tlsutil: un-ptr and add godoc to autoTLs struct

the autoTLS field on Configurator is only set once. By making it a value receiver it
should be allocated as a single block of memory along with Configurator.

Also add godoc to document what it is used for.
This commit is contained in:
Daniel Nephin 2021-06-21 12:20:39 -04:00
parent 08cd772626
commit a4432bb0b4
2 changed files with 19 additions and 18 deletions

View File

@ -150,6 +150,8 @@ func SpecificDC(dc string, tlsWrap DCWrapper) Wrapper {
}
}
// autoTLS stores configuration that is received from the auto-encrypt or
// auto-config features.
type autoTLS struct {
manualCAPems []string
connectCAPems []string
@ -157,7 +159,7 @@ type autoTLS struct {
verifyServerHostname bool
}
func (a *autoTLS) caPems() []string {
func (a autoTLS) caPems() []string {
return append(a.manualCAPems, a.connectCAPems...)
}
@ -172,7 +174,7 @@ type Configurator struct {
// lock synchronizes access to all fields on this struct except for logger and version.
lock sync.RWMutex
base *Config
autoTLS *autoTLS
autoTLS autoTLS
manual *manual
peerDatacenterUseTLS map[string]bool
caPool *x509.CertPool
@ -197,7 +199,6 @@ func NewConfigurator(config Config, logger hclog.Logger) (*Configurator, error)
c := &Configurator{
logger: logger.Named(logging.TLSUtil),
manual: &manual{},
autoTLS: &autoTLS{},
peerDatacenterUseTLS: map[string]bool{},
}
err := c.Update(config)
@ -274,7 +275,7 @@ func (c *Configurator) UpdateAutoTLSCA(connectCAPems []string) error {
return nil
}
// UpdateAutoTLSCert
// UpdateAutoTLSCert receives the updated Auto-Encrypt certificate.
func (c *Configurator) UpdateAutoTLSCert(pub, priv string) error {
cert, err := tls.X509KeyPair([]byte(pub), []byte(priv))
if err != nil {
@ -290,8 +291,8 @@ func (c *Configurator) UpdateAutoTLSCert(pub, priv string) error {
return nil
}
// UpdateAutoTLS sets everything under autoEncrypt. This is being called on the
// client when it received its cert from AutoEncrypt/AutoConfig endpoints.
// UpdateAutoTLS receives updates from Auto-Config, only expected to be called on
// client agents.
func (c *Configurator) UpdateAutoTLS(manualCAPems, connectCAPems []string, pub, priv string, verifyServerHostname bool) error {
cert, err := tls.X509KeyPair([]byte(pub), []byte(priv))
if err != nil {

