Allow test nodes to enable TLS client

system_test/cluster_test.go

@@ -494,14 +494,17 @@ func Test_MultiNodeClusterBootstrapLaterJoin(t *testing.T) {
 func Test_MultiNodeClusterBootstrapLaterJoinTLS(t *testing.T) {
 	node1 := mustNewNodeEncrypted(false, true, true)
 	node1.Store.BootstrapExpect = 3
+	node1.EnableTLSClient()
 	defer node1.Deprovision()
 
 	node2 := mustNewNodeEncrypted(false, true, true)
 	node2.Store.BootstrapExpect = 3
+	node2.EnableTLSClient()
 	defer node2.Deprovision()
 
 	node3 := mustNewNodeEncrypted(false, true, true)
 	node3.Store.BootstrapExpect = 3
+	node3.EnableTLSClient()
 	defer node3.Deprovision()
 
 	provider := cluster.NewAddressProviderString(
@@ -568,6 +571,7 @@ func Test_MultiNodeClusterBootstrapLaterJoinTLS(t *testing.T) {
 	// params. Under the covers it should just do a join.
 	node4 := mustNewNodeEncrypted(false, true, true)
 	node4.Store.BootstrapExpect = 3
+	node4.EnableTLSClient()
 	defer node3.Deprovision()
 	node4Bs := cluster.NewBootstrapper(provider, node3.Client)
 	node4Bs.Interval = time.Second

system_test/helpers.go

@@ -197,6 +197,14 @@ func (n *Node) Noop(id string) error {
 	return n.Store.Noop(id)
 }
 
+// EnableTLSClient enables TLS support for the node's cluster client.
+func (n *Node) EnableTLSClient() {
+	tlsConfig := mustCreateTLSConfig(n.NodeCertPath, n.NodeKeyPath, "")
+	clsterDialer := tcp.NewDialer(cluster.MuxClusterHeader, tlsConfig)
+	clsterClient := cluster.NewClient(clsterDialer, 30*time.Second)
+	n.Client = clsterClient
+}
+
 // Join instructs this node to join the leader.
 func (n *Node) Join(leader *Node) error {
 	joiner := cluster.NewJoiner(n.Client, 3, 1*time.Second)

tcp/mux.go

@@ -148,9 +148,14 @@ func (mux *Mux) Serve() error {
 
 // Stats returns status of the mux.
 func (mux *Mux) Stats() (interface{}, error) {
+	e := "disabled"
+	if mux.tlsConfig != nil {
+		e = "enabled"
+	}
 	s := map[string]string{
 		"addr":    mux.addr.String(),
 		"timeout": mux.Timeout.String(),
+		"tls":     e,
 	}
 
 	return s, nil