client,server: better err msg when PD endpoint missing certificate

pingcap · Jun 23, 2021 · aa0b8b4 · aa0b8b4
1 parent d933dd1
commit aa0b8b4
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 6 deletions.
diff --git a/cmd/client.go b/cmd/client.go
@@ -138,11 +138,15 @@ func newCliCommand() *cobra.Command {
 				return errors.Annotate(err, "fail to validate TLS settings")
 			}
 			if tlsConfig != nil {
-				if strings.Contains(cliPdAddr, "http://") {
+				if strings.Contains(cliPdAddr, HTTP) {
 					return errors.New("PD endpoint scheme should be https")
 				}
-			} else if !strings.Contains(cliPdAddr, "http://") {
-				return errors.New("PD endpoint scheme should be http")
+			} else {
+				if strings.Contains(cliPdAddr, HTTPS) {
+					return errors.New("PD endpoint scheme is https, please provide certificate")
+				} else if !strings.Contains(cliPdAddr, HTTP) {
+					return errors.New("PD endpoint scheme should be http")
+				}
 			}
 			grpcTLSOption, err := credential.ToGRPCDialOption()
 			if err != nil {

diff --git a/cmd/server.go b/cmd/server.go
@@ -35,6 +35,12 @@ import (
 	"go.uber.org/zap"
 )
 
+// Endpoint schemes.
+const (
+	HTTP  = "http://"
+	HTTPS = "https://"
+)
+
 var (
 	serverPdAddr         string
 	serverConfigFilePath string
@@ -204,11 +210,15 @@ func loadAndVerifyServerConfig(cmd *cobra.Command) (*config.ServerConfig, error)
 	}
 	for _, ep := range strings.Split(serverPdAddr, ",") {
 		if conf.Security.IsTLSEnabled() {
-			if strings.Index(ep, "http://") == 0 {
+			if strings.Index(ep, HTTP) == 0 {
 				return nil, cerror.ErrInvalidServerOption.GenWithStack("PD endpoint scheme should be https")
 			}
-		} else if strings.Index(ep, "http://") != 0 {
-			return nil, cerror.ErrInvalidServerOption.GenWithStack("PD endpoint scheme should be http")
+		} else {
+			if strings.Index(ep, HTTPS) == 0 {
+				return nil, errors.New("PD endpoint scheme is https, please provide certificate")
+			} else if strings.Index(ep, HTTP) != 0 {
+				return nil, cerror.ErrInvalidServerOption.GenWithStack("PD endpoint scheme should be http")
+			}
 		}
 	}
 

diff --git a/cmd/server_test.go b/cmd/server_test.go
@@ -90,6 +90,13 @@ func (s *serverSuite) TestLoadAndVerifyServerConfig(c *check.C) {
 	_, err = loadAndVerifyServerConfig(cmd)
 	c.Assert(err, check.ErrorMatches, ".*PD endpoint scheme should be http.*")
 
+	// test missing certificate
+	cmd = new(cobra.Command)
+	initServerCmd(cmd)
+	c.Assert(cmd.ParseFlags([]string{"--pd=https://aa"}), check.IsNil)
+	_, err = loadAndVerifyServerConfig(cmd)
+	c.Assert(err, check.ErrorMatches, ".*PD endpoint scheme is https, please provide certificate.*")
+
 	// test undefined flag
 	cmd = new(cobra.Command)
 	initServerCmd(cmd)