From 00e1e5db218ee629fb50be1dff660b5a9cdb6e10 Mon Sep 17 00:00:00 2001 From: Marek Siarkowicz Date: Thu, 16 Mar 2023 13:47:34 +0100 Subject: [PATCH] tests: Backport tls for etcdctl Signed-off-by: Marek Siarkowicz --- tests/e2e/corrupt_test.go | 4 ++-- tests/e2e/etcdctl.go | 23 ++++++++++++++++++++++- tests/e2e/utils.go | 3 ++- tests/integration/cluster.go | 2 +- tests/integration/cluster_test.go | 6 +++--- tests/integration/grpc_test.go | 4 ++-- tests/integration/v3_grpc_test.go | 12 ++++++------ tests/integration/v3_tls_test.go | 6 +++--- 8 files changed, 41 insertions(+), 19 deletions(-) diff --git a/tests/e2e/corrupt_test.go b/tests/e2e/corrupt_test.go index e385f1320..85594483f 100644 --- a/tests/e2e/corrupt_test.go +++ b/tests/e2e/corrupt_test.go @@ -112,7 +112,7 @@ func TestPeriodicCheckDetectsCorruption(t *testing.T) { } }) - cc := NewEtcdctl(epc.EndpointsV3()) + cc := NewEtcdctl(epc.EndpointsV3(), clientNonTLS, false) for i := 0; i < 10; i++ { err := cc.Put(testutil.PickKey(int64(i)), fmt.Sprint(i)) @@ -158,7 +158,7 @@ func TestCompactHashCheckDetectCorruption(t *testing.T) { } }) - cc := NewEtcdctl(epc.EndpointsV3()) + cc := NewEtcdctl(epc.EndpointsV3(), clientNonTLS, false) for i := 0; i < 10; i++ { err := cc.Put(testutil.PickKey(int64(i)), fmt.Sprint(i)) diff --git a/tests/e2e/etcdctl.go b/tests/e2e/etcdctl.go index 5366d9649..2b70ed447 100644 --- a/tests/e2e/etcdctl.go +++ b/tests/e2e/etcdctl.go @@ -20,18 +20,29 @@ import ( "strings" clientv3 "go.etcd.io/etcd/client/v3" + "go.etcd.io/etcd/tests/v3/integration" ) type EtcdctlV3 struct { + connType clientConnType + isAutoTLS bool endpoints []string } -func NewEtcdctl(endpoints []string) *EtcdctlV3 { +func NewEtcdctl(endpoints []string, connType clientConnType, isAutoTLS bool) *EtcdctlV3 { return &EtcdctlV3{ endpoints: endpoints, + connType: connType, + isAutoTLS: isAutoTLS, } } +func (ctl *EtcdctlV3) Get(key string) (*clientv3.GetResponse, error) { + var resp clientv3.GetResponse + err := ctl.spawnJsonCmd(&resp, "get", key) + return &resp, err +} + func (ctl *EtcdctlV3) Put(key, value string) error { args := ctl.cmdArgs() args = append(args, "put", key, value) @@ -78,6 +89,16 @@ func (ctl *EtcdctlV3) cmdArgs(args ...string) []string { func (ctl *EtcdctlV3) flags() map[string]string { fmap := make(map[string]string) + if ctl.connType == clientTLS { + if ctl.isAutoTLS { + fmap["insecure-transport"] = "false" + fmap["insecure-skip-tls-verify"] = "true" + } else { + fmap["cacert"] = integration.TestTLSInfo.TrustedCAFile + fmap["cert"] = integration.TestTLSInfo.CertFile + fmap["key"] = integration.TestTLSInfo.KeyFile + } + } fmap["endpoints"] = strings.Join(ctl.endpoints, ",") return fmap } diff --git a/tests/e2e/utils.go b/tests/e2e/utils.go index e4498c4f5..f142a00b1 100644 --- a/tests/e2e/utils.go +++ b/tests/e2e/utils.go @@ -20,6 +20,7 @@ import ( "testing" "time" + "go.etcd.io/etcd/tests/v3/integration" "go.uber.org/zap" "golang.org/x/sync/errgroup" "google.golang.org/grpc" @@ -76,7 +77,7 @@ func tlsInfo(t testing.TB, connType clientConnType, isAutoTLS bool) (*transport. } return &tls, nil } - panic("Unsupported non-auto tls") + return &integration.TestTLSInfo, nil default: return nil, fmt.Errorf("config %v not supported", connType) } diff --git a/tests/integration/cluster.go b/tests/integration/cluster.go index a99c554ba..1bf873f06 100644 --- a/tests/integration/cluster.go +++ b/tests/integration/cluster.go @@ -84,7 +84,7 @@ var ( // member, ensuring restarted members can listen on the same port again. localListenCount = int64(0) - testTLSInfo = transport.TLSInfo{ + TestTLSInfo = transport.TLSInfo{ KeyFile: MustAbsPath("../fixtures/server.key.insecure"), CertFile: MustAbsPath("../fixtures/server.crt"), TrustedCAFile: MustAbsPath("../fixtures/ca.crt"), diff --git a/tests/integration/cluster_test.go b/tests/integration/cluster_test.go index c259c1da9..c42dbc444 100644 --- a/tests/integration/cluster_test.go +++ b/tests/integration/cluster_test.go @@ -52,7 +52,7 @@ func testCluster(t *testing.T, size int) { func TestTLSClusterOf3(t *testing.T) { BeforeTest(t) - c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &testTLSInfo}) + c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &TestTLSInfo}) c.Launch(t) defer