tests: Backport tls for etcdctl

Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
2024-09-27 06:25:44 +00:00 · 2023-03-16 13:47:34 +01:00
parent 46d6c1d7b2
commit 00e1e5db21
8 changed files with 41 additions and 19 deletions
--- a/tests/integration/cluster.go
+++ b/tests/integration/cluster.go
@@ -84,7 +84,7 @@ var (
 	// member, ensuring restarted members can listen on the same port again.
 	localListenCount = int64(0)

-	testTLSInfo = transport.TLSInfo{
+	TestTLSInfo = transport.TLSInfo{
 		KeyFile:        MustAbsPath("../fixtures/server.key.insecure"),
 		CertFile:       MustAbsPath("../fixtures/server.crt"),
 		TrustedCAFile:  MustAbsPath("../fixtures/ca.crt"),
--- a/tests/integration/cluster_test.go
+++ b/tests/integration/cluster_test.go
@@ -52,7 +52,7 @@ func testCluster(t *testing.T, size int) {

 func TestTLSClusterOf3(t *testing.T) {
 	BeforeTest(t)
-	c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &testTLSInfo})
+	c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &TestTLSInfo})
 	c.Launch(t)
 	defer c.Terminate(t)
 	clusterMustProgress(t, c.Members)
@@ -111,7 +111,7 @@ func TestTLSClusterOf3UsingDiscovery(t *testing.T) {
 	c := NewClusterByConfig(t,
 		&ClusterConfig{
 			Size:         3,
-			PeerTLS:      &testTLSInfo,
+			PeerTLS:      &TestTLSInfo,
 			DiscoveryURL: dc.URL(0) + "/v2/keys"},
 	)
 	c.Launch(t)
@@ -136,7 +136,7 @@ func testDoubleClusterSize(t *testing.T, size int) {

 func TestDoubleTLSClusterSizeOf3(t *testing.T) {
 	BeforeTest(t)
-	c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &testTLSInfo})
+	c := NewClusterByConfig(t, &ClusterConfig{Size: 3, PeerTLS: &TestTLSInfo})
 	c.Launch(t)
 	defer c.Terminate(t)

--- a/tests/integration/grpc_test.go
+++ b/tests/integration/grpc_test.go
@@ -121,8 +121,8 @@ func TestAuthority(t *testing.T) {
 func setupTLS(t *testing.T, useTLS bool, cfg ClusterConfig) (ClusterConfig, *tls.Config) {
 	t.Helper()
 	if useTLS {
-		cfg.ClientTLS = &testTLSInfo
-		tlsConfig, err := testTLSInfo.ClientConfig()
+		cfg.ClientTLS = &TestTLSInfo
+		tlsConfig, err := TestTLSInfo.ClientConfig()
 		if err != nil {
 			t.Fatal(err)
 		}
--- a/tests/integration/v3_grpc_test.go
+++ b/tests/integration/v3_grpc_test.go
@@ -1554,7 +1554,7 @@ func newClusterV3NoClients(t *testing.T, cfg *ClusterConfig) *ClusterV3 {
 func TestTLSGRPCRejectInsecureClient(t *testing.T) {
 	BeforeTest(t)

-	cfg := ClusterConfig{Size: 3, ClientTLS: &testTLSInfo}
+	cfg := ClusterConfig{Size: 3, ClientTLS: &TestTLSInfo}
 	clus := newClusterV3NoClients(t, &cfg)
 	defer clus.Terminate(t)

@@ -1593,7 +1593,7 @@ func TestTLSGRPCRejectSecureClient(t *testing.T) {
 	clus := newClusterV3NoClients(t, &cfg)
 	defer clus.Terminate(t)

-	clus.Members[0].ClientTLSInfo = &testTLSInfo
+	clus.Members[0].ClientTLSInfo = &TestTLSInfo
 	clus.Members[0].DialOptions = []grpc.DialOption{grpc.WithBlock()}
 	clus.Members[0].grpcURL = strings.Replace(clus.Members[0].grpcURL, "http://", "https://", 1)
 	client, err := NewClientV3(clus.Members[0])
@@ -1609,7 +1609,7 @@ func TestTLSGRPCRejectSecureClient(t *testing.T) {
 func TestTLSGRPCAcceptSecureAll(t *testing.T) {
 	BeforeTest(t)

-	cfg := ClusterConfig{Size: 3, ClientTLS: &testTLSInfo}
+	cfg := ClusterConfig{Size: 3, ClientTLS: &TestTLSInfo}
 	clus := newClusterV3NoClients(t, &cfg)
 	defer clus.Terminate(t)

@@ -1649,7 +1649,7 @@ func TestTLSReloadAtomicReplace(t *testing.T) {
 	defer os.RemoveAll(certsDirExp)

 	cloneFunc := func() transport.TLSInfo {
-		tlsInfo, terr := copyTLSFiles(testTLSInfo, certsDir)
+		tlsInfo, terr := copyTLSFiles(TestTLSInfo, certsDir)
 		if terr != nil {
 			t.Fatal(terr)
 		}
@@ -1695,7 +1695,7 @@ func TestTLSReloadCopy(t *testing.T) {
 	defer os.RemoveAll(certsDir)

 	cloneFunc := func() transport.TLSInfo {
-		tlsInfo, terr := copyTLSFiles(testTLSInfo, certsDir)
+		tlsInfo, terr := copyTLSFiles(TestTLSInfo, certsDir)
 		if terr != nil {
 			t.Fatal(terr)
 		}
@@ -1707,7 +1707,7 @@ func TestTLSReloadCopy(t *testing.T) {
 		}
 	}
 	revertFunc := func() {
-		if _, err = copyTLSFiles(testTLSInfo, certsDir); err != nil {
+		if _, err = copyTLSFiles(TestTLSInfo, certsDir); err != nil {
 			t.Fatal(err)
 		}
 	}
--- a/tests/integration/v3_tls_test.go
+++ b/tests/integration/v3_tls_test.go
@@ -41,7 +41,7 @@ func testTLSCipherSuites(t *testing.T, valid bool) {
 		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
 	}
-	srvTLS, cliTLS := testTLSInfo, testTLSInfo
+	srvTLS, cliTLS := TestTLSInfo, TestTLSInfo
 	if valid {
 		srvTLS.CipherSuites, cliTLS.CipherSuites = cipherSuites, cipherSuites
 	} else {
@@ -112,7 +112,7 @@ func TestTLSMinMaxVersion(t *testing.T) {
 	}

 	// Configure server to support TLS 1.3 only.
-	srvTLS := testTLSInfo
+	srvTLS := TestTLSInfo
 	srvTLS.MinVersion = tls.VersionTLS13
 	srvTLS.MaxVersion = tls.VersionTLS13
 	clus := NewClusterV3(t, &ClusterConfig{Size: 1, ClientTLS: &srvTLS})
@@ -120,7 +120,7 @@ func TestTLSMinMaxVersion(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			cc, err := testTLSInfo.ClientConfig()
+			cc, err := TestTLSInfo.ClientConfig()
 			assert.NoError(t, err)

 			cc.MinVersion = tt.minVersion