refactor: [#272] Remove unused TlsSection and domain::tls module

Step 7.5.5: Cleanup and Final Verification

After migrating all services (HTTP Trackers, Tracker REST API, Health Check
API, and Grafana) from tls: Option<TlsSection> to domain: Option<String> +
use_tls_proxy: Option<bool>, the TlsSection type and domain::tls module
are no longer used.

This cleanup removes:
- TlsSection struct and impl from application layer DTOs
- TlsSection tests
- domain::tls module (TlsConfig type)
- TlsSection re-export from config module

All 1848 tests pass after removal.

Author: josecelano

docs/issues/272-add-https-support-with-caddy.md

@@ -1479,9 +1479,10 @@ The implementation is split into incremental steps, one service type at a time,
 
 ##### Step 7.5.5: Cleanup and Final Verification
 
-- [ ] Remove `TlsSection` type completely (should be unused after all services migrated)
-- [ ] Run full E2E test suite
-- [ ] Run all linters
+- [x] Remove `TlsSection` type completely (should be unused after all services migrated)
+- [x] Remove `domain::tls` module completely (unused after migration)
+- [x] Run full E2E test suite
+- [x] Run all linters
 - [ ] Manual verification with `envs/manual-https-test.json`
 
 ### Phase 8: Schema Generation (30 minutes)

src/application/command_handlers/create/config/https.rs

@@ -33,7 +33,7 @@ use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
 use super::errors::CreateConfigError;
-use crate::shared::{DomainName, Email};
+use crate::shared::Email;
 
 /// Common HTTPS configuration (top-level)
 ///
@@ -126,62 +126,6 @@ impl HttpsSection {
     }
 }
 
-/// Service-specific TLS configuration
-///
-/// Embedded in each service that supports HTTPS. The presence of this
-/// configuration indicates that TLS should be enabled for the service.
-///
-/// # Domain Requirements
-///
-/// The domain must:
-/// - Point to the deployment server's IP via DNS
-/// - Be owned/controlled by the deployer
-/// - Be configured before deployment (for HTTP-01 challenge)
-///
-/// # Examples
-///
-/// ```json
-/// {
-///     "tls": {
-///         "domain": "api.example.com"
-///     }
-/// }
-/// ```
-#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, JsonSchema)]
-pub struct TlsSection {
-    /// Domain name for this service
-    ///
-    /// This domain will be used for:
-    /// - HTTPS certificate acquisition (Let's Encrypt HTTP-01 challenge)
-    /// - Caddy reverse proxy routing
-    /// - SNI-based TLS termination
-    pub domain: String,
-}
-
-impl TlsSection {
-    /// Creates a new TLS configuration section
-    #[must_use]
-    pub fn new(domain: String) -> Self {
-        Self { domain }
-    }
-
-    /// Validates the TLS configuration
-    ///
-    /// Uses the domain-level `DomainName` type for DNS-compliant validation.
-    ///
-    /// # Errors
-    ///
-    /// Returns `CreateConfigError::InvalidDomain` if the domain format is invalid.
-    pub fn validate(&self) -> Result<(), CreateConfigError> {
-        // Validate domain using the domain type for DNS-compliant validation
-        DomainName::new(&self.domain).map_err(|e| CreateConfigError::InvalidDomain {
-            domain: self.domain.clone(),
-            reason: e.to_string(),
-        })?;
-        Ok(())
-    }
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -248,86 +192,6 @@ mod tests {
         }
     }
 
-    mod tls_section_tests {
-        use super::*;
-
-        #[test]
-        fn it_should_create_tls_section() {
-            let section = TlsSection::new("api.example.com".to_string());
-            assert_eq!(section.domain, "api.example.com");
-        }
-
-        #[test]
-        fn it_should_validate_valid_domain() {
-            let section = TlsSection::new("api.example.com".to_string());
-            assert!(section.validate().is_ok());
-        }
-
-        #[test]
-        fn it_should_validate_subdomain() {
-            let section = TlsSection::new("sub.api.example.com".to_string());
-            assert!(section.validate().is_ok());
-        }
-
-        #[test]
-        fn it_should_reject_empty_domain() {
-            let section = TlsSection::new(String::new());
-            assert!(section.validate().is_err());
-        }
-
-        #[test]
-        fn it_should_reject_domain_without_tld() {
-            let section = TlsSection::new("localhost".to_string());
-            assert!(section.validate().is_err());
-        }
-
-        #[test]
-        fn it_should_reject_domain_starting_with_dot() {
-            let section = TlsSection::new(".example.com".to_string());
-            assert!(section.validate().is_err());
-        }
-
-        #[test]
-        fn it_should_reject_domain_ending_with_dot() {
-            let section = TlsSection::new("example.com.".to_string());
-            assert!(section.validate().is_err());
-        }
-
-        #[test]
-        fn it_should_reject_domain_with_consecutive_dots() {
-            let section = TlsSection::new("example..com".to_string());
-            assert!(section.validate().is_err());
-        }
-
-        #[test]
-        fn it_should_reject_domain_with_whitespace() {
-            let section = TlsSection::new("my domain.com".to_string());
-            assert!(section.validate().is_err());
-        }
-
-        #[test]
-        fn it_should_accept_domain_with_hyphen() {
-            // Hyphens are allowed in domain names
-            let section = TlsSection::new("my-service.example.com".to_string());
-            assert!(section.validate().is_ok());
-        }
-
-        #[test]
-        fn it_should_accept_domain_with_underscore() {
-            // Underscores are allowed with minimal validation
-            // (they're valid in some DNS contexts like SRV records)
-            let section = TlsSection::new("my_service.example.com".to_string());
-            assert!(section.validate().is_ok());
-        }
-
-        #[test]
-        fn it_should_deserialize_from_json() {
-            let json = r#"{"domain": "api.torrust.com"}"#;
-            let section: TlsSection = serde_json::from_str(json).unwrap();
-            assert_eq!(section.domain, "api.torrust.com");
-        }
-    }
-
     /// Tests for email validation in HTTPS context
     ///
     /// Note: Comprehensive email format validation tests are in `src/shared/email.rs`.
@@ -351,28 +215,4 @@ mod tests {
             ));
         }
     }
-
-    /// Tests for domain validation in TLS context
-    ///
-    /// Note: Comprehensive domain format validation tests are in `src/shared/domain_name.rs`.
-    /// These tests verify the integration of the `DomainName` type with `TlsSection`.
-    mod domain_validation_integration_tests {
-        use super::*;
-
-        #[test]
-        fn it_should_accept_dns_compliant_domain() {
-            let section = TlsSection::new("example.com".to_string());
-            assert!(section.validate().is_ok());
-        }
-
-        #[test]
-        fn it_should_reject_dns_non_compliant_domain() {
-            let section = TlsSection::new("localhost".to_string());
-            let result = section.validate();
-            assert!(matches!(
-                result,
-                Err(CreateConfigError::InvalidDomain { .. })
-            ));
-        }
-    }
 }

src/application/command_handlers/create/config/mod.rs

@@ -143,7 +143,7 @@ pub mod tracker;
 pub use environment_config::{EnvironmentCreationConfig, EnvironmentSection};
 pub use errors::CreateConfigError;
 pub use grafana::GrafanaSection;
-pub use https::{HttpsSection, TlsSection};
+pub use https::HttpsSection;
 pub use prometheus::PrometheusSection;
 pub use provider::{HetznerProviderSection, LxdProviderSection, ProviderSection};
 pub use ssh_credentials_config::SshCredentialsConfig;

src/domain/mod.rs

@@ -21,7 +21,6 @@ pub mod profile_name;
 pub mod prometheus;
 pub mod provider;
 pub mod template;
-pub mod tls;
 pub mod tracker;
 
 // Re-export commonly used domain types for convenience