Pin provider TLS asset filenames

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

providers/v2/common/grpc/server/tls.go

@@ -47,13 +47,13 @@ type TLSConfig struct {
 }
 
 // DefaultTLSConfig returns a TLSConfig with default values.
-// Values can be overridden via TLS_CERT_DIR, TLS_CA_CERT_FILE, TLS_CERT_FILE, and TLS_KEY_FILE.
+// TLS_CERT_DIR can override the directory that contains the provider TLS assets.
 func DefaultTLSConfig() *TLSConfig {
 	return &TLSConfig{
 		CertDir:    getEnvOrDefault("TLS_CERT_DIR", DefaultCertDir),
-		CACertFile: getEnvOrDefault("TLS_CA_CERT_FILE", DefaultCACertFile),
-		CertFile:   getEnvOrDefault("TLS_CERT_FILE", DefaultCertFile),
-		KeyFile:    getEnvOrDefault("TLS_KEY_FILE", DefaultKeyFile),
+		CACertFile: DefaultCACertFile,
+		CertFile:   DefaultCertFile,
+		KeyFile:    DefaultKeyFile,
 	}
 }
 

providers/v2/common/grpc/server/tls_test.go

@@ -21,6 +21,28 @@ import (
 	"testing"
 )
 
+func TestDefaultTLSConfigUsesFixedTLSFilenames(t *testing.T) {
+	t.Setenv("TLS_CERT_DIR", "/custom/certs")
+	t.Setenv("TLS_CA_CERT_FILE", "custom-ca.pem")
+	t.Setenv("TLS_CERT_FILE", "custom-cert.pem")
+	t.Setenv("TLS_KEY_FILE", "custom-key.pem")
+
+	got := DefaultTLSConfig()
+
+	if got.CertDir != "/custom/certs" {
+		t.Fatalf("DefaultTLSConfig() cert dir = %q, want %q", got.CertDir, "/custom/certs")
+	}
+	if got.CACertFile != DefaultCACertFile {
+		t.Fatalf("DefaultTLSConfig() CA file = %q, want %q", got.CACertFile, DefaultCACertFile)
+	}
+	if got.CertFile != DefaultCertFile {
+		t.Fatalf("DefaultTLSConfig() cert file = %q, want %q", got.CertFile, DefaultCertFile)
+	}
+	if got.KeyFile != DefaultKeyFile {
+		t.Fatalf("DefaultTLSConfig() key file = %q, want %q", got.KeyFile, DefaultKeyFile)
+	}
+}
+
 func TestResolveCertPath(t *testing.T) {
 	t.Parallel()