Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Differentiate the warning message for rejected client and peer connections

Browse Source 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
This commit is contained in:
Benjamin Wang 2024-07-12 17:07:10 +01:00
parent eeeb7e05b3
commit b6c5262026
2 changed files with 112 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
server/embed/config_logging.go
View File

@ -165,35 +165,38 @@ func (cfg *Config) setupLogging() error {
return err return err
} }
logTLSHandshakeFailure := func(conn *tls.Conn, err error) { logTLSHandshakeFailureFunc := func(msg string) func(conn *tls.Conn, err error) {
state := conn.ConnectionState() return func(conn *tls.Conn, err error) {
remoteAddr := conn.RemoteAddr().String() state := conn.ConnectionState()
serverName := state.ServerName remoteAddr := conn.RemoteAddr().String()
if len(state.PeerCertificates) > 0 { serverName := state.ServerName
cert := state.PeerCertificates[0] if len(state.PeerCertificates) > 0 {
ips := make([]string, len(cert.IPAddresses)) cert := state.PeerCertificates[0]
for i := range cert.IPAddresses { ips := make([]string, len(cert.IPAddresses))
ips[i] = cert.IPAddresses[i].String() for i := range cert.IPAddresses {
ips[i] = cert.IPAddresses[i].String()
}
cfg.logger.Warn(
msg,
zap.String("remote-addr", remoteAddr),
zap.String("server-name", serverName),
zap.Strings("ip-addresses", ips),
zap.Strings("dns-names", cert.DNSNames),
zap.Error(err),
)
} else {
cfg.logger.Warn(
msg,
zap.String("remote-addr", remoteAddr),
zap.String("server-name", serverName),
zap.Error(err),
)
} }
cfg.logger.Warn(
"rejected connection",
zap.String("remote-addr", remoteAddr),
zap.String("server-name", serverName),
zap.Strings("ip-addresses", ips),
zap.Strings("dns-names", cert.DNSNames),
zap.Error(err),
)
} else {
cfg.logger.Warn(
"rejected connection",
zap.String("remote-addr", remoteAddr),
zap.String("server-name", serverName),
zap.Error(err),
)
} }
} }
cfg.ClientTLSInfo.HandshakeFailure = logTLSHandshakeFailure
cfg.PeerTLSInfo.HandshakeFailure = logTLSHandshakeFailure cfg.ClientTLSInfo.HandshakeFailure = logTLSHandshakeFailureFunc("rejected connection on client endpoint")
cfg.PeerTLSInfo.HandshakeFailure = logTLSHandshakeFailureFunc("rejected connection on peer endpoint")
default: default:
return fmt.Errorf("unknown logger option %q", cfg.Logger) return fmt.Errorf("unknown logger option %q", cfg.Logger)

83
tests/e2e/zap_logging_test.go
View File

@ -20,6 +20,8 @@ import (
"testing" "testing"
"time" "time"
"github.com/stretchr/testify/require"
"go.etcd.io/etcd/tests/v3/framework/e2e" "go.etcd.io/etcd/tests/v3/framework/e2e"
) )
@ -73,3 +75,84 @@ type logEntry struct {
Caller string `json:"caller"` Caller string `json:"caller"`
Message string `json:"msg"` Message string `json:"msg"`
} }
func TestConnectionRejectMessage(t *testing.T) {
e2e.SkipInShortMode(t)
testCases := []struct {
name string
url string
expectedErrMsg string
}{
{
name: "reject client connection",
url: "https://127.0.0.1:2379/version",
expectedErrMsg: "rejected connection on client endpoint",
},
{
name: "reject peer connection",
url: "https://127.0.0.1:2380/members",
expectedErrMsg: "rejected connection on peer endpoint",
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
commonArgs := []string{
e2e.BinPath.Etcd,
"--name", "etcd1",
"--listen-client-urls", "https://127.0.0.1:2379",
"--advertise-client-urls", "https://127.0.0.1:2379",
"--cert-file", e2e.CertPath,
"--key-file", e2e.PrivateKeyPath,
"--trusted-ca-file", e2e.CaPath,
"--listen-peer-urls", "https://127.0.0.1:2380",
"--initial-advertise-peer-urls", "https://127.0.0.1:2380",
"--initial-cluster", "etcd1=https://127.0.0.1:2380",
"--peer-cert-file", e2e.CertPath,
"--peer-key-file", e2e.PrivateKeyPath,
"--peer-trusted-ca-file", e2e.CaPath,
}
t.Log("Starting an etcd process and wait for it to get ready.")
p, err := e2e.SpawnCmd(commonArgs, nil)
require.NoError(t, err)
err = e2e.WaitReadyExpectProc(context.TODO(), p, e2e.EtcdServerReadyLines)
require.NoError(t, err)
defer func() {
p.Stop()
p.Close()
}()
t.Log("Starting a separate goroutine to verify the expected output.")
startedCh := make(chan struct{}, 1)
doneCh := make(chan struct{}, 1)
go func() {
startedCh <- struct{}{}
verr := e2e.WaitReadyExpectProc(context.TODO(), p, []string{tc.expectedErrMsg})
require.NoError(t, verr)
doneCh <- struct{}{}
}()
// wait for the goroutine to get started
<-startedCh
t.Log("Running curl command to trigger the corresponding warning message.")
curlCmdArgs := []string{"curl", "--connect-timeout", "1", "-k", tc.url}
curlCmd, err := e2e.SpawnCmd(curlCmdArgs, nil)
require.NoError(t, err)
defer func() {
curlCmd.Stop()
curlCmd.Close()
}()
t.Log("Waiting for the result.")
select {
case <-doneCh:
case <-time.After(5 * time.Second):
t.Fatal("Timed out waiting for the result")
}
})
}
}