address comments

Signed-off-by: lhy1024 <admin@liudos.us>
etcd-io · Jun 3, 2024 · a9d9526 · a9d9526
1 parent e781cad
commit a9d9526
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/server/embed/config.go b/server/embed/config.go
@@ -663,7 +663,7 @@ func (cfg *Config) AddFlags(fs *flag.FlagSet) {
 	fs.StringVar(&cfg.ClientTLSInfo.ClientKeyFile, "client-key-file", "", "Path to an explicit peer client TLS key file otherwise key file will be used when client auth is required.")
 	fs.BoolVar(&cfg.ClientTLSInfo.ClientCertAuth, "client-cert-auth", false, "Enable client cert authentication.")
 	fs.StringVar(&cfg.ClientTLSInfo.CRLFile, "client-crl-file", "", "Path to the client certificate revocation list file.")
-	fs.Var(flags.NewStringsValue(""), "client-cert-allowed-hostname", "Comma-delimited SAN hostnames for client cert authentication.")
+	fs.Var(flags.NewStringsValue(""), "client-cert-allowed-hostname", "Comma-separated list of allowed SAN hostnames for client cert authentication.")
 	fs.StringVar(&cfg.ClientTLSInfo.TrustedCAFile, "trusted-ca-file", "", "Path to the client server TLS trusted CA cert file.")
 	fs.BoolVar(&cfg.ClientAutoTLS, "auto-tls", false, "Client TLS using generated certificates")
 	fs.StringVar(&cfg.PeerTLSInfo.CertFile, "peer-cert-file", "", "Path to the peer server TLS cert file.")

diff --git a/server/etcdmain/help.go b/server/etcdmain/help.go
@@ -184,7 +184,7 @@ Security:
   --client-crl-file ''
     Path to the client certificate revocation list file.
   --client-cert-allowed-hostname ''
-    Comma-delimited SAN hostnames for client cert authentication.
+    Comma-separated list of SAN hostnames for client cert authentication.
   --trusted-ca-file ''
     Path to the client server TLS trusted CA cert file.
   --auto-tls 'false'

diff --git a/tests/e2e/etcd_config_test.go b/tests/e2e/etcd_config_test.go
@@ -237,7 +237,7 @@ func TestEtcdPeerMultiCNAuth(t *testing.T) {
 		switch i {
 		case 0:
 			args = []string{
-				"--peer-cert-file", e2e.CertPath,
+				"--peer-cert-file", e2e.CertPath, // server.crt has CN "example.com".
 				"--peer-key-file", e2e.PrivateKeyPath,
 				"--peer-client-cert-file", e2e.CertPath,
 				"--peer-client-key-file", e2e.PrivateKeyPath,
@@ -247,7 +247,7 @@ func TestEtcdPeerMultiCNAuth(t *testing.T) {
 			}
 		case 1:
 			args = []string{
-				"--peer-cert-file", e2e.CertPath2,
+				"--peer-cert-file", e2e.CertPath2, // server2.crt has CN "example2.com".
 				"--peer-key-file", e2e.PrivateKeyPath2,
 				"--peer-client-cert-file", e2e.CertPath2,
 				"--peer-client-key-file", e2e.PrivateKeyPath2,
@@ -257,7 +257,7 @@ func TestEtcdPeerMultiCNAuth(t *testing.T) {
 			}
 		default:
 			args = []string{
-				"--peer-cert-file", e2e.CertPath3,
+				"--peer-cert-file", e2e.CertPath3, // server3.crt has CN "ca".
 				"--peer-key-file", e2e.PrivateKeyPath3,
 				"--peer-client-cert-file", e2e.CertPath3,
 				"--peer-client-key-file", e2e.PrivateKeyPath3,