Diagnose warns if HTTPS is not used for ha-storage-tls-consul [VAULT-2773] (#11967)

* Diagnose warns if HTTPS is not used for ha-storage-tls-consul * Skipping TLS verification if https is not used in ha storage tls consul * Adding diagnose skip message for consul service registration
2021-07-07 14:35:25 -04:00 · 2021-07-07 14:35:25 -04:00 · fedc31e905
parent 9df804e8d7
commit fedc31e905
3 changed files with 13 additions and 5 deletions
--- a/command/operator_diagnose_test.go
+++ b/command/operator_diagnose_test.go
@ -71,7 +71,7 @@ func TestOperatorDiagnoseCommand_Run(t *testing.T) {
 						},
 						{
 							Name:   "test-storage-tls-consul",
-							Status: diagnose.OkStatus,
+							Status: diagnose.SkippedStatus,
 						},
 						{
 							Name:   "test-consul-direct-access-storage",
@ -85,7 +85,7 @@ func TestOperatorDiagnoseCommand_Run(t *testing.T) {
 					Children: []*diagnose.Result{
 						{
 							Name:   "test-serviceregistration-tls-consul",
-							Status: diagnose.OkStatus,
+							Status: diagnose.SkippedStatus,
 						},
 						{
 							Name:   "test-consul-direct-access-service-discovery",
@ -121,7 +121,7 @@ func TestOperatorDiagnoseCommand_Run(t *testing.T) {
 						},
 						{
 							Name:   "test-ha-storage-tls-consul",
-							Status: diagnose.OkStatus,
+							Status: diagnose.SkippedStatus,
 						},
 					},
 				},
@ -278,7 +278,7 @@ func TestOperatorDiagnoseCommand_Run(t *testing.T) {
 						},
 						{
 							Name:   "test-storage-tls-consul",
-							Status: diagnose.OkStatus,
+							Status: diagnose.SkippedStatus,
 						},
 						{
 							Name:   "test-consul-direct-access-storage",
@ -378,7 +378,7 @@ func TestOperatorDiagnoseCommand_Run(t *testing.T) {
 						},
 						{
 							Name:   "test-storage-tls-consul",
-							Status: diagnose.OkStatus,
+							Status: diagnose.SkippedStatus,
 						},
 						{
 							Name:   "test-consul-direct-access-storage",
--- a/physical/consul/consul.go
+++ b/physical/consul/consul.go
@ -212,6 +212,10 @@ func SetupSecureTLS(ctx context.Context, consulConf *api.Config, conf map[string
 			return err
 		}
 		logger.Debug("configured TLS")
+	} else {
+		if isDiagnose {
+			diagnose.Skipped(ctx, "HTTPS is not used, Skipping TLS verification.")
+		}
 	}
 	return nil
 }
--- a/serviceregistration/consul/consul_service_registration.go
+++ b/serviceregistration/consul/consul_service_registration.go
@ -240,6 +240,10 @@ func SetupSecureTLS(ctx context.Context, consulConf *api.Config, conf map[string
 			return err
 		}
 		logger.Debug("configured TLS")
+	} else {
+		if isDiagnose {
+			diagnose.Skipped(ctx, "HTTPS is not used, Skipping TLS verification.")
+		}
 	}
 	return nil
 }