nginx
diff --git a/‎build/Dockerfile‎
Lines changed: 0 additions & 9 deletions b/‎build/Dockerfile‎
Lines changed: 0 additions & 9 deletions
diff --git a/‎internal/configs/configmaps.go‎
Lines changed: 15 additions & 5 deletions b/‎internal/configs/configmaps.go‎
Lines changed: 15 additions & 5 deletions
diff --git a/‎internal/configs/configmaps_test.go‎
Lines changed: 142 additions & 34 deletions b/‎internal/configs/configmaps_test.go‎
Lines changed: 142 additions & 34 deletions
diff --git a/‎internal/nginx/version.go‎
Lines changed: 0 additions & 9 deletions b/‎internal/nginx/version.go‎
Lines changed: 0 additions & 9 deletions
diff --git a/‎internal/nginx/version_test.go‎
Lines changed: 0 additions & 29 deletions b/‎internal/nginx/version_test.go‎
Lines changed: 0 additions & 29 deletions
@@ -114,14 +114,12 @@ ENV NGINX_VERSION=${NGINX_PLUS_VERSION}
 
 RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \
 	--mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \
-	--mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
 	--mount=type=bind,from=nginx-files,src=nginx_signing.rsa.pub,target=/etc/apk/keys/nginx_signing.rsa.pub \
 	--mount=type=bind,from=nginx-files,src=user_agent,target=/tmp/user_agent \
 	--mount=type=bind,from=nginx-files,src=tracking.info,target=/tmp/nginx/reporting/tracking.info \
 	export $(cat /tmp/user_agent) \
 	&& printf "%s\n" "https://${PACKAGE_REPO}/plus/${NGINX_PLUS_VERSION}/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
 	&& apk add --no-cache nginx-plus nginx-plus-module-njs nginx-plus-module-fips-check libcap libcurl \
-	&& cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
 	&& mkdir -p /etc/nginx/reporting/ && cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \
 	&& ldconfig /usr/local/lib/ \
 	&& sed -i -e '/nginx.com/d' /etc/apk/repositories
@@ -154,7 +152,6 @@ ENV NGINX_VERSION=${NGINX_PLUS_VERSION}
 RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \
 	--mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \
 	--mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \
-	--mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
 	--mount=type=bind,from=nginx-files,src=app-protect-security-updates.rsa.pub,target=/etc/apk/keys/app-protect-security-updates.rsa.pub \
 	--mount=type=bind,from=nginx-files,src=nginx_signing.rsa.pub,target=/etc/apk/keys/nginx_signing.rsa.pub \
 	--mount=type=bind,from=nginx-files,src=agent.sh,target=/usr/local/bin/agent.sh \
@@ -170,7 +167,6 @@ RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \
 	&& cp -av /tmp/fips/usr/lib/ossl-modules/fips.so /usr/lib/ossl-modules/fips.so \
 	&& cp -av /tmp/fips/usr/ssl/fipsmodule.cnf /usr/ssl/fipsmodule.cnf \
 	&& cp -av /tmp/fips/etc/ssl/openssl.cnf /etc/ssl/openssl.cnf \
-	&& cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
 	&& mkdir -p /etc/nginx/reporting/ \
 	&& cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \
 	&& ldconfig /usr/local/lib/ \
@@ -194,7 +190,6 @@ ENV NGINX_VERSION=${NGINX_PLUS_VERSION}
 RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \
 	--mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \
 	--mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \
-	--mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
 	--mount=type=bind,from=nginx-files,src=nginx_signing.rsa.pub,target=/etc/apk/keys/nginx_signing.rsa.pub \
 	--mount=type=bind,from=nginx-files,src=agent.sh,target=/usr/local/bin/agent.sh \
 	--mount=type=bind,from=nginx-files,src=nap-waf.sh,target=/usr/local/bin/nap-waf.sh \
@@ -208,7 +203,6 @@ RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \
 	&& cp -av /tmp/fips/usr/lib/ossl-modules/fips.so /usr/lib/ossl-modules/fips.so \
 	&& cp -av /tmp/fips/usr/ssl/fipsmodule.cnf /usr/ssl/fipsmodule.cnf \
 	&& cp -av /tmp/fips/etc/ssl/openssl.cnf /etc/ssl/openssl.cnf \
-	&& cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
 	&& mkdir -p /etc/nginx/reporting/ \
 	&& cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \
 	&& ldconfig /usr/local/lib/ \
@@ -229,7 +223,6 @@ ENV NGINX_VERSION=${NGINX_PLUS_VERSION}
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
 	--mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
-	--mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \
 	--mount=type=bind,from=nginx-files,src=nginx_signing.key,target=/tmp/nginx_signing.key \
 	--mount=type=bind,from=nginx-files,src=app-protect-security-updates.key,target=/tmp/app-protect-security-updates.key \
 	--mount=type=bind,from=nginx-files,src=90pkgs-nginx,target=/etc/apt/apt.conf.d/90pkgs-nginx \
@@ -245,7 +238,6 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
 	&& apt-get update \
 	&& apt-get install --no-install-recommends --no-install-suggests -y nginx-plus nginx-plus-module-njs nginx-plus-module-fips-check \
 	&& apt-get purge --auto-remove -y gpg \
-	&& cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
 	&& mkdir -p /etc/nginx/reporting/ \
 	&& cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \
 	&& ldconfig \
@@ -262,7 +254,6 @@ ENV NGINX_VERSION=${NGINX_PLUS_VERSION}
 
 RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
 	--mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
-	--mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \
 	--mount=type=bind,from=nginx-files,src=nginx_signing.key,target=/tmp/nginx_signing.key \
 	--mount=type=bind,from=nginx-files,src=90pkgs-nginx,target=/etc/apt/apt.conf.d/90pkgs-nginx \
 	--mount=type=bind,from=nginx-files,src=nap-waf-12.sources,target=/tmp/app-protect.sources \
 
@@ -538,7 +538,7 @@ func ParseConfigMap(ctx context.Context, cfgm *v1.ConfigMap, nginxPlus bool, has
 		cfgParams.MainOpenTracingTracerConfig = openTracingTracerConfig
 	}
 
-	if cfgParams.MainOpenTracingTracer != "" || cfgParams.MainOpenTracingTracerConfig != "" {
+	if cfgParams.MainOpenTracingTracer != "" && cfgParams.MainOpenTracingTracerConfig != "" {
 		cfgParams.MainOpenTracingLoadModule = true
 	}
 
@@ -547,11 +547,14 @@ func ParseConfigMap(ctx context.Context, cfgm *v1.ConfigMap, nginxPlus bool, has
 			nl.Error(l, err)
 			eventLog.Event(cfgm, v1.EventTypeWarning, nl.EventReasonInvalidValue, err.Error())
 			configOk = false
+		} else if openTracing && nginxPlus {
+			errorText := fmt.Sprintf("ConfigMap %s/%s key %s is not compatible with NGINX Plus", cfgm.Namespace, cfgm.Name, "opentracing")
+			nl.Warn(l, errorText)
+			eventLog.Event(cfgm, v1.EventTypeWarning, nl.EventReasonInvalidValue, errorText)
+			configOk = false
+			clearOpenTracingParams(cfgParams)
 		} else if !openTracing {
-			cfgParams.MainOpenTracingEnabled = false
-			cfgParams.MainOpenTracingLoadModule = false
-			cfgParams.MainOpenTracingTracer = ""
-			cfgParams.MainOpenTracingTracerConfig = ""
+			clearOpenTracingParams(cfgParams)
 		} else {
 			if cfgParams.MainOpenTracingLoadModule {
 				cfgParams.MainOpenTracingEnabled = openTracing
@@ -674,6 +677,13 @@ func ParseConfigMap(ctx context.Context, cfgm *v1.ConfigMap, nginxPlus bool, has
 	return cfgParams, configOk
 }
 
+func clearOpenTracingParams(cfg
9E81
Params *ConfigParams) {
+	cfgParams.MainOpenTracingEnabled = false
+	cfgParams.MainOpenTracingLoadModule = false
+	cfgParams.MainOpenTracingTracer = ""
+	cfgParams.MainOpenTracingTracerConfig = ""
+}
+
 //nolint:gocyclo
 func parseConfigMapZoneSync(l *slog.Logger, cfgm *v1.ConfigMap, cfgParams *ConfigParams, eventLog record.EventRecorder, nginxPlus bool) (*ZoneSync, error) {
 	if zoneSync, exists, err := GetMapKeyAsBool(cfgm.Data, "zone-sync", cfgm); exists {
 
