Skip to content

Commit 12854ec

Browse files
ahrtrahrtr
committed
Differentiate the warning message for rejected client and peer connections
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
1 parent 4548f41 commit 12854ec

2 files changed

Lines changed: 112 additions & 26 deletions

File tree

server/embed/config_logging.go

Lines changed: 29 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -147,35 +147,38 @@ func (cfg *Config) setupLogging() error {
147147
return err
148148
}
149149

150-
logTLSHandshakeFailure := func(conn *tls.Conn, err error) {
151-
state := conn.ConnectionState()
152-
remoteAddr := conn.RemoteAddr().String()
153-
serverName := state.ServerName
154-
if len(state.PeerCertificates) > 0 {
155-
cert := state.PeerCertificates[0]
156-
ips := make([]string, len(cert.IPAddresses))
157-
for i := range cert.IPAddresses {
158-
ips[i] = cert.IPAddresses[i].String()
150+
logTLSHandshakeFailureFunc := func(msg string) func(conn *tls.Conn, err error) {
151+
return func(conn *tls.Conn, err error) {
152+
state := conn.ConnectionState()
153+
remoteAddr := conn.RemoteAddr().String()
154+
serverName := state.ServerName
155+
if len(state.PeerCertificates) > 0 {
156+
cert := state.PeerCertificates[0]
157+
ips := make([]string, len(cert.IPAddresses))
158+
for i := range cert.IPAddresses {
159+
ips[i] = cert.IPAddresses[i].String()
160+
}
161+
cfg.logger.Warn(
162+
msg,
163+
zap.String("remote-addr", remoteAddr),
164+
zap.String("server-name", serverName),
165+
zap.Strings("ip-addresses", ips),
166+
zap.Strings("dns-names", cert.DNSNames),
167+
zap.Error(err),
168+
)
169+
} else {
170+
cfg.logger.Warn(
171+
msg,
172+
zap.String("remote-addr", remoteAddr),
173+
zap.String("server-name", serverName),
174+
zap.Error(err),
175+
)
159176
}
160-
cfg.logger.Warn(
161-
"rejected connection",
162-
zap.String("remote-addr", remoteAddr),
163-
zap.String("server-name", serverName),
164-
zap.Strings("ip-addresses", ips),
165-
zap.Strings("dns-names", cert.DNSNames),
166-
zap.Error(err),
167-
)
168-
} else {
169-
cfg.logger.Warn(
170-
"rejected connection",
171-
zap.String("remote-addr", remoteAddr),
172-
zap.String("server-name", serverName),
173-
zap.Error(err),
174-
)
175177
}
176178
}
177-
cfg.ClientTLSInfo.HandshakeFailure = logTLSHandshakeFailure
178-
cfg.PeerTLSInfo.HandshakeFailure = logTLSHandshakeFailure
179+
180+
cfg.ClientTLSInfo.HandshakeFailure = logTLSHandshakeFailureFunc("rejected connection on client endpoint")
181+
cfg.PeerTLSInfo.HandshakeFailure = logTLSHandshakeFailureFunc("rejected connection on peer endpoint")
179182

180183
default:
181184
return fmt.Errorf("unknown logger option %q", cfg.Logger)

tests/e2e/zap_logging_test.go

Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@ import (
2222
"testing"
2323
"time"
2424

25+
"github.com/stretchr/testify/require"
26+
2527
"go.etcd.io/etcd/tests/v3/framework/e2e"
2628
)
2729

@@ -76,3 +78,84 @@ type logEntry struct {
7678
Caller string `json:"caller"`
7779
Message string `json:"msg"`
7880
}
81+
82+
func TestConnectionRejectMessage(t *testing.T) {
83+
e2e.SkipInShortMode(t)
84+
85+
testCases := []struct {
86+
name string
87+
url string
88+
expectedErrMsg string
89+
}{
90+
{
91+
name: "reject client connection",
92+
url: "https://127.0.0.1:2379/version",
93+
expectedErrMsg: "rejected connection on client endpoint",
94+
},
95+
{
96+
name: "reject peer connection",
97+
url: "https://127.0.0.1:2380/members",
98+
expectedErrMsg: "rejected connection on peer endpoint",
99+
},
100+
}
101+
102+
for _, tc := range testCases {
103+
t.Run(tc.name, func(t *testing.T) {
104+
commonArgs := []string{
105+
e2e.BinPath,
106+
"--name", "etcd1",
107+
"--listen-client-urls", "https://127.0.0.1:2379",
108+
"--advertise-client-urls", "https://127.0.0.1:2379",
109+
"--cert-file", e2e.CertPath,
110+
"--key-file", e2e.PrivateKeyPath,
111+
"--trusted-ca-file", e2e.CaPath,
112+
"--listen-peer-urls", "https://127.0.0.1:2380",
113+
"--initial-advertise-peer-urls", "https://127.0.0.1:2380",
114+
"--initial-cluster", "etcd1=https://127.0.0.1:2380",
115+
"--peer-cert-file", e2e.CertPath,
116+
"--peer-key-file", e2e.PrivateKeyPath,
117+
"--peer-trusted-ca-file", e2e.CaPath,
118+
}
119+
120+
t.Log("Starting an etcd process and wait for it to get ready.")
121+
p, err := e2e.SpawnCmd(commonArgs, nil)
122+
require.NoError(t, err)
123+
err = e2e.WaitReadyExpectProc(p, e2e.EtcdServerReadyLines)
124+
require.NoError(t, err)
125+
defer func() {
126+
p.Stop()
127+
p.Close()
128+
}()
129+
130+
t.Log("Starting a separate goroutine to verify the expected output.")
131+
startedCh := make(chan struct{}, 1)
132+
doneCh := make(chan struct{}, 1)
133+
go func() {
134+
startedCh <- struct{}{}
135+
verr := e2e.WaitReadyExpectProc(p, []string{tc.expectedErrMsg})
136+
require.NoError(t, verr)
137+
doneCh <- struct{}{}
138+
}()
139+
140+
// wait for the goroutine to get started
141+
<-startedCh
142+
143+
t.Log("Running curl command to trigger the corresponding warning message.")
144+
curlCmdArgs := []string{"curl", "--connect-timeout", "1", "-k", tc.url}
145+
curlCmd, err := e2e.SpawnCmd(curlCmdArgs, nil)
146+
require.NoError(t, err)
147+
148+
defer func() {
149+
curlCmd.Stop()
150+
curlCmd.Close()
151+
}()
152+
153+
t.Log("Waiting for the result.")
154+
select {
155+
case <-doneCh:
156+
case <-time.After(5 * time.Second):
157+
t.Fatal("Timed out waiting for the result")
158+
}
159+
})
160+
}
161+
}

0 commit comments

Comments
 (0)