tests: Backport tls for etcdctl

Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
2023-03-16 13:47:34 +01:00 · 2023-03-16 13:47:34 +01:00 · 00e1e5db21
commit 00e1e5db21
parent 46d6c1d7b2
8 changed files with 41 additions and 19 deletions
--- a/tests/e2e/corrupt_test.go
+++ b/tests/e2e/corrupt_test.go
@ -112,7 +112,7 @@ func TestPeriodicCheckDetectsCorruption(t *testing.T) {
 		}
 	})

-	cc := NewEtcdctl(epc.EndpointsV3())
+	cc := NewEtcdctl(epc.EndpointsV3(), clientNonTLS, false)

 	for i := 0; i < 10; i++ {
 		err := cc.Put(testutil.PickKey(int64(i)), fmt.Sprint(i))
@ -158,7 +158,7 @@ func TestCompactHashCheckDetectCorruption(t *testing.T) {
 		}
 	})

-	cc := NewEtcdctl(epc.EndpointsV3())
+	cc := NewEtcdctl(epc.EndpointsV3(), clientNonTLS, false)

 	for i := 0; i < 10; i++ {
 		err := cc.Put(testutil.PickKey(int64(i)), fmt.Sprint(i))
--- a/tests/e2e/etcdctl.go
+++ b/tests/e2e/etcdctl.go
@ -20,18 +20,29 @@ import (
 	"strings"

 	clientv3 "go.etcd.io/etcd/client/v3"
+	"go.etcd.io/etcd/tests/v3/integration"
 )

 type EtcdctlV3 struct {
+	connType  clientConnType
+	isAutoTLS bool
 	endpoints []string
 }

-func NewEtcdctl(endpoints []string) *EtcdctlV3 {
+func NewEtcdctl(endpoints []string, connType clientConnType, isAutoTLS bool) *EtcdctlV3 {
 	return &EtcdctlV3{
 		endpoints: endpoints,
+		connType:  connType,
+		isAutoTLS: isAutoTLS,
 	}
 }

+func (ctl *EtcdctlV3) Get(key string) (*clientv3.GetResponse, error) {
+	var resp clientv3.GetResponse
+	err := ctl.spawnJsonCmd(&resp, "get", key)
+	return &resp, err
+}
+
 func (ctl *EtcdctlV3) Put(key, value string) error {
 	args := ctl.cmdArgs()
 	args = append(args, "put", key, value)
@ -78,6 +89,16 @@ func (ctl *EtcdctlV3) cmdArgs(args ...string) []string {

 func (ctl *EtcdctlV3) flags() map[string]string {
 	fmap := make(map[string]string)
+	if ctl.connType == clientTLS {
+		if ctl.isAutoTLS {
+			fmap["insecure-transport"] = "false"
+			fmap["insecure-skip-tls-verify"] = "true"
+		} else {
+			fmap["cacert"] = integration.TestTLSInfo.TrustedCAFile
+			fmap["cert"] = integration.TestTLSInfo.CertFile
+			fmap["key"] = integration.TestTLSInfo.KeyFile
+		}
+	}
 	fmap["endpoints"] = strings.Join(ctl.endpoints, ",")
 	return fmap
 }
--- a/tests/e2e/utils.go
+++ b/tests/e2e/utils.go
@ -20,6 +20,7 @@ import (
 	"testing"
 	"time"

+	"go.etcd.io/etcd/tests/v3/integration"
 	"go.uber.org/zap"
 	"golang.org/x/sync/errgroup"
 	"google.golang.org/grpc"
@ -76,7 +77,7 @@ func tlsInfo(t testing.TB, connType clientConnType, isAutoTLS bool) (*transport.
 			}
 			return &tls, nil
 		}
-		panic("Unsupported non-auto tls")
+		return &integration.TestTLSInfo, nil
 	default:
 		return nil, fmt.Errorf("config %v not supported", connType)
 	}
--- a/tests/integration/cluster.go
+++ b/tests/integration/cluster.go
@ -84,7 +84,7 @@ var (
 	// member, ensuring restarted members can listen on the same port again.
 	localListenCount = int64(0)

-	testTLSInfo = transport.TLSInfo{
+	TestTLSInfo = transport.TLSInfo{
 		KeyFile:        MustAbsPath("../fixtures/server.key.insecure"),
 		CertFile:       MustAbsPath("../fixtures/server.crt"),
 		TrustedCAFile:  MustAbsPath("../fixtures/ca.crt"),
--- a/tests/integration/cluster_test.go
+++ b/tests/integration/cluster_test.go
@ -52,7 +52,7 @@ func testCluster(t *testing.T, size int) {

 func TestTLSClusterOf3(t *testing.T) {
 	BeforeTest(t)
-	c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &testTLSInfo})
+	c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &TestTLSInfo})
 	c.Launch(t)
 	defer c.Terminate(t)
 	clusterMustProgress(t, c.Members)
@ -111,7 +111,7 @@ func TestTLSClusterOf3UsingDiscovery(t *testing.T) {
 	c := NewClusterByConfig(t,
 		&ClusterConfig{
 			Size:         3,
-			PeerTLS:      &testTLSInfo,
+			PeerTLS:      &TestTLSInfo,
 			DiscoveryURL: dc.URL(0) + "/v2/keys"},
 	)
 	c.Launch(t)
@ -136,7 +136,7 @@ func testDoubleClusterSize(t *testing.T, size int) {

 func TestDoubleTLSClusterSizeOf3(t *testing.T) {
 	BeforeTest(t)
-	c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &testTLSInfo})
+	c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &TestTLSInfo})
 	c.Launch(t)
 	defer c.Terminate(t)

