diff --git a/pkg/storage/etcd/testing/certificates.go b/pkg/storage/etcd/testing/testingcert/certificates.go similarity index 99% rename from pkg/storage/etcd/testing/certificates.go rename to pkg/storage/etcd/testing/testingcert/certificates.go index 8b1df576a1..3eecfda609 100644 --- a/pkg/storage/etcd/testing/certificates.go +++ b/pkg/storage/etcd/testing/testingcert/certificates.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package testing +package testingcert // You can use cfssl tool to generate certificates, please refer // https://github.com/coreos/etcd/tree/master/hack/tls-setup for more details. diff --git a/pkg/storage/etcd/testing/utils.go b/pkg/storage/etcd/testing/utils.go index 4881c1f275..4d72864059 100644 --- a/pkg/storage/etcd/testing/utils.go +++ b/pkg/storage/etcd/testing/utils.go @@ -27,6 +27,7 @@ import ( "testing" "time" + "k8s.io/kubernetes/pkg/storage/etcd/testing/testingcert" "k8s.io/kubernetes/pkg/util/wait" etcd "github.com/coreos/etcd/client" @@ -125,15 +126,15 @@ func configureTestCluster(t *testing.T, name string, https bool) *EtcdTestServer t.Fatal(err) } m.CertFile = path.Join(m.CertificatesDir, "etcdcert.pem") - if err = ioutil.WriteFile(m.CertFile, []byte(CertFileContent), 0644); err != nil { + if err = ioutil.WriteFile(m.CertFile, []byte(testingcert.CertFileContent), 0644); err != nil { t.Fatal(err) } m.KeyFile = path.Join(m.CertificatesDir, "etcdkey.pem") - if err = ioutil.WriteFile(m.KeyFile, []byte(KeyFileContent), 0644); err != nil { + if err = ioutil.WriteFile(m.KeyFile, []byte(testingcert.KeyFileContent), 0644); err != nil { t.Fatal(err) } m.CAFile = path.Join(m.CertificatesDir, "ca.pem") - if err = ioutil.WriteFile(m.CAFile, []byte(CAFileContent), 0644); err != nil { + if err = ioutil.WriteFile(m.CAFile, []byte(testingcert.CAFileContent), 0644); err != nil { t.Fatal(err) } diff --git a/pkg/storage/storagebackend/factory/etcd3.go b/pkg/storage/storagebackend/factory/etcd3.go index ca0fe5526c..14fbc48486 100644 --- a/pkg/storage/storagebackend/factory/etcd3.go +++ b/pkg/storage/storagebackend/factory/etcd3.go @@ -29,12 +29,12 @@ import ( ) func newETCD3Storage(c storagebackend.Config) (storage.Interface, error) { - info := transport.TLSInfo{ + tlsInfo := transport.TLSInfo{ CertFile: c.CertFile, KeyFile: c.KeyFile, CAFile: c.CAFile, } - tlsConfig, err := info.ClientConfig() + tlsConfig, err := tlsInfo.ClientConfig() if err != nil { return nil, err } diff --git a/pkg/storage/storagebackend/factory/tls_test.go b/pkg/storage/storagebackend/factory/tls_test.go new file mode 100644 index 0000000000..64e2c53417 --- /dev/null +++ b/pkg/storage/storagebackend/factory/tls_test.go @@ -0,0 +1,72 @@ +package factory + +import ( + "io/ioutil" + "os" + "path" + "testing" + + "golang.org/x/net/context" + + "k8s.io/kubernetes/pkg/api" + "k8s.io/kubernetes/pkg/api/testapi" + "k8s.io/kubernetes/pkg/storage/etcd/testing/testingcert" + "k8s.io/kubernetes/pkg/storage/storagebackend" + + "github.com/coreos/etcd/integration" + "github.com/coreos/etcd/pkg/transport" +) + +func TestTLSConnection(t *testing.T) { + certFile, keyFile, caFile := configureTLSCerts(t) + + tlsInfo := &transport.TLSInfo{ + CertFile: certFile, + KeyFile: keyFile, + CAFile: caFile, + } + + cluster := integration.NewClusterV3(t, &integration.ClusterConfig{ + Size: 1, + ClientTLS: tlsInfo, + }) + defer cluster.Terminate(t) + + cfg := storagebackend.Config{ + Type: storagebackend.StorageTypeETCD3, + ServerList: []string{cluster.Members[0].GRPCAddr()}, + CertFile: certFile, + KeyFile: keyFile, + CAFile: caFile, + Codec: testapi.Default.Codec(), + } + storage, err := newETCD3Storage(cfg) + if err != nil { + t.Fatal(err) + } + err = storage.Create(context.TODO(), "/abc", &api.Pod{}, nil, 0) + if err != nil { + t.Fatalf("Create failed: %v", err) + } +} + +func configureTLSCerts(t *testing.T) (certFile, keyFile, caFile string) { + baseDir := os.TempDir() + tempDir, err := ioutil.TempDir(baseDir, "etcd_certificates") + if err != nil { + t.Fatal(err) + } + certFile = path.Join(tempDir, "etcdcert.pem") + if err := ioutil.WriteFile(certFile, []byte(testingcert.CertFileContent), 0644); err != nil { + t.Fatal(err) + } + keyFile = path.Join(tempDir, "etcdkey.pem") + if err := ioutil.WriteFile(keyFile, []byte(testingcert.KeyFileContent), 0644); err != nil { + t.Fatal(err) + } + caFile = path.Join(tempDir, "ca.pem") + if err := ioutil.WriteFile(caFile, []byte(testingcert.CAFileContent), 0644); err != nil { + t.Fatal(err) + } + return certFile, keyFile, caFile +}