add tls min/max version to grpc proxy

[tjungblu]

This adds the min and max TLS version support from #13506 and #15156 to the grpc proxy.

Fixes #13506

Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 6.45161% with 29 lines in your changes missing coverage. Please review.

Project coverage is 68.74%. Comparing base (7ab7612) to head (fac1dfb).

❗ Current head fac1dfb differs from pull request most recent head 617f357

Please upload reports for the commit 617f357 to get more accurate results.

Files with missing lines	Patch %	Lines
server/etcdmain/grpc_proxy.go	6.45%	29 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

Files with missing lines	Coverage Δ
server/etcdmain/grpc_proxy.go	14.52% <6.45%> (-0.53%)	⬇️

... and 22 files with indirect coverage changes

@@            Coverage Diff             @@
##             main   #18816      +/-   ##
==========================================
+ Coverage   68.72%   68.74%   +0.02%     
==========================================
  Files         420      420              
  Lines       35532    35558      +26     
==========================================
+ Hits        24418    24444      +26     
  Misses       9681     9681              
  Partials     1433     1433              

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7ab7612...617f357. Read the comment docs.

[ahrtr]

LGTM

The change looks good, but unfortunately there is no test cases.

[tjungblu]

happy to add some in a separate PR, because for grpc proxy we have almost nothing 🙀

[tjungblu]

just added a basic e2e that those flags work for starting the proxy process

[tjungblu]

/retest

[jmhbnz]

/retest

[ivanvc]

/retest

[ivanvc]

Tests are green, @ahrtr, do you want to take a look at @tjungblu's e2e tests?

[jmhbnz]

LGTM - Thanks for addressing this gap @tjungblu

Would be great to get some additional test scenario coverage added in follow-up.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahrtr, jmhbnz, tjungblu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ahrtr,jmhbnz]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ivanvc]

Minor nit: this should be named TestGRPCProxyTLSVersions

Suggested change

	func TestGrpcProxyTlsVersions(t *testing.T) {
	func TestGRPCProxyTLSVersions(t *testing.T) {

[ahrtr]

Agreed. But unfortunately it isn't detected by the linters.

[tjungblu]

scratch my previous comments, the linter doesn't seem to run on the e2e folder?

[ahrtr]

The tests is already in the list. Anyway, could anyone raise a followup task and get it sorted out? thx

etcd/scripts/test_lib.sh

Line 169 in 12b47c2

echo "api pkg client/pkg client/internal/v2 client/v3 server etcdutl etcdctl tests tools/mod tools/rw-heatmaps tools/testgrid-analysis ."

[tjungblu]

fixed the naming manually now. I'm not able to even run the linter locally without OOMing my 64gig machine LOL

[tjungblu ~/git/etcd/tests]$ golangci-lint run --config /home/tjungblu/git/etcd/tools/.golangci.yaml
Killed

[ivanvc]

Sorry, I was checking this and forgot to finish my reply. I'm unsure why golangci-lint is getting OOMKilled in your machine. It works for me. However, for some reason, it does not pick up the names of the functions inside test files. I'll follow up this on an issue soon.

[ivanvc]

Raised mgechev/revive#1124. The issue seems to be in the revive linter.

[ivanvc]

Heads up: The linter won't check test file functions, as mentioned in mgechev/revive#1124 (comment), and there doesn't seem an interest by the maintainers to support them. I raised PR mgechev/revive#1134 to document this behavior (already merged).

[tjungblu]

@ivanvc / @jmhbnz / @ahrtr all good here? any other concerns?

[ivanvc]

This LGTM from the code point of view. I'm not an expert in this area. Thanks, Thomas.

[tjungblu]

Thank you both, I'd like to point you to the 3.5 backport as well:
#18829