From 383b0bed9640f0390ddb8f159ce0becb6895dbe5 Mon Sep 17 00:00:00 2001
From: Rick Brouwer <rickbrouwer@gmail.com>
Date: Sun, 17 Nov 2024 14:41:05 +0100
Subject: [PATCH] Remove deprecated tlsCertFile from External scaler

Signed-off-by: Rick Brouwer <rickbrouwer@gmail.com>
---
 CHANGELOG.md                   |  2 +-
 pkg/scalers/external_scaler.go | 26 ++++----------------------
 2 files changed, 5 insertions(+), 23 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dbba7b57a05..e693e6d14b9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -84,7 +84,7 @@ New deprecation(s):
 
 ### Breaking Changes
 
-- TODO ([#XXX](https://github.com/kedacore/keda/issues/XXX))
+**External Scaler**: Remove deprecated tlsCertFile from External scaler ([#4549](https://github.com/kedacore/keda/issues/4549))
 
 ### Other
 
diff --git a/pkg/scalers/external_scaler.go b/pkg/scalers/external_scaler.go
index f6e0ef63acc..d02b9c98a21 100644
--- a/pkg/scalers/external_scaler.go
+++ b/pkg/scalers/external_scaler.go
@@ -35,7 +35,6 @@ type externalPushScaler struct {
 
 type externalScalerMetadata struct {
 	scalerAddress    string
-	tlsCertFile      string
 	originalMetadata map[string]string
 	triggerIndex     int
 	caCert           string
@@ -116,10 +115,6 @@ func parseExternalScalerMetadata(config *scalersconfig.ScalerConfig) (externalSc
 		return meta, fmt.Errorf("scaler Address is a required field")
 	}
 
-	if val, ok := config.TriggerMetadata["tlsCertFile"]; ok && val != "" {
-		meta.tlsCertFile = val
-	}
-
 	meta.originalMetadata = make(map[string]string)
 	if val, ok := config.AuthParams["caCert"]; ok {
 		meta.caCert = val
@@ -164,7 +159,7 @@ func (s *externalScaler) Close(context.Context) error {
 func (s *externalScaler) GetMetricSpecForScaling(ctx context.Context) []v2.MetricSpec {
 	var result []v2.MetricSpec
 
-	grpcClient, err := getClientForConnectionPool(s.metadata, s.logger)
+	grpcClient, err := getClientForConnectionPool(s.metadata)
 	if err != nil {
 		s.logger.Error(err, "error building grpc connection")
 		return result
@@ -199,7 +194,7 @@ func (s *externalScaler) GetMetricSpecForScaling(ctx context.Context) []v2.Metri
 // GetMetricsAndActivity returns value for a supported metric and an error if there is a problem getting the metric
 func (s *externalScaler) GetMetricsAndActivity(ctx context.Context, metricName string) ([]external_metrics.ExternalMetricValue, bool, error) {
 	var metrics []external_metrics.ExternalMetricValue
-	grpcClient, err := getClientForConnectionPool(s.metadata, s.logger)
+	grpcClient, err := getClientForConnectionPool(s.metadata)
 	if err != nil {
 		return []external_metrics.ExternalMetricValue{}, false, err
 	}
@@ -240,7 +235,7 @@ func (s *externalPushScaler) Run(ctx context.Context, active chan<- bool) {
 	defer close(active)
 	// It's possible for the connection to get terminated anytime, we need to run this in a retry loop
 	runWithLog := func() {
-		grpcClient, err := getClientForConnectionPool(s.metadata, s.logger)
+		grpcClient, err := getClientForConnectionPool(s.metadata)
 		if err != nil {
 			s.logger.Error(err, "error running internalRun")
 			return
@@ -301,24 +296,11 @@ var connectionPoolMutex sync.Mutex
 
 // getClientForConnectionPool returns a grpcClient and a done() Func. The done() function must be called once the client is no longer
 // in use to clean up the shared grpc.ClientConn
-func getClientForConnectionPool(metadata externalScalerMetadata, logger logr.Logger) (pb.ExternalScalerClient, error) {
+func getClientForConnectionPool(metadata externalScalerMetadata) (pb.ExternalScalerClient, error) {
 	connectionPoolMutex.Lock()
 	defer connectionPoolMutex.Unlock()
 
 	buildGRPCConnection := func(metadata externalScalerMetadata) (*grpc.ClientConn, error) {
-		// FIXME: DEPRECATED to be removed in v2.13 https://github.com/kedacore/keda/issues/4549
-		if metadata.tlsCertFile != "" {
-			logger.V(1).Info("tlsCertFile in ScaleObject metadata will be deprecated in v2.12. Please use" +
-				"tlsClientCert, tlsClientKey and caCert in TriggerAuthentication instead.")
-			creds, err := credentials.NewClientTLSFromFile(metadata.tlsCertFile, "")
-			if err != nil {
-				return nil, err
-			}
-			return grpc.NewClient(metadata.scalerAddress,
-				grpc.WithDefaultServiceConfig(grpcConfig),
-				grpc.WithTransportCredentials(creds))
-		}
-
 		tlsConfig, err := util.NewTLSConfig(metadata.tlsClientCert, metadata.tlsClientKey, metadata.caCert, metadata.unsafeSsl)
 		if err != nil {
 			return nil, err