@@ -1166,16 +1166,17 @@ func TestParseZoneSyncResolverIPV6MapResolverIPV6(t *testing.T) {
 func makeEventLogger() record.EventRecorder {
 	return record.NewFakeRecorder(1024)
 }
-
 func TestOpenTracingConfiguration(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
-		configMap    *v1.ConfigMap
-		enabled      bool
-		loadModule   bool
-		tracer       string
-		tracerConfig string
-		msg          string
+		configMap                  *v1.ConfigMap
+		isPlus                     bool
+		expectedOpenTracingEnabled bool
+		expectedLoadModule         bool
+		expectedTracer             string
+		expectedTracerConfig       string
+		expectedConfigOk           bool
+		msg                        string
 	}{
 		{
 			configMap: &v1.ConfigMap{
@@ -1185,11 +1186,42 @@ func TestOpenTracingConfiguration(t *testing.T) {
 					"opentracing-tracer-config": "/etc/nginx/opentracing.json",
 				},
 			},
-			enabled:      true,
-			loadModule:   true,
-			tracer:       "/usr/local/lib/libjaegertracing.so",
-			tracerConfig: "/etc/nginx/opentracing.json",
-			msg:          "opentracing enabled",
+			isPlus:                     false,
+			expectedOpenTracingEnabled: true,
+			expectedLoadModule:         true,
+			expectedTracer:             "/usr/local/lib/libjaegertracing.so",
+			expectedTracerConfig:       "/etc/nginx/opentracing.json",
+			expectedConfigOk:           true,
+			msg:                        "oss: opentracing enabled (valid)",
+		},
+		{
+			configMap: &v1.ConfigMap{
+				Data: map[string]string{
+					"opentracing":        "true",
+					"opentracing-tracer": "/usr/local/lib/libjaegertracing.so",
+				},
+			},
+			isPlus:                     false,
+			expectedOpenTracingEnabled: false,
+			expectedLoadModule:         false,
+			expectedTracer:             "/usr/local/lib/libjaegertracing.so",
+			expectedTracerConfig:       "",
+			expectedConfigOk:           false,
+			msg:                        "oss: opentracing enabled, tracer-config not set (invalid)",
+		},
+		{
+			configMap: &v1.ConfigMap{
+				Data: map[string]string{
+					"opentracing": "true",
+				},
+			},
+			isPlus:                     false,
+			expectedOpenTracingEnabled: false,
+			expectedLoadModule:         false,
+			expectedTracer:             "",
+			expectedTracerConfig:       "",
+			expectedConfigOk:           false,
+			msg:                        "oss: opentracing enabled, tracer and tracer-config not set (invalid)",
 		},
 		{
 			configMap: &v1.ConfigMap{
@@ -1199,56 +1231,132 @@ func TestOpenTracingConfiguration(t *testing.T) {
 					"opentracing-tracer-config": "/etc/nginx/opentracing.json",
 				},
 			},
-			enabled:      false,
-			loadModule:   false,
-			tracer:       "",
-			tracerConfig: "",
-			msg:          "opentracing disabled",
+			isPlus:                     false,
+			expectedOpenTracingEnabled: false,
+			expectedLoadModule:         false,
+			expectedTracer:             "",
+			expectedTracerConfig:       "",
+			expectedConfigOk:           true,
+			msg:                        "oss: opentracing disabled, tracer and tracer-config set (valid)",
 		},
 		{
 			configMap: &v1.ConfigMap{
 				Data: map[string]string{
 					"opentracing": "false",
 				},
 			},
-			enabled:      false,
-			loadModule:   false,
-			tracerConfig: "",
-			msg:          "opentracing disabled",
+			isPlus:                     false,
+			expectedOpenTracingEnabled: false,
+			expectedLoadModule:         false,
+			expectedTracer:             "",
+			expectedTracerConfig:       "",
+			expectedConfigOk:           true,
+			msg:                        "oss: opentracing disabled  (valid)",
+		},
+		{
+			configMap: &v1.ConfigMap{
+				Data: map[string]string{
+					"opentracing": "false",
+				},
+			},
+			isPlus:                     true,
+			expectedOpenTracingEnabled: false,
+			expectedLoadModule:         false,
+			expectedTracer:             "",
+			expectedTracerConfig:       "",
+			expectedConfigOk:           true,
+			msg:                        "plus: opentracing explicitly disabled (valid)",
+		},
+		{
+			configMap: &v1.ConfigMap{
+				Data: map[string]string{},
+			},
+			isPlus:                     true,
+			expectedOpenTracingEnabled: false,
+			expectedLoadModule:         false,
+			expectedTracer:             "",
+			expectedTracerConfig:       "",
+			expectedConfigOk:           true,
+			msg:                        "plus: no opentracing keys set (valid)",
+		},
+		{
+			configMap: &v1.ConfigMap{
+				Data: map[string]string{
+					"opentracing":               "false",
+					"opentracing-tracer":        "/usr/local/lib/libjaegertracing.so",
+					"opentracing-tracer-config": "/etc/nginx/opentracing.json",
+				},
+			},
+			isPlus:                     true,
+			expectedOpenTracingEnabled: false,
+			expectedLoadModule:         false,
+			expectedTracer:             "",
+			expectedTracerConfig:       "",
+			expectedConfigOk:           true,
+			msg:                        "plus: opentracing disabled, tracer and tracer-config set (valid)",
+		},
+		{
+			configMap: &v1.ConfigMap{
+				Data: map[string]string{
+					"opentracing": "true",
+				},
+			},
+			isPlus:                     true,
+			expectedOpenTracingEnabled: false,
+			expectedLoadModule:         false,
+			expectedTracer:             "",
+			expectedTracerConfig:       "",
+			expectedConfigOk:           false,
+			msg:                        "plus: opentracing enabled (invalid)",
+		},
+		{
+			configMap: &v1.ConfigMap{
+				Data: map[string]string{
+					"opentracing":               "true",
+					"opentracing-tracer":        "/usr/local/lib/libjaegertracing.so",
+					"opentracing-tracer-config": "/etc/nginx/opentracing.json",
+				},
+			},
+			isPlus:                     true,
+			expectedOpenTracingEnabled: false,
+			expectedLoadModule:         false,
+			expectedTracer:             "",
+			expectedTracerConfig:       "",
+			expectedConfigOk:           false,
+			msg:                        "plus: opentracing enabled, tracer and tracer-config set (invalid)",
 		},
 	}
-	nginxPlus := false
+
 	hasAppProtect := false
 	hasAppProtectDos := false
 	hasTLSPassthrough := false
 
