address comment

Author: ZetaoZhuang

cns/service.go

@@ -28,7 +28,7 @@ const (
 	genericData          = "com.microsoft.azure.network.generic"
 )
 
-var errBootConfig = errors.New("configuration error")
+var errTLSConfig = errors.New("unsupported TLS version name from config")
 
 // Service defines Container Networking Service.
 type Service struct {
@@ -181,9 +181,9 @@ func getTLSConfigFromFile(tlsSettings localtls.TlsSettings) (*tls.Config, error)
 		PrivateKey:  privateKey,
 		Leaf:        leafCertificate,
 	}
-	minTLSVersionNumber, err := TLSVersionNumber(tlsSettings.MinTLSVersion)
+	minTLSVersionNumber, err := parseTLSVersionName(tlsSettings.MinTLSVersion)
 	if err != nil {
-		return nil, errors.Wrap(err, "MinTLSVersion is not valid")
+		return nil, errors.Wrap(err, "parsing MinTLSVersion from config")
 	}
 
 	tlsConfig := &tls.Config{
@@ -232,9 +232,9 @@ func getTLSConfigFromKeyVault(tlsSettings localtls.TlsSettings, errChan chan<- e
 		errChan <- cr.Refresh(ctx, tlsSettings.KeyVaultCertificateRefreshInterval)
 	}()
 
-	minTLSVersionNumber, err := TLSVersionNumber(tlsSettings.MinTLSVersion)
+	minTLSVersionNumber, err := parseTLSVersionName(tlsSettings.MinTLSVersion)
 	if err != nil {
-		return nil, errors.Wrap(err, "MinTLSVersion is not valid")
+		return nil, errors.Wrap(err, "parsing MinTLSVersion from config")
 	}
 
 	tlsConfig := tls.Config{
@@ -328,19 +328,15 @@ func (service *Service) SendErrorResponse(w http.ResponseWriter, errMsg error) {
 	logger.Errorf("[%s] %+v %s.", service.Name, &resp, err.Error())
 }
 
-// TLSVersionNumber returns the version number for the provided TLS version name
+// parseTLSVersionName returns the version number for the provided TLS version name
 // (e.g. 0x0301)
-func TLSVersionNumber(versionName string) (uint16, error) {
+func parseTLSVersionName(versionName string) (uint16, error) {
 	switch versionName {
-	case "TLS 1.0":
-		return tls.VersionTLS10, nil
-	case "TLS 1.1":
-		return tls.VersionTLS11, nil
 	case "TLS 1.2":
 		return tls.VersionTLS12, nil
 	case "TLS 1.3":
 		return tls.VersionTLS13, nil
 	default:
-		return 0, errors.Wrap(errBootConfig, "unsupported TLS version name")
+		return 0, errors.Wrapf(errTLSConfig, "version name %s", versionName)
 	}
 }

cns/service_test.go

@@ -95,7 +95,7 @@ func TestNewService(t *testing.T) {
 		err = svc.StartListener(config)
 		require.NoError(t, err)
 
-		minTLSVersionNumber, err := TLSVersionNumber(config.TLSSettings.MinTLSVersion)
+		minTLSVersionNumber, err := parseTLSVersionName(config.TLSSettings.MinTLSVersion)
 		require.NoError(t, err)
 
 		tlsClient := &http.Client{
@@ -329,15 +329,28 @@ func createTestCertificate(t *testing.T) string {
 }
 
 func TestTLSVersionNumber(t *testing.T) {
-	t.Run("unsupported ServerSettings.MinTLSVersion", func(t *testing.T) {
-		versionNumber, err := TLSVersionNumber("TLS 1.4")
+	t.Run("unsupported ServerSettings.MinTLSVersion TLS 1.0", func(t *testing.T) {
+		versionNumber, err := parseTLSVersionName("TLS 1.0")
+		require.Equal(t, uint16(0), versionNumber)
+		require.Error(t, err)
+		require.ErrorContains(t, err, "unsupported TLS version name")
+	})
+
+	t.Run("unsupported ServerSettings.MinTLSVersion TLS 1.1", func(t *testing.T) {
+		versionNumber, err := parseTLSVersionName("TLS 1.1")
+		require.Equal(t, uint16(0), versionNumber)
+		require.Error(t, err)
+		require.ErrorContains(t, err, "unsupported TLS version name")
+	})
+	t.Run("unsupported ServerSettings.MinTLSVersion TLS 1.4", func(t *testing.T) {
+		versionNumber, err := parseTLSVersionName("TLS 1.4")
 		require.Equal(t, uint16(0), versionNumber)
 		require.Error(t, err)
 		require.ErrorContains(t, err, "unsupported TLS version name")
 	})
 
 	t.Run("valid ServerSettings.MinTLSVersion", func(t *testing.T) {
-		versionNumber, err := TLSVersionNumber("TLS 1.2")
+		versionNumber, err := parseTLSVersionName("TLS 1.2")
 		require.Equal(t, uint16(tls.VersionTLS12), versionNumber)
 		require.NoError(t, err)
 	})