Easy-to-configure TLS and Mutual TLS client connections

[dgutierrez-stratio]

Provides support for TLS connections to etcd (non mutual and mutual TLS) by using Java's Truststore and Keystore mechanisms. Etcd clients can now be configured as follows

EtcdClient etcd = new EtcdClient(SecurityContextBuilder.forKeystoreAndTruststore(
                "/keystore.jks",
                "keystore_pass",
                "/truststore.jks",
                "truststore_pass"
        ), new URI("https://127.0.0.1:2379"));

[lburgazzoli]

would it be possible to include a proper ssl test ?

[dgutierrez-stratio]

Yes, that's probably a good idea. But I'd work first on mocking etcd for every test.. I'll see what I can do!

[dgutierrez-stratio]

Hi, I've refactored the test suite, but it requires an external etcd with security enabled. In order for these tests to work we need

1. External Etcd server with security enabled
2. Truststore and keystore for the test suite, trusted by the Etcd server

How do you propose to resolve this issue?

[lburgazzoli]

the task dockerTest executes the test against an etcd instance running in docker so an additional instance with ssl configured can be started, you should include a script/gradle-task to generate the jks. the keystore can be included in src/test/resources or generated on demand if there is a dedicated gradle task

[dgutierrez-stratio]

Done! Check it out please. I've tested it and everyting runs fine in our servers

[lburgazzoli]

Just some minor notes:

• would it be possible to include a script to generate the certs ?
• can you squash your commits in a single one ?

[dgutierrez-stratio]

I can provide an example script under resources/certs of how I generated those certificates, but I can't spend any more time making a gradle task generate them on demand, sorry

[lburgazzoli]

That would be more than enough,thx

[dgutierrez-stratio]

Squashed! Thank you for your help!