mirror of https://github.com/status-im/consul.git
tlsutil: un-ptr and add godoc to autoTLs struct
the autoTLS field on Configurator is only set once. By making it a value receiver it should be allocated as a single block of memory along with Configurator. Also add godoc to document what it is used for.
This commit is contained in:
parent
08cd772626
commit
a4432bb0b4
|
@ -150,6 +150,8 @@ func SpecificDC(dc string, tlsWrap DCWrapper) Wrapper {
|
|||
}
|
||||
}
|
||||
|
||||
// autoTLS stores configuration that is received from the auto-encrypt or
|
||||
// auto-config features.
|
||||
type autoTLS struct {
|
||||
manualCAPems []string
|
||||
connectCAPems []string
|
||||
|
@ -157,7 +159,7 @@ type autoTLS struct {
|
|||
verifyServerHostname bool
|
||||
}
|
||||
|
||||
func (a *autoTLS) caPems() []string {
|
||||
func (a autoTLS) caPems() []string {
|
||||
return append(a.manualCAPems, a.connectCAPems...)
|
||||
}
|
||||
|
||||
|
@ -172,7 +174,7 @@ type Configurator struct {
|
|||
// lock synchronizes access to all fields on this struct except for logger and version.
|
||||
lock sync.RWMutex
|
||||
base *Config
|
||||
autoTLS *autoTLS
|
||||
autoTLS autoTLS
|
||||
manual *manual
|
||||
peerDatacenterUseTLS map[string]bool
|
||||
caPool *x509.CertPool
|
||||
|
@ -197,7 +199,6 @@ func NewConfigurator(config Config, logger hclog.Logger) (*Configurator, error)
|
|||
c := &Configurator{
|
||||
logger: logger.Named(logging.TLSUtil),
|
||||
manual: &manual{},
|
||||
autoTLS: &autoTLS{},
|
||||
peerDatacenterUseTLS: map[string]bool{},
|
||||
}
|
||||
err := c.Update(config)
|
||||
|
@ -274,7 +275,7 @@ func (c *Configurator) UpdateAutoTLSCA(connectCAPems []string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// UpdateAutoTLSCert
|
||||
// UpdateAutoTLSCert receives the updated Auto-Encrypt certificate.
|
||||
func (c *Configurator) UpdateAutoTLSCert(pub, priv string) error {
|
||||
cert, err := tls.X509KeyPair([]byte(pub), []byte(priv))
|
||||
if err != nil {
|
||||
|
@ -290,8 +291,8 @@ func (c *Configurator) UpdateAutoTLSCert(pub, priv string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// UpdateAutoTLS sets everything under autoEncrypt. This is being called on the
|
||||
// client when it received its cert from AutoEncrypt/AutoConfig endpoints.
|
||||
// UpdateAutoTLS receives updates from Auto-Config, only expected to be called on
|
||||
// client agents.
|
||||
func (c *Configurator) UpdateAutoTLS(manualCAPems, connectCAPems []string, pub, priv string, verifyServerHostname bool) error {
|
||||
cert, err := tls.X509KeyPair([]byte(pub), []byte(priv))
|
||||
if err != nil {
|
||||
|
|
|
@ -506,7 +506,7 @@ func TestConfigurator_ErrorPropagation(t *testing.T) {
|
|||
variants = append(variants, variant{Config{TLSMinVersion: v}, false, false})
|
||||
}
|
||||
|
||||
c := Configurator{autoTLS: &autoTLS{}, manual: &manual{}}
|
||||
c := Configurator{manual: &manual{}}
|
||||
for i, v := range variants {
|
||||
info := fmt.Sprintf("case %d, config: %+v", i, v.config)
|
||||
_, err1 := NewConfigurator(v.config, nil)
|
||||
|
@ -716,7 +716,7 @@ func TestConfigurator_CommonTLSConfigTLSMinVersion(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestConfigurator_CommonTLSConfigVerifyIncoming(t *testing.T) {
|
||||
c := Configurator{base: &Config{}, autoTLS: &autoTLS{}}
|
||||
c := Configurator{base: &Config{}}
|
||||
type variant struct {
|
||||
verify bool
|
||||
expected tls.ClientAuthType
|
||||
|
@ -731,7 +731,7 @@ func TestConfigurator_CommonTLSConfigVerifyIncoming(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestConfigurator_OutgoingRPCTLSDisabled(t *testing.T) {
|
||||
c := Configurator{base: &Config{}, autoTLS: &autoTLS{}}
