tenant: use -h to check if tenant scoped client certs available#142
Merged
abarganier merged 1 commit intocockroachdb:masterfrom Jul 18, 2022
Merged
Conversation
Previously, whether the test server created tenant-scoped client certificates for tests was based on a hardcoded version gate. This was sufficient in the past, but as tenant-scoped client certs are now being backported to older cockroachdb versions, a more dynamic approach to determine whether or not these certificates are available is needed. This patch adds a mechanism to do so. The new approach runs the `cockroach cert create-client --help` command to view the available flags for the current cockroach binary. If the `--tenant-scope` flag is present in the help text, then we can say with confidence that tenant scoped client certificates are available. We can use this to signal the broader system to make use of these certificates when running tests in secure mode. This follows the approach used in: cockroachdb/cockroach#83703
Member
|
This change is |
rafiss
approved these changes
Jul 18, 2022
Contributor
rafiss
left a comment
There was a problem hiding this comment.
nice, this is a great idea
Contributor
Author
|
TFTR! |
Contributor
Author
|
NB: Pushed tag v2.2.15 with this change. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Previously, whether the test server created tenant-scoped client
certificates for tests was based on a hardcoded version gate. This
was sufficient in the past, but as tenant-scoped client certs are
now being backported to older cockroachdb versions, a more dynamic
approach to determine whether or not these certificates are available
is needed.
This patch adds a mechanism to do so. The new approach runs the
cockroach cert create-client --helpcommand to view the availableflags for the current cockroach binary. If the
--tenant-scopeflagis present in the help text, then we can say with confidence that
tenant scoped client certificates are available. We can use this
to signal the broader system to make use of these certificates when
running tests in secure mode.
This follows the approach used in:
cockroachdb/cockroach#83703