 	for _, test := range tests {
 		t.Run(test.msg, func(t *testing.T) {
-			result, configOk := ParseConfigMap(context.Background(), test.configMap, nginxPlus,
+			result, configOk := ParseConfigMap(context.Background(), test.configMap, test.isPlus,
 				hasAppProtect, hasAppProtectDos, hasTLSPassthrough, makeEventLogger())
 
-			if !configOk {
-				t.Errorf("Expected valid config, got invalid")
+			if configOk != test.expectedConfigOk {
+				t.Errorf("configOk: want %v, got %v", test.expectedConfigOk, configOk)
 			}
-			if result.MainOpenTracingEnabled != test.enabled {
+			if result.MainOpenTracingEnabled != test.expectedOpenTracingEnabled {
 				t.Errorf("MainOpenTracingEnabled: want %v, got %v",
-					test.enabled, result.MainOpenTracingEnabled)
+					test.expectedOpenTracingEnabled, result.MainOpenTracingEnabled)
 			}
 
-			if result.MainOpenTracingLoadModule != test.loadModule {
+			if result.MainOpenTracingLoadModule != test.expectedLoadModule {
 				t.Errorf("MainOpenTracingLoadModule: want %v, got %v",
-					test.loadModule, result.MainOpenTracingLoadModule)
+					test.expectedLoadModule, result.MainOpenTracingLoadModule)
 			}
 
-			if result.MainOpenTracingTracer != test.tracer {
+			if result.MainOpenTracingTracer != test.expectedTracer {
 				t.Errorf("MainOpenTracingTracer: want %q, got %q",
-					test.tracer, result.MainOpenTracingTracer)
+					test.expectedTracer, result.MainOpenTracingTracer)
 			}
 
-			if result.MainOpenTracingTracerConfig != test.tracerConfig {
+			if result.MainOpenTracingTracerConfig != test.expectedTracerConfig {
 				t.Errorf("MainOpenTracingTracerConfig: want %q, got %q",
-					test.tracerConfig, result.MainOpenTracingTracerConfig)
+					test.expectedTracerConfig, result.MainOpenTracingTracerConfig)
 			}
 		})
 	}
 
@@ -99,12 +99,3 @@ func extractPlusVersionValues(input string) (int, int, error) {
 
 	return rValue, pValue, nil
 }
-
-// IsOpenTracingSupported takes version and determines if the version
-// supports the Open Tracing lib.
-//
-// Support for OpenTracing is dropped in NGINX Plus R34.
-// Earlier NGINX Plus versions and NGINX OSS support OpenTracing.
-func IsOpenTracingSupported(version Version) bool {
-	return !version.IsPlus
-}
@@ -127,35 +127,6 @@ func TestNginxVersionPlusGreaterThanOrEqualTo(t *testing.T) {
 	}
 }
 
-func TestIsOpenTracingSupported(t *testing.T) {
-	t.Parallel()
-
-	tt := []struct {
-		version nginx.Version
-		want    bool
-	}{
-		{
-			version: nginx.NewVersion("nginx version: nginx/1.25.1"),
-			want:    true,
-		},
-		{
-			version: nginx.NewVersion("nginx version: nginx/1.25.1 (nginx-plus-r34)"),
-			want:    false,
-		},
-		{
-			version: nginx.NewVersion("nginx version: nginx/1.25.1 (nginx-plus-r34-p1)"),
-			want:    false,
-		},
-	}
-
-	for _, tc := range tt {
-		got := nginx.IsOpenTracingSupported(tc.version)
-		if tc.want != got {
-			t.Errorf("%+v", tc.version)
-		}
-	}
-}
-
 func TestNginxVersionPlusGreaterThanOrEqualToFailsOnInalidInput(t *testing.T) {
 	t.Parallel()