diff --git a/agent/consul/auto_encrypt.go b/agent/consul/auto_encrypt.go index 85298ff39..e3a0e78c5 100644 --- a/agent/consul/auto_encrypt.go +++ b/agent/consul/auto_encrypt.go @@ -51,6 +51,13 @@ func (c *Client) RequestAutoEncryptCerts(servers []string, port int, token strin return errFn(err) } + if conf.PrivateKeyType == "" { + conf.PrivateKeyType = connect.DefaultPrivateKeyType + } + if conf.PrivateKeyBits == 0 { + conf.PrivateKeyBits = connect.DefaultPrivateKeyBits + } + // Create a new private key pk, pkPEM, err := connect.GeneratePrivateKeyWithConfig(conf.PrivateKeyType, conf.PrivateKeyBits) if err != nil { diff --git a/agent/consul/auto_encrypt_test.go b/agent/consul/auto_encrypt_test.go index d27b2f948..535cedb85 100644 --- a/agent/consul/auto_encrypt_test.go +++ b/agent/consul/auto_encrypt_test.go @@ -1,11 +1,13 @@ package consul import ( - "github.com/stretchr/testify/require" "log" "net" "os" "testing" + "time" + + "github.com/stretchr/testify/require" ) func TestAutoEncrypt_resolveAddr(t *testing.T) { @@ -77,3 +79,31 @@ func TestAutoEncrypt_missingPortError(t *testing.T) { _, _, err = net.SplitHostPort(host) require.False(t, missingPortError(host, err)) } + +func TestAutoEncrypt_RequestAutoEncryptCerts(t *testing.T) { + dir1, c1 := testClient(t) + defer os.RemoveAll(dir1) + defer c1.Shutdown() + servers := []string{"localhost"} + port := 8301 + token := "" + interruptCh := make(chan struct{}) + doneCh := make(chan struct{}) + var err error + go func() { + _, _, err = c1.RequestAutoEncryptCerts(servers, port, token, interruptCh) + close(doneCh) + }() + select { + case <-doneCh: + // since there are no servers at this port, we shouldn't be + // done and this should be an error of some sorts that happened + // in the setup phase before entering the for loop in + // RequestAutoEncryptCerts. + require.NoError(t, err) + case <-time.After(50 * time.Millisecond): + // this is the happy case since auto encrypt is in its loop to + // try to request certs. + interruptCh <- struct{}{} + } +}