diff --git a/clientv3/yaml/config.go b/clientv3/yaml/config.go index aa6df1c18..7539da294 100644 --- a/clientv3/yaml/config.go +++ b/clientv3/yaml/config.go @@ -33,7 +33,11 @@ type yamlConfig struct { InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify"` Certfile string `json:"cert-file"` Keyfile string `json:"key-file"` - CAfile string `json:"ca-file"` + TrustedCAfile string `json:"trusted-ca-file"` + + // CAfile is being deprecated. Use 'TrustedCAfile' instead. + // TODO: deprecate this in v4 + CAfile string `json:"ca-file"` } // NewConfig creates a new clientv3.Config from a yaml file. @@ -66,8 +70,11 @@ func NewConfig(fpath string) (*clientv3.Config, error) { } } - if yc.CAfile != "" { - cp, err = tlsutil.NewCertPool([]string{yc.CAfile}) + if yc.CAfile != "" && yc.TrustedCAfile == "" { + yc.TrustedCAfile = yc.CAfile + } + if yc.TrustedCAfile != "" { + cp, err = tlsutil.NewCertPool([]string{yc.TrustedCAfile}) if err != nil { return nil, err } diff --git a/clientv3/yaml/config_test.go b/clientv3/yaml/config_test.go index 3dc221fdb..bcf28b434 100644 --- a/clientv3/yaml/config_test.go +++ b/clientv3/yaml/config_test.go @@ -50,7 +50,7 @@ func TestConfigFromFile(t *testing.T) { &yamlConfig{ Keyfile: privateKeyPath, Certfile: certPath, - CAfile: caPath, + TrustedCAfile: caPath, InsecureSkipTLSVerify: true, }, false, @@ -64,9 +64,9 @@ func TestConfigFromFile(t *testing.T) { }, { &yamlConfig{ - Keyfile: privateKeyPath, - Certfile: certPath, - CAfile: "bad", + Keyfile: privateKeyPath, + Certfile: certPath, + TrustedCAfile: "bad", }, true, }, @@ -113,7 +113,7 @@ func TestConfigFromFile(t *testing.T) { if tt.ym.Certfile != "" && len(cfg.TLS.Certificates) == 0 { t.Errorf("#%d: failed to load in cert", i) } - if tt.ym.CAfile != "" && cfg.TLS.RootCAs == nil { + if tt.ym.TrustedCAfile != "" && cfg.TLS.RootCAs == nil { t.Errorf("#%d: failed to load in ca cert", i) } if cfg.TLS.InsecureSkipVerify != tt.ym.InsecureSkipTLSVerify {