|
||||
c := Configurator{base: &Config{}}
|
||||
type variant struct {
|
||||
verify bool
|
||||
autoEncryptTLS bool
|
||||
|
@ -909,7 +909,7 @@ func TestConfigurator_IncomingALPNRPCConfig(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestConfigurator_IncomingHTTPSConfig(t *testing.T) {
|
||||
c := Configurator{base: &Config{}, autoTLS: &autoTLS{}}
|
||||
c := Configurator{base: &Config{}}
|
||||
require.Equal(t, []string{"h2", "http/1.1"}, c.IncomingHTTPSConfig().NextProtos)
|
||||
}
|
||||
|
||||
|
@ -917,7 +917,7 @@ func TestConfigurator_OutgoingTLSConfigForChecks(t *testing.T) {
|
|||
c := Configurator{base: &Config{
|
||||
TLSMinVersion: "tls12",
|
||||
EnableAgentTLSForChecks: false,
|
||||
}, autoTLS: &autoTLS{}}
|
||||
}}
|
||||
tlsConf := c.OutgoingTLSConfigForCheck(true, "")
|
||||
require.Equal(t, true, tlsConf.InsecureSkipVerify)
|
||||
require.Equal(t, uint16(0), tlsConf.MinVersion)
|
||||
|
@ -936,7 +936,7 @@ func TestConfigurator_OutgoingTLSConfigForChecks(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestConfigurator_OutgoingRPCConfig(t *testing.T) {
|
||||
c := &Configurator{base: &Config{}, autoTLS: &autoTLS{}}
|
||||
c := &Configurator{base: &Config{}}
|
||||
require.Nil(t, c.OutgoingRPCConfig())
|
||||
|
||||
c, err := NewConfigurator(Config{
|
||||
|
@ -954,7 +954,7 @@ func TestConfigurator_OutgoingRPCConfig(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestConfigurator_OutgoingALPNRPCConfig(t *testing.T) {
|
||||
c := &Configurator{base: &Config{}, autoTLS: &autoTLS{}}
|
||||
c := &Configurator{base: &Config{}}
|
||||
require.Nil(t, c.OutgoingALPNRPCConfig())
|
||||
|
||||
c, err := NewConfigurator(Config{
|
||||
|
@ -974,7 +974,7 @@ func TestConfigurator_OutgoingALPNRPCConfig(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestConfigurator_OutgoingRPCWrapper(t *testing.T) {
|
||||
c := &Configurator{base: &Config{}, autoTLS: &autoTLS{}}
|
||||
c := &Configurator{base: &Config{}}
|
||||
wrapper := c.OutgoingRPCWrapper()
|
||||
require.NotNil(t, wrapper)
|
||||
conn := &net.TCPConn{}
|
||||
|
@ -996,7 +996,7 @@ func TestConfigurator_OutgoingRPCWrapper(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestConfigurator_OutgoingALPNRPCWrapper(t *testing.T) {
|
||||
c := &Configurator{base: &Config{}, autoTLS: &autoTLS{}}
|
||||
c := &Configurator{base: &Config{}}
|
||||
wrapper := c.OutgoingRPCWrapper()
|
||||
require.NotNil(t, wrapper)
|
||||
conn := &net.TCPConn{}
|
||||
|
@ -1071,7 +1071,7 @@ func TestConfigurator_ServerNameOrNodeName(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestConfigurator_VerifyOutgoing(t *testing.T) {
|
||||
c := Configurator{base: &Config{}, autoTLS: &autoTLS{}}
|
||||
c := Configurator{base: &Config{}}
|
||||
type variant struct {
|
||||
verify bool
|
||||
autoEncryptTLS bool
|
||||
|
@ -1104,7 +1104,7 @@ func TestConfigurator_Domain(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestConfigurator_VerifyServerHostname(t *testing.T) {
|
||||
c := Configurator{base: &Config{}, autoTLS: &autoTLS{}}
|
||||
c := Configurator{base: &Config{}}
|
||||
require.False(t, c.VerifyServerHostname())
|
||||
|
||||
c.base.VerifyServerHostname = true
|
||||
|
@ -1121,7 +1121,7 @@ func TestConfigurator_VerifyServerHostname(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestConfigurator_AutoEncrytCertExpired(t *testing.T) {
|
||||
c := Configurator{base: &Config{}, autoTLS: &autoTLS{}}
|
||||
c := Configurator{base: &Config{}}
|
||||
require.True(t, c.AutoEncryptCertExpired())
|
||||
|
||||
cert, err := loadKeyPair("../test/key/something_expired.cer", "../test/key/something_expired.key")
|
||||
|
|
Loading…
Reference in New Issue