mirrors/etcd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tests: Backport tls for etcdctl

Browse Source 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
This commit is contained in:
Marek Siarkowicz
2023-03-16 13:47:34 +01:00
parent 46d6c1d7b2
commit 00e1e5db21
8 changed files with 41 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/e2e/corrupt_test.go
View File

@ -112,7 +112,7 @@ func TestPeriodicCheckDetectsCorruption(t *testing.T) {
} }
}) })
cc := NewEtcdctl(epc.EndpointsV3()) cc := NewEtcdctl(epc.EndpointsV3(), clientNonTLS, false)
for i := 0; i < 10; i++ { for i := 0; i < 10; i++ {
err := cc.Put(testutil.PickKey(int64(i)), fmt.Sprint(i)) err := cc.Put(testutil.PickKey(int64(i)), fmt.Sprint(i))
@ -158,7 +158,7 @@ func TestCompactHashCheckDetectCorruption(t *testing.T) {
} }
}) })
cc := NewEtcdctl(epc.EndpointsV3()) cc := NewEtcdctl(epc.EndpointsV3(), clientNonTLS, false)
for i := 0; i < 10; i++ { for i := 0; i < 10; i++ {
err := cc.Put(testutil.PickKey(int64(i)), fmt.Sprint(i)) err := cc.Put(testutil.PickKey(int64(i)), fmt.Sprint(i))

23
tests/e2e/etcdctl.go
View File

@ -20,18 +20,29 @@ import (
"strings" "strings"
clientv3 "go.etcd.io/etcd/client/v3" clientv3 "go.etcd.io/etcd/client/v3"
"go.etcd.io/etcd/tests/v3/integration"
) )
type EtcdctlV3 struct { type EtcdctlV3 struct {
connType clientConnType
isAutoTLS bool
endpoints []string endpoints []string
} }
func NewEtcdctl(endpoints []string) *EtcdctlV3 { func NewEtcdctl(endpoints []string, connType clientConnType, isAutoTLS bool) *EtcdctlV3 {
return &EtcdctlV3{ return &EtcdctlV3{
endpoints: endpoints, endpoints: endpoints,
connType: connType,
isAutoTLS: isAutoTLS,
} }
} }
func (ctl *EtcdctlV3) Get(key string) (*clientv3.GetResponse, error) {
var resp clientv3.GetResponse
err := ctl.spawnJsonCmd(&resp, "get", key)
return &resp, err
}
func (ctl *EtcdctlV3) Put(key, value string) error { func (ctl *EtcdctlV3) Put(key, value string) error {
args := ctl.cmdArgs() args := ctl.cmdArgs()
args = append(args, "put", key, value) args = append(args, "put", key, value)
@ -78,6 +89,16 @@ func (ctl *EtcdctlV3) cmdArgs(args ...string) []string {
func (ctl *EtcdctlV3) flags() map[string]string { func (ctl *EtcdctlV3) flags() map[string]string {
fmap := make(map[string]string) fmap := make(map[string]string)
if ctl.connType == clientTLS {
if ctl.isAutoTLS {
fmap["insecure-transport"] = "false"
fmap["insecure-skip-tls-verify"] = "true"
} else {
fmap["cacert"] = integration.TestTLSInfo.TrustedCAFile
fmap["cert"] = integration.TestTLSInfo.CertFile
fmap["key"] = integration.TestTLSInfo.KeyFile
}
}
fmap["endpoints"] = strings.Join(ctl.endpoints, ",") fmap["endpoints"] = strings.Join(ctl.endpoints, ",")
return fmap return fmap
} }

3
tests/e2e/utils.go
View File

@ -20,6 +20,7 @@ import (
"testing" "testing"
"time" "time"
"go.etcd.io/etcd/tests/v3/integration"
"go.uber.org/zap" "go.uber.org/zap"
"golang.org/x/sync/errgroup" "golang.org/x/sync/errgroup"
"google.golang.org/grpc" "google.golang.org/grpc"
@ -76,7 +77,7 @@ func tlsInfo(t testing.TB, connType clientConnType, isAutoTLS bool) (*transport.
} }
return &tls, nil return &tls, nil
} }
panic("Unsupported non-auto tls") return &integration.TestTLSInfo, nil
default: default:
return nil, fmt.Errorf("config %v not supported", connType) return nil, fmt.Errorf("config %v not supported", connType)
} }

