLS cert @@ -672,9 +654,6 @@ Polling timeout for endpoint. (Default: ```5```) `--providers.http.tls.ca`: TLS CA -`--providers.http.tls.caoptional`: -TLS CA.Optional (Default: ```false```) - `--providers.http.tls.cert`: TLS cert @@ -819,9 +798,6 @@ Set a response header timeout for Marathon. (Default: ```60```) `--providers.marathon.tls.ca`: TLS CA -`--providers.marathon.tls.caoptional`: -TLS CA.Optional (Default: ```false```) - `--providers.marathon.tls.cert`: TLS cert @@ -861,9 +837,6 @@ Nomad region to use. If not provided, the local agent region is used. `--providers.nomad.endpoint.tls.ca`: TLS CA -`--providers.nomad.endpoint.tls.caoptional`: -TLS CA.Optional (Default: ```false```) - `--providers.nomad.endpoint.tls.cert`: TLS cert @@ -879,9 +852,6 @@ Token is used to provide a per-request ACL token. `--providers.nomad.exposedbydefault`: Expose Nomad services by default. (Default: ```true```) -`--providers.nomad.namespace`: -Sets the Nomad namespace used to discover services. - `--providers.nomad.namespaces`: Sets the Nomad namespaces used to discover services. @@ -945,9 +915,6 @@ Root key used for KV store. (Default: ```traefik```) `--providers.redis.tls.ca`: TLS CA -`--providers.redis.tls.caoptional`: -TLS CA.Optional (Default: ```false```) - `--providers.redis.tls.cert`: TLS cert @@ -1023,9 +990,6 @@ Sets the header name prefix used to store baggage items in a map. `--tracing.datadog.debug`: Enables Datadog debug. (Default: ```false```) -`--tracing.datadog.globaltag`: -Sets a key:value tag on all spans. - `--tracing.datadog.globaltags.`: Sets a list of key:value tags on all spans. diff --git a/docs/content/reference/static-configuration/env-ref.md b/docs/content/reference/static-configuration/env-ref.md index 0ea3aee87..bbcf2459d 100644 --- a/docs/content/reference/static-configuration/env-ref.md +++ b/docs/content/reference/static-configuration/env-ref.md @@ -453,9 +453,6 @@ The URI scheme for the Consul server `TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CA`: TLS CA -`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CAOPTIONAL`: -TLS CA.Optional (Default: ```false```) - `TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CERT`: TLS cert @@ -471,9 +468,6 @@ Token is used to provide a per-request ACL token which overrides the agent's def `TRAEFIK_PROVIDERS_CONSULCATALOG_EXPOSEDBYDEFAULT`: Expose containers by default. (Default: ```true```) -`TRAEFIK_PROVIDERS_CONSULCATALOG_NAMESPACE`: -Sets the namespace used to discover services (Consul Enterprise only). - `TRAEFIK_PROVIDERS_CONSULCATALOG_NAMESPACES`: Sets the namespaces used to discover services (Consul Enterprise only). @@ -498,9 +492,6 @@ Watch Consul API events. (Default: ```false```) `TRAEFIK_PROVIDERS_CONSUL_ENDPOINTS`: KV store endpoints. (Default: ```127.0.0.1:8500```) -`TRAEFIK_PROVIDERS_CONSUL_NAMESPACE`: -Sets the namespace used to discover the configuration (Consul Enterprise only). - `TRAEFIK_PROVIDERS_CONSUL_NAMESPACES`: Sets the namespaces used to discover the configuration (Consul Enterprise only). @@ -510,9 +501,6 @@ Root key used for KV store. (Default: ```traefik```) `TRAEFIK_PROVIDERS_CONSUL_TLS_CA`: TLS CA -`TRAEFIK_PROVIDERS_CONSUL_TLS_CAOPTIONAL`: -TLS CA.Optional (Default: ```false```) - `TRAEFIK_PROVIDERS_CONSUL_TLS_CERT`: TLS cert @@ -558,9 +546,6 @@ Polling interval for swarm mode. (Default: ```15```) `TRAEFIK_PROVIDERS_DOCKER_TLS_CA`: TLS CA -`TRAEFIK_PROVIDERS_DOCKER_TLS_CAOPTIONAL`: -TLS CA.Optional (Default: ```false```) - `TRAEFIK_PROVIDERS_DOCKER_TLS_CERT`: TLS cert @@ -627,9 +612,6 @@ Root key used for KV store. (Default: ```traefik```) `TRAEFIK_PROVIDERS_ETCD_TLS_CA`: TLS CA -`TRAEFIK_PROVIDERS_ETCD_TLS_CAOPTIONAL`: -TLS CA.Optional (Default: ```false```) - `TRAEFIK_PROVIDERS_ETCD_TLS_CERT`: TLS cert @@ -672,9 +654,6 @@ Polling timeout for endpoint. (Default: ```5```) `TRAEFIK_PROVIDERS_HTTP_TLS_CA`: TLS CA -`TRAEFIK_PROVIDERS_HTTP_TLS_CAOPTIONAL`: -TLS CA.Optional (Default: ```false```) - `TRAEFIK_PROVIDERS_HTTP_TLS_CERT`: TLS cert @@ -822,9 +801,6 @@ Set a TLS handshake timeout for Marathon. (Default: ```5```) `TRAEFIK_PROVIDERS_MARATHON_TLS_CA`: TLS CA -`TRAEFIK_PROVIDERS_MARATHON_TLS_CAOPTIONAL`: -TLS CA.Optional (Default: ```false```) - `TRAEFIK_PROVIDERS_MARATHON_TLS_CERT`: TLS cert @@ -861,9 +837,6 @@ Nomad region to use. If not provided, the local agent region is used. `TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CA`: TLS CA -`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CAOPTIONAL`: -TLS CA.Optional (Default: ```false```) - `TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CERT`: TLS cert @@ -879,9 +852,6 @@ Token is used to provide a per-request ACL token. `TRAEFIK_PROVIDERS_NOMAD_EXPOSEDBYDEFAULT`: Expose Nomad services by default. (Default: ```true```) -`TRAEFIK_PROVIDERS_NOMAD_NAMESPACE`: -Sets the Nomad namespace used to discover services. - `TRAEFIK_PROVIDERS_NOMAD_NAMESPACES`: Sets the Nomad namespaces used to discover services. @@ -945,9 +915,6 @@ Root key used for KV store. (Default: ```traefik```) `TRAEFIK_PROVIDERS_REDIS_TLS_CA`: TLS CA -`TRAEFIK_PROVIDERS_REDIS_TLS_CAOPTIONAL`: -TLS CA.Optional (Default: ```false```) - `TRAEFIK_PROVIDERS_REDIS_TLS_CERT`: TLS cert @@ -1023,9 +990,6 @@ Sets the header name prefix used to store baggage items in a map. `TRAEFIK_TRACING_DATADOG_DEBUG`: Enables Datadog debug. (Default: ```false```) -`TRAEFIK_TRACING_DATADOG_GLOBALTAG`: -Sets a key:value tag on all spans. - `TRAEFIK_TRACING_DATADOG_GLOBALTAGS_`: Sets a list of key:value tags on all spans. diff --git a/docs/content/reference/static-configuration/file.toml b/docs/content/reference/static-configuration/file.toml index 4782c6cc9..2c800f808 100644 --- a/docs/content/reference/static-configuration/file.toml +++ b/docs/content/reference/static-configuration/file.toml @@ -71,7 +71,6 @@ allowEmptyServices = true [providers.docker.tls] ca = "foobar" - caOptional = true cert = "foobar" key = "foobar" insecureSkipVerify = true @@ -96,7 +95,6 @@ respectReadinessChecks = true [providers.marathon.tls] ca = "foobar" - caOptional = true cert = "foobar" key = "foobar" insecureSkipVerify = true @@ -159,7 +157,6 @@ connectByDefault = true serviceName = "foobar" watch = true - namespace = "foobar" namespaces = ["foobar", "foobar"] [providers.consulCatalog.endpoint] address = "foobar" @@ -169,7 +166,6 @@ endpointWaitTime = "42s" [providers.consulCatalog.endpoint.tls] ca = "foobar" - caOptional = true cert = "foobar" key = "foobar" insecureSkipVerify = true @@ -181,7 +177,6 @@ constraints = "foobar" prefix = "foobar" stale = true - namespace = "foobar" namespaces = ["foobar", "foobar"] exposedByDefault = true refreshInterval = "42s" @@ -192,7 +187,6 @@ endpointWaitTime = "42s" [providers.nomad.endpoint.tls] ca = "foobar" - caOptional = true cert = "foobar" key = "foobar" insecureSkipVerify = true @@ -212,11 +206,9 @@ rootKey = "foobar" endpoints = ["foobar", "foobar"] token = "foobar" - namespace = "foobar" namespaces = ["foobar", "foobar"] [providers.consul.tls] ca = "foobar" - caOptional = true cert = "foobar" key = "foobar" insecureSkipVerify = true @@ -227,7 +219,6 @@ password = "foobar" [providers.etcd.tls] ca = "foobar" - caOptional = true cert = "foobar" key = "foobar" insecureSkipVerify = true @@ -244,7 +235,6 @@ db = 42 [providers.redis.tls] ca = "foobar" - caOptional = true cert = "foobar" key = "foobar" insecureSkipVerify = true @@ -257,7 +247,6 @@ name1 = "foobar" [providers.http.tls] ca = "foobar" - caOptional = true cert = "foobar" key = "foobar" insecureSkipVerify = true @@ -376,7 +365,6 @@ sampleRate = 42.0 [tracing.datadog] localAgentHostPort = "foobar" - globalTag = "foobar" [tracing.datadog.globalTags] tag1 = "foobar" tag2 = "foobar" diff --git a/docs/content/reference/static-configuration/file.yaml b/docs/content/reference/static-configuration/file.yaml index 55bfbf131..a7a611e27 100644 --- a/docs/content/reference/static-configuration/file.yaml +++ b/docs/content/reference/static-configuration/file.yaml @@ -70,7 +70,6 @@ providers: defaultRule: foobar tls: ca: foobar - caOptional: true cert: foobar key: foobar insecureSkipVerify: true @@ -96,7 +95,6 @@ providers: dcosToken: foobar tls: ca: foobar - caOptional: true cert: foobar key: foobar insecureSkipVerify: