mirror of https://github.com/hashicorp/consul
config: remove misleading UseTLS field
This field was documented as enabling TLS for outgoing RPC, but that was not the case. All this field did was set the use_tls serf tag. Instead of setting this field in a place far from where it is used, move the logic to where the serf tag is set, so that the code is much more obvious.pull/10590/head
parent
70770db345
commit
be8c675942
|
@ -1200,10 +1200,6 @@ func newConsulConfig(runtimeCfg *config.RuntimeConfig, logger hclog.Logger) (*co
|
||||||
|
|
||||||
cfg.TLSConfig = runtimeCfg.ToTLSUtilConfig()
|
cfg.TLSConfig = runtimeCfg.ToTLSUtilConfig()
|
||||||
|
|
||||||
// Copy the TLS configuration
|
|
||||||
if runtimeCfg.CAPath != "" || runtimeCfg.CAFile != "" {
|
|
||||||
cfg.UseTLS = true
|
|
||||||
}
|
|
||||||
cfg.DefaultQueryTime = runtimeCfg.DefaultQueryTime
|
cfg.DefaultQueryTime = runtimeCfg.DefaultQueryTime
|
||||||
cfg.MaxQueryTime = runtimeCfg.MaxQueryTime
|
cfg.MaxQueryTime = runtimeCfg.MaxQueryTime
|
||||||
|
|
||||||
|
|
|
@ -160,10 +160,6 @@ type Config struct {
|
||||||
|
|
||||||
TLSConfig tlsutil.Config
|
TLSConfig tlsutil.Config
|
||||||
|
|
||||||
// UseTLS is used to enable TLS for outgoing connections to other TLS-capable Consul
|
|
||||||
// servers. This doesn't imply any verification, it only enables TLS if possible.
|
|
||||||
UseTLS bool
|
|
||||||
|
|
||||||
// RejoinAfterLeave controls our interaction with Serf.
|
// RejoinAfterLeave controls our interaction with Serf.
|
||||||
// When set to false (default), a leave causes a Consul to not rejoin
|
// When set to false (default), a leave causes a Consul to not rejoin
|
||||||
// the cluster until an explicit join is received. If this is set to
|
// the cluster until an explicit join is received. If this is set to
|
||||||
|
|
|
@ -442,7 +442,6 @@ func TestRPC_TLSHandshakeTimeout(t *testing.T) {
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.RPCHandshakeTimeout = 10 * time.Millisecond
|
c.RPCHandshakeTimeout = 10 * time.Millisecond
|
||||||
c.UseTLS = true
|
|
||||||
c.TLSConfig.CAFile = "../../test/hostname/CertAuth.crt"
|
c.TLSConfig.CAFile = "../../test/hostname/CertAuth.crt"
|
||||||
c.TLSConfig.CertFile = "../../test/hostname/Alice.crt"
|
c.TLSConfig.CertFile = "../../test/hostname/Alice.crt"
|
||||||
c.TLSConfig.KeyFile = "../../test/hostname/Alice.key"
|
c.TLSConfig.KeyFile = "../../test/hostname/Alice.key"
|
||||||
|
@ -539,7 +538,6 @@ func TestRPC_PreventsTLSNesting(t *testing.T) {
|
||||||
for _, tc := range cases {
|
for _, tc := range cases {
|
||||||
t.Run(tc.name, func(t *testing.T) {
|
t.Run(tc.name, func(t *testing.T) {
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.UseTLS = true
|
|
||||||
c.TLSConfig.CAFile = "../../test/hostname/CertAuth.crt"
|
c.TLSConfig.CAFile = "../../test/hostname/CertAuth.crt"
|
||||||
c.TLSConfig.CertFile = "../../test/hostname/Alice.crt"
|
c.TLSConfig.CertFile = "../../test/hostname/Alice.crt"
|
||||||
c.TLSConfig.KeyFile = "../../test/hostname/Alice.key"
|
c.TLSConfig.KeyFile = "../../test/hostname/Alice.key"
|
||||||
|
@ -695,7 +693,6 @@ func TestRPC_RPCMaxConnsPerClient(t *testing.T) {
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.RPCMaxConnsPerClient = 2
|
c.RPCMaxConnsPerClient = 2
|
||||||
if tc.tlsEnabled {
|
if tc.tlsEnabled {
|
||||||
c.UseTLS = true
|
|
||||||
c.TLSConfig.CAFile = "../../test/hostname/CertAuth.crt"
|
c.TLSConfig.CAFile = "../../test/hostname/CertAuth.crt"
|
||||||
c.TLSConfig.CertFile = "../../test/hostname/Alice.crt"
|
c.TLSConfig.CertFile = "../../test/hostname/Alice.crt"
|
||||||
c.TLSConfig.KeyFile = "../../test/hostname/Alice.key"
|
c.TLSConfig.KeyFile = "../../test/hostname/Alice.key"
|
||||||
|
|
|
@ -327,11 +327,6 @@ func NewServer(config *Config, flat Deps) (*Server, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: this is duplicated in newConsulConfig, do it in only on place
|
|
||||||
if config.TLSConfig.CAFile != "" || config.TLSConfig.CAPath != "" {
|
|
||||||
config.UseTLS = true
|
|
||||||
}
|
|
||||||
|
|
||||||
// Set the primary DC if it wasn't set.
|
// Set the primary DC if it wasn't set.
|
||||||
if config.PrimaryDatacenter == "" {
|
if config.PrimaryDatacenter == "" {
|
||||||
if config.ACLDatacenter != "" {
|
if config.ACLDatacenter != "" {
|
||||||
|
|
|
@ -68,7 +68,7 @@ func (s *Server) setupSerf(conf *serf.Config, ch chan serf.Event, path string, w
|
||||||
conf.Tags["nonvoter"] = "1"
|
conf.Tags["nonvoter"] = "1"
|
||||||
conf.Tags["read_replica"] = "1"
|
conf.Tags["read_replica"] = "1"
|
||||||
}
|
}
|
||||||
if s.config.UseTLS {
|
if s.config.TLSConfig.CAPath != "" || s.config.TLSConfig.CAFile != "" {
|
||||||
conf.Tags["use_tls"] = "1"
|
conf.Tags["use_tls"] = "1"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue