@ -2736,7 +2736,44 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
}
}
}
}
` } ,
` } ,
expectedErr : "verify_server_hostname is only valid in the tls.internal_rpc stanza" ,
expected : func ( rt * RuntimeConfig ) {
rt . DataDir = dataDir
rt . TLS . InternalRPC . VerifyServerHostname = true
rt . TLS . InternalRPC . VerifyOutgoing = true
} ,
} )
run ( t , testCase {
desc : "verify_server_hostname in the defaults stanza and internal_rpc" ,
args : [ ] string {
` -data-dir= ` + dataDir ,
} ,
hcl : [ ] string { `
tls {
defaults {
verify_server_hostname = false
} ,
internal_rpc {
verify_server_hostname = true
}
}
` } ,
json : [ ] string { `
{
"tls" : {
"defaults" : {
"verify_server_hostname" : false
} ,
"internal_rpc" : {
"verify_server_hostname" : true
}
}
}
` } ,
expected : func ( rt * RuntimeConfig ) {
rt . DataDir = dataDir
rt . TLS . InternalRPC . VerifyServerHostname = true
rt . TLS . InternalRPC . VerifyOutgoing = true
} ,
} )
} )
run ( t , testCase {
run ( t , testCase {
desc : "verify_server_hostname in the grpc stanza" ,
desc : "verify_server_hostname in the grpc stanza" ,
@ -2759,7 +2796,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
}
}
}
}
` } ,
` } ,
expectedErr : "verify_server_hostname is only valid in the tls. internal_rpc stanza",
expectedErr : "verify_server_hostname is only valid in the tls. defaults and tls. internal_rpc stanza",
} )
} )
run ( t , testCase {
run ( t , testCase {
desc : "verify_server_hostname in the https stanza" ,
desc : "verify_server_hostname in the https stanza" ,
@ -2782,7 +2819,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
}
}
}
}
` } ,
` } ,
expectedErr : "verify_server_hostname is only valid in the tls. internal_rpc stanza",
expectedErr : "verify_server_hostname is only valid in the tls. defaults and tls. internal_rpc stanza",
} )
} )
run ( t , testCase {
run ( t , testCase {
desc : "translated keys" ,
desc : "translated keys" ,
@ -5723,6 +5760,74 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
rt . TLS . InternalRPC . VerifyOutgoing = true
rt . TLS . InternalRPC . VerifyOutgoing = true
} ,
} ,
} )
} )
run ( t , testCase {
desc : "tls.defaults.verify_server_hostname implies tls.internal_rpc.verify_outgoing" ,
args : [ ] string {
` -data-dir= ` + dataDir ,
} ,
json : [ ] string { `
{
"tls" : {
"defaults" : {
"verify_server_hostname" : true
}
}
}
` } ,
hcl : [ ] string { `
tls {
defaults {
verify_server_hostname = true
}
}
` } ,
expected : func ( rt * RuntimeConfig ) {
rt . DataDir = dataDir
rt . TLS . Domain = "consul."
rt . TLS . NodeName = "thehostname"
rt . TLS . InternalRPC . VerifyServerHostname = true
rt . TLS . InternalRPC . VerifyOutgoing = true
} ,
} )
run ( t , testCase {
desc : "tls.internal_rpc.verify_server_hostname overwrites tls.defaults.verify_server_hostname" ,
args : [ ] string {
` -data-dir= ` + dataDir ,
} ,
json : [ ] string { `
{
"tls" : {
"defaults" : {
"verify_server_hostname" : false
} ,
"internal_rpc" : {
"verify_server_hostname" : true
}
}
}
` } ,
hcl : [ ] string { `
tls {
defaults {
verify_server_hostname = false
} ,
internal_rpc {
verify_server_hostname = true
}
}
` } ,
expected : func ( rt * RuntimeConfig ) {
rt . DataDir = dataDir
rt . TLS . Domain = "consul."
rt . TLS . NodeName = "thehostname"
rt . TLS . InternalRPC . VerifyServerHostname = true
rt . TLS . InternalRPC . VerifyOutgoing = true
} ,
} )
run ( t , testCase {
run ( t , testCase {
desc : "tls.grpc.use_auto_cert defaults to false" ,
desc : "tls.grpc.use_auto_cert defaults to false" ,
args : [ ] string {
args : [ ] string {