github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion

pull/11647/head
Mike Morris 2021-11-23 16:04:35 -05:00
parent 2bfb10e978
commit c7e220a01b
1 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
tlsutil/config_test.go
View File

@ -718,29 +718,29 @@ func TestConfigurator_CommonTLSConfigCAs(t *testing.T) {
} }
func TestConfigurator_CommonTLSConfigTLSMinVersion(t *testing.T) { func TestConfigurator_CommonTLSConfigTLSMinVersion(t *testing.T) {
c, err := NewConfigurator(Config{TLSMinVersion: ""}, nil) c, err := NewConfigurator(Config{TLSMinVersion: types.TLSVersionAuto}, nil)
require.NoError(t, err) require.NoError(t, err)
tlsVersion, _ := ParseTLSVersion("TLSv1_0") require.Equal(t, c.commonTLSConfig(false).MinVersion, goTLSVersions[types.TLSv1_0])
require.Equal(t, c.commonTLSConfig(false).MinVersion, goTLSVersions[tlsVersion])
for _, version := range tlsVersions() { for version, _ := range goTLSVersions {
require.NoError(t, c.Update(Config{TLSMinVersion: version})) require.NoError(t, c.Update(Config{TLSMinVersion: version}))
tlsVersion, _ := ParseTLSVersion(version)
require.Equal(t, c.commonTLSConfig(false).MinVersion, require.Equal(t, c.commonTLSConfig(false).MinVersion,
goTLSVersions[tlsVersion]) goTLSVersions[version])
} }
// FIXME: this and a version of the prior test to check string parsing are
// necessary, but need to move out to agent/config/builder
// NOTE: checks for deprecated TLS version string warnings, // NOTE: checks for deprecated TLS version string warnings,
// should be removed when removing support for these config values // should be removed when removing support for these config values
for version := range types.DeprecatedAgentTLSVersions { // for version := range types.DeprecatedAgentTLSVersions {
// TODO: check for warning log message? how? // // TODO: check for warning log message? how?
require.NoError(t, c.Update(Config{TLSMinVersion: version})) // require.NoError(t, c.Update(Config{TLSMinVersion: version}))
tlsVersion, _ := ParseTLSVersion(version) // tlsVersion, _ := ParseTLSVersion(version)
require.Equal(t, c.commonTLSConfig(false).MinVersion, // require.Equal(t, c.commonTLSConfig(false).MinVersion,
goTLSVersions[tlsVersion]) // goTLSVersions[tlsVersion])
} // }
require.Error(t, c.Update(Config{TLSMinVersion: "tlsBOGUS"})) // require.Error(t, c.Update(Config{TLSMinVersion: "tlsBOGUS"}))
} }
func TestConfigurator_CommonTLSConfigVerifyIncoming(t *testing.T) { func TestConfigurator_CommonTLSConfigVerifyIncoming(t *testing.T) {
@ -998,7 +998,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) {
name: "default tls, skip verify, no server name", name: "default tls, skip verify, no server name",
conf: func() (*Configurator, error) { conf: func() (*Configurator, error) {
return NewConfigurator(Config{ return NewConfigurator(Config{
TLSMinVersion: "tls12", TLSMinVersion: types.TLSv1_2,
EnableAgentTLSForChecks: false, EnableAgentTLSForChecks: false,
}, nil) }, nil)
}, },
@ -1009,7 +1009,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) {
name: "default tls, skip verify, default server name", name: "default tls, skip verify, default server name",
conf: func() (*Configurator, error) { conf: func() (*Configurator, error) {
return NewConfigurator(Config{ return NewConfigurator(Config{
TLSMinVersion: "tls12", TLSMinVersion: types.TLSv1_2,
EnableAgentTLSForChecks: false, EnableAgentTLSForChecks: false,
ServerName: "servername", ServerName: "servername",
NodeName: "nodename", NodeName: "nodename",
@ -1022,7 +1022,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) {
name: "default tls, skip verify, check server name", name: "default tls, skip verify, check server name",
conf: func() (*Configurator, error) { conf: func() (*Configurator, error) {
return NewConfigurator(Config{ return NewConfigurator(Config{
TLSMinVersion: "tls12", TLSMinVersion: types.TLSv1_2,
EnableAgentTLSForChecks: false, EnableAgentTLSForChecks: false,
ServerName: "servername", ServerName: "servername",
}, nil) }, nil)
@ -1038,7 +1038,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) {
name: "agent tls, default server name", name: "agent tls, default server name",
conf: func() (*Configurator, error) { conf: func() (*Configurator, error) {
return NewConfigurator(Config{ return NewConfigurator(Config{
TLSMinVersion: "tls12", TLSMinVersion: types.TLSv1_2,
EnableAgentTLSForChecks: true, EnableAgentTLSForChecks: true,
NodeName: "nodename", NodeName: "nodename",
ServerName: "servername", ServerName: "servername",
@ -1053,7 +1053,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) {
name: "agent tls, skip verify, node name for server name", name: "agent tls, skip verify, node name for server name",
conf: func() (*Configurator, error) { conf: func() (*Configurator, error) {
return NewConfigurator(Config{ return NewConfigurator(Config{
TLSMinVersion: "tls12", TLSMinVersion: types.TLSv1_2,
EnableAgentTLSForChecks: true, EnableAgentTLSForChecks: true,
NodeName: "nodename", NodeName: "nodename",
}, nil) }, nil)
@ -1069,7 +1069,7 @@ func TestConfigurator_OutgoingTLSConfigForCheck(t *testing.T) {
name: "agent tls, skip verify, with server name override", name: "agent tls, skip verify, with server name override",
conf: func() (*Configurator, error) { conf: func() (*Configurator, error) {
return NewConfigurator(Config{ return NewConfigurator(Config{
TLSMinVersion: "tls12", TLSMinVersion: types.TLSv1_2,
EnableAgentTLSForChecks: true, EnableAgentTLSForChecks: true,
ServerName: "servername", ServerName: "servername",
}, nil) }, nil)