diff --git a/client/driver/docker_test.go b/client/driver/docker_test.go index 962c0efdf359..b938077636d5 100644 --- a/client/driver/docker_test.go +++ b/client/driver/docker_test.go @@ -1790,7 +1790,7 @@ func TestDockerDriver_OOMKilled(t *testing.T) { select { case res := <-handle.WaitCh(): if res.Successful() { - t.Fatalf("expected error, but container exited successfull") + t.Fatalf("expected error, but container exited successful") } if res.Err.Error() != "OOM Killed" { diff --git a/command/agent/agent.go b/command/agent/agent.go index a2f69964fa1f..8ee4a8a8897e 100644 --- a/command/agent/agent.go +++ b/command/agent/agent.go @@ -733,7 +733,7 @@ func (a *Agent) Reload(newConfig *Config) error { if newConfig.TLSConfig != nil { if !a.config.TLSConfig.IsEmpty() && !newConfig.TLSConfig.IsEmpty() { - a.logger.Println("[INFO] Updating agent's existing TLS configuration \n\n") + a.logger.Println("[INFO] Updating agent's existing TLS configuration") // Handle errors in loading the new certificate files. // This is just a TLS configuration reload, we don't need to refresh // existing network connections @@ -745,9 +745,9 @@ func (a *Agent) Reload(newConfig *Config) error { a.config.TLSConfig = newConfig.TLSConfig if a.config.TLSConfig.IsEmpty() && !newConfig.TLSConfig.IsEmpty() { - a.logger.Println("[INFO] Upgrading from plaintext configuration to TLS \n\n") + a.logger.Println("[INFO] Upgrading from plaintext configuration to TLS") } else if !a.config.TLSConfig.IsEmpty() && newConfig.TLSConfig.IsEmpty() { - a.logger.Println("[WARN] Downgrading agent's existing TLS configuration to plaintext \n\n") + a.logger.Println("[WARN] Downgrading agent's existing TLS configuration to plaintext") } // Reload the TLS configuration for the client or server, depending on how diff --git a/command/agent/http_test.go b/command/agent/http_test.go index f51f61d5ce4b..4b7019548df2 100644 --- a/command/agent/http_test.go +++ b/command/agent/http_test.go @@ -560,7 +560,7 @@ func TestHTTP_VerifyHTTPSClient_AfterConfigReload(t *testing.T) { // First test with a plaintext request transport := &http.Transport{} client := &http.Client{Transport: transport} - req, err := http.NewRequest("GET", reqURL, nil) + _, err := http.NewRequest("GET", reqURL, nil) assert.Nil(err) // Next, reload the TLS configuration @@ -590,7 +590,7 @@ func TestHTTP_VerifyHTTPSClient_AfterConfigReload(t *testing.T) { transport = &http.Transport{TLSClientConfig: tlsConf} client = &http.Client{Transport: transport} - req, err = http.NewRequest("GET", httpsReqURL, nil) + req, err := http.NewRequest("GET", httpsReqURL, nil) assert.Nil(err) resp, err := client.Do(req) diff --git a/nomad/server_test.go b/nomad/server_test.go index 4382931e2db0..85700f205597 100644 --- a/nomad/server_test.go +++ b/nomad/server_test.go @@ -281,7 +281,7 @@ func TestServer_Reload_Vault(t *testing.T) { } // Tests that the server will successfully reload its network connections, -// upgrading from plaintext to TLS if the server's TLS configuratoin changes. +// upgrading from plaintext to TLS if the server's TLS configuration changes. func TestServer_Reload_TLSConnections(t *testing.T) { t.Parallel() assert := assert.New(t) diff --git a/nomad/structs/config/tls.go b/nomad/structs/config/tls.go index c2745314b276..0f9c67db0373 100644 --- a/nomad/structs/config/tls.go +++ b/nomad/structs/config/tls.go @@ -79,18 +79,35 @@ func (k *KeyLoader) GetOutgoingCertificate(*tls.ClientHelloInfo) (*tls.Certifica } func (t *TLSConfig) GetKeyLoader() *KeyLoader { + t.configLock.Lock() + defer t.configLock.Unlock() + // If the keyloader has not yet been initialized, do it here if t.KeyLoader == nil { - t.configLock.Lock() t.KeyLoader = &KeyLoader{} - t.configLock.Unlock() } return t.KeyLoader } +// Copy copies the fields of TLSConfig to another TLSConfig object. Required as +// to not copy mutexes between objects. +func (t *TLSConfig) Copy() *TLSConfig { + new := &TLSConfig{} + new.EnableHTTP = t.EnableHTTP + new.EnableRPC = t.EnableRPC + new.VerifyServerHostname = t.VerifyServerHostname + new.CAFile = t.CAFile + new.CertFile = t.CertFile + new.KeyLoader = t.KeyLoader + new.KeyFile = t.KeyFile + new.RPCUpgradeMode = t.RPCUpgradeMode + new.VerifyHTTPSClient = t.VerifyHTTPSClient + return new +} + // Merge is used to merge two TLS configs together func (t *TLSConfig) Merge(b *TLSConfig) *TLSConfig { - result := *t + result := t.Copy() if b.EnableHTTP { result.EnableHTTP = true @@ -113,7 +130,7 @@ func (t *TLSConfig) Merge(b *TLSConfig) *TLSConfig { if b.VerifyHTTPSClient { result.VerifyHTTPSClient = true } - return &result + return result } // IsEmpty checks to see if every (non-boolean) field in the struct is nil