--- a/tests/integration/grpc_test.go
+++ b/tests/integration/grpc_test.go
@ -121,8 +121,8 @@ func TestAuthority(t *testing.T) {
 func setupTLS(t *testing.T, useTLS bool, cfg ClusterConfig) (ClusterConfig, *tls.Config) {
 	t.Helper()
 	if useTLS {
-		cfg.ClientTLS = &testTLSInfo
-		tlsConfig, err := testTLSInfo.ClientConfig()
+		cfg.ClientTLS = &TestTLSInfo
+		tlsConfig, err := TestTLSInfo.ClientConfig()
 		if err != nil {
 			t.Fatal(err)
 		}
--- a/tests/integration/v3_grpc_test.go
+++ b/tests/integration/v3_grpc_test.go
@ -1554,7 +1554,7 @@ func newClusterV3NoClients(t *testing.T, cfg *ClusterConfig) *ClusterV3 {
 func TestTLSGRPCRejectInsecureClient(t *testing.T) {
 	BeforeTest(t)

-	cfg := ClusterConfig{Size: 3, ClientTLS: &testTLSInfo}
+	cfg := ClusterConfig{Size: 3, ClientTLS: &TestTLSInfo}
 	clus := newClusterV3NoClients(t, &cfg)
 	defer clus.Terminate(t)

@ -1593,7 +1593,7 @@ func TestTLSGRPCRejectSecureClient(t *testing.T) {
 	clus := newClusterV3NoClients(t, &cfg)
 	defer clus.Terminate(t)

-	clus.Members[0].ClientTLSInfo = &testTLSInfo
+	clus.Members[0].ClientTLSInfo = &TestTLSInfo
 	clus.Members[0].DialOptions = []grpc.DialOption{grpc.WithBlock()}
 	clus.Members[0].grpcURL = strings.Replace(clus.Members[0].grpcURL, "http://", "https://", 1)
 	client, err := NewClientV3(clus.Members[0])
@ -1609,7 +1609,7 @@ func TestTLSGRPCRejectSecureClient(t *testing.T) {
 func TestTLSGRPCAcceptSecureAll(t *testing.T) {
 	BeforeTest(t)

-	cfg := ClusterConfig{Size: 3, ClientTLS: &testTLSInfo}
+	cfg := ClusterConfig{Size: 3, ClientTLS: &TestTLSInfo}
 	clus := newClusterV3NoClients(t, &cfg)
 	defer clus.Terminate(t)

@ -1649,7 +1649,7 @@ func TestTLSReloadAtomicReplace(t *testing.T) {
 	defer os.RemoveAll(certsDirExp)

 	cloneFunc := func() transport.TLSInfo {
-		tlsInfo, terr := copyTLSFiles(testTLSInfo, certsDir)
+		tlsInfo, terr := copyTLSFiles(TestTLSInfo, certsDir)
 		if terr != nil {
 			t.Fatal(terr)
 		}
@ -1695,7 +1695,7 @@ func TestTLSReloadCopy(t *testing.T) {
 	defer os.RemoveAll(certsDir)

 	cloneFunc := func() transport.TLSInfo {
-		tlsInfo, terr := copyTLSFiles(testTLSInfo, certsDir)
+		tlsInfo, terr := copyTLSFiles(TestTLSInfo, certsDir)
 		if terr != nil {
 			t.Fatal(terr)
 		}
@ -1707,7 +1707,7 @@ func TestTLSReloadCopy(t *testing.T) {
 		}
 	}
 	revertFunc := func() {
-		if _, err = copyTLSFiles(testTLSInfo, certsDir); err != nil {
+		if _, err = copyTLSFiles(TestTLSInfo, certsDir); err != nil {
 			t.Fatal(err)
 		}
 	}
--- a/tests/integration/v3_tls_test.go
+++ b/tests/integration/v3_tls_test.go
@ -41,7 +41,7 @@ func testTLSCipherSuites(t *testing.T, valid bool) {
 		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
 	}
-	srvTLS, cliTLS := testTLSInfo, testTLSInfo
+	srvTLS, cliTLS := TestTLSInfo, TestTLSInfo
 	if valid {
 		srvTLS.CipherSuites, cliTLS.CipherSuites = cipherSuites, cipherSuites
 	} else {
@ -112,7 +112,7 @@ func TestTLSMinMaxVersion(t *testing.T) {
 	}

 	// Configure server to support TLS 1.3 only.
-	srvTLS := testTLSInfo
+	srvTLS := TestTLSInfo
 	srvTLS.MinVersion = tls.VersionTLS13
 	srvTLS.MaxVersion = tls.VersionTLS13
 	clus := NewClusterV3(t, &ClusterConfig{Size: 1, ClientTLS: &srvTLS})
@ -120,7 +120,7 @@ func TestTLSMinMaxVersion(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			cc, err := testTLSInfo.ClientConfig()
+			cc, err := TestTLSInfo.ClientConfig()
 			assert.NoError(t, err)

 			cc.MinVersion = tt.minVersion