From db1263f0de6ae5464c0050175ddf7f22da08d980 Mon Sep 17 00:00:00 2001 From: albertteoh Date: Tue, 10 Nov 2020 12:06:43 +1100 Subject: [PATCH] Fix flaky TestReload Signed-off-by: albertteoh --- pkg/config/tlscfg/cert_watcher.go | 7 ++++++- pkg/config/tlscfg/cert_watcher_test.go | 20 ++++++++++++++++++-- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/pkg/config/tlscfg/cert_watcher.go b/pkg/config/tlscfg/cert_watcher.go index 50b7107f394..7368d6d425f 100644 --- a/pkg/config/tlscfg/cert_watcher.go +++ b/pkg/config/tlscfg/cert_watcher.go @@ -112,7 +112,12 @@ func (w *certWatcher) watchChangesLoop(rootCAs, clientCAs *x509.CertPool) { w.mu.Unlock() err = e } - if err != nil { + if err == nil { + w.logger.Info("Loaded modified certificate", + zap.String("certificate", event.Name), + zap.String("event", event.Op.String())) + + } else { w.logger.Error("Failed to load certificate", zap.String("certificate", event.Name), zap.String("event", event.Op.String()), diff --git a/pkg/config/tlscfg/cert_watcher_test.go b/pkg/config/tlscfg/cert_watcher_test.go index f8b484294f8..a0e9c0394b0 100644 --- a/pkg/config/tlscfg/cert_watcher_test.go +++ b/pkg/config/tlscfg/cert_watcher_test.go @@ -17,6 +17,7 @@ package tlscfg import ( "crypto/tls" "crypto/x509" + "fmt" "io/ioutil" "os" "path/filepath" @@ -92,9 +93,24 @@ func TestReload(t *testing.T) { require.NoError(t, err) waitUntil(func() bool { - return logObserver.FilterField(zap.String("certificate", certFile.Name())).Len() > 0 + // Logged when both matching public and private keys are modified in the cert. + // If mismatched keys are present in the cert, the "Failed to load certificate" error will be logged instead. + return logObserver.FilterMessage("Loaded modified certificate").Len() > 0 }, 100, time.Millisecond*200) - assert.True(t, logObserver.FilterField(zap.String("certificate", certFile.Name())).Len() > 0) + + // Logged when the cert is modified with the client's public key due to + // a mismatch with the existing server private key. + assert.True(t, logObserver. + FilterMessage("Failed to load certificate"). + FilterField(zap.String("certificate", certFile.Name())).Len() > 0, + "Failed to find wanted logs. All logs: "+fmt.Sprint(logObserver.All())) + + // Logged when the cert is modified with the client's private key, + // resulting in both public and private keys matching (from the client). + assert.True(t, logObserver. + FilterMessage("Loaded modified certificate"). + FilterField(zap.String("certificate", keyFile.Name())).Len() > 0, + "Failed to find wanted logs. All logs: "+fmt.Sprint(logObserver.All())) cert, err = tls.LoadX509KeyPair(filepath.Clean(clientCert), clientKey) require.NoError(t, err)