( t *testing.T, cloneFunc func() transport.TLSInfo, replaceFunc func(), revertFunc func(), useIP bool, )
| 1711 | } |
| 1712 | |
| 1713 | func testTLSReload( |
| 1714 | t *testing.T, |
| 1715 | cloneFunc func() transport.TLSInfo, |
| 1716 | replaceFunc func(), |
| 1717 | revertFunc func(), |
| 1718 | useIP bool, |
| 1719 | ) { |
| 1720 | integration.BeforeTest(t) |
| 1721 | |
| 1722 | // 1. separate copies for TLS assets modification |
| 1723 | tlsInfo := cloneFunc() |
| 1724 | |
| 1725 | // 2. start cluster with valid certs |
| 1726 | clus := integration.NewCluster(t, &integration.ClusterConfig{ |
| 1727 | Size: 1, |
| 1728 | PeerTLS: &tlsInfo, |
| 1729 | ClientTLS: &tlsInfo, |
| 1730 | UseIP: useIP, |
| 1731 | }) |
| 1732 | defer clus.Terminate(t) |
| 1733 | |
| 1734 | // 3. concurrent client dialing while certs become expired |
| 1735 | errc := make(chan error, 1) |
| 1736 | go func() { |
| 1737 | for { |
| 1738 | cc, err := tlsInfo.ClientConfig() |
| 1739 | if err != nil { |
| 1740 | // errors in 'go/src/crypto/tls/tls.go' |
| 1741 | // tls: private key does not match public key |
| 1742 | // tls: failed to find any PEM data in key input |
| 1743 | // tls: failed to find any PEM data in certificate input |
| 1744 | // Or 'does not exist', 'not found', etc |
| 1745 | t.Log(err) |
| 1746 | continue |
| 1747 | } |
| 1748 | cli, cerr := integration.NewClient(t, clientv3.Config{ |
| 1749 | DialOptions: []grpc.DialOption{grpc.WithBlock()}, |
| 1750 | Endpoints: []string{clus.Members[0].GRPCURL}, |
| 1751 | DialTimeout: time.Second, |
| 1752 | TLS: cc, |
| 1753 | }) |
| 1754 | if cerr != nil { |
| 1755 | errc <- cerr |
| 1756 | return |
| 1757 | } |
| 1758 | cli.Close() |
| 1759 | } |
| 1760 | }() |
| 1761 | |
| 1762 | // 4. replace certs with expired ones |
| 1763 | replaceFunc() |
| 1764 | |
| 1765 | // 5. expect dial time-out when loading expired certs |
| 1766 | select { |
| 1767 | case gerr := <-errc: |
| 1768 | if !errors.Is(gerr, context.DeadlineExceeded) { |
| 1769 | t.Fatalf("expected %v, got %v", context.DeadlineExceeded, gerr) |
| 1770 | } |
no test coverage detected
searching dependent graphs…