From 9bebd4df0768e7b4b189dd8aadc3070ebf947135 Mon Sep 17 00:00:00 2001
From: Vincent Gramer <vgramer@haproxy.com>
Date: Tue, 20 Jun 2023 17:20:40 +0200
Subject: [PATCH] DOC: deprecate whitelist and black list in favor of
 allow-list and deny-list

Signed-off-by: Vincent Gramer <vgramer@haproxy.com>
---
 documentation/annotations.md | 42 ++++++++++++++++++++++++++++++++++++
 documentation/doc.yaml       | 36 +++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+)

diff --git a/documentation/annotations.md b/documentation/annotations.md
index df1cab0f..7ec04d7c 100644
--- a/documentation/annotations.md
+++ b/documentation/annotations.md
@@ -16,6 +16,7 @@ This is autogenerated from [doc.yaml](doc.yaml). Description can be found in [ge
 | [auth-secret](#authentication) | string |  | auth-type |:large_blue_circle:|:large_blue_circle:|:white_circle:|
 | [auth-realm](#authentication) | string | "Protected Content" | auth-type, auth-secret |:large_blue_circle:|:large_blue_circle:|:white_circle:|
 | [blacklist](#access-control) | IPs/CIDRs or pattern file |  |  |:large_blue_circle:|:large_blue_circle:|:white_circle:|
+| [deny-list](#access-control) | IPs/CIDRs or pattern file |  |  |:large_blue_circle:|:large_blue_circle:|:white_circle:|
 | [check](#backend-checks) | [bool](#bool) | "true" |  |:large_blue_circle:|:large_blue_circle:|:large_blue_circle:|
 | [check-http](#backend-checks) | string |  | check |:large_blue_circle:|:large_blue_circle:|:large_blue_circle:|
 | [check-interval](#backend-checks) | [time](#time) |  | check |:large_blue_circle:|:large_blue_circle:|:large_blue_circle:|
@@ -86,6 +87,7 @@ This is autogenerated from [doc.yaml](doc.yaml). Description can be found in [ge
 | [timeout-server-fin](#timeouts) | [time](#time) |  |  |:large_blue_circle:|:white_circle:|:white_circle:|
 | [timeout-tunnel](#timeouts) | [time](#time) | "1h" |  |:large_blue_circle:|:white_circle:|:white_circle:|
 | [whitelist](#access-control) | IPs/CIDRs or pattern file |  |  |:large_blue_circle:|:large_blue_circle:|:white_circle:|
+| [allow-list](#access-control) | IPs/CIDRs or pattern file |  |  |:large_blue_circle:|:large_blue_circle:|:white_circle:|
 | [tls-alpn](#https) | string | "h2,http/1.1" |  |:large_blue_circle:|:white_circle:|:white_circle:|
 
 > :information_source: Annotations have hierarchy: `default` <- `Configmap` <- `Ingress` <- `Service`
@@ -231,6 +233,7 @@ cors-max-age: "1m"
 
 ##### `blacklist`
 
+  **Deprecated**, use `deny-list` instead.
   Blocks given IP addresses and/or IP address ranges.
 
   Available on:  `configmap`  `ingress`
@@ -248,8 +251,28 @@ Example:
 blacklist: "192.168.1.0/24, 192.168.2.100"
 ```
 
+##### `deny-list`
+
+  Blocks given IP addresses and/or IP address ranges.
+
+  Available on:  `configmap`  `ingress`
+
+  :information_source: The value is treated as a pattern file (see `--configmap-patternfiles`) if it starts with `patterns/`. It should consist of a list of IPs or CIDRs, one per line.
+
+Possible values:
+
+- Comma-separated list of IP addresses and/or CIDR ranges
+- Path to a pattern file, e.g. `pattern/ips`
+
+Example:
+
+```yaml
+deny-list: "192.168.1.0/24, 192.168.2.100"
+```
+
 ##### `whitelist`
 
+  **Deprecated**, use `allow-list` instead.
   Blocks all IP addresses except the whitelisted ones (annotation value).
 
   Available on:  `configmap`  `ingress`
@@ -267,6 +290,25 @@ Example:
 whitelist: "192.168.1.0/24, 192.168.2.100"
 ```
 