true @@ -171,7 +169,6 @@ providers: connectByDefault: true serviceName: foobar watch: true - namespace: foobar namespaces: - foobar - foobar @@ -183,7 +180,6 @@ providers: endpointWaitTime: 42s tls: ca: foobar - caOptional: true cert: foobar key: foobar insecureSkipVerify: true @@ -195,7 +191,6 @@ providers: constraints: foobar prefix: foobar stale: true - namespace: foobar namespaces: - foobar - foobar @@ -208,7 +203,6 @@ providers: endpointWaitTime: 42s tls: ca: foobar - caOptional: true cert: foobar key: foobar insecureSkipVerify: true @@ -232,13 +226,11 @@ providers: - foobar - foobar token: foobar - namespace: foobar namespaces: - foobar - foobar tls: ca: foobar - caOptional: true cert: foobar key: foobar insecureSkipVerify: true @@ -251,7 +243,6 @@ providers: password: foobar tls: ca: foobar - caOptional: true cert: foobar key: foobar insecureSkipVerify: true @@ -272,7 +263,6 @@ providers: db: 42 tls: ca: foobar - caOptional: true cert: foobar key: foobar insecureSkipVerify: true @@ -285,7 +275,6 @@ providers: name1: foobar tls: ca: foobar - caOptional: true cert: foobar key: foobar insecureSkipVerify: true @@ -402,7 +391,6 @@ tracing: sampleRate: 42 datadog: localAgentHostPort: foobar - globalTag: foobar globalTags: tag1: foobar tag2: foobar diff --git a/integration/consul_test.go b/integration/consul_test.go index 27c9171d8..357f03dea 100644 --- a/integration/consul_test.go +++ b/integration/consul_test.go @@ -102,7 +102,6 @@ func (s *ConsulSuite) TestSimpleConfiguration(c *check.C) { "traefik/http/middlewares/compressor/compress": "", "traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo", "traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar", - "traefik/http/middlewares/striper/stripPrefix/forceSlash": "true", } for k, v := range data { diff --git a/integration/etcd_test.go b/integration/etcd_test.go index 71d8a8fa2..1ffd92252 100644 --- a/integration/etcd_test.go +++ b/integration/etcd_test.go @@ -97,7 +97,6 @@ func (s *EtcdSuite) TestSimpleConfiguration(c *check.C) { "traefik/http/middlewares/compressor/compress": "", "traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo", "traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar", - "traefik/http/middlewares/striper/stripPrefix/forceSlash": "true", } for k, v := range data { diff --git a/integration/fixtures/k8s/01-traefik-crd.yml b/integration/fixtures/k8s/01-traefik-crd.yml index 18411243e..0681cb3d3 100644 --- a/integration/fixtures/k8s/01-traefik-crd.yml +++ b/integration/fixtures/k8s/01-traefik-crd.yml @@ -946,8 +946,6 @@ spec: description: TLS defines the configuration used to secure the connection to the authentication server. properties: - caOptional: - type: boolean caSecret: description: CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate. @@ -1066,9 +1064,6 @@ spec: description: CustomResponseHeaders defines the header names and values to apply to the response. type: object - featurePolicy: - description: 'Deprecated: use PermissionsPolicy instead.' - type: string forceSTSHeader: description: ForceSTSHeader defines whether to add the STS header even when the connection is HTTP. @@ -1104,12 +1099,6 @@ spec: value. This allows sites to control whether browsers forward the Referer header to other sites. type: string - sslForceHost: - description: 'Deprecated: use RedirectRegex instead.' - type: boolean - sslHost: - description: 'Deprecated: use RedirectRegex instead.' - type: string sslProxyHeaders: additionalProperties: type: string @@ -1118,14 +1107,6 @@ spec: useful when using other proxies (example: "X-Forwarded-Proto": "https").' type: object - sslRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' - type: boolean - sslTemporaryRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' - type: boolean stsIncludeSubdomains: description: STSIncludeSubdomains defines whether the includeSubDomains directive is appended to the Strict-Transport-Security header. @@ -1467,11 +1448,6 @@ spec: This middleware removes the specified prefixes from the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/' properties: - forceSlash: - description: 'ForceSlash ensures that the resulting stripped path - is not the empty string, by replacing it with / when necessary. - Default: true.' - type: boolean prefixes: description: Prefixes defines the prefixes to strip from the request URL. @@ -1807,12 +1783,6 @@ spec: will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. Default: VersionTLS10.' type: string - preferServerCipherSuites: - description: 'PreferServerCipherSuites defines whether the server - chooses a cipher suite among his own instead of among the client''s. - It is enabled automatically when minVersion or maxVersion is set. - Deprecated: https://github.com/golang/go/issues/45430' - type: boolean sniStrict: description: SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension. diff --git a/integration/redis_test.go b/integration/redis_test.go index b642691c4..d696ad670 100644 --- a/integration/redis_test.go +++ b/integration/redis_test.go @@ -98,7 +98,6 @@ func (s *RedisSuite) TestSimpleConfiguration(c *check.C) { "traefik/http/middlewares/compressor/compress": "true", "traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo", "traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar", - "traefik/http/middlewares/striper/stripPrefix/forceSlash": "true", } for k, v := range data { diff --git a/integration/testdata/rawdata-consul.json b/integration/testdata/rawdata-consul.json index 60423f234..a2e99f1bc 100644 --- a/integration/testdata/rawdata-consul.json +++ b/integration/testdata/rawdata-consul.json @@ -112,8 +112,7 @@ "prefixes": [ "foo", "bar" - ], - "forceSlash": true + ] }, "status": "enabled", "usedBy": [ diff --git a/integration/testdata/rawdata-etcd.json b/integration/testdata/rawdata-etcd.json index 03abf1607..8564dd454 100644 --- a/integration/testdata/rawdata-etcd.json +++ b/integration/testdata/rawdata-etcd.json @@ -112,8 +112,7 @@ "prefixes": [ "foo", "bar" - ], - "forceSlash": true + ] }, "status": "enabled", "usedBy": [ diff --git a/integration/testdata/rawdata-redis.json b/integration/testdata/rawdata-redis.json index a3fb20f66..6f0782380 100644 --- a/integration/testdata/rawdata-redis.json +++ b/integration/testdata/rawdata-redis.json @@ -112,8 +112,7 @@ "prefixes": [ "foo", "bar" - ], - "forceSlash": true + ] }, "status": "enabled", "usedBy": [ diff --git a/integration/testdata/rawdata-zk.json b/integration/testdata/rawdata-zk.json index c4e54b85e..5722bb2ce 100644 --- a/integration/testdata/rawdata-zk.json +++ b/integration/testdata/rawdata-zk.json @@ -112,8 +112,7 @@ "prefixes": [ "foo", "bar" - ], - "forceSlash": true + ] }, "status": "enabled", "usedBy": [ diff --git a/integration/zk_test.go b/integration/zk_test.go index 63dcbb0b7..21f536cb6 100644 --- a/integration/zk_test.go +++ b/integration/zk_test.go @@ -100,7 +100,6 @@ func (s *ZookeeperSuite) TestSimpleConfiguration(c *check.C) { "traefik/http/middlewares/compressor/compress": "", "traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo", "traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar", - "traefik/http/middlewares/striper/stripPrefix/forceSlash": "true", } for k, v := range data { diff --git a/pkg/config/dynamic/fixtures/sample.toml b/pkg/config/dynamic/fixtures/sample.toml index b280b5484..6f5137f4c 100644 --- a/pkg/config/dynamic/fixtures/sample.toml +++ b/pkg/config/dynamic/fixtures/sample.toml @@ -46,7 +46,6 @@ httpClientTimeout = 42 [providers.docker.tls] ca = "foobar" - caOptional = true cert = "foobar" key = "foobar" insecureSkipVerify = true @@ -71,7 +70,6 @@ respectReadinessChecks = true [providers.marathon.tls] ca = "foobar" - caOptional = true cert = "foobar" key = "foobar" insecureSkipVerify = true @@ -182,7 +180,6 @@ sampleRate = 42.0 [tracing.datadog] localAgentHostPort = "foobar" - globalTag = "foobar" debug = true prioritySampling = true traceIDHeaderName = "foobar" @@ -292,7 +289,6 @@ authRequestHeaders = ["foobar", "foobar"] [http.middlewares.Middleware15.forwardAuth.tls] ca = "foobar" - caOptional = true cert = "foobar" key = "foobar" insecureSkipVerify = true @@ -376,10 +372,6 @@ addVaryHeader = true allowedHosts = ["foobar", "foobar"] hostsProxyHeaders = ["foobar", "foobar"] - sslRedirect = true - sslTemporaryRedirect = true - sslHost = "foobar" - sslForceHost = true stsSeconds = 42 stsIncludeSubdomains = true stsPreload = true @@ -392,7 +384,6 @@ contentSecurityPolicy = "foobar" publicKey = "foobar" referrerPolicy = "foobar" - featurePolicy = "foobar" isDevelopment = true [http.middlewares.Middleware8.headers.customRequestHeaders] name0 = "foobar" diff --git a/pkg/config/dynamic/middlewares.go b/pkg/config/dynamic/middlewares.go index a8a2dfe3b..e8d2a1491 100644 --- a/pkg/config/dynamic/middlewares.go +++ b/pkg/config/dynamic/middlewares.go @@ -260,17 +260,9 @@ type Headers struct { AllowedHosts []string `json:"allowedHosts,omitempty" toml:"allowedHosts,omitempty" yaml:"allowedHosts,omitempty"` // HostsProxyHeaders defines the header keys that may hold a proxied hostname value for the request. HostsProxyHeaders []string `json:"hostsProxyHeaders,omitempty" toml:"hostsProxyHeaders,omitempty" yaml:"hostsProxyHeaders,omitempty" export:"true"` - // Deprecated: use EntryPoint redirection or RedirectScheme instead. - SSLRedirect bool `json:"sslRedirect,omitempty" toml:"sslRedirect,omitempty" yaml:"sslRedirect,omitempty" export:"true"` - // Deprecated: use EntryPoint redirection or RedirectScheme instead. - SSLTemporaryRedirect bool `json:"sslTemporaryRedirect,omitempty" toml:"sslTemporaryRedirect,omitempty" yaml:"sslTemporaryRedirect,omitempty" export:"true"` - // Deprecated: use RedirectRegex instead. - SSLHost string `json:"sslHost,omitempty" toml:"sslHost,omitempty" yaml:"sslHost,omitempty"` // SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request. // It can be useful when using other proxies (example: "X-Forwarded-Proto": "https"). SSLProxyHeaders map[string]string `json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty"` - // Deprecated: use RedirectRegex instead. - SSLForceHost bool `json:"sslForceHost,omitempty" toml:"sslForceHost,omitempty" yaml:"sslForceHost,omitempty" export:"true"` // STSSeconds defines the max-age of the Strict-Transport-Security header. // If set to 0, the header is not set. STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"` @@ -299,8 +291,6 @@ type Headers struct { // ReferrerPolicy defines the Referrer-Policy header value. // This allows sites to control whether browsers forward the Referer header to other sites. ReferrerPolicy string `json:"referrerPolicy,omitempty" toml:"referrerPolicy,omitempty" yaml:"referrerPolicy,omitempty" export:"true"` - // Deprecated: use PermissionsPolicy instead. - FeaturePolicy string `json:"featurePolicy,omitempty" toml:"featurePolicy,omitempty" yaml:"featurePolicy,omitempty" export:"true"` // PermissionsPolicy defines the Permissions-Policy header value. // This allows sites to control browser features. PermissionsPolicy string `json:"permissionsPolicy,omitempty" toml:"permissionsPolicy,omitempty" yaml:"permissionsPolicy,omitempty" export:"true"` @@ -333,10 +323,6 @@ func (h *Headers) HasCorsHeadersDefined() bool { func (h *Headers) HasSecureHeadersDefined() bool { return h != nil && (len(h.AllowedHosts) != 0 || len(h.HostsProxyHeaders) != 0 || - h.SSLRedirect || - h.SSLTemporaryRedirect || - h.SSLForceHost || - h.SSLHost != "" || len(h.SSLProxyHeaders) != 0 || h.STSSeconds != 0 || h.STSIncludeSubdomains || @@ -350,7 +336,6 @@ func (h *Headers) HasSecureHeadersDefined() bool { h.ContentSecurityPolicy != "" || h.PublicKey != "" || h.ReferrerPolicy != "" || - h.FeaturePolicy != "" || h.PermissionsPolicy != "" || h.IsDevelopment) } @@ -553,14 +538,6 @@ type Retry struct { type StripPrefix struct { // Prefixes defines the prefixes to strip from the request URL. Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"` - // ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary. - // Default: true. - ForceSlash bool `json:"forceSlash,omitempty" toml:"forceSlash,omitempty" yaml:"forceSlash,omitempty" export:"true"` // Deprecated -} - -// SetDefaults Default values for a StripPrefix. -func (s *StripPrefix) SetDefaults() { - s.ForceSlash = true } // +k8s:deepcopy-gen=true diff --git a/pkg/config/label/label_test.go b/pkg/config/label/label_test.go index 19d974387..820bea328 100644 --- a/pkg/config/label/label_test.go +++ b/pkg/config/label/label_test.go @@ -42,7 +42,6 @@ func TestDecodeConfiguration(t *testing.T) { "traefik.http.middlewares.Middleware7.forwardauth.authresponseheaders": "foobar, fiibar", "traefik.http.middlewares.Middleware7.forwardauth.authrequestheaders": "foobar, fiibar", "traefik.http.middlewares.Middleware7.forwardauth.tls.ca": "foobar", - "traefik.http.middlewares.Middleware7.forwardauth.tls.caoptional": "true", "traefik.http.middlewares.Middleware7.forwardauth.tls.cert": "foobar", "traefik.http.middlewares.Middleware7.forwardauth.tls.insecureskipverify": "true", "traefik.http.middlewares.Middleware7.forwardauth.tls.key": "foobar", @@ -71,14 +70,9 @@ func TestDecodeConfiguration(t *testing.T) { "traefik.http.middlewares.Middleware8.headers.isdevelopment": "true", "traefik.http.middlewares.Middleware8.headers.publickey": "foobar", "traefik.http.middlewares.Middleware8.headers.referrerpolicy": "foobar", - "traefik.http.middlewares.Middleware8.headers.featurepolicy": "foobar", "traefik.http.middlewares.Middleware8.headers.permissionspolicy": "foobar", - "traefik.http.middlewares.Middleware8.headers.sslforcehost": "true", - "traefik.http.middlewares.Middleware8.headers.sslhost": "foobar", "traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name0": "foobar", "traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name1": "foobar", - "traefik.http.middlewares.Middleware8.headers.sslredirect": "true", - "traefik.http.middlewares.Middleware8.headers.ssltemporaryredirect": "true", "traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true", "traefik.http.middlewares.Middleware8.headers.stspreload": "true", "traefik.http.middlewares.Middleware8.headers.stsseconds": "42", @@ -462,7 +456,6 @@ func TestDecodeConfiguration(t *testing.T) { "foobar", "fiibar", }, - ForceSlash: true, }, }, "Middleware18": { @@ -530,7 +523,6 @@ func TestDecodeConfiguration(t *testing.T) { Address: "foobar", TLS: &types.ClientTLS{ CA: "foobar", - CAOptional: true, Cert: "foobar", Key: "foobar", InsecureSkipVerify: true, @@ -587,14 +579,10 @@ func TestDecodeConfiguration(t *testing.T) { "foobar", "fiibar", }, - SSLRedirect: true, - SSLTemporaryRedirect: true, - SSLHost: "foobar", SSLProxyHeaders: map[string]string{ "name0": "foobar", "name1": "foobar", }, - SSLForceHost: true, STSSeconds: 42, STSIncludeSubdomains: true, STSPreload: true, @@ -607,7 +595,6 @@ func TestDecodeConfiguration(t *testing.T) { ContentSecurityPolicy: "foobar", PublicKey: "foobar", ReferrerPolicy: "foobar", - FeaturePolicy: "foobar", PermissionsPolicy: "foobar", IsDevelopment: true, }, @@ -958,7 +945,6 @@ func TestEncodeConfiguration(t *testing.T) { "foobar", "fiibar", }, - ForceSlash: true, }, }, "Middleware18": { @@ -1034,7 +1020,6 @@ func TestEncodeConfiguration(t *testing.T) { Address: "foobar", TLS: &types.ClientTLS{ CA: "foobar", - CAOptional: true, Cert: "foobar", Key: "foobar", InsecureSkipVerify: true, @@ -1091,14 +1076,10 @@ func TestEncodeConfiguration(t *testing.T) { "foobar", "fiibar", }, - SSLRedirect: true, - SSLTemporaryRedirect: true, - SSLHost: "foobar", SSLProxyHeaders: map[string]string{ "name0": "foobar", "name1": "foobar", }, - SSLForceHost: true, STSSeconds: 42, STSIncludeSubdomains: true, STSPreload: true, @@ -1111,7 +1092,6 @@ func TestEncodeConfiguration(t *testing.T) { ContentSecurityPolicy: "foobar", PublicKey: "foobar", ReferrerPolicy: "foobar", - FeaturePolicy: "foobar", PermissionsPolicy: "foobar", IsDevelopment: true, }, @@ -1231,7 +1211,6 @@ func TestEncodeConfiguration(t *testing.T) { "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthResponseHeaders": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthRequestHeaders": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CA": "foobar", - "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CAOptional": "true", "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Cert": "foobar", "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.InsecureSkipVerify": "true", "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Key": "foobar", @@ -1260,14 +1239,9 @@ func TestEncodeConfiguration(t *testing.T) { "traefik.HTTP.Middlewares.Middleware8.Headers.IsDevelopment": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.PublicKey": "foobar", "traefik.HTTP.Middlewares.Middleware8.Headers.ReferrerPolicy": "foobar", - "traefik.HTTP.Middlewares.Middleware8.Headers.FeaturePolicy": "foobar", "traefik.HTTP.Middlewares.Middleware8.Headers.PermissionsPolicy": "foobar", - "traefik.HTTP.Middlewares.Middleware8.Headers.SSLForceHost": "true", - "traefik.HTTP.Middlewares.Middleware8.Headers.SSLHost": "foobar", "traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name0": "foobar", "traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name1": "foobar", - "traefik.HTTP.Middlewares.Middleware8.Headers.SSLRedirect": "true", - "traefik.HTTP.Middlewares.Middleware8.Headers.SSLTemporaryRedirect": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42", @@ -1318,7 +1292,6 @@ func TestEncodeConfiguration(t *testing.T) { "traefik.HTTP.Middlewares.Middleware16.Retry.Attempts": "42", "traefik.HTTP.Middlewares.Middleware16.Retry.InitialInterval": "1000000000", "traefik.HTTP.Middlewares.Middleware17.StripPrefix.Prefixes": "foobar, fiibar", - "traefik.HTTP.Middlewares.Middleware17.StripPrefix.ForceSlash": "true", "traefik.HTTP.Middlewares.Middleware18.StripPrefixRegex.Regex": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware19.Compress.MinResponseBodyBytes": "42", "traefik.HTTP.Middlewares.Middleware20.Plugin.tomato.aaa": "foo1", diff --git a/pkg/config/static/pilot.go b/pkg/config/static/pilot.go deleted file mode 100644 index 9831aa495..000000000 --- a/pkg/config/static/pilot.go +++ /dev/null @@ -1,8 +0,0 @@ -package static - -// Pilot Configuration related to Traefik Pilot. -// Deprecated. -type Pilot struct { - Token string `description:"Traefik Pilot token. (Deprecated)" json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"` - Dashboard bool `description:"Enable Traefik Pilot in the dashboard. (Deprecated)" json:"dashboard,omitempty" toml:"dashboard,omitempty" yaml:"dashboard,omitempty"` -} diff --git a/pkg/config/static/static_config.go b/pkg/config/static/static_config.go index dad5f9f5b..3ab86cdff 100644 --- a/pkg/config/static/static_config.go +++ b/pkg/config/static/static_config.go @@ -78,9 +78,6 @@ type Configuration struct { CertificatesResolvers map[string]CertificateResolver `description:"Certificates resolvers configuration." json:"certificatesResolvers,omitempty" toml:"certificatesResolvers,omitempty" yaml:"certificatesResolvers,omitempty" export:"true"` - // Deprecated. - Pilot *Pilot `description:"Traefik Pilot configuration (Deprecated)." json:"pilot,omitempty" toml:"pilot,omitempty" yaml:"pilot,omitempty" export:"true"` - Hub *hub.Provider `description:"Traefik Hub configuration." json:"hub,omitempty" toml:"hub,omitempty" yaml:"hub,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"` Experimental *Experimental `description:"experimental features." json:"experimental,omitempty" toml:"experimental,omitempty" yaml:"experimental,omitempty" export:"true"` @@ -264,11 +261,6 @@ func (c *Configuration) SetEffectiveConfiguration() { } } - // Enable anonymous usage when pilot is enabled. - if c.Pilot != nil { - c.Global.SendAnonymousUsage = true - } - // Disable Gateway API provider if not enabled in experimental. if c.Experimental == nil || !c.Experimental.KubernetesGateway { c.Providers.KubernetesGateway = nil @@ -346,18 +338,6 @@ func (c *Configuration) ValidateConfiguration() error { acmeEmail = resolver.ACME.Email } - if c.Providers.ConsulCatalog != nil && c.Providers.ConsulCatalog.Namespace != "" && len(c.Providers.ConsulCatalog.Namespaces) > 0 { - return fmt.Errorf("Consul Catalog provider cannot have both namespace and namespaces options configured") - } - - if c.Providers.Consul != nil && c.Providers.Consul.Namespace != "" && len(c.Providers.Consul.Namespaces) > 0 { - return fmt.Errorf("Consul provider cannot have both namespace and namespaces options configured") - } - - if c.Providers.Nomad != nil && c.Providers.Nomad.Namespace != "" && len(c.Providers.Nomad.Namespaces) > 0 { - return fmt.Errorf("Nomad provider cannot have both namespace and namespaces options configured") - } - return nil } diff --git a/pkg/middlewares/headers/header.go b/pkg/middlewares/headers/header.go index 99556fdd0..88d788bf6 100644 --- a/pkg/middlewares/headers/header.go +++ b/pkg/middlewares/headers/header.go @@ -1,16 +1,13 @@ package headers import ( - "context" "fmt" "net/http" "regexp" "strconv" "strings" - "github.com/rs/zerolog/log" "github.com/traefik/traefik/v2/pkg/config/dynamic" - "github.com/traefik/traefik/v2/pkg/logs" ) // Header is a middleware that helps setup a few basic security features. @@ -29,10 +26,6 @@ func NewHeader(next http.Handler, cfg dynamic.Headers) (*Header, error) { hasCustomHeaders := cfg.HasCustomHeadersDefined() hasCorsHeaders := cfg.HasCorsHeadersDefined() - ctx := log.With().Str(logs.MiddlewareType, typeName).Logger().WithContext(context.Background()) - - handleDeprecation(ctx, &cfg) - regexes := make([]*regexp.Regexp, len(cfg.AccessControlAllowOriginListRegex)) for i, str := range cfg.AccessControlAllowOriginListRegex { reg, err := regexp.Compile(str) diff --git a/pkg/middlewares/headers/headers.go b/pkg/middlewares/headers/headers.go index dc4518768..07ad06224 100644 --- a/pkg/middlewares/headers/headers.go +++ b/pkg/middlewares/headers/headers.go @@ -7,7 +7,6 @@ import ( "net/http" "github.com/opentracing/opentracing-go/ext" - "github.com/rs/zerolog/log" "github.com/traefik/traefik/v2/pkg/config/dynamic" "github.com/traefik/traefik/v2/pkg/middlewares" "github.com/traefik/traefik/v2/pkg/middlewares/connectionheader" @@ -18,26 +17,6 @@ const ( typeName = "Headers" ) -func handleDeprecation(ctx context.Context, cfg *dynamic.Headers) { - logger := log.Ctx(ctx).Warn() - - if cfg.SSLRedirect { - logger.Msg("SSLRedirect is deprecated, please use entrypoint redirection instead.") - } - if cfg.SSLTemporaryRedirect { - logger.Msg("SSLTemporaryRedirect is deprecated, please use entrypoint redirection instead.") - } - if cfg.SSLHost != "" { - logger.Msg("SSLHost is deprecated, please use RedirectRegex middleware instead.") - } - if cfg.SSLForceHost { - logger.Msg("SSLForceHost is deprecated, please use RedirectScheme middleware instead.") - } - if cfg.FeaturePolicy != "" { - logger.Msg("FeaturePolicy is deprecated, please use PermissionsPolicy header instead.") - } -} - type headers struct { name string handler http.Handler @@ -49,10 +28,6 @@ func New(ctx context.Context, next http.Handler, cfg dynamic.Headers, name strin logger := middlewares.GetLogger(ctx, name, typeName) logger.Debug().Msg("Creating middleware") - mCtx := logger.WithContext(ctx) - - handleDeprecation(mCtx, &cfg) - hasSecureHeaders := cfg.HasSecureHeadersDefined() hasCustomHeaders := cfg.HasCustomHeadersDefined() hasCorsHeaders := cfg.HasCorsHeadersDefined() diff --git a/pkg/middlewares/headers/secure.go b/pkg/middlewares/headers/secure.go index 0186de311..e5fcd9cd4 100644 --- a/pkg/middlewares/headers/secure.go +++ b/pkg/middlewares/headers/secure.go @@ -21,9 +21,6 @@ func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secur ForceSTSHeader: cfg.ForceSTSHeader, FrameDeny: cfg.FrameDeny, IsDevelopment: cfg.IsDevelopment, - SSLRedirect: cfg.SSLRedirect, - SSLForceHost: cfg.SSLForceHost, - SSLTemporaryRedirect: cfg.SSLTemporaryRedirect, STSIncludeSubdomains: cfg.STSIncludeSubdomains, STSPreload: cfg.STSPreload, ContentSecurityPolicy: cfg.ContentSecurityPolicy, @@ -31,12 +28,10 @@ func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secur CustomFrameOptionsValue: cfg.CustomFrameOptionsValue, PublicKey: cfg.PublicKey, ReferrerPolicy: cfg.ReferrerPolicy, - SSLHost: cfg.SSLHost, AllowedHosts: cfg.AllowedHosts, HostsProxyHeaders: cfg.HostsProxyHeaders, SSLProxyHeaders: cfg.SSLProxyHeaders, STSSeconds: cfg.STSSeconds, - FeaturePolicy: cfg.FeaturePolicy, PermissionsPolicy: cfg.PermissionsPolicy, SecureContextKey: contextKey, } diff --git a/pkg/middlewares/headers/secure_test.go b/pkg/middlewares/headers/secure_test.go index ce2b93a7c..6ed22f1e3 100644 --- a/pkg/middlewares/headers/secure_test.go +++ b/pkg/middlewares/headers/secure_test.go @@ -11,125 +11,12 @@ import ( // Middleware tests based on https://github.com/unrolled/secure -func Test_newSecure_sslForceHost(t *testing.T) { - type expected struct { - statusCode int - location string - } - - testCases := []struct { - desc string - host string - cfg dynamic.Headers - expected - }{ - { - desc: "http should return a 301", - host: "http://powpow.example.com", - cfg: dynamic.Headers{ - SSLRedirect: true, - SSLForceHost: true, - SSLHost: "powpow.example.com", - }, - expected: expected{ - statusCode: http.StatusMovedPermanently, - location: "https://powpow.example.com", - }, - }, - { - desc: "http sub domain should return a 301", - host: "http://www.powpow.example.com", - cfg: dynamic.Headers{ - SSLRedirect: true, - SSLForceHost: true, - SSLHost: "powpow.example.com", - }, - expected: expected{ - statusCode: http.StatusMovedPermanently, - location: "https://powpow.example.com", - }, - }, - { - desc: "https should return a 200", - host: "https://powpow.example.com", - cfg: dynamic.Headers{ - SSLRedirect: true, - SSLForceHost: true, - SSLHost: "powpow.example.com", - }, - expected: expected{statusCode: http.StatusOK}, - }, - { - desc: "https sub domain should return a 301", - host: "https://www.powpow.example.com", - cfg: dynamic.Headers{ - SSLRedirect: true, - SSLForceHost: true, - SSLHost: "powpow.example.com", - }, - expected: expected{ - statusCode: http.StatusMovedPermanently, - location: "https://powpow.example.com", - }, - }, - { - desc: "http without force host and sub domain should return a 301", - host: "http://www.powpow.example.com", - cfg: dynamic.Headers{ - SSLRedirect: true, - SSLForceHost: false, - SSLHost: "powpow.example.com", - }, - expected: expected{ - statusCode: http.StatusMovedPermanently, - location: "https://powpow.example.com", - }, - }, - { - desc: "https without force host and sub domain should return a 301", - host: "https://www.powpow.example.com", - cfg: dynamic.Headers{ - SSLRedirect: true, - SSLForceHost: false, - SSLHost: "powpow.example.com", - }, - expected: expected{statusCode: http.StatusOK}, - }, - } - - next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { - _, _ = rw.Write([]byte("OK")) - }) - - for _, test := range testCases { - t.Run(test.desc, func(t *testing.T) { - mid := newSecure(next, test.cfg, "mymiddleware") - - req := httptest.NewRequest(http.MethodGet, test.host, nil) - - rw := httptest.NewRecorder() - - mid.ServeHTTP(rw, req) - - assert.Equal(t, test.expected.statusCode, rw.Result().StatusCode) - assert.Equal(t, test.expected.location, rw.Header().Get("Location")) - }) - } -} - func Test_newSecure_modifyResponse(t *testing.T) { testCases := []struct { desc string cfg dynamic.Headers expected http.Header }{ - { - desc: "FeaturePolicy", - cfg: dynamic.Headers{ - FeaturePolicy: "vibrate 'none';", - }, - expected: http.Header{"Feature-Policy": []string{"vibrate 'none';"}}, - }, { desc: "PermissionsPolicy", cfg: dynamic.Headers{ diff --git a/pkg/middlewares/stripprefix/strip_prefix.go b/pkg/middlewares/stripprefix/strip_prefix.go index 38caa7e3a..8338ee2ed 100644 --- a/pkg/middlewares/stripprefix/strip_prefix.go +++ b/pkg/middlewares/stripprefix/strip_prefix.go @@ -19,20 +19,18 @@ const ( // stripPrefix is a middleware used to strip prefix from an URL request. type stripPrefix struct { - next http.Handler - prefixes []string - forceSlash bool // TODO Must be removed (breaking), the default behavior must be forceSlash=false - name string + next http.Handler + prefixes []string + name string } // New creates a new strip prefix middleware. func New(ctx context.Context, next http.Handler, config dynamic.StripPrefix, name string) (http.Handler, error) { middlewares.GetLogger(ctx, name, typeName).Debug().Msg("Creating middleware") return &stripPrefix{ - prefixes: config.Prefixes, - forceSlash: config.ForceSlash, - next: next, - name: name, + prefixes: config.Prefixes, + next: next, + name: name, }, nil } @@ -61,13 +59,6 @@ func (s *stripPrefix) serveRequest(rw http.ResponseWriter, req *http.Request, pr } func (s *stripPrefix) getPrefixStripped(urlPath, prefix string) string { - if s.forceSlash { - // Only for compatibility reason with the previous behavior, - // but the previous behavior is wrong. - // This needs to be removed in the next breaking version. - return "/" + strings.TrimPrefix(strings.TrimPrefix(urlPath, prefix), "/") - } - return ensureLeadingSlash(strings.TrimPrefix(urlPath, prefix)) } diff --git a/pkg/middlewares/stripprefix/strip_prefix_test.go b/pkg/middlewares/stripprefix/strip_prefix_test.go index 5c9d7171e..7f2717bd3 100644 --- a/pkg/middlewares/stripprefix/strip_prefix_test.go +++ b/pkg/middlewares/stripprefix/strip_prefix_test.go @@ -31,17 +31,6 @@ func TestStripPrefix(t *testing.T) { expectedStatusCode: http.StatusOK, expectedPath: "/noprefixes", }, - { - desc: "wildcard (.*) requests (ForceSlash)", - config: dynamic.StripPrefix{ - Prefixes: []string{"/"}, - ForceSlash: true, - }, - path: "/", - expectedStatusCode: http.StatusOK, - expectedPath: "/", - expectedHeader: "/", - }, { desc: "wildcard (.*) requests", config: dynamic.StripPrefix{ @@ -52,17 +41,6 @@ func TestStripPrefix(t *testing.T) { expectedPath: "", expectedHeader: "/", }, - { - desc: "prefix and path matching (ForceSlash)", - config: dynamic.StripPrefix{ - Prefixes: []string{"/stat"}, - ForceSlash: true, - }, - path: "/stat", - expectedStatusCode: http.StatusOK, - expectedPath: "/", - expectedHeader: "/stat", - }, { desc: "prefix and path matching", config: dynamic.StripPrefix{ @@ -73,17 +51,6 @@ func TestStripPrefix(t *testing.T) { expectedPath: "", expectedHeader: "/stat", }, - { - desc: "path prefix on exactly matching path (ForceSlash)", - config: dynamic.StripPrefix{ - Prefixes: []string{"/stat/"}, - ForceSlash: true, - }, - path: "/stat/", - expectedStatusCode: http.StatusOK, - expectedPath: "/", - expectedHeader: "/stat/", - }, { desc: "path prefix on exactly matching path", config: dynamic.StripPrefix{ @@ -133,17 +100,6 @@ func TestStripPrefix(t *testing.T) { expectedPath: "/us", expectedHeader: "/stat", }, - { - desc: "later prefix matching (ForceSlash)", - config: dynamic.StripPrefix{ - Prefixes: []string{"/mismatch", "/stat"}, - ForceSlash: true, - }, - path: "/stat", - expectedStatusCode: http.StatusOK, - expectedPath: "/", - expectedHeader: "/stat", - }, { desc: "later prefix matching", config: dynamic.StripPrefix{ diff --git a/pkg/plugins/client.go b/pkg/plugins/client.go index 6e7823099..9e7ba8538 100644 --- a/pkg/plugins/client.go +++ b/pkg/plugins/client.go @@ -35,8 +35,7 @@ const ( const pluginsURL = "https://plugins.traefik.io/public/" const ( - hashHeader = "X-Plugin-Hash" - tokenHeader = "X-Token" + hashHeader = "X-Plugin-Hash" ) // ClientOptions the options of a Traefik plugins client. @@ -49,7 +48,6 @@ type Client struct { HTTPClient *http.Client baseURL *url.URL - token string archives string stateFile string goPath string @@ -158,10 +156,6 @@ func (c *Client) Download(ctx context.Context, pName, pVersion string) (string, req.Header.Set(hashHeader, hash) } - if c.token != "" { - req.Header.Set(tokenHeader, c.token) - } - resp, err := c.HTTPClient.Do(req) if err != nil { return "", fmt.Errorf("failed to call service: %w", err) @@ -222,10 +216,6 @@ func (c *Client) Check(ctx context.Context, pName, pVersion, hash string) error req.Header.Set(hashHeader, hash) } - if c.token != "" { - req.Header.Set(tokenHeader, c.token) - } - resp, err := c.HTTPClient.Do(req) if err != nil { return fmt.Errorf("failed to call service: %w", err) diff --git a/pkg/provider/consulcatalog/config_test.go b/pkg/provider/consulcatalog/config_test.go index 35e171a32..583ed27cc 100644 --- a/pkg/provider/consulcatalog/config_test.go +++ b/pkg/provider/consulcatalog/config_test.go @@ -3070,7 +3070,6 @@ func Test_buildConfiguration(t *testing.T) { func TestNamespaces(t *testing.T) { testCases := []struct { desc string - namespace string namespaces []string expectedNamespaces []string }{ @@ -3078,11 +3077,6 @@ func TestNamespaces(t *testing.T) { desc: "no defined namespaces", expectedNamespaces: []string{""}, }, - { - desc: "deprecated: use of defined namespace", - namespace: "test-ns", - expectedNamespaces: []string{"test-ns"}, - }, { desc: "use of 1 defined namespaces", namespaces: []string{"test-ns"}, @@ -3102,7 +3096,6 @@ func TestNamespaces(t *testing.T) { t.Parallel() pb := &ProviderBuilder{ - Namespace: test.namespace, Namespaces: test.namespaces, } diff --git a/pkg/provider/consulcatalog/consul_catalog.go b/pkg/provider/consulcatalog/consul_catalog.go index dc0b82267..3f0815f1a 100644 --- a/pkg/provider/consulcatalog/consul_catalog.go +++ b/pkg/provider/consulcatalog/consul_catalog.go @@ -49,25 +49,15 @@ type itemData struct { type ProviderBuilder struct { Configuration `yaml:",inline" export:"true"` - // Deprecated: use Namespaces option instead. - Namespace string `description:"Sets the namespace used to discover services (Consul Enterprise only)." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"` Namespaces []string `description:"Sets the namespaces used to discover services (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"` } // BuildProviders builds Consul Catalog provider instances for the given namespaces configuration. func (p *ProviderBuilder) BuildProviders() []*Provider { - // We can warn about that, because we've already made sure before that - // Namespace and Namespaces are mutually exclusive. - if p.Namespace != "" { - log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.") - } - if len(p.Namespaces) == 0 { return []*Provider{{ Configuration: p.Configuration, name: providerName, - // p.Namespace could very well be empty. - namespace: p.Namespace, }} } diff --git a/pkg/provider/kubernetes/crd/kubernetes.go b/pkg/provider/kubernetes/crd/kubernetes.go index e33aa3484..299f3f803 100644 --- a/pkg/provider/kubernetes/crd/kubernetes.go +++ b/pkg/provider/kubernetes/crd/kubernetes.go @@ -623,7 +623,6 @@ func createForwardAuthMiddleware(k8sClient Client, namespace string, auth *v1alp } forwardAuth.TLS = &types.ClientTLS{ - CAOptional: auth.TLS.CAOptional, InsecureSkipVerify: auth.TLS.InsecureSkipVerify, } diff --git a/pkg/provider/kubernetes/crd/kubernetes_test.go b/pkg/provider/kubernetes/crd/kubernetes_test.go index cba1b93a6..48e5844db 100644 --- a/pkg/provider/kubernetes/crd/kubernetes_test.go +++ b/pkg/provider/kubernetes/crd/kubernetes_test.go @@ -5144,8 +5144,7 @@ func TestCrossNamespace(t *testing.T) { Middlewares: map[string]*dynamic.Middleware{ "cross-ns-stripprefix": { StripPrefix: &dynamic.StripPrefix{ - Prefixes: []string{"/stripit"}, - ForceSlash: false, + Prefixes: []string{"/stripit"}, }, }, }, @@ -5215,8 +5214,7 @@ func TestCrossNamespace(t *testing.T) { Middlewares: map[string]*dynamic.Middleware{ "cross-ns-stripprefix": { StripPrefix: &dynamic.StripPrefix{ - Prefixes: []string{"/stripit"}, - ForceSlash: false, + Prefixes: []string{"/stripit"}, }, }, "default-test-errorpage": { diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go index bde544b85..e3f388ac1 100644 --- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go +++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go @@ -167,7 +167,6 @@ type ClientTLS struct { CertSecret string `json:"certSecret,omitempty"` // InsecureSkipVerify defines whether the server certificates should be validated. InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"` - CAOptional bool `json:"caOptional,omitempty"` } // +k8s:deepcopy-gen=true diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go index 850b7107e..41908e7c9 100644 --- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go +++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go @@ -41,10 +41,6 @@ type TLSOptionSpec struct { ClientAuth ClientAuth `json:"clientAuth,omitempty"` // SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension. SniStrict bool `json:"sniStrict,omitempty"` - // PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's. - // It is enabled automatically when minVersion or maxVersion is set. - // Deprecated: https://github.com/golang/go/issues/45430 - PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty"` // ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. // More info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols ALPNProtocols []string `json:"alpnProtocols,omitempty"` diff --git a/pkg/provider/kv/consul/consul.go b/pkg/provider/kv/consul/consul.go index 6b4b5a5fb..4a537c78f 100644 --- a/pkg/provider/kv/consul/consul.go +++ b/pkg/provider/kv/consul/consul.go @@ -7,7 +7,6 @@ import ( "time" "github.com/kvtools/consul" - "github.com/rs/zerolog/log" "github.com/traefik/traefik/v2/pkg/provider" "github.com/traefik/traefik/v2/pkg/provider/kv" "github.com/traefik/traefik/v2/pkg/types" @@ -25,8 +24,6 @@ type ProviderBuilder struct { Token string `description:"Per-request ACL token." json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"` TLS *types.ClientTLS `description:"Enable TLS support." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"` - // Deprecated: use Namespaces instead. - Namespace string `description:"Sets the namespace used to discover the configuration (Consul Enterprise only)." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"` Namespaces []string `description:"Sets the namespaces used to discover the configuration (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"` } @@ -38,20 +35,12 @@ func (p *ProviderBuilder) SetDefaults() { // BuildProviders builds Consul provider instances for the given namespaces configuration. func (p *ProviderBuilder) BuildProviders() []*Provider { - // We can warn about that, because we've already made sure before that - // Namespace and Namespaces are mutually exclusive. - if p.Namespace != "" { - log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.") - } - if len(p.Namespaces) == 0 { return []*Provider{{ Provider: p.Provider, name: providerName, - // p.Namespace could very well be empty. - namespace: p.Namespace, - token: p.Token, - tls: p.TLS, + token: p.Token, + tls: p.TLS, }} } diff --git a/pkg/provider/kv/consul/consul_test.go b/pkg/provider/kv/consul/consul_test.go index 286c0cd9c..7ecfe111b 100644 --- a/pkg/provider/kv/consul/consul_test.go +++ b/pkg/provider/kv/consul/consul_test.go @@ -9,7 +9,6 @@ import ( func TestNamespaces(t *testing.T) { testCases := []struct { desc string - namespace string namespaces []string expectedNamespaces []string }{ @@ -17,11 +16,6 @@ func TestNamespaces(t *testing.T) { desc: "no defined namespaces", expectedNamespaces: []string{""}, }, - { - desc: "deprecated: use of defined namespace", - namespace: "test-ns", - expectedNamespaces: []string{"test-ns"}, - }, { desc: "use of 1 defined namespaces", namespaces: []string{"test-ns"}, @@ -41,7 +35,6 @@ func TestNamespaces(t *testing.T) { t.Parallel() pb := &ProviderBuilder{ - Namespace: test.namespace, Namespaces: test.namespaces, } diff --git a/pkg/provider/kv/kv_test.go b/pkg/provider/kv/kv_test.go index 1b0671478..f577da7e3 100644 --- a/pkg/provider/kv/kv_test.go +++ b/pkg/provider/kv/kv_test.go @@ -79,7 +79,6 @@ func Test_buildConfiguration(t *testing.T) { "traefik/http/middlewares/Middleware08/forwardAuth/tls/key": "foobar", "traefik/http/middlewares/Middleware08/forwardAuth/tls/insecureSkipVerify": "true", "traefik/http/middlewares/Middleware08/forwardAuth/tls/ca": "foobar", - "traefik/http/middlewares/Middleware08/forwardAuth/tls/caOptional": "true", "traefik/http/middlewares/Middleware08/forwardAuth/tls/cert": "foobar", "traefik/http/middlewares/Middleware08/forwardAuth/address": "foobar", "traefik/http/middlewares/Middleware08/forwardAuth/trustForwardHeader": "true", @@ -106,12 +105,8 @@ func Test_buildConfiguration(t *testing.T) { "traefik/http/middlewares/Middleware09/headers/accessControlAllowOriginListRegex/1": "foobar", "traefik/http/middlewares/Middleware09/headers/contentTypeNosniff": "true", "traefik/http/middlewares/Middleware09/headers/accessControlAllowCredentials": "true", - "traefik/http/middlewares/Middleware09/headers/featurePolicy": "foobar", "traefik/http/middlewares/Middleware09/headers/permissionsPolicy": "foobar", "traefik/http/middlewares/Middleware09/headers/forceSTSHeader": "true", - "traefik/http/middlewares/Middleware09/headers/sslRedirect": "true", - "traefik/http/middlewares/Middleware09/headers/sslHost": "foobar", - "traefik/http/middlewares/Middleware09/headers/sslForceHost": "true", "traefik/http/middlewares/Middleware09/headers/sslProxyHeaders/name1": "foobar", "traefik/http/middlewares/Middleware09/headers/sslProxyHeaders/name0": "foobar", "traefik/http/middlewares/Middleware09/headers/allowedHosts/0": "foobar", @@ -130,7 +125,6 @@ func Test_buildConfiguration(t *testing.T) { "traefik/http/middlewares/Middleware09/headers/addVaryHeader": "true", "traefik/http/middlewares/Middleware09/headers/hostsProxyHeaders/0": "foobar", "traefik/http/middlewares/Middleware09/headers/hostsProxyHeaders/1": "foobar", - "traefik/http/middlewares/Middleware09/headers/sslTemporaryRedirect": "true", "traefik/http/middlewares/Middleware09/headers/customBrowserXSSValue": "foobar", "traefik/http/middlewares/Middleware09/headers/referrerPolicy": "foobar", "traefik/http/middlewares/Middleware09/headers/accessControlExposeHeaders/0": "foobar", @@ -206,7 +200,6 @@ func Test_buildConfiguration(t *testing.T) { "traefik/http/middlewares/Middleware18/retry/attempts": "42", "traefik/http/middlewares/Middleware19/stripPrefix/prefixes/0": "foobar", "traefik/http/middlewares/Middleware19/stripPrefix/prefixes/1": "foobar", - "traefik/http/middlewares/Middleware19/stripPrefix/forceSlash": "true", "traefik/tcp/routers/TCPRouter0/entryPoints/0": "foobar", "traefik/tcp/routers/TCPRouter0/entryPoints/1": "foobar", "traefik/tcp/routers/TCPRouter0/service": "foobar", @@ -378,7 +371,6 @@ func Test_buildConfiguration(t *testing.T) { "foobar", "foobar", }, - ForceSlash: true, }, }, "Middleware00": { @@ -413,7 +405,6 @@ func Test_buildConfiguration(t *testing.T) { Address: "foobar", TLS: &types.ClientTLS{ CA: "foobar", - CAOptional: true, Cert: "foobar", Key: "foobar", InsecureSkipVerify: true, @@ -589,14 +580,10 @@ func Test_buildConfiguration(t *testing.T) { "foobar", "foobar", }, - SSLRedirect: true, - SSLTemporaryRedirect: true, - SSLHost: "foobar", SSLProxyHeaders: map[string]string{ "name1": "foobar", "name0": "foobar", }, - SSLForceHost: true, STSSeconds: 42, STSIncludeSubdomains: true, STSPreload: true, @@ -609,7 +596,6 @@ func Test_buildConfiguration(t *testing.T) { ContentSecurityPolicy: "foobar", PublicKey: "foobar", ReferrerPolicy: "foobar", - FeaturePolicy: "foobar", PermissionsPolicy: "foobar", IsDevelopment: true, }, diff --git a/pkg/provider/nomad/config_test.go b/pkg/provider/nomad/config_test.go index 4002a156d..4924849ab 100644 --- a/pkg/provider/nomad/config_test.go +++ b/pkg/provider/nomad/config_test.go @@ -2611,7 +2611,6 @@ func Test_keepItem(t *testing.T) { func TestNamespaces(t *testing.T) { testCases := []struct { desc string - namespace string namespaces []string expectedNamespaces []string }{ @@ -2619,11 +2618,6 @@ func TestNamespaces(t *testing.T) { desc: "no defined namespaces", expectedNamespaces: []string{""}, }, - { - desc: "deprecated: use of defined namespace", - namespace: "test-ns", - expectedNamespaces: []string{"test-ns"}, - }, { desc: "use of 1 defined namespaces", namespaces: []string{"test-ns"}, @@ -2643,7 +2637,6 @@ func TestNamespaces(t *testing.T) { t.Parallel() pb := &ProviderBuilder{ - Namespace: test.namespace, Namespaces: test.namespaces, } diff --git a/pkg/provider/nomad/nomad.go b/pkg/provider/nomad/nomad.go index 12cba4939..8f12086f6 100644 --- a/pkg/provider/nomad/nomad.go +++ b/pkg/provider/nomad/nomad.go @@ -52,23 +52,15 @@ type item struct { type ProviderBuilder struct { Configuration `yaml:",inline" export:"true"` - // Deprecated: Use Namespaces option instead - Namespace string `description:"Sets the Nomad namespace used to discover services." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"` Namespaces []string `description:"Sets the Nomad namespaces used to discover services." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"` } // BuildProviders builds Nomad provider instances for the given namespaces configuration. func (p *ProviderBuilder) BuildProviders() []*Provider { - if p.Namespace != "" { - log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.") - } - if len(p.Namespaces) == 0 { return []*Provider{{ Configuration: p.Configuration, name: providerName, - // p.Namespace could be empty - namespace: p.Namespace, }} } diff --git a/pkg/redactor/redactor_config_test.go b/pkg/redactor/redactor_config_test.go index 33f215232..88b507252 100644 --- a/pkg/redactor/redactor_config_test.go +++ b/pkg/redactor/redactor_config_test.go @@ -175,8 +175,7 @@ func init() { Prefix: "foo", }, StripPrefix: &dynamic.StripPrefix{ - Prefixes: []string{"foo"}, - ForceSlash: true, + Prefixes: []string{"foo"}, }, StripPrefixRegex: &dynamic.StripPrefixRegex{ Regex: []string{"foo"}, @@ -211,11 +210,7 @@ func init() { AddVaryHeader: true, AllowedHosts: []string{"foo"}, HostsProxyHeaders: []string{"foo"}, - SSLRedirect: true, - SSLTemporaryRedirect: true, - SSLHost: "foo", SSLProxyHeaders: map[string]string{"foo": "bar"}, - SSLForceHost: true, STSSeconds: 42, STSIncludeSubdomains: true, STSPreload: true, @@ -228,7 +223,6 @@ func init() { ContentSecurityPolicy: "foo", PublicKey: "foo", ReferrerPolicy: "foo", - FeaturePolicy: "foo", PermissionsPolicy: "foo", IsDevelopment: true, }, @@ -278,7 +272,6 @@ func init() { Address: "127.0.0.1", TLS: &types.ClientTLS{ CA: "ca.pem", - CAOptional: true, Cert: "cert.pem", Key: "cert.pem", InsecureSkipVerify: true, @@ -592,7 +585,6 @@ func TestDo_staticConfiguration(t *testing.T) { DefaultRule: "PathPrefix(`/`)", TLS: &types.ClientTLS{ CA: "myCa", - CAOptional: true, Cert: "mycert.pem", Key: "mycert.key", InsecureSkipVerify: true, @@ -615,7 +607,6 @@ func TestDo_staticConfiguration(t *testing.T) { DCOSToken: "foobar", TLS: &types.ClientTLS{ CA: "myCa", - CAOptional: true, Cert: "mycert.pem", Key: "mycert.key", InsecureSkipVerify: true, @@ -691,7 +682,6 @@ func TestDo_staticConfiguration(t *testing.T) { Token: "MyToken", TLS: &types.ClientTLS{ CA: "myCa", - CAOptional: true, Cert: "mycert.pem", Key: "mycert.key", InsecureSkipVerify: true, @@ -710,7 +700,6 @@ func TestDo_staticConfiguration(t *testing.T) { ExposedByDefault: true, DefaultRule: "PathPrefix(`/`)", }, - Namespace: "ns", Namespaces: []string{"ns1", "ns2"}, } @@ -735,12 +724,10 @@ func TestDo_staticConfiguration(t *testing.T) { Token: "secret", TLS: &types.ClientTLS{ CA: "myCa", - CAOptional: true, Cert: "mycert.pem", Key: "mycert.key", InsecureSkipVerify: true, }, - Namespace: "ns", Namespaces: []string{"ns1", "ns2"}, } @@ -753,7 +740,6 @@ func TestDo_staticConfiguration(t *testing.T) { Password: "password", TLS: &types.ClientTLS{ CA: "myCa", - CAOptional: true, Cert: "mycert.pem", Key: "mycert.key", InsecureSkipVerify: true, @@ -778,7 +764,6 @@ func TestDo_staticConfiguration(t *testing.T) { Password: "password", TLS: &types.ClientTLS{ CA: "myCa", - CAOptional: true, Cert: "mycert.pem", Key: "mycert.key", InsecureSkipVerify: true, @@ -791,7 +776,6 @@ func TestDo_staticConfiguration(t *testing.T) { PollTimeout: 42, TLS: &types.ClientTLS{ CA: "myCa", - CAOptional: true, Cert: "mycert.pem", Key: "mycert.key", InsecureSkipVerify: true, @@ -903,7 +887,7 @@ func TestDo_staticConfiguration(t *testing.T) { }, Datadog: &datadog.Config{ LocalAgentHostPort: "foobar", - GlobalTag: "foobar", + GlobalTags: map[string]string{"foobar": "foobar"}, Debug: true, PrioritySampling: true, TraceIDHeaderName: "foobar", diff --git a/pkg/redactor/testdata/anonymized-dynamic-config.json b/pkg/redactor/testdata/anonymized-dynamic-config.json index 05bde4598..4a7d86e2c 100644 --- a/pkg/redactor/testdata/anonymized-dynamic-config.json +++ b/pkg/redactor/testdata/anonymized-dynamic-config.json @@ -99,8 +99,7 @@ "stripPrefix": { "prefixes": [ "foo" - ], - "forceSlash": true + ] }, "stripPrefixRegex": { "regex": [ @@ -161,10 +160,6 @@ "hostsProxyHeaders": [ "foo" ], - "sslRedirect": true, - "sslTemporaryRedirect": true, - "sslHost": "xxxx", - "sslForceHost": true, "stsSeconds": 42, "stsIncludeSubdomains": true, "stsPreload": true, @@ -177,7 +172,6 @@ "contentSecurityPolicy": "xxxx", "publicKey": "xxxx", "referrerPolicy": "foo", - "featurePolicy": "foo", "permissionsPolicy": "foo", "isDevelopment": true }, @@ -235,7 +229,6 @@ "address": "xxxx", "tls": { "ca": "xxxx", - "caOptional": true, "cert": "xxxx", "key": "xxxx", "insecureSkipVerify": true diff --git a/pkg/redactor/testdata/anonymized-static-config.json b/pkg/redactor/testdata/anonymized-static-config.json index 8810d16c8..a2e3ba0be 