From 71ba0873e30b91dda95dbb79397691fed37e7fdc Mon Sep 17 00:00:00 2001
From: Marek Siarkowicz <siarkowicz@google.com>
Date: Sat, 1 Apr 2023 16:17:30 +0200
Subject: [PATCH] tests/robustness: Encrypt peer traffic to prevent proxy
 manipulating packets

Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
---
 tests/framework/e2e/cluster.go           | 3 +++
 tests/robustness/linearizability_test.go | 1 +
 2 files changed, 4 insertions(+)

diff --git a/tests/framework/e2e/cluster.go b/tests/framework/e2e/cluster.go
index 42cde6abd..5f6daa21c 100644
--- a/tests/framework/e2e/cluster.go
+++ b/tests/framework/e2e/cluster.go
@@ -478,6 +478,9 @@ func (cfg *EtcdProcessClusterConfig) EtcdServerProcessConfig(tb testing.TB, i in
 	peerAdvertiseUrl := url.URL{Scheme: cfg.PeerScheme(), Host: fmt.Sprintf("localhost:%d", peerPort)}
 	var proxyCfg *proxy.ServerConfig
 	if cfg.PeerProxy {
+		if !cfg.IsPeerTLS {
+			panic("Can't use peer proxy without peer TLS as it can result in malformed packets")
+		}
 		peerAdvertiseUrl.Host = fmt.Sprintf("localhost:%d", peer2Port)
 		proxyCfg = &proxy.ServerConfig{
 			Logger: zap.NewNop(),
diff --git a/tests/robustness/linearizability_test.go b/tests/robustness/linearizability_test.go
index 5619dc0b6..806963bef 100644
--- a/tests/robustness/linearizability_test.go
+++ b/tests/robustness/linearizability_test.go
@@ -103,6 +103,7 @@ func TestRobustness(t *testing.T) {
 			failpoint: RandomMultiNodeClusterFailpoint,
 			traffic:   &traffic,
 			config: *e2e.NewConfig(
+				e2e.WithIsPeerTLS(true),
 				e2e.WithSnapshotCount(100),
 				e2e.WithPeerProxy(true),
 				e2e.WithGoFailEnabled(true),