c.Terminate(t) clusterMustProgress(t, c.Members) @@ -111,7 +111,7 @@ func TestTLSClusterOf3UsingDiscovery(t *testing.T) { c := NewClusterByConfig(t, &ClusterConfig{ Size: 3, - PeerTLS: &testTLSInfo, + PeerTLS: &TestTLSInfo, DiscoveryURL: dc.URL(0) + "/v2/keys"}, ) c.Launch(t) @@ -136,7 +136,7 @@ func testDoubleClusterSize(t *testing.T, size int) { func TestDoubleTLSClusterSizeOf3(t *testing.T) { BeforeTest(t) - c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &testTLSInfo}) + c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &TestTLSInfo}) c.Launch(t) defer c.Terminate(t) diff --git a/tests/integration/grpc_test.go b/tests/integration/grpc_test.go index eb71191a3..1b383b7e1 100644 --- a/tests/integration/grpc_test.go +++ b/tests/integration/grpc_test.go @@ -121,8 +121,8 @@ func TestAuthority(t *testing.T) { func setupTLS(t *testing.T, useTLS bool, cfg ClusterConfig) (ClusterConfig, *tls.Config) { t.Helper() if useTLS { - cfg.ClientTLS = &testTLSInfo - tlsConfig, err := testTLSInfo.ClientConfig() + cfg.ClientTLS = &TestTLSInfo + tlsConfig, err := TestTLSInfo.ClientConfig() if err != nil { t.Fatal(err) } diff --git a/tests/integration/v3_grpc_test.go b/tests/integration/v3_grpc_test.go index e71af8e0b..8e3fad2b7 100644 --- a/tests/integration/v3_grpc_test.go +++ b/tests/integration/v3_grpc_test.go @@ -1554,7 +1554,7 @@ func newClusterV3NoClients(t *testing.T, cfg *ClusterConfig) *ClusterV3 { func TestTLSGRPCRejectInsecureClient(t *testing.T) { BeforeTest(t) - cfg := ClusterConfig{Size: 3, ClientTLS: &testTLSInfo} + cfg := ClusterConfig{Size: 3, ClientTLS: &TestTLSInfo} clus := newClusterV3NoClients(t, &cfg) defer clus.Terminate(t) @@ -1593,7 +1593,7 @@ func TestTLSGRPCRejectSecureClient(t *testing.T) { clus := newClusterV3NoClients(t, &cfg) defer clus.Terminate(t) - clus.Members[0].ClientTLSInfo = &testTLSInfo + clus.Members[0].ClientTLSInfo = &TestTLSInfo clus.Members[0].DialOptions = []grpc.DialOption{grpc.WithBlock()} clus.Members[0].grpcURL = strings.Replace(clus.Members[0].grpcURL, "http://", "https://", 1) client, err := NewClientV3(clus.Members[0]) @@ -1609,7 +1609,7 @@ func TestTLSGRPCRejectSecureClient(t *testing.T) { func TestTLSGRPCAcceptSecureAll(t *testing.T) { BeforeTest(t) - cfg := ClusterConfig{Size: 3, ClientTLS: &testTLSInfo} + cfg := ClusterConfig{Size: 3, ClientTLS: &TestTLSInfo} clus := newClusterV3NoClients(t, &cfg) defer clus.Terminate(t) @@ -1649,7 +1649,7 @@ func TestTLSReloadAtomicReplace(t *testing.T) { defer os.RemoveAll(certsDirExp) cloneFunc := func() transport.TLSInfo { - tlsInfo, terr := copyTLSFiles(testTLSInfo, certsDir) + tlsInfo, terr := copyTLSFiles(TestTLSInfo, certsDir) if terr != nil { t.Fatal(terr) } @@ -1695,7 +1695,7 @@ func TestTLSReloadCopy(t *testing.T) { defer os.RemoveAll(certsDir) cloneFunc := func() transport.TLSInfo { - tlsInfo, terr := copyTLSFiles(testTLSInfo, certsDir) + tlsInfo, terr := copyTLSFiles(TestTLSInfo, certsDir) if terr != nil { t.Fatal(terr) } @@ -1707,7 +1707,7 @@ func TestTLSReloadCopy(t *testing.T) { } } revertFunc := func() { - if _, err = copyTLSFiles(testTLSInfo, certsDir); err != nil { + if _, err = copyTLSFiles(TestTLSInfo, certsDir); err != nil { t.Fatal(err) } } diff --git a/tests/integration/v3_tls_test.go b/tests/integration/v3_tls_test.go index b4e4cf3d5..319968b11 100644 --- a/tests/integration/v3_tls_test.go +++ b/tests/integration/v3_tls_test.go @@ -41,7 +41,7 @@ func testTLSCipherSuites(t *testing.T, valid bool) { tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, } - srvTLS, cliTLS := testTLSInfo, testTLSInfo + srvTLS, cliTLS := TestTLSInfo, TestTLSInfo if valid { srvTLS.CipherSuites, cliTLS.CipherSuites = cipherSuites, cipherSuites } else { @@ -112,7 +112,7 @@ func TestTLSMinMaxVersion(t *testing.T) { } // Configure server to support TLS 1.3 only. - srvTLS := testTLSInfo + srvTLS := TestTLSInfo srvTLS.MinVersion = tls.VersionTLS13 srvTLS.MaxVersion = tls.VersionTLS13 clus := NewClusterV3(t, &ClusterConfig{Size: 1, ClientTLS: &srvTLS}) @@ -120,7 +120,7 @@ func TestTLSMinMaxVersion(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - cc, err := testTLSInfo.ClientConfig() + cc, err := TestTLSInfo.ClientConfig() assert.NoError(t, err) cc.MinVersion = tt.minVersion