100644 --- a/pkg/redactor/testdata/anonymized-static-config.json +++ b/pkg/redactor/testdata/anonymized-static-config.json @@ -83,7 +83,6 @@ "defaultRule": "xxxx", "tls": { "ca": "xxxx", - "caOptional": true, "cert": "xxxx", "key": "xxxx", "insecureSkipVerify": true @@ -111,7 +110,6 @@ "dcosToken": "xxxx", "tls": { "ca": "xxxx", - "caOptional": true, "cert": "xxxx", "key": "xxxx", "insecureSkipVerify": true @@ -189,7 +187,6 @@ "token": "xxxx", "tls": { "ca": "xxxx", - "caOptional": true, "cert": "xxxx", "key": "xxxx", "insecureSkipVerify": true @@ -207,7 +204,6 @@ "cache": true, "exposedByDefault": true, "defaultRule": "xxxx", - "namespace": "xxxx", "namespaces": [ "xxxx", "xxxx" @@ -233,12 +229,10 @@ "token": "xxxx", "tls": { "ca": "xxxx", - "caOptional": true, "cert": "xxxx", "key": "xxxx", "insecureSkipVerify": true }, - "namespace": "xxxx", "namespaces": [ "xxxx", "xxxx" @@ -248,7 +242,6 @@ "rootKey": "xxxx", "tls": { "ca": "xxxx", - "caOptional": true, "cert": "xxxx", "key": "xxxx", "insecureSkipVerify": true @@ -265,7 +258,6 @@ "rootKey": "xxxx", "tls": { "ca": "xxxx", - "caOptional": true, "cert": "xxxx", "key": "xxxx", "insecureSkipVerify": true @@ -279,7 +271,6 @@ "pollTimeout": "42ns", "tls": { "ca": "xxxx", - "caOptional": true, "cert": "xxxx", "key": "xxxx", "insecureSkipVerify": true @@ -394,7 +385,9 @@ }, "datadog": { "localAgentHostPort": "xxxx", - "globalTag": "foobar", + "globalTags": { + "foobar": "foobar" + }, "debug": true, "prioritySampling": true, "traceIDHeaderName": "foobar", diff --git a/pkg/redactor/testdata/secured-dynamic-config.json b/pkg/redactor/testdata/secured-dynamic-config.json index cc7da86d3..02547cbb9 100644 --- a/pkg/redactor/testdata/secured-dynamic-config.json +++ b/pkg/redactor/testdata/secured-dynamic-config.json @@ -99,8 +99,7 @@ "stripPrefix": { "prefixes": [ "foo" - ], - "forceSlash": true + ] }, "stripPrefixRegex": { "regex": [ @@ -161,13 +160,9 @@ "hostsProxyHeaders": [ "foo" ], - "sslRedirect": true, - "sslTemporaryRedirect": true, - "sslHost": "foo", "sslProxyHeaders": { "foo": "bar" }, - "sslForceHost": true, "stsSeconds": 42, "stsIncludeSubdomains": true, "stsPreload": true, @@ -180,7 +175,6 @@ "contentSecurityPolicy": "foo", "publicKey": "foo", "referrerPolicy": "foo", - "featurePolicy": "foo", "permissionsPolicy": "foo", "isDevelopment": true }, @@ -238,7 +232,6 @@ "address": "127.0.0.1", "tls": { "ca": "ca.pem", - "caOptional": true, "cert": "cert.pem", "key": "xxxx", "insecureSkipVerify": true diff --git a/pkg/tls/tls.go b/pkg/tls/tls.go index 85bbeada1..fc97e265d 100644 --- a/pkg/tls/tls.go +++ b/pkg/tls/tls.go @@ -18,14 +18,13 @@ type ClientAuth struct { // Options configures TLS for an entry point. type Options struct { - MinVersion string `json:"minVersion,omitempty" toml:"minVersion,omitempty" yaml:"minVersion,omitempty" export:"true"` - MaxVersion string `json:"maxVersion,omitempty" toml:"maxVersion,omitempty" yaml:"maxVersion,omitempty" export:"true"` - CipherSuites []string `json:"cipherSuites,omitempty" toml:"cipherSuites,omitempty" yaml:"cipherSuites,omitempty" export:"true"` - CurvePreferences []string `json:"curvePreferences,omitempty" toml:"curvePreferences,omitempty" yaml:"curvePreferences,omitempty" export:"true"` - ClientAuth ClientAuth `json:"clientAuth,omitempty" toml:"clientAuth,omitempty" yaml:"clientAuth,omitempty"` - SniStrict bool `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"` - PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty" toml:"preferServerCipherSuites,omitempty" yaml:"preferServerCipherSuites,omitempty" export:"true"` // Deprecated: https://github.com/golang/go/issues/45430 - ALPNProtocols []string `json:"alpnProtocols,omitempty" toml:"alpnProtocols,omitempty" yaml:"alpnProtocols,omitempty" export:"true"` + MinVersion string `json:"minVersion,omitempty" toml:"minVersion,omitempty" yaml:"minVersion,omitempty" export:"true"` + MaxVersion string `json:"maxVersion,omitempty" toml:"maxVersion,omitempty" yaml:"maxVersion,omitempty" export:"true"` + CipherSuites []string `json:"cipherSuites,omitempty" toml:"cipherSuites,omitempty" yaml:"cipherSuites,omitempty" export:"true"` + CurvePreferences []string `json:"curvePreferences,omitempty" toml:"curvePreferences,omitempty" yaml:"curvePreferences,omitempty" export:"true"` + ClientAuth ClientAuth `json:"clientAuth,omitempty" toml:"clientAuth,omitempty" yaml:"clientAuth,omitempty"` + SniStrict bool `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"` + ALPNProtocols []string `json:"alpnProtocols,omitempty" toml:"alpnProtocols,omitempty" yaml:"alpnProtocols,omitempty" export:"true"` } // SetDefaults sets the default values for an Options struct. diff --git a/pkg/tracing/datadog/datadog.go b/pkg/tracing/datadog/datadog.go index 74b68d65c..1e9969e37 100644 --- a/pkg/tracing/datadog/datadog.go +++ b/pkg/tracing/datadog/datadog.go @@ -4,7 +4,6 @@ import ( "io" "net" "os" - "strings" "github.com/opentracing/opentracing-go" "github.com/rs/zerolog/log" @@ -18,9 +17,7 @@ const Name = "datadog" // Config provides configuration settings for a datadog tracer. type Config struct { - LocalAgentHostPort string `description:"Sets the Datadog Agent host:port." json:"localAgentHostPort,omitempty" toml:"localAgentHostPort,omitempty" yaml:"localAgentHostPort,omitempty"` - // Deprecated: use GlobalTags instead. - GlobalTag string `description:"Sets a key:value tag on all spans." json:"globalTag,omitempty" toml:"globalTag,omitempty" yaml:"globalTag,omitempty" export:"true"` + LocalAgentHostPort string `description:"Sets the Datadog Agent host:port." json:"localAgentHostPort,omitempty" toml:"localAgentHostPort,omitempty" yaml:"localAgentHostPort,omitempty"` GlobalTags map[string]string `description:"Sets a list of key:value tags on all spans." json:"globalTags,omitempty" toml:"globalTags,omitempty" yaml:"globalTags,omitempty" export:"true"` Debug bool `description:"Enables Datadog debug." json:"debug,omitempty" toml:"debug,omitempty" yaml:"debug,omitempty" export:"true"` PrioritySampling bool `description:"Enables priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled." json:"prioritySampling,omitempty" toml:"prioritySampling,omitempty" yaml:"prioritySampling,omitempty" export:"true"` @@ -66,17 +63,6 @@ func (c *Config) Setup(serviceName string) (opentracing.Tracer, io.Closer, error opts = append(opts, datadog.WithGlobalTag(k, v)) } - if c.GlobalTag != "" { - logger.Warn().Msg(`Datadog: option "globalTag" is deprecated, please use "globalTags" instead.`) - - key, value, _ := strings.Cut(c.GlobalTag, ":") - - // Don't override a tag already defined with the new option. - if _, ok := c.GlobalTags[key]; !ok { - opts = append(opts, datadog.WithGlobalTag(key, value)) - } - } - if c.PrioritySampling { opts = append(opts, datadog.WithPrioritySampling()) } diff --git a/pkg/types/tls.go b/pkg/types/tls.go index 2b5457be2..7ac8b4547 100644 --- a/pkg/types/tls.go +++ b/pkg/types/tls.go @@ -16,9 +16,7 @@ import ( // ClientTLS holds TLS specific configurations as client // CA, Cert and Key can be either path or file contents. type ClientTLS struct { - CA string `description:"TLS CA" json:"ca,omitempty" toml:"ca,omitempty" yaml:"ca,omitempty"` - // Deprecated: TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634). - CAOptional bool `description:"TLS CA.Optional" json:"caOptional,omitempty" toml:"caOptional,omitempty" yaml:"caOptional,omitempty" export:"true"` + CA string `description:"TLS CA" json:"ca,omitempty" toml:"ca,omitempty" yaml:"ca,omitempty"` Cert string `description:"TLS cert" json:"cert,omitempty" toml:"cert,omitempty" yaml:"cert,omitempty"` Key string `description:"TLS key" json:"key,omitempty" toml:"key,omitempty" yaml:"key,omitempty" loggable:"false"` InsecureSkipVerify bool `description:"TLS insecure skip verify" json:"insecureSkipVerify,omitempty" toml:"insecureSkipVerify,omitempty" yaml:"insecureSkipVerify,omitempty" export:"true"` @@ -31,10 +29,6 @@ func (c *ClientTLS) CreateTLSConfig(ctx context.Context) (*tls.Config, error) { return nil, nil } - if c.CAOptional { - log.Ctx(ctx).Warn().Msg("CAOptional is deprecated, TLS client authentication is a server side option.") - } - // Not initialized, to rely on system bundle. var caPool *x509.CertPool