Skip to content

Warn on TLS skip-verify at startup and SIGHUP reload (#185)#200

Merged
ikaro1192 merged 1 commit into
mainfrom
worktree-fix-185
Apr 19, 2026
Merged

Warn on TLS skip-verify at startup and SIGHUP reload (#185)#200
ikaro1192 merged 1 commit into
mainfrom
worktree-fix-185

Conversation

@ikaro1192

@ikaro1192 ikaro1192 commented Apr 19, 2026

Copy link
Copy Markdown
Owner

Summary

  • Emit a WARN log for each cluster configured with tls.mode: skip-verify, both when initCluster runs at startup and when reloadConfigOnce handles a SIGHUP, so development-only settings cannot silently ship to production
  • Extract the detection as a pure helper (isSkipVerify) with a separate message builder (skipVerifyWarningMessage) — unit-tested in test/PureMyHA/ConfigSpec.hs
  • Add E2E test 29-tls-skip-verify-warn.sh (run under the TLS overlay) that asserts the WARN appears on startup and is re-emitted on SIGHUP reload
  • Document the new behaviour in README.md, docs/configuration.md, docs/features.md, and config/config.yaml.example
  • Add placeholder e2e/config/tls/ so the nested bind mount from docker-compose.tls.yml succeeds over the base ./config:/etc/puremyha:ro read-only mount

Closes #185.

Test plan

  • cabal build all
  • cabal test — 610/610 pass (9 new cases: 5 for isSkipVerify, 4 for skipVerifyWarningMessage)
  • e2e/run-tls.sh — test 15 (5/5) and test 29 (3/3) pass; SIGHUP WARN count transitions 1 → 2 as expected
  • Reviewer: verify git log --grep 'skip-verify' shows the new commit only under this branch

🤖 Generated with Claude Code

@ikaro1192 @claude
Warn on TLS skip-verify at startup and SIGHUP reload (#185)
c9b5c6c 
skip-verify disables MySQL server certificate validation, which is
useful for development but unsafe in production. Previously the
setting was accepted silently, so operators had no signal that a
test-only config had shipped.

The daemon now emits a prominent WARN log line for each cluster
configured with skip-verify, both when initCluster runs at startup
and when reloadConfigOnce handles a SIGHUP. The detection lives in
a pure helper (isSkipVerify) so it is easy to unit test.

Also adds an E2E test (29-tls-skip-verify-warn.sh) that runs under
the TLS overlay and asserts the WARN appears on startup and is
re-emitted on SIGHUP. An empty e2e/config/tls/ placeholder makes
the nested bind mount from docker-compose.tls.yml succeed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@codecov

codecov Bot commented Apr 19, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.14%. Comparing base (6b49ca5) to head (c9b5c6c).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #200      +/-   ##
==========================================
+ Coverage   97.13%   97.14%   +0.01%     
==========================================
  Files          50       50              
  Lines        8035     8066      +31     
==========================================
+ Hits         7805     7836      +31     
  Misses        230      230

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@ikaro1192 ikaro1192 merged commit 3ec15dd into main Apr 19, 2026
9 checks passed
@ikaro1192 ikaro1192 deleted the worktree-fix-185 branch April 19, 2026 02:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security: TLSSkipVerify allowed without startup warning

1 participant

@ikaro1192