code cleanup and refactoring

helper/tlsutil/config.go

@@ -59,14 +59,11 @@ type Config struct {
 	// Must be provided to serve TLS connections.
 	CertFile string
 
-	// Stores a TLS certificate that has been loaded given the information in the
-	// configuration. This can be updated via config.Reload()
-	Certificate *tls.Certificate
-
 	// KeyFile is used to provide a TLS key that is used for serving TLS connections.
 	// Must be provided to serve TLS connections.
 	KeyFile string
 
+	// Utility to dynamically reload TLS configuration.
 	KeyLoader *config.KeyLoader
 }
 
@@ -97,7 +94,7 @@ func (c *Config) LoadKeyPair() (*tls.Certificate, error) {
 	}
 
 	if c.KeyLoader == nil {
-		return nil, nil // TODO make sure this is the correct behavior
+		return nil, fmt.Errorf("No Keyloader object to perform LoadKeyPair")
 	}
 
 	cert, err := c.KeyLoader.LoadKeyPair(c.CertFile, c.KeyFile)
@@ -149,10 +146,6 @@ func (c *Config) OutgoingTLSConfig() (*tls.Config, error) {
 	return tlsConfig, nil
 }
 
-func (c *Config) getOutgoingCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error) {
-	return c.Certificate, nil
-}
-
 // OutgoingTLSWrapper returns a a Wrapper based on the OutgoingTLS
 // configuration. If hostname verification is on, the wrapper
 // will properly generate the dynamic server name for verification.

helper/tlsutil/config_test.go

@@ -143,6 +143,8 @@ func TestConfig_OutgoingTLS_VerifyHostname(t *testing.T) {
 }
 
 func TestConfig_OutgoingTLS_WithKeyPair(t *testing.T) {
+	assert := assert.New(t)
+
 	conf := &Config{
 		VerifyOutgoing: true,
 		CAFile:         cacert,
@@ -151,28 +153,15 @@ func TestConfig_OutgoingTLS_WithKeyPair(t *testing.T) {
 		KeyLoader:      &config.KeyLoader{},
 	}
 	tlsConf, err := conf.OutgoingTLSConfig()
-	if err != nil {
-		t.Fatalf("err: %v", err)
-	}
-	if tlsConf == nil {
-		t.Fatalf("expected config")
-	}
-	if len(tlsConf.RootCAs.Subjects()) != 1 {
-		t.Fatalf("expect root cert")
-	}
-	if !tlsConf.InsecureSkipVerify {
-		t.Fatalf("should skip verification")
-	}
+	assert.Nil(err)
+	assert.NotNil(tlsConf)
+	assert.Equal(len(tlsConf.RootCAs.Subjects()), 1)
+	assert.True(tlsConf.InsecureSkipVerify)
 
 	clientHelloInfo := &tls.ClientHelloInfo{}
 	cert, err := tlsConf.GetCertificate(clientHelloInfo)
-	// TODO add asert package
-	if err != nil {
-		t.Fatalf("expected no error")
-	}
-	if cert == nil {
-		t.Fatalf("expected client cert")
-	}
+	assert.Nil(err)
+	assert.NotNil(cert)
 }
 
 func startTLSServer(config *Config) (net.Conn, chan error) {

nomad/config.go

@@ -6,7 +6,6 @@ import (
 	"net"
 	"os"
 	"runtime"
-	"sync"
 	"time"
 
 	"github.com/hashicorp/memberlist"
@@ -58,8 +57,6 @@ type Config struct {
 	// must be handled via `atomic.*Int32()` calls.
 	BootstrapExpect int32
 
-	configLock sync.RWMutex
-
 	// DataDir is the directory to store our state in
 	DataDir string