Set api.Config’s InsecureSkipVerify to the value of !RuntimeConfig.VerifyOutgoing

This commit is contained in:
Matt Keeler 2018-07-12 07:49:23 -04:00
parent 7dfd2ab316
commit 0f56ed2d01
2 changed files with 10 additions and 6 deletions

View File

@ -1223,7 +1223,7 @@ func (c *RuntimeConfig) apiAddresses(maxPerType int) (unixAddrs, httpAddrs, http
func (c *RuntimeConfig) APIConfig(includeClientCerts bool) (*api.Config, error) { func (c *RuntimeConfig) APIConfig(includeClientCerts bool) (*api.Config, error) {
cfg := &api.Config{ cfg := &api.Config{
Datacenter: c.Datacenter, Datacenter: c.Datacenter,
TLSConfig: api.TLSConfig{InsecureSkipVerify: true}, TLSConfig: api.TLSConfig{InsecureSkipVerify: !c.VerifyOutgoing},
} }
unixAddrs, httpAddrs, httpsAddrs := c.apiAddresses(1) unixAddrs, httpAddrs, httpsAddrs := c.apiAddresses(1)

View File

@ -4537,11 +4537,12 @@ func TestRuntime_APIConfigHTTPS(t *testing.T) {
HTTPSAddrs: []net.Addr{ HTTPSAddrs: []net.Addr{
&net.TCPAddr{IP: net.ParseIP("198.18.0.2"), Port: 5678}, &net.TCPAddr{IP: net.ParseIP("198.18.0.2"), Port: 5678},
}, },
Datacenter: "dc-test", Datacenter: "dc-test",
CAFile: "/etc/consul/ca.crt", CAFile: "/etc/consul/ca.crt",
CAPath: "/etc/consul/ca.dir", CAPath: "/etc/consul/ca.dir",
CertFile: "/etc/consul/server.crt", CertFile: "/etc/consul/server.crt",
KeyFile: "/etc/consul/ssl/server.key", KeyFile: "/etc/consul/ssl/server.key",
VerifyOutgoing: false,
} }
cfg, err := rt.APIConfig(false) cfg, err := rt.APIConfig(false)
@ -4553,7 +4554,9 @@ func TestRuntime_APIConfigHTTPS(t *testing.T) {
require.Equal(t, "", cfg.TLSConfig.CertFile) require.Equal(t, "", cfg.TLSConfig.CertFile)
require.Equal(t, "", cfg.TLSConfig.KeyFile) require.Equal(t, "", cfg.TLSConfig.KeyFile)
require.Equal(t, rt.Datacenter, cfg.Datacenter) require.Equal(t, rt.Datacenter, cfg.Datacenter)
require.Equal(t, true, cfg.TLSConfig.InsecureSkipVerify)
rt.VerifyOutgoing = true
cfg, err = rt.APIConfig(true) cfg, err = rt.APIConfig(true)
require.NoError(t, err) require.NoError(t, err)
require.Equal(t, "198.18.0.2:5678", cfg.Address) require.Equal(t, "198.18.0.2:5678", cfg.Address)
@ -4563,6 +4566,7 @@ func TestRuntime_APIConfigHTTPS(t *testing.T) {
require.Equal(t, rt.CertFile, cfg.TLSConfig.CertFile) require.Equal(t, rt.CertFile, cfg.TLSConfig.CertFile)
require.Equal(t, rt.KeyFile, cfg.TLSConfig.KeyFile) require.Equal(t, rt.KeyFile, cfg.TLSConfig.KeyFile)
require.Equal(t, rt.Datacenter, cfg.Datacenter) require.Equal(t, rt.Datacenter, cfg.Datacenter)
require.Equal(t, false, cfg.TLSConfig.InsecureSkipVerify)
} }
func TestRuntime_APIConfigHTTP(t *testing.T) { func TestRuntime_APIConfigHTTP(t *testing.T) {