+##### `allow-list`
+
+  Blocks all IP addresses except the whitelisted ones (annotation value).
+
+  Available on:  `configmap`  `ingress`
+
+  :information_source: The value is treated as a pattern file (see `--configmap-patternfiles`) if it starts with `patterns/`. It should consist of a list of IPs or CIDRs, one per line.
+
+Possible values:
+
+- Comma-separated list of IP addresses and/or CIDR ranges
+- Path to a pattern file, e.g. `pattern/ips`
+
+Example:
+
+```yaml
+allow-list: "192.168.1.0/24, 192.168.2.100"
+```
+
 <p align='right'><a href='#available-annotations'>:arrow_up_small: back to top</a></p>
 
 ***
diff --git a/documentation/doc.yaml b/documentation/doc.yaml
index fb4d2b9a..1eeab45b 100644
--- a/documentation/doc.yaml
+++ b/documentation/doc.yaml
@@ -544,6 +544,7 @@ annotations:
     dependencies: ""
     default: ""
     description:
+      - "**Deprecated**, use `deny-list` instead."
       - Blocks given IP addresses and/or IP address ranges.
     tip:
       - The value is treated as a pattern file (see `--configmap-patternfiles`) if it starts with `patterns/`. It should consist of a list of IPs or CIDRs, one per line.
@@ -555,6 +556,23 @@ annotations:
       - ingress
     version_min: "1.4"
     example: ['blacklist: "192.168.1.0/24, 192.168.2.100"']
+  - title: deny-list
+    type: IPs/CIDRs or pattern file
+    group: access-control
+    dependencies: ""
+    default: ""
+    description:
+      - Blocks given IP addresses and/or IP address ranges.
+    tip:
+      - The value is treated as a pattern file (see `--configmap-patternfiles`) if it starts with `patterns/`. It should consist of a list of IPs or CIDRs, one per line.
+    values:
+      - Comma-separated list of IP addresses and/or CIDR ranges
+      - Path to a pattern file, e.g. `pattern/ips`
+    applies_to:
+      - configmap
+      - ingress
+    version_min: "1.10"
+    example: [ 'deny-list: "192.168.1.0/24, 192.168.2.100"' ]
   - title: check
     type: bool
     group: backend-checks
@@ -1851,6 +1869,7 @@ annotations:
     dependencies: ""
     default: ""
     description:
+      - "**Deprecated**, use `allow-list` instead."
       - Blocks all IP addresses except the whitelisted ones (annotation value).
     tip:
       - The value is treated as a pattern file (see `--configmap-patternfiles`) if it starts with `patterns/`. It should consist of a list of IPs or CIDRs, one per line.
@@ -1862,6 +1881,23 @@ annotations:
       - ingress
     version_min: "1.4"
     example: ['whitelist: "192.168.1.0/24, 192.168.2.100"']
+  - title: allow-list
+    type: IPs/CIDRs or pattern file
+    group: access-control
+    dependencies: ""
+    default: ""
+    description:
+      - Blocks all IP addresses except the whitelisted ones (annotation value).
+    tip:
+      - The value is treated as a pattern file (see `--configmap-patternfiles`) if it starts with `patterns/`. It should consist of a list of IPs or CIDRs, one per line.
+    values:
+      - Comma-separated list of IP addresses and/or CIDR ranges
+      - Path to a pattern file, e.g. `pattern/ips`
+    applies_to:
+      - configmap
+      - ingress
+    version_min: "1.10"
+    example: ['allow-list: "192.168.1.0/24, 192.168.2.100"']
   - title: tls-alpn
     type: string
     group: https