github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

auto_config: lookup old config strings from base.TLSMinVersion

Browse Source 
auto_config: update endpoint tests to use TLS types
pull/11647/head
Mike Morris 3 years ago
parent 9e609da2e6
commit cdc0916e98
2 changed files with 10 additions and 12 deletions
Show Stats Download Patch File Download Diff File

9
agent/consul/auto_config_endpoint.go
Unescape View File

@ -281,16 +281,13 @@ func (ac *AutoConfig) updateTLSSettingsInConfig(_ AutoConfigOptions, resp *pbaut
resp.Config.TLS.VerifyServerHostname = ac.tlsConfigurator.VerifyServerHostname()
base := ac.tlsConfigurator.Base()
resp.Config.TLS.VerifyOutgoing = base.VerifyOutgoing
resp.Config.TLS.MinVersion = base.TLSMinVersion
// FIXME: is the response from this not actually validated in
// auto_config_endpoint_test.go?
resp.Config.TLS.MinVersion = types.ConsulAutoConfigTLSVersionStrings[base.TLSMinVersion]
resp.Config.TLS.PreferServerCipherSuites = base.PreferServerCipherSuites
var err error
// FIXME: is the base.CipherSuites uint16 value exported or stored in
// memory remotely anywhere, or is this always passed as a string?
// This _might_ be okay regardless, as the underlying values are both
// IANA uint16 constant values.
resp.Config.TLS.CipherSuites, err = tlsutil.CipherString(base.CipherSuites)
return err
}

13
agent/consul/auto_config_endpoint_test.go
Unescape View File

@ -23,6 +23,7 @@ import (
"github.com/hashicorp/consul/proto/pbconfig"
"github.com/hashicorp/consul/sdk/testutil"
"github.com/hashicorp/consul/tlsutil"
"github.com/hashicorp/consul/types"
"gopkg.in/square/go-jose.v2/jwt"
)
@ -171,7 +172,7 @@ func TestAutoConfigInitialConfiguration(t *testing.T) {
c.TLSConfig.VerifyOutgoing = true
c.TLSConfig.VerifyIncoming = true
c.TLSConfig.VerifyServerHostname = true
c.TLSConfig.TLSMinVersion = "tls12"
c.TLSConfig.TLSMinVersion = types.TLSv1_2
c.TLSConfig.PreferServerCipherSuites = true
c.ConnectEnabled = true
@ -386,7 +387,7 @@ func TestAutoConfig_baseConfig(t *testing.T) {
}
}
func parseCiphers(t *testing.T, cipherStr string) []uint16 {
func parseCiphers(t *testing.T, cipherStr string) []types.TLSCipherSuite {
t.Helper()
ciphers, err := tlsutil.ParseCiphers(cipherStr)
require.NoError(t, err)
@ -412,7 +413,7 @@ func TestAutoConfig_updateTLSSettingsInConfig(t *testing.T) {
tlsConfig: tlsutil.Config{
VerifyOutgoing: true,
VerifyServerHostname: true,
TLSMinVersion: "tls12",
TLSMinVersion: types.TLSv1_2,
PreferServerCipherSuites: true,
CAFile: cafile,
CipherSuites: parseCiphers(t, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"),
@ -433,7 +434,7 @@ func TestAutoConfig_updateTLSSettingsInConfig(t *testing.T) {
tlsConfig: tlsutil.Config{
VerifyOutgoing: true,
VerifyServerHostname: false,
TLSMinVersion: "tls10",
TLSMinVersion: types.TLSv1_0,
PreferServerCipherSuites: false,
CAFile: cafile,
CipherSuites: parseCiphers(t, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"),
@ -629,7 +630,7 @@ func TestAutoConfig_updateTLSCertificatesInConfig(t *testing.T) {
tlsConfig: tlsutil.Config{
VerifyOutgoing: true,
VerifyServerHostname: true,
TLSMinVersion: "tls12",
TLSMinVersion: types.TLSv1_2,
PreferServerCipherSuites: true,
CAFile: cafile,
CipherSuites: parseCiphers(t, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"),
@ -647,7 +648,7 @@ func TestAutoConfig_updateTLSCertificatesInConfig(t *testing.T) {
tlsConfig: tlsutil.Config{
VerifyOutgoing: true,
VerifyServerHostname: true,
TLSMinVersion: "tls12",
TLSMinVersion: types.TLSv1_2,
PreferServerCipherSuites: true,
CAFile: cafile,
CipherSuites: parseCiphers(t, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"),

Write Preview
Loading…
Cancel
Save