Allow TLS configurations for HTTP and RPC connections to be reloaded … #4025
Conversation
command/agent/agent.go
Outdated
| @@ -777,14 +777,34 @@ func (a *Agent) Stats() map[string]map[string]string { | |||
|
|
|||
| // ShouldReload determines if we should reload the configuration and agent | |||
| // connections. If the TLS Configuration has not changed, we shouldn't reload. | |||
| func (a *Agent) ShouldReload(newConfig *Config) (bool, bool) { | |||
| func (a *Agent) ShouldReload(newConfig *Config) (bool, bool, bool) { | |||
There was a problem hiding this comment.
Can we add named returns? Will help readability:
func (a *Agent) ShouldReload(newConfig *Config) (agent, http, rpc bool)
command/agent/agent.go
Outdated
|
|
||
| var tlsInfoChanged bool | ||
| if !a.config.TLSConfig.CertificateInfoIsEqual(newConfig.TLSConfig) { | ||
| tlsInfoChanged = true |
There was a problem hiding this comment.
Would it be easier to return true, true, true here and then you can remove the tlsInfoChanged variable
command/agent/agent_test.go
Outdated
|
|
||
| func TestServer_ShouldReload_ReturnTrueForOnlyHTTPChanges(t *testing.T) { | ||
| t.Parallel() | ||
| assert := assert.New(t) |
nomad/server_test.go
Outdated
| assert.True(s1.config.TLSConfig.Equals(newTLSConfig)) | ||
| assert.True(s1.config.TLSConfig.CertificateInfoIsEqual(newTLSConfig)) | ||
|
|
||
| codec := rpcClient(t, s1) |
There was a problem hiding this comment.
This won't actually use TLS:
Lines 27 to 36 in 40db0af
There was a problem hiding this comment.
You may want to add a new helper that takes a tls config and then returns a client codec. You would have to write the TLS mode first:
conn.Write([]byte{byte(pool.RpcTLS)})
conn.Write([]byte{byte(pool.RpcNomad)})
You can remove the new code and put a TODO for yourself, and create a follow up PR
|
I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions. |
…separately