tests/robustness: Encrypt peer traffic to prevent proxy manipulating packets

Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
2024-09-27 06:25:44 +00:00 · 2023-04-01 16:17:30 +02:00 · 2023-04-01 16:17:30 +02:00 · 71ba0873e3
commit 71ba0873e3
parent 5f99ffdba1
2 changed files with 4 additions and 0 deletions
--- a/tests/framework/e2e/cluster.go
+++ b/tests/framework/e2e/cluster.go
@ -478,6 +478,9 @@ func (cfg *EtcdProcessClusterConfig) EtcdServerProcessConfig(tb testing.TB, i in
 	peerAdvertiseUrl := url.URL{Scheme: cfg.PeerScheme(), Host: fmt.Sprintf("localhost:%d", peerPort)}
 	var proxyCfg *proxy.ServerConfig
 	if cfg.PeerProxy {
+		if !cfg.IsPeerTLS {
+			panic("Can't use peer proxy without peer TLS as it can result in malformed packets")
+		}
 		peerAdvertiseUrl.Host = fmt.Sprintf("localhost:%d", peer2Port)
 		proxyCfg = &proxy.ServerConfig{
 			Logger: zap.NewNop(),
--- a/tests/robustness/linearizability_test.go
+++ b/tests/robustness/linearizability_test.go
@ -103,6 +103,7 @@ func TestRobustness(t *testing.T) {
 			failpoint: RandomMultiNodeClusterFailpoint,
 			traffic:   &traffic,
 			config: *e2e.NewConfig(
+				e2e.WithIsPeerTLS(true),
 				e2e.WithSnapshotCount(100),
 				e2e.WithPeerProxy(true),
 				e2e.WithGoFailEnabled(true),