Revert "fix: fix generating SNIs in dbless (#7853)"

internal/dataplane/deckgen/deckgen.go

@@ -32,7 +32,7 @@ func GenerateSHA(targetContent *file.Content, customEntities map[string][]custom
 }
 
 // GetFCertificateFromKongCert converts a kong.Certificate to a file.FCertificate.
-func GetFCertificateFromKongCert(inmemory bool, kongCert kong.Certificate) file.FCertificate {
+func GetFCertificateFromKongCert(kongCert kong.Certificate) file.FCertificate {
 	var res file.FCertificate
 	if kongCert.ID != nil {
 		res.ID = kong.String(*kongCert.ID)
@@ -43,17 +43,17 @@ func GetFCertificateFromKongCert(inmemory bool, kongCert kong.Certificate) file.
 	if kongCert.Cert != nil {
 		res.Cert = kong.String(*kongCert.Cert)
 	}
-	res.SNIs = getCertsSNIs(inmemory, kongCert)
+	res.SNIs = getCertsSNIs(kongCert)
 	return res
 }
 
-func getCertsSNIs(inmemory bool, kongCert kong.Certificate) []kong.SNI {
+func getCertsSNIs(kongCert kong.Certificate) []kong.SNI {
 	snis := make([]kong.SNI, 0, len(kongCert.SNIs))
 	for _, sni := range kongCert.SNIs {
 		kongSNI := kong.SNI{
 			Name: sni,
 		}
-		if !inmemory && kongCert.ID != nil {
+		if kongCert.ID != nil {
 			kongSNI.Certificate = &kong.Certificate{
 				ID: kongCert.ID,
 			}

internal/dataplane/deckgen/deckgen_test.go

@@ -10,102 +10,6 @@ import (
 	"github.com/kong/kubernetes-ingress-controller/v3/internal/dataplane/deckgen"
 )
 
-func TestGetFCertificateFromKongCert(t *testing.T) {
-	testCases := []struct {
-		name     string
-		inmemory bool
-		cert     kong.Certificate
-		want     file.FCertificate
-	}{
-		{
-			name:     "empty certificate",
-			inmemory: false,
-			cert:     kong.Certificate{},
-			want: file.FCertificate{
-				SNIs: []kong.SNI{},
-			},
-		},
-		{
-			name:     "all fields set, inmemory=true, SNIs have no certificate ref",
-			inmemory: true,
-			cert: kong.Certificate{
-				ID:   kong.String("cert-id"),
-				Key:  kong.String("cert-key"),
-				Cert: kong.String("cert-pem"),
-				SNIs: []*string{kong.String("example.com"), kong.String("other.com")},
-			},
-			want: file.FCertificate{
-				ID:   kong.String("cert-id"),
-				Key:  kong.String("cert-key"),
-				Cert: kong.String("cert-pem"),
-				SNIs: []kong.SNI{
-					{Name: kong.String("example.com")},
-					{Name: kong.String("other.com")},
-				},
-			},
-		},
-		{
-			name:     "all fields set, inmemory=false, SNIs have certificate ref",
-			inmemory: false,
-			cert: kong.Certificate{
-				ID:   kong.String("cert-id"),
-				Key:  kong.String("cert-key"),
-				Cert: kong.String("cert-pem"),
-				SNIs: []*string{kong.String("example.com")},
-			},
-			want: file.FCertificate{
-				ID:   kong.String("cert-id"),
-				Key:  kong.String("cert-key"),
-				Cert: kong.String("cert-pem"),
-				SNIs: []kong.SNI{
-					{
-						Name:        kong.String("example.com"),
-						Certificate: &kong.Certificate{ID: kong.String("cert-id")},
-					},
-				},
-			},
-		},
-		{
-			name:     "nil ID, inmemory=false, SNIs have no certificate ref",
-			inmemory: false,
-			cert: kong.Certificate{
-				Key:  kong.String("cert-key"),
-				Cert: kong.String("cert-pem"),
-				SNIs: []*string{kong.String("example.com")},
-			},
-			want: file.FCertificate{
-				Key:  kong.String("cert-key"),
-				Cert: kong.String("cert-pem"),
-				SNIs: []kong.SNI{
-					{Name: kong.String("example.com")},
-				},
-			},
-		},
-		{
-			name:     "no SNIs",
-			inmemory: false,
-			cert: kong.Certificate{
-				ID:   kong.String("cert-id"),
-				Key:  kong.String("cert-key"),
-				Cert: kong.String("cert-pem"),
-			},
-			want: file.FCertificate{
-				ID:   kong.String("cert-id"),
-				Key:  kong.String("cert-key"),
-				Cert: kong.String("cert-pem"),
-				SNIs: []kong.SNI{},
-			},
-		},
-	}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			got := deckgen.GetFCertificateFromKongCert(tc.inmemory, tc.cert)
-			require.Equal(t, tc.want, got)
-		})
-	}
-}
-
 func TestIsContentEmpty(t *testing.T) {
 	testCases := []struct {
 		name    string

internal/dataplane/deckgen/generate.go

@@ -32,11 +32,6 @@ type GenerateDeckContentParams struct {
 	// the configuration is empty. It is used to workaround behavior in Kong where sending an empty configuration
 	// does not make its `GET /status/ready` endpoint return 200s.
 	AppendStubEntityWhenConfigEmpty bool
-
-	// InMemory indicates whether the generated deck content is intended to be used in-memory.
-	// This is used to determine whether to include certain fields in the generated content
-	// that are not relevant for in-memory use but are required for db based / konnect configurations.
-	InMemory bool
 }
 