2
tests/integration/cluster.go
View File

@ -84,7 +84,7 @@ var (
// member, ensuring restarted members can listen on the same port again. // member, ensuring restarted members can listen on the same port again.
localListenCount = int64(0) localListenCount = int64(0)
testTLSInfo = transport.TLSInfo{ TestTLSInfo = transport.TLSInfo{
KeyFile: MustAbsPath("../fixtures/server.key.insecure"), KeyFile: MustAbsPath("../fixtures/server.key.insecure"),
CertFile: MustAbsPath("../fixtures/server.crt"), CertFile: MustAbsPath("../fixtures/server.crt"),
TrustedCAFile: MustAbsPath("../fixtures/ca.crt"), TrustedCAFile: MustAbsPath("../fixtures/ca.crt"),

6
tests/integration/cluster_test.go
View File

@ -52,7 +52,7 @@ func testCluster(t *testing.T, size int) {
func TestTLSClusterOf3(t *testing.T) { func TestTLSClusterOf3(t *testing.T) {
BeforeTest(t) BeforeTest(t)
c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &testTLSInfo}) c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &TestTLSInfo})
c.Launch(t) c.Launch(t)
defer c.Terminate(t) defer c.Terminate(t)
clusterMustProgress(t, c.Members) clusterMustProgress(t, c.Members)
@ -111,7 +111,7 @@ func TestTLSClusterOf3UsingDiscovery(t *testing.T) {
c := NewClusterByConfig(t, c := NewClusterByConfig(t,
&ClusterConfig{ &ClusterConfig{
Size: 3, Size: 3,
PeerTLS: &testTLSInfo, PeerTLS: &TestTLSInfo,
DiscoveryURL: dc.URL(0) + "/v2/keys"}, DiscoveryURL: dc.URL(0) + "/v2/keys"},
) )
c.Launch(t) c.Launch(t)
@ -136,7 +136,7 @@ func testDoubleClusterSize(t *testing.T, size int) {
func TestDoubleTLSClusterSizeOf3(t *testing.T) { func TestDoubleTLSClusterSizeOf3(t *testing.T) {
BeforeTest(t) BeforeTest(t)
c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &testTLSInfo}) c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &TestTLSInfo})
c.Launch(t) c.Launch(t)
defer c.Terminate(t) defer c.Terminate(t)

4
tests/integration/grpc_test.go
View File

@ -121,8 +121,8 @@ func TestAuthority(t *testing.T) {
func setupTLS(t *testing.T, useTLS bool, cfg ClusterConfig) (ClusterConfig, *tls.Config) { func setupTLS(t *testing.T, useTLS bool, cfg ClusterConfig) (ClusterConfig, *tls.Config) {
t.Helper() t.Helper()
if useTLS { if useTLS {
cfg.ClientTLS = &testTLSInfo cfg.ClientTLS = &TestTLSInfo
tlsConfig, err := testTLSInfo.ClientConfig() tlsConfig, err := TestTLSInfo.ClientConfig()
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }

12
tests/integration/v3_grpc_test.go
View File

@ -1554,7 +1554,7 @@ func newClusterV3NoClients(t *testing.T, cfg *ClusterConfig) *ClusterV3 {
func TestTLSGRPCRejectInsecureClient(t *testing.T) { func TestTLSGRPCRejectInsecureClient(t *testing.T) {
BeforeTest(t) BeforeTest(t)
cfg := ClusterConfig{Size: 3, ClientTLS: &testTLSInfo} cfg := ClusterConfig{Size: 3, ClientTLS: &TestTLSInfo}
clus := newClusterV3NoClients(t, &cfg) clus := newClusterV3NoClients(t, &cfg)
defer clus.Terminate(t) defer clus.Terminate(t)
@ -1593,7 +1593,7 @@ func TestTLSGRPCRejectSecureClient(t *testing.T) {
clus := newClusterV3NoClients(t, &cfg) clus := newClusterV3NoClients(t, &cfg)
defer clus.Terminate(t) defer clus.Terminate(t)
clus.Members[0].ClientTLSInfo = &testTLSInfo clus.Members[0].ClientTLSInfo = &TestTLSInfo
clus.Members[0].DialOptions = []grpc.DialOption{grpc.WithBlock()} clus.Members[0].DialOptions = []grpc.DialOption{grpc.WithBlock()}
clus.Members[0].grpcURL = strings.Replace(clus.Members[0].grpcURL, "http://", "https://", 1) clus.Members[0].grpcURL = strings.Replace(clus.Members[0].grpcURL, "http://", "https://", 1)
client, err := NewClientV3(clus.Members[0]) client, err := NewClientV3(clus.Members[0])
@ -1609,7 +1609,7 @@ func TestTLSGRPCRejectSecureClient(t *testing.T) {
func TestTLSGRPCAcceptSecureAll(t *testing.T) { func TestTLSGRPCAcceptSecureAll(t *testing.T) {
BeforeTest(t) BeforeTest(t)
cfg := ClusterConfig{Size: 3, ClientTLS: &testTLSInfo} cfg := ClusterConfig{Size: 3, ClientTLS: &TestTLSInfo}
clus := newClusterV3NoClients(t, &cfg) clus := newClusterV3NoClients(t, &cfg)
defer clus.Terminate(t) defer clus.Terminate(t)
@ -1649,7 +1649,7 @@ func TestTLSReloadAtomicReplace(t *testing.T) {
defer os.RemoveAll(certsDirExp) defer os.RemoveAll(certsDirExp)
cloneFunc := func() transport.TLSInfo { cloneFunc := func() transport.TLSInfo {
tlsInfo, terr := copyTLSFiles(testTLSInfo, certsDir) tlsInfo, terr := copyTLSFiles(TestTLSInfo, certsDir)
if terr != nil { if terr != nil {
t.Fatal(terr) t.Fatal(terr)
} }
@ -1695,7 +1695,7 @@ func TestTLSReloadCopy(t *testing.T) {
defer os.RemoveAll(certsDir) defer os.RemoveAll(certsDir)
cloneFunc := func() transport.TLSInfo { cloneFunc := func() transport.TLSInfo {
tlsInfo, terr := copyTLSFiles(testTLSInfo, certsDir) tlsInfo, terr := copyTLSFiles(TestTLSInfo, certsDir)
if terr != nil { if terr != nil {
t.Fatal(terr) t.Fatal(terr)
} }
@ -1707,7 +1707,7 @@ func TestTLSReloadCopy(t *testing.T) {
} }
} }
revertFunc := func() { revertFunc := func() {
if _, err = copyTLSFiles(testTLSInfo, certsDir); err != nil { if _, err = copyTLSFiles(TestTLSInfo, certsDir); err != nil {
t.Fatal(err) t.Fatal(err)
} }
} }

6
tests/integration/v3_tls_test.go
View File

@ -41,7 +41,7 @@ func testTLSCipherSuites(t *testing.T, valid bool) {
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
} }
srvTLS, cliTLS := testTLSInfo, testTLSInfo srvTLS, cliTLS := TestTLSInfo, TestTLSInfo
if valid { if valid {
srvTLS.CipherSuites, cliTLS.CipherSuites = cipherSuites, cipherSuites srvTLS.CipherSuites, cliTLS.CipherSuites = cipherSuites, cipherSuites
} else { } else {
@ -112,7 +112,7 @@ func TestTLSMinMaxVersion(t *testing.T) {
} }
// Configure server to support TLS 1.3 only. // Configure server to support TLS 1.3 only.
srvTLS := testTLSInfo srvTLS := TestTLSInfo
srvTLS.MinVersion = tls.VersionTLS13 srvTLS.MinVersion = tls.VersionTLS13
srvTLS.MaxVersion = tls.VersionTLS13 srvTLS.MaxVersion = tls.VersionTLS13
clus := NewClusterV3(t, &ClusterConfig{Size: 1, ClientTLS: &srvTLS}) clus := NewClusterV3(t, &ClusterConfig{Size: 1, ClientTLS: &srvTLS})
@ -120,7 +120,7 @@ func TestTLSMinMaxVersion(t *testing.T) {
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
cc, err := testTLSInfo.ClientConfig() cc, err := TestTLSInfo.ClientConfig()
assert.NoError(t, err) assert.NoError(t, err)
cc.MinVersion = tt.minVersion cc.MinVersion = tt.minVersion