github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Invert the logic of outgoingRPCTLSDisabled

Browse Source 
To remove the double negatives, which should make it easier to read.
pull/10497/head
Daniel Nephin 3 years ago
parent 39f282c425
commit dc67042eac
2 changed files with 15 additions and 23 deletions
Show Stats Download Patch File Download Diff File

21
tlsutil/config.go
Unescape View File

@ -537,21 +537,12 @@ func (c *Configurator) VerifyIncomingRPC() bool {
} }
// This function acquires a read lock because it reads from the config. // This function acquires a read lock because it reads from the config.
func (c *Configurator) outgoingRPCTLSDisabled() bool { func (c *Configurator) outgoingRPCTLSEnabled() bool {
c.lock.RLock() c.lock.RLock()
defer c.lock.RUnlock() defer c.lock.RUnlock()
// if AutoEncrypt enabled, always use TLS // use TLS if AutoEncrypt or VerifyOutgoing are enabled.
if c.base.AutoTLS { return c.base.AutoTLS || c.base.VerifyOutgoing
return false
}
// if CAs are provided or VerifyOutgoing is set, use TLS
if c.base.VerifyOutgoing {
return false
}
return true
} }
// MutualTLSCapable returns true if Configurator has a CA and a local TLS // MutualTLSCapable returns true if Configurator has a CA and a local TLS
@ -716,7 +707,7 @@ func (c *Configurator) OutgoingTLSConfigForCheck(skipVerify bool, serverName str
// otherwise we assume that no TLS should be used. // otherwise we assume that no TLS should be used.
func (c *Configurator) OutgoingRPCConfig() *tls.Config { func (c *Configurator) OutgoingRPCConfig() *tls.Config {
c.log("OutgoingRPCConfig") c.log("OutgoingRPCConfig")
if c.outgoingRPCTLSDisabled() { if !c.outgoingRPCTLSEnabled() {
return nil return nil
} }
return c.commonTLSConfig(false) return c.commonTLSConfig(false)
@ -754,8 +745,10 @@ func (c *Configurator) OutgoingRPCWrapper() DCWrapper {
} }
} }
// UseTLS returns true if the outgoing RPC requests have been explicitly configured
// to use TLS (via VerifyOutgoing or AutoTLS, and the target DC supports TLS.
func (c *Configurator) UseTLS(dc string) bool { func (c *Configurator) UseTLS(dc string) bool {
return !c.outgoingRPCTLSDisabled() && c.getAreaForPeerDatacenterUseTLS(dc) return c.outgoingRPCTLSEnabled() && c.getAreaForPeerDatacenterUseTLS(dc)
} }
// OutgoingALPNRPCWrapper wraps the result of outgoingALPNRPCConfig in an // OutgoingALPNRPCWrapper wraps the result of outgoingALPNRPCConfig in an

17
tlsutil/config_test.go
Unescape View File

@ -741,22 +741,21 @@ func TestConfigurator_OutgoingRPCTLSDisabled(t *testing.T) {
expected bool expected bool
} }
variants := []variant{ variants := []variant{
{false, false, nil, true}, {false, false, nil, false},
{true, false, nil, false}, {true, false, nil, true},
{false, true, nil, false}, {false, true, nil, true},
{true, true, nil, false}, {true, true, nil, true},
// {false, false, &x509.CertPool{}, false}, {true, false, &x509.CertPool{}, true},
{true, false, &x509.CertPool{}, false}, {false, true, &x509.CertPool{}, true},
{false, true, &x509.CertPool{}, false}, {true, true, &x509.CertPool{}, true},
{true, true, &x509.CertPool{}, false},
} }
for i, v := range variants { for i, v := range variants {
info := fmt.Sprintf("case %d", i) info := fmt.Sprintf("case %d", i)
c.caPool = v.pool c.caPool = v.pool
c.base.VerifyOutgoing = v.verify c.base.VerifyOutgoing = v.verify
c.base.AutoTLS = v.autoEncryptTLS c.base.AutoTLS = v.autoEncryptTLS
require.Equal(t, v.expected, c.outgoingRPCTLSDisabled(), info) require.Equal(t, v.expected, c.outgoingRPCTLSEnabled(), info)
} }
} }

Write Preview
Loading…
Cancel
Save