 // ToDeckContent generates a decK configuration from `k8sState` and auxiliary parameters.
@@ -130,7 +125,7 @@ func ToDeckContent(
 	})
 
 	for _, c := range k8sState.Certificates {
-		cert := GetFCertificateFromKongCert(params.InMemory, c.Certificate)
+		cert := GetFCertificateFromKongCert(c.Certificate)
 		content.Certificates = append(content.Certificates, cert)
 	}
 	sort.SliceStable(content.Certificates, func(i, j int) bool {

internal/dataplane/kong_client.go

@@ -794,7 +794,6 @@ func (c *KongClient) sendToClient(
 		ExpressionRoutes:                config.ExpressionRoutes,
 		PluginSchemas:                   client.PluginSchemaStore(),
 		AppendStubEntityWhenConfigEmpty: config.InMemory,
-		InMemory:                        config.InMemory,
 	}
 	targetContent := deckgen.ToDeckContent(ctx, logger, s, deckGenParams)
 	customEntities := make(sendconfig.CustomEntitiesByType)

internal/dataplane/kong_client_golden_test.go

@@ -260,7 +260,7 @@ func runKongClientGoldenTest(t *testing.T, tc kongClientGoldenTestCase) {
 	// Create the translator.
 	logger := zapr.NewLogger(zap.NewNop())
 	s := store.New(cacheStores, "kong", logger)
-	p, err := translator.NewTranslator(logger, s, "", semver.MustParse("3.12.0"), tc.featureFlags, fakeSchemaServiceProvier{},
+	p, err := translator.NewTranslator(logger, s, "", semver.MustParse("3.9.1"), tc.featureFlags, fakeSchemaServiceProvier{},
 		translator.Config{
 			ClusterDomain:      consts.DefaultClusterDomain,
 			EnableDrainSupport: consts.DefaultEnableDrainSupport,

internal/dataplane/testdata/golden/ingress-v1-rule-with-tls-and-consumer-ee/default_golden.yaml → internal/dataplane/testdata/golden/ingress-v1-rule-with-tls-and-consumer/default_golden.yaml

@@ -31,8 +31,12 @@ certificates:
     5GTyl7XJmyY/
     -----END PRIVATE KEY-----
   snis:
-  - name: 1.example.com
-  - name: 2.example.com
+  - certificate:
+      id: c6ac927c-4f5a-4e88-8b5d-c7b01d0f43af
+    name: 1.example.com
+  - certificate:
+      id: c6ac927c-4f5a-4e88-8b5d-c7b01d0f43af
+    name: 2.example.com
 consumers:
 - basicauth_credentials:
   - password: consumer-1-password

internal/dataplane/testdata/golden/ingress-v1-rule-with-tls-and-consumer-ee/expression-routes-on_golden.yaml → internal/dataplane/testdata/golden/ingress-v1-rule-with-tls-and-consumer/expression-routes-on_golden.yaml

@@ -31,8 +31,12 @@ certificates:
     5GTyl7XJmyY/
     -----END PRIVATE KEY-----
   snis:
-  - name: 1.example.com
-  - name: 2.example.com
+  - certificate:
+      id: c6ac927c-4f5a-4e88-8b5d-c7b01d0f43af
+    name: 1.example.com
+  - certificate:
+      id: c6ac927c-4f5a-4e88-8b5d-c7b01d0f43af
+    name: 2.example.com
 consumers:
 - basicauth_credentials:
   - password: consumer-1-password

internal/dataplane/testdata/golden/ingress-v1-rule-with-tls/default_golden.yaml

@@ -31,8 +31,12 @@ certificates:
     7InkkRoDnTrU3Ro=
     -----END PRIVATE KEY-----
   snis:
-  - name: 3.example.com
-  - name: 4.example.com
+  - certificate:
+      id: 8aade13c-1470-46bd-9849-9a74e349214f
+    name: 3.example.com
+  - certificate:
+      id: 8aade13c-1470-46bd-9849-9a74e349214f
+    name: 4.example.com
 - cert: |-
     -----BEGIN CERTIFICATE-----
     MIIBoTCCAQoCCQC/V5OfTXu7xDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApr
@@ -64,8 +68,12 @@ certificates:
     5GTyl7XJmyY/
     -----END PRIVATE KEY-----
   snis:
-  - name: 1.example.com
-  - name: 2.example.com
+  - certificate:
+      id: c6ac927c-4f5a-4e88-8b5d-c7b01d0f43af
+    name: 1.example.com
+  - certificate:
+      id: c6ac927c-4f5a-4e88-8b5d-c7b01d0f43af
+    name: 2.example.com
 services:
 - connect_timeout: 60000
   host: foo-svc.bar-namespace.80.svc

internal/dataplane/testdata/golden/ingress-v1-rule-with-tls/expression-routes-on_golden.yaml

@@ -31,8 +31,12 @@ certificates:
     7InkkRoDnTrU3Ro=
     -----END PRIVATE KEY-----
   snis:
-  - name: 3.example.com
-  - name: 4.example.com
+  - certificate:
+      id: 8aade13c-1470-46bd-9849-9a74e349214f
+    name: 3.example.com
+  - certificate:
+      id: 8aade13c-1470-46bd-9849-9a74e349214f
+    name: 4.example.com
 - cert: |-
     -----BEGIN CERTIFICATE-----
     MIIBoTCCAQoCCQC/V5OfTXu7xDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApr
@@ -64,8 +68,12 @@ certificates:
     5GTyl7XJmyY/
     -----END PRIVATE KEY-----
   snis:
-  - name: 1.example.com
-  - name: 2.example.com
+  - certificate:
+      id: c6ac927c-4f5a-4e88-8b5d-c7b01d0f43af
+    name: 1.example.com
+  - certificate:
+      id: c6ac927c-4f5a-4e88-8b5d-c7b01d0f43af
+    name: 2.example.com
 services:
 - connect_timeout: 60000
   host: foo-svc.bar-namespace.80.svc