When a cluster is fronted by a single DNS name (desired) but communicates IPs to clients (also desired), and we use TLS, we want to make sure we do the right thing connecting to an IP directly for TLS to work. The reason this may happen is that the cluster has a single DNS name and a single certific
(t *testing.T)
| 663 | // The reason this may happen is that the cluster has a single DNS name and a single certificate, but the cluster |
| 664 | // wants to vend out IPs and not wait on DNS for topology changes and failover. |
| 665 | func TestReconnectTLSHostNoIP(t *testing.T) { |
| 666 | sa, optsA := RunServerWithConfig("./configs/tls_noip_a.conf") |
| 667 | defer sa.Shutdown() |
| 668 | sb, optsB := RunServerWithConfig("./configs/tls_noip_b.conf") |
| 669 | defer sb.Shutdown() |
| 670 | |
| 671 | // Wait for cluster to form. |
| 672 | wait := time.Now().Add(2 * time.Second) |
| 673 | for time.Now().Before(wait) { |
| 674 | sanr := sa.NumRoutes() |
| 675 | sbnr := sb.NumRoutes() |
| 676 | if sanr == 1 && sbnr == 1 { |
| 677 | break |
| 678 | } |
| 679 | time.Sleep(50 * time.Millisecond) |
| 680 | } |
| 681 | |
| 682 | endpoint := fmt.Sprintf("%s:%d", optsA.Host, optsA.Port) |
| 683 | secureURL := fmt.Sprintf("tls://%s:%s@%s/", optsA.Username, optsA.Password, endpoint) |
| 684 | |
| 685 | dch := make(chan bool, 2) |
| 686 | dcb := func(_ *nats.Conn, _ error) { dch <- true } |
| 687 | rch := make(chan bool) |
| 688 | rcb := func(_ *nats.Conn) { rch <- true } |
| 689 | |
| 690 | nc, err := nats.Connect(secureURL, |
| 691 | nats.RootCAs("./configs/certs/ca.pem"), |
| 692 | nats.DisconnectErrHandler(dcb), |
| 693 | nats.ReconnectHandler(rcb)) |
| 694 | if err != nil { |
| 695 | t.Fatalf("Failed to create secure (TLS) connection: %v", err) |
| 696 | } |
| 697 | defer nc.Close() |
| 698 | |
| 699 | // Wait for DiscoveredServers() to be 1. |
| 700 | wait = time.Now().Add(2 * time.Second) |
| 701 | for time.Now().Before(wait) { |
| 702 | if len(nc.DiscoveredServers()) == 1 { |
| 703 | break |
| 704 | } |
| 705 | } |
| 706 | // Make sure this is the server B info, and that it is an IP. |
| 707 | expectedDiscoverURL := fmt.Sprintf("tls://%s:%d", optsB.Host, optsB.Port) |
| 708 | eurl, err := url.Parse(expectedDiscoverURL) |
| 709 | if err != nil { |
| 710 | t.Fatalf("Expected to parse discovered server URL: %v", err) |
| 711 | } |
| 712 | if addr := net.ParseIP(eurl.Hostname()); addr == nil { |
| 713 | t.Fatalf("Expected the discovered server to be an IP, got %v", eurl.Hostname()) |
| 714 | } |
| 715 | ds := nc.DiscoveredServers() |
| 716 | if ds[0] != expectedDiscoverURL { |
| 717 | t.Fatalf("Expected %q, got %q", expectedDiscoverURL, ds[0]) |
| 718 | } |
| 719 | |
| 720 | // Force us to switch servers. |
| 721 | sa.Shutdown() |
| 722 |
nothing calls this directly
no test coverage detected