Fix panic in etcd validate secure endpoints #13810

[eval-exec]

This pr fix #13810

etcd/client/pkg/transport/transport.go

Lines 33 to 43 in 1b208aa

	t := &http.Transport{
	Proxy: http.ProxyFromEnvironment,
	DialContext: (&net.Dialer{
	Timeout: dialtimeoutd,
	// value taken from http.DefaultTransport
	KeepAlive: 30 * time.Second,
	}).DialContext,
	// value taken from http.DefaultTransport
	TLSHandshakeTimeout: 10 * time.Second,
	TLSClientConfig: cfg,
	}

In etcd/client/pkg/transport/tls.go:
ValidateSecureEndpoints() should call t.DialContext() instead of t.Dial(), because t.Dial is nil

[serathius]

Can you add a test?

[codecov-commenter]

Codecov Report

Merging #13824 (e2e38bf) into main (1b208aa) will decrease coverage by 0.32%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main   #13824      +/-   ##
==========================================
- Coverage   72.72%   72.39%   -0.33%     
==========================================
  Files         467      467              
  Lines       38280    38282       +2     
==========================================
- Hits        27839    27716     -123     
- Misses       8662     8766     +104     
- Partials     1779     1800      +21     

Flag	Coverage Δ
all	72.39% <ø> (-0.33%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
etcdctl/ctlv3/command/compaction_command.go	30.43% <0.00%> (-43.48%)	⬇️
etcdctl/ctlv3/command/alarm_command.go	51.35% <0.00%> (-27.03%)	⬇️
server/storage/quota.go	57.89% <0.00%> (-9.22%)	⬇️
server/auth/simple_token.go	80.00% <0.00%> (-8.47%)	⬇️
server/storage/mvcc/watchable_store.go	85.14% <0.00%> (-7.61%)	⬇️
client/pkg/v3/fileutil/purge.go	66.03% <0.00%> (-7.55%)	⬇️
server/etcdserver/api/v3rpc/lease.go	77.21% <0.00%> (-5.07%)	⬇️
client/v3/concurrency/session.go	88.63% <0.00%> (-4.55%)	⬇️
client/pkg/v3/testutil/leak.go	62.83% <0.00%> (-4.43%)	⬇️
client/v3/leasing/cache.go	87.77% <0.00%> (-3.89%)	⬇️
... and 24 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1b208aa...e2e38bf. Read the comment docs.

[eval-exec]

Can you add a test?

Yes, I will add a test today.

[eval-exec]

Can you add a test?

Test for ValidateSecureEndpoints() added.

[serathius]

LGTM, confirmed that Dial is deprecated and not used by NewTransport

[serathius]

cc @ahrtr @ptabor @spzala

[serathius]

Looks like you sequentially test different cases, fist insecure later secure, also you don't have you considered using subtests?

[eval-exec]

OK, I will using subtests.

[serathius]

Can you test case with insecure endpoint that passes?

[eval-exec]

Test for ValidateSecureEndpoints() updated.

[ahrtr]

LGTM

The only minor concern is the unit test. subtest is better, but since there is only two cases, and they share the same http server, so I am OK.

[serathius]

This if is not needed, you can still check endpoints. in case mixEndPoints you specified both expectedEndpoints and expectErr true, which is misleading as this if will result in endpoints not being verified.

[serathius]

DeepEqual should already test if length matches.

[eval-exec]

Thank you, I removed secureEps's length check.

[spzala]

lgtm
Running workflow. Thanks @eval-exec

[eval-exec]

@serathius I rebased branch (eval-exec:patch-1), please approve running workflows.