View File

@ -506,7 +506,7 @@ func TestConfigurator_ErrorPropagation(t *testing.T) {
variants = append(variants, variant{Config{TLSMinVersion: v}, false, false})
}
c := Configurator{autoTLS: &autoTLS{}, manual: &manual{}}
c := Configurator{manual: &manual{}}
for i, v := range variants {
info := fmt.Sprintf("case %d, config: %+v", i, v.config)
_, err1 := NewConfigurator(v.config, nil)
@ -716,7 +716,7 @@ func TestConfigurator_CommonTLSConfigTLSMinVersion(t *testing.T) {
}
func TestConfigurator_CommonTLSConfigVerifyIncoming(t *testing.T) {
c := Configurator{base: &Config{}, autoTLS: &autoTLS{}}
c := Configurator{base: &Config{}}
type variant struct {
verify bool
expected tls.ClientAuthType
@ -731,7 +731,7 @@ func TestConfigurator_CommonTLSConfigVerifyIncoming(t *testing.T) {
}
func TestConfigurator_OutgoingRPCTLSDisabled(t *testing.T) {
c := Configurator{base: &Config{}, autoTLS: &autoTLS{}}
c := Configurator{base: &Config{}}
type variant struct {
verify bool
autoEncryptTLS bool
@ -909,7 +909,7 @@ func TestConfigurator_IncomingALPNRPCConfig(t *testing.T) {
}
func TestConfigurator_IncomingHTTPSConfig(t *testing.T) {
c := Configurator{base: &Config{}, autoTLS: &autoTLS{}}
c := Configurator{base: &Config{}}
require.Equal(t, []string{"h2", "http/1.1"}, c.IncomingHTTPSConfig().NextProtos)
}
@ -917,7 +917,7 @@ func TestConfigurator_OutgoingTLSConfigForChecks(t *testing.T) {
c := Configurator{base: &Config{
TLSMinVersion: "tls12",
EnableAgentTLSForChecks: false,
}, autoTLS: &autoTLS{}}
}}
tlsConf := c.OutgoingTLSConfigForCheck(true, "")
require.Equal(t, true, tlsConf.InsecureSkipVerify)
require.Equal(t, uint16(0), tlsConf.MinVersion)
@ -936,7 +936,7 @@ func TestConfigurator_OutgoingTLSConfigForChecks(t *testing.T) {
}
func TestConfigurator_OutgoingRPCConfig(t *testing.T) {
c := &Configurator{base: &Config{}, autoTLS: &autoTLS{}}
c := &Configurator{base: &Config{}}
require.Nil(t, c.OutgoingRPCConfig())
c, err := NewConfigurator(Config{
@ -954,7 +954,7 @@ func TestConfigurator_OutgoingRPCConfig(t *testing.T) {
}
func TestConfigurator_OutgoingALPNRPCConfig(t *testing.T) {
c := &Configurator{base: &Config{}, autoTLS: &autoTLS{}}
c := &Configurator{base: &Config{}}
require.Nil(t, c.OutgoingALPNRPCConfig())
c, err := NewConfigurator(Config{
@ -974,7 +974,7 @@ func TestConfigurator_OutgoingALPNRPCConfig(t *testing.T) {
}
func TestConfigurator_OutgoingRPCWrapper(t *testing.T) {
c := &Configurator{base: &Config{}, autoTLS: &autoTLS{}}
c := &Configurator{base: &Config{}}
wrapper := c.OutgoingRPCWrapper()
require.NotNil(t, wrapper)
conn := &net.TCPConn{}
@ -996,7 +996,7 @@ func TestConfigurator_OutgoingRPCWrapper(t *testing.T) {
}
func TestConfigurator_OutgoingALPNRPCWrapper(t *testing.T) {
c := &Configurator{base: &Config{}, autoTLS: &autoTLS{}}
c := &Configurator{base: &Config{}}
wrapper := c.OutgoingRPCWrapper()
require.NotNil(t, wrapper)
conn := &net.TCPConn{}
@ -1071,7 +1071,7 @@ func TestConfigurator_ServerNameOrNodeName(t *testing.T) {
}
func TestConfigurator_VerifyOutgoing(t *testing.T) {
c := Configurator{base: &Config{}, autoTLS: &autoTLS{}}
c := Configurator{base: &Config{}}
type variant struct {
verify bool
autoEncryptTLS bool
@ -1104,7 +1104,7 @@ func TestConfigurator_Domain(t *testing.T) {
}
func TestConfigurator_VerifyServerHostname(t *testing.T) {
c := Configurator{base: &Config{}, autoTLS: &autoTLS{}}
c := Configurator{base: &Config{}}
require.False(t, c.VerifyServerHostname())
c.base.VerifyServerHostname = true
@ -1121,7 +1121,7 @@ func TestConfigurator_VerifyServerHostname(t *testing.T) {
}
func TestConfigurator_AutoEncrytCertExpired(t *testing.T) {
c := Configurator{base: &Config{}, autoTLS: &autoTLS{}}
c := Configurator{base: &Config{}}
require.True(t, c.AutoEncryptCertExpired())
cert, err := loadKeyPair("../test/key/something_expired.cer", "../test/key/something_expired.key")