TestTLSReloadAtomicReplace ensures server reloads expired/valid certs when all certs are atomically replaced by directory renaming. And expects server to reject client requests, and vice versa.
(t *testing.T)
| 1631 | // when all certs are atomically replaced by directory renaming. |
| 1632 | // And expects server to reject client requests, and vice versa. |
| 1633 | func TestTLSReloadAtomicReplace(t *testing.T) { |
| 1634 | tmpDir := t.TempDir() |
| 1635 | os.RemoveAll(tmpDir) |
| 1636 | |
| 1637 | certsDir := t.TempDir() |
| 1638 | |
| 1639 | certsDirExp := t.TempDir() |
| 1640 | |
| 1641 | cloneFunc := func() transport.TLSInfo { |
| 1642 | tlsInfo, terr := copyTLSFiles(integration.TestTLSInfo, certsDir) |
| 1643 | require.NoError(t, terr) |
| 1644 | _, err := copyTLSFiles(integration.TestTLSInfoExpired, certsDirExp) |
| 1645 | require.NoError(t, err) |
| 1646 | return tlsInfo |
| 1647 | } |
| 1648 | replaceFunc := func() { |
| 1649 | err := os.Rename(certsDir, tmpDir) |
| 1650 | require.NoError(t, err) |
| 1651 | err = os.Rename(certsDirExp, certsDir) |
| 1652 | require.NoError(t, err) |
| 1653 | // after rename, |
| 1654 | // 'certsDir' contains expired certs |
| 1655 | // 'tmpDir' contains valid certs |
| 1656 | // 'certsDirExp' does not exist |
| 1657 | } |
| 1658 | revertFunc := func() { |
| 1659 | err := os.Rename(tmpDir, certsDirExp) |
| 1660 | require.NoError(t, err) |
| 1661 | err = os.Rename(certsDir, tmpDir) |
| 1662 | require.NoError(t, err) |
| 1663 | err = os.Rename(certsDirExp, certsDir) |
| 1664 | require.NoError(t, err) |
| 1665 | } |
| 1666 | testTLSReload(t, cloneFunc, replaceFunc, revertFunc, false) |
| 1667 | } |
| 1668 | |
| 1669 | // TestTLSReloadCopy ensures server reloads expired/valid certs |
| 1670 | // when new certs are copied over, one by one. And expects server |
nothing calls this directly
no test coverage detected
searching dependent graphs…