vdaas · vankichi · Jul 2, 2020 · Jul 1, 2020 · Jul 1, 2020 · Jul 2, 2020
diff --git a/internal/config/tls.go b/internal/config/tls.go
@@ -34,13 +34,15 @@ type TLS struct {
 	CA string `yaml:"ca" json:"ca"`
 }
 
+// Bind returns TLS object whose every value except Enabled is field value of environment value.
 func (t *TLS) Bind() *TLS {
 	t.Cert = GetActualValue(t.Cert)
 	t.Key = GetActualValue(t.Key)
 	t.CA = GetActualValue(t.CA)
 	return t
 }
 
+// Opts returns []tls.Option object whose every value is field value.
 func (t *TLS) Opts() []tls.Option {
 	return []tls.Option{
 		tls.WithCa(t.CA),

diff --git a/internal/config/tls_test.go b/internal/config/tls_test.go
@@ -18,6 +18,7 @@
 package config
 
 import (
+	"os"
 	"reflect"
 	"testing"
 
@@ -50,37 +51,56 @@ func TestTLS_Bind(t *testing.T) {
 		return nil
 	}
 	tests := []test{
-		// TODO test cases
-		/*
-		   {
-		       name: "test_case_1",
-		       fields: fields {
-		           Enabled: false,
-		           Cert: "",
-		           Key: "",
-		           CA: "",
-		       },
-		       want: want{},
-		       checkFunc: defaultCheckFunc,
-		   },
-		*/
-
-		// TODO test cases
-		/*
-		   func() test {
-		       return test {
-		           name: "test_case_2",
-		           fields: fields {
-		           Enabled: false,
-		           Cert: "",
-		           Key: "",
-		           CA: "",
-		           },
-		           want: want{},
-		           checkFunc: defaultCheckFunc,
-		       }
-		   }(),
-		*/
+		{
+			name: "returns TLS when all fields contain no prefix/suffix symbol",
+			fields: fields{
+				Enabled: true,
+				Cert:    "cert",
+				Key:     "key",
+				CA:      "ca",
+			},
+			want: want{
+				want: &TLS{
+					Enabled: true,
+					Cert:    "cert",
+					Key:     "key",
+					CA:      "ca",
+				},
+			},
+		},
+		{
+			name: "returns TLS with environment variable when it contains `_` prefix and suffix",
+			fields: fields{
+				Enabled: true,
+				Cert:    "_cert_",
+				Key:     "_key_",
+				CA:      "_ca_",
+			},
+			beforeFunc: func() {
+				_ = os.Setenv("cert", "tls_cert")
+				_ = os.Setenv("key", "tls_key")
+				_ = os.Setenv("ca", "tls_ca")
+			},
+			afterFunc: func() {
+				_ = os.Unsetenv("cert")
+				_ = os.Unsetenv("key")
+				_ = os.Unsetenv("ca")
+			},
+			want: want{
+				want: &TLS{
+					Enabled: true,
+					Cert:    "tls_cert",
+					Key:     "tls_key",
+					CA:      "tls_ca",
+				},
+			},
+		},
+		{
+			name: "returns TLS when all fields are empty",
+			want: want{
+				want: new(TLS),
+			},
+		},
 	}
 
 	for _, test := range tests {
@@ -129,43 +149,50 @@ func TestTLS_Opts(t *testing.T) {
 		afterFunc  func()
 	}
 	defaultCheckFunc := func(w want, got []tls.Option) error {
-		if !reflect.DeepEqual(got, w.want) {
-			return errors.Errorf("got = %v, want %v", got, w.want)
+		if len(w.want) != len(got) {
+			return errors.Errorf("len(got) = %d, len(want) = %d", len(got), len(w.want))
+		}
+		for i := range w.want {
+			ok := false
+			for j := range got {
+				if reflect.ValueOf(w.want[i]).Pointer() == reflect.ValueOf(got[j]).Pointer() {
+					ok = true
+					break
+				}
+			}
+			if !ok {
+				return errors.Errorf("got = %v, want %v", got, w.want)
+			}
 		}
 		return nil
 	}
 	tests := []test{
-		// TODO test cases
-		/*
-		   {
-		       name: "test_case_1",
-		       fields: fields {
-		           Enabled: false,
-		           Cert: "",
-		           Key: "",
-		           CA: "",
-		       },
-		       want: want{},
-		       checkFunc: defaultCheckFunc,
-		   },
-		*/
-
-		// TODO test cases
-		/*
-		   func() test {
-		       return test {
-		           name: "test_case_2",
-		           fields: fields {
-		           Enabled: false,
-		           Cert: "",
-		           Key: "",
-		           CA: "",
-		           },
-		           want: want{},
-		           checkFunc: defaultCheckFunc,
-		       }
-		   }(),
-		*/
+		{
+			name: "returns []tls.Option",
+			fields: fields{
+				Enabled: true,
+				Cert:    "cert",
+				Key:     "key",
+				CA:      "ca",
+			},
+			want: want{
+				want: []tls.Option{
+					tls.WithCa("ca"),
+					tls.WithCert("cert"),
+					tls.WithKey("key"),
+				},
+			},
+		},
+		{
+			name: "returns []tls.Option",
+			want: want{
+				want: []tls.Option{
+					tls.WithCa(""),
+					tls.WithCert(""),
+					tls.WithKey(""),
+				},
+			},
+		},
 	}
 
 	for _, test := range tests {

diff --git a/internal/tls/option.go b/internal/tls/option.go
@@ -22,49 +22,7 @@ import "crypto/tls"
 type Option func(*credentials) error
 
 var (
-	defaultOpts = []Option{
-		WithTLSConfig(&tls.Config{
-			MinVersion: tls.VersionTLS12,
-			NextProtos: []string{
-				"http/1.1",
-				"h2",
-			},
-			CurvePreferences: []tls.CurveID{
-				tls.CurveP521,
-				tls.CurveP384,
-				tls.CurveP256,
-				tls.X25519,
-			},
-			SessionTicketsDisabled: true,
-			// PreferServerCipherSuites: true,
-			// CipherSuites: []uint16{
-			// tls.TLS_RSA_WITH_RC4_128_SHA,
-			// tls.TLS_RSA_WITH_AES_128_CBC_SHA,
-			// tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-			// tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
-			// tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
-			// tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
-			// tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-			// tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-			// tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-			// tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-			// tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-			// tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-			// tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, // Maybe this is work on TLS 1.2
-			// tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, // TLS1.3 Feature
-			// tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, // TLS1.3 Feature
-			// tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, // Go 1.8 only
-			// tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, // Go 1.8 only
-			// },
-			ClientAuth: tls.NoClientCert,
-		}),
-	}
+	defaultOpts = []Option{}
 )
 
 func WithCert(cert string) Option {

diff --git a/internal/tls/tls.go b/internal/tls/tls.go
@@ -53,6 +53,49 @@ func New(opts ...Option) (*Config, error) {
 		return nil, errors.ErrTLSCertOrKeyNotFound
 	}
 
+	if c.cfg == nil {
+		c.cfg = &tls.Config{
+			MinVersion: tls.VersionTLS12,
+			NextProtos: []string{
+				"http/1.1",
+				"h2",
+			},
+			CurvePreferences: []tls.CurveID{
+				tls.CurveP521,
+				tls.CurveP384,
+				tls.CurveP256,
+				tls.X25519,
+			},
+			SessionTicketsDisabled: true,
+			// PreferServerCipherSuites: true,
+			// CipherSuites: []uint16{
+			// tls.TLS_RSA_WITH_RC4_128_SHA,
+			// tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			// tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+			// tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
+			// tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+			// tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+			// tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+			// tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+			// tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+			// tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			// tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, // Maybe this is work on TLS 1.2
+			// tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, // TLS1.3 Feature
+			// tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, // TLS1.3 Feature
+			// tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, // Go 1.8 only
+			// tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, // Go 1.8 only
+			// },
+			ClientAuth: tls.NoClientCert,
+		}
+	}
 	c.cfg.Certificates = make([]tls.Certificate, 1)
 	c.cfg.Certificates[0], err = tls.LoadX509KeyPair(c.cert, c.key)
 	if err != nil {