handle downgrades, update tests

11daaabe · Chelsea Holland Komlo · cee94570 · 11daaabe · 11daaabe
Commit 11daaabe authored 7 years ago by Chelsea Holland Komlo
Hide whitespace changes
Inline Side-by-side

Showing

with 35 additions and 33 deletions
+35 -33
--- a/command/agent/agent.go
+++ b/command/agent/agent.go
@@ -731,33 +731,33 @@ func (a *Agent) Reload(newConfig *Config) error {
 	// configuration specifies a TLS configuration, we need to only reload
 	// its certificates.

-	if !a.config.TLSConfig.IsEmpty() && !newConfig.TLSConfig.IsEmpty() {
-		a.logger.Println("[INFO] Updating agent's existing TLS configuration \n\n")
-		// Handle errors in loading the new certificate files.
-		// This is just a TLS configuration reload, we don't need to refresh
-		// existing network connections
-		return a.config.UpdateTLSConfig(newConfig.TLSConfig)
-	}
-
-	if a.config.TLSConfig.IsEmpty() && !newConfig.TLSConfig.IsEmpty() {
-		a.logger.Println("[INFO] Moving from plaintext configuration to TLS \n\n")
-		// compeltely reload the agent's TLS configuration. This means the agent
-		// is moving from plaintext to TLS connections.
+	if newConfig.TLSConfig != nil {
+		if !a.config.TLSConfig.IsEmpty() && !newConfig.TLSConfig.IsEmpty() {
+			a.logger.Println("[INFO] Updating agent's existing TLS configuration \n\n")
+			// Handle errors in loading the new certificate files.
+			// This is just a TLS configuration reload, we don't need to refresh
+			// existing network connections
+			return a.config.UpdateTLSConfig(newConfig.TLSConfig)
+		}
+
+		// Completely reload the agent's TLS configuration.
 		// This does not handle errors in loading the new TLS configuration
 		a.config.TLSConfig = newConfig.TLSConfig
-	} else if !a.config.TLSConfig.IsEmpty() && newConfig.TLSConfig.IsEmpty() {
-		a.logger.Println("[WARN] Updating agent's existing TLS configuration \n\n")
-		// This means we are downgrading from a TLS to non-TLS connection.
-		// TODO(chelseakomlo) Add in a separte PR for 0.7.1
-	}

-	// Reload the TLS configuration for the client or server, depending on how
-	// the agent is configured to run.
-	if s := a.Server(); s != nil {
-		err := s.ReloadTLSConnections()
-		if err != nil {
-			a.logger.Printf("[WARN] agent: Issue reloading the server's TLS Configuration, consider a full system restart: %v", err.Error())
-			return err
+		if a.config.TLSConfig.IsEmpty() && !newConfig.TLSConfig.IsEmpty() {
+			a.logger.Println("[INFO] Upgrading from plaintext configuration to TLS \n\n")
+		} else if !a.config.TLSConfig.IsEmpty() && newConfig.TLSConfig.IsEmpty() {
+			a.logger.Println("[WARN] Downgrading agent's existing TLS configuration to plaintext \n\n")
+		}
+
+		// Reload the TLS configuration for the client or server, depending on how
+		// the agent is configured to run.
+		if s := a.Server(); s != nil {
+			err := s.ReloadTLSConnections()
+			if err != nil {
+				a.logger.Printf("[WARN] agent: Issue reloading the server's TLS Configuration, consider a full system restart: %v", err.Error())
+				return err
+			}
 		}
 	}


--- a/command/agent/agent_test.go
+++ b/command/agent/agent_test.go
@@ -572,13 +572,14 @@ func TestServer_Reload_TLS_UpgradeToTLS(t *testing.T) {
 	dir := tmpDir(t)
 	defer os.RemoveAll(dir)

+	logger := log.New(ioutil.Discard, "", 0)
+
 	agentConfig := &Config{
-		TLSConfig: &sconfig.TLSConfig{
-			EnableHTTP: false,
-		},
+		TLSConfig: &sconfig.TLSConfig{},
 	}

 	agent := &Agent{
+		logger: logger,
 		config: agentConfig,
 	}

@@ -598,7 +599,9 @@ func TestServer_Reload_TLS_UpgradeToTLS(t *testing.T) {
 	err := agent.Reload(newConfig)
 	assert.Nil(err)

-	assert.NotNil(agentConfig.TLSConfig.GetKeyLoader().Certificate)
+	assert.Equal(agent.config.TLSConfig.CAFile, newConfig.TLSConfig.CAFile)
+	assert.Equal(agent.config.TLSConfig.CertFile, newConfig.TLSConfig.CertFile)
+	assert.Equal(agent.config.TLSConfig.KeyFile, newConfig.TLSConfig.KeyFile)
 }

 func TestServer_Reload_TLS_DowngradeFromTLS(t *testing.T) {
@@ -613,6 +616,8 @@ func TestServer_Reload_TLS_DowngradeFromTLS(t *testing.T) {
 	dir := tmpDir(t)
 	defer os.RemoveAll(dir)

+	logger := log.New(ioutil.Discard, "", 0)
+
 	agentConfig := &Config{
 		TLSConfig: &sconfig.TLSConfig{
 			EnableHTTP:           true,
@@ -625,17 +630,14 @@ func TestServer_Reload_TLS_DowngradeFromTLS(t *testing.T) {
 	}

 	agent := &Agent{
+		logger: logger,
 		config: agentConfig,
 	}

 	newConfig := &Config{
-		TLSConfig: &sconfig.TLSConfig{
-			EnableHTTP: false,
-		},
+		TLSConfig: &sconfig.TLSConfig{},
 	}

-	assert.NotNil(agentConfig.TLSConfig.GetKeyLoader().Certificate)
-
 	err := agent.Reload(newConfig)
 	assert.Nil(err)