tls: minor fix on http api (#1008) (#1036)

Co-authored-by: xiang <xiang13225080@163.com>
pingcap · Sep 15, 2020 · 63a8eb0 · 63a8eb0
1 parent 91c3cfc
commit 63a8eb0
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 5 deletions.
diff --git a/dm/master/server.go b/dm/master/server.go
@@ -172,11 +172,8 @@ func (s *Server) Start(ctx context.Context) (err error) {
 	if err != nil {
 		return terror.ErrMasterTLSConfigNotValid.Delegate(err)
 	}
-	if tls2 != nil && tls2.TLSConfig() != nil {
-		tls2.TLSConfig().InsecureSkipVerify = true
-	}
 
-	apiHandler, err := getHTTPAPIHandler(ctx, s.cfg.MasterAddr, tls2.ToGRPCDialOption())
+	apiHandler, err := getHTTPAPIHandler(ctx, s.cfg.AdvertiseAddr, tls2.ToGRPCDialOption())
 	if err != nil {
 		return
 	}

diff --git a/tests/_dmctl_tools/check_master_http_apis.go b/tests/_dmctl_tools/check_master_http_apis.go
@@ -0,0 +1,62 @@
+// Copyright 2020 PingCAP, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+
+	"github.com/pingcap/dm/tests/utils"
+
+	toolutils "github.com/pingcap/tidb-tools/pkg/utils"
+)
+
+// use show-ddl-locks request to test DM-master is online
+func main() {
+	addr := os.Args[1]
+	sslCA := ""
+	sslCert := ""
+	sslKey := ""
+	transport := http.DefaultTransport.(*http.Transport).Clone()
+
+	if len(os.Args) == 5 {
+		sslCA = os.Args[2]
+		sslCert = os.Args[3]
+		sslKey = os.Args[4]
+
+		tls, err := toolutils.NewTLS(sslCA, sslCert, sslKey, "", nil)
+		if err != nil {
+			utils.ExitWithError(err)
+		}
+
+		tlsCfg := tls.TLSConfig()
+		tlsCfg.InsecureSkipVerify = true
+		transport.TLSClientConfig = tlsCfg
+	}
+
+	client := &http.Client{Transport: transport}
+
+	resp, err := client.Get("https://" + addr + "/apis/v1alpha1/members")
+	if err != nil {
+		utils.ExitWithError(err)
+	}
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		utils.ExitWithError(err)
+	}
+	fmt.Println(string(body))
+}
diff --git a/tests/tls/run.sh b/tests/tls/run.sh
@@ -90,8 +90,9 @@ function run() {
             "query-status test" \
             "\"result\": true" 2
 
-    echo "test http interface"
+    echo "test http and api interface"
     check_rpc_alive $cur/../bin/check_master_online_http 127.0.0.1:$MASTER_PORT1 "$cur/conf/ca.pem" "$cur/conf/dm.pem" "$cur/conf/dm.key"
+    check_rpc_alive $cur/../bin/check_master_http_apis 127.0.0.1:$MASTER_PORT1 "$cur/conf/ca.pem" "$cur/conf/dm.pem" "$cur/conf/dm.key"
 
     echo "use common name not in 'cert-allowed-cn' should not request success"
     check_rpc_alive $cur/../bin/check_master_online_http 127.0.0.1:$MASTER_PORT1 "$cur/conf/ca.pem" "$cur/conf/other.pem" "$cur/conf/other.key" && exit 1 || true