mirror of https://github.com/hashicorp/consul
config: remove misleading UseTLS field
This field was documented as enabling TLS for outgoing RPC, but that was not the case. All this field did was set the use_tls serf tag. Instead of setting this field in a place far from where it is used, move the logic to where the serf tag is set, so that the code is much more obvious.pull/10590/head
parent
70770db345
commit
be8c675942
|
@ -1200,10 +1200,6 @@ func newConsulConfig(runtimeCfg *config.RuntimeConfig, logger hclog.Logger) (*co
|
|||
|
||||
cfg.TLSConfig = runtimeCfg.ToTLSUtilConfig()
|
||||
|
||||
// Copy the TLS configuration
|
||||
if runtimeCfg.CAPath != "" || runtimeCfg.CAFile != "" {
|
||||
cfg.UseTLS = true
|
||||
}
|
||||
cfg.DefaultQueryTime = runtimeCfg.DefaultQueryTime
|
||||
cfg.MaxQueryTime = runtimeCfg.MaxQueryTime
|
||||
|
||||
|
|
|
@ -160,10 +160,6 @@ type Config struct {
|
|||
|
||||
TLSConfig tlsutil.Config
|
||||
|
||||
// UseTLS is used to enable TLS for outgoing connections to other TLS-capable Consul
|
||||
// servers. This doesn't imply any verification, it only enables TLS if possible.
|
||||
UseTLS bool
|
||||
|
||||
// RejoinAfterLeave controls our interaction with Serf.
|
||||
// When set to false (default), a leave causes a Consul to not rejoin
|
||||
// the cluster until an explicit join is received. If this is set to
|
||||
|
|
|
@ -442,7 +442,6 @@ func TestRPC_TLSHandshakeTimeout(t *testing.T) {
|
|||
|
||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||
c.RPCHandshakeTimeout = 10 * time.Millisecond
|
||||
c.UseTLS = true
|
||||
c.TLSConfig.CAFile = "../../test/hostname/CertAuth.crt"
|
||||
c.TLSConfig.CertFile = "../../test/hostname/Alice.crt"
|
||||
c.TLSConfig.KeyFile = "../../test/hostname/Alice.key"
|
||||
|
@ -539,7 +538,6 @@ func TestRPC_PreventsTLSNesting(t *testing.T) {
|
|||
for _, tc := range cases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||
c.UseTLS = true
|
||||
c.TLSConfig.CAFile = "../../test/hostname/CertAuth.crt"
|
||||
c.TLSConfig.CertFile = "../../test/hostname/Alice.crt"
|
||||
c.TLSConfig.KeyFile = "../../test/hostname/Alice.key"
|
||||
|
@ -695,7 +693,6 @@ func TestRPC_RPCMaxConnsPerClient(t *testing.T) {
|
|||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||
c.RPCMaxConnsPerClient = 2
|
||||
if tc.tlsEnabled {
|
||||
c.UseTLS = true
|
||||
c.TLSConfig.CAFile = "../../test/hostname/CertAuth.crt"
|
||||
c.TLSConfig.CertFile = "../../test/hostname/Alice.crt"
|
||||
c.TLSConfig.KeyFile = "../../test/hostname/Alice.key"
|
||||
|
|
|
@ -327,11 +327,6 @@ func NewServer(config *Config, flat Deps) (*Server, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// TODO: this is duplicated in newConsulConfig, do it in only on place
|
||||
if config.TLSConfig.CAFile != "" || config.TLSConfig.CAPath != "" {
|
||||
config.UseTLS = true
|
||||
}
|
||||
|
||||
// Set the primary DC if it wasn't set.
|
||||
if config.PrimaryDatacenter == "" {
|
||||
if config.ACLDatacenter != "" {
|
||||
|
|
|
@ -68,7 +68,7 @@ func (s *Server) setupSerf(conf *serf.Config, ch chan serf.Event, path string, w
|
|||
conf.Tags["nonvoter"] = "1"
|
||||
conf.Tags["read_replica"] = "1"
|
||||
}
|
||||
if s.config.UseTLS {
|
||||
if s.config.TLSConfig.CAPath != "" || s.config.TLSConfig.CAFile != "" {
|
||||
conf.Tags["use_tls"] = "1"
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue