Home Explore Help
Register Sign In
publics
/
etcd-io__etcd
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #8634 from gyuho/config

clientv3/yaml: add 'TrustedCAfile' field to replace 'CAfile'
Gyu-Ho Lee 8 years ago
parent
58e825c636 1f2197b1f8
commit
999f329c87
3 changed files with 16 additions and 9 deletions
Unified View Show Diff Stats
  1. 10 3
      clientv3/yaml/config.go
  2. 5 5
      clientv3/yaml/config_test.go
  3. 1 1
      pkg/transport/listener.go

+ 10 - 3
clientv3/yaml/config.go
View File 

@@ -33,7 +33,11 @@ type yamlConfig struct {
 
 	InsecureSkipTLSVerify bool   `json:"insecure-skip-tls-verify"`
 
 	InsecureSkipTLSVerify bool   `json:"insecure-skip-tls-verify"`
 
 	Certfile              string `json:"cert-file"`
 
 	Certfile              string `json:"cert-file"`
 
 	Keyfile               string `json:"key-file"`
 
 	Keyfile               string `json:"key-file"`
 
-	CAfile                string `json:"ca-file"`
 
+	TrustedCAfile         string `json:"trusted-ca-file"`
 
+
 
+	// CAfile is being deprecated. Use 'TrustedCAfile' instead.
 
+	// TODO: deprecate this in v4
 
+	CAfile string `json:"ca-file"`
 
 }
 
 }
 
 
 
 // NewConfig creates a new clientv3.Config from a yaml file.
 
 // NewConfig creates a new clientv3.Config from a yaml file.
 
@@ -66,8 +70,11 @@ func NewConfig(fpath string) (*clientv3.Config, error) {
 
 		}
 
 		}
 
 	}
 
 	}
 
 
 
-	if yc.CAfile != "" {
 
-		cp, err = tlsutil.NewCertPool([]string{yc.CAfile})
 
+	if yc.CAfile != "" && yc.TrustedCAfile == "" {
 
+		yc.TrustedCAfile = yc.CAfile
 
+	}
 
+	if yc.TrustedCAfile != "" {
 
+		cp, err = tlsutil.NewCertPool([]string{yc.TrustedCAfile})
 
 		if err != nil {
 
 		if err != nil {
 
 			return nil, err
 
 			return nil, err
 
 		}
 
 		}

+ 5 - 5
clientv3/yaml/config_test.go
View File 

@@ -50,7 +50,7 @@ func TestConfigFromFile(t *testing.T) {
 
 			&yamlConfig{
 
 			&yamlConfig{
 
 				Keyfile:               privateKeyPath,
 
 				Keyfile:               privateKeyPath,
 
 				Certfile:              certPath,
 
 				Certfile:              certPath,
 
-				CAfile:                caPath,
 
+				TrustedCAfile:         caPath,
 
 				InsecureSkipTLSVerify: true,
 
 				InsecureSkipTLSVerify: true,
 
 			},
 
 			},
 
 			false,
 
 			false,
 
@@ -64,9 +64,9 @@ func TestConfigFromFile(t *testing.T) {
 
 		},
 
 		},
 
 		{
 
 		{
 
 			&yamlConfig{
 
 			&yamlConfig{
 
-				Keyfile:  privateKeyPath,
 
-				Certfile: certPath,
 
-				CAfile:   "bad",
 
+				Keyfile:       privateKeyPath,
 
+				Certfile:      certPath,
 
+				TrustedCAfile: "bad",
 
 			},
 
 			},
 
 			true,
 
 			true,
 
 		},
 
 		},
 
@@ -113,7 +113,7 @@ func TestConfigFromFile(t *testing.T) {
 
 			if tt.ym.Certfile != "" && len(cfg.TLS.Certificates) == 0 {
 
 			if tt.ym.Certfile != "" && len(cfg.TLS.Certificates) == 0 {
 
 				t.Errorf("#%d: failed to load in cert", i)
 
 				t.Errorf("#%d: failed to load in cert", i)
 
 			}
 
 			}
 
-			if tt.ym.CAfile != "" && cfg.TLS.RootCAs == nil {
 
+			if tt.ym.TrustedCAfile != "" && cfg.TLS.RootCAs == nil {
 
 				t.Errorf("#%d: failed to load in ca cert", i)
 
 				t.Errorf("#%d: failed to load in ca cert", i)
 
 			}
 
 			}
 
 			if cfg.TLS.InsecureSkipVerify != tt.ym.InsecureSkipTLSVerify {
 
 			if cfg.TLS.InsecureSkipVerify != tt.ym.InsecureSkipTLSVerify {

+ 1 - 1
pkg/transport/listener.go
View File 

@@ -59,7 +59,7 @@ func wrapTLS(addr, scheme string, tlsinfo *TLSInfo, l net.Listener) (net.Listene
 
 type TLSInfo struct {
 
 type TLSInfo struct {
 
 	CertFile           string
 
 	CertFile           string
 
 	KeyFile            string
 
 	KeyFile            string
 
-	CAFile             string
 
+	CAFile             string // TODO: deprecate this in v4
 
 	TrustedCAFile      string
 
 	TrustedCAFile      string
 
 	ClientCertAuth     bool
 
 	ClientCertAuth     bool
 
 	CRLFile            string
 
 	CRLFile            string