hyperledger · dean-amar · Mar 17, 2026 · Mar 3, 2026 · Mar 3, 2026 · Mar 3, 2026
diff --git a/cmd/config/app_config_test.go b/cmd/config/app_config_test.go
@@ -30,31 +30,18 @@ import (
 	"github.com/hyperledger/fabric-x-committer/utils/dbconn"
 	"github.com/hyperledger/fabric-x-committer/utils/ordererconn"
 	"github.com/hyperledger/fabric-x-committer/utils/signature"
+	"github.com/hyperledger/fabric-x-committer/utils/test"
 )
 
-var (
-	defaultServerTLSConfig = connection.TLSConfig{
-		Mode:     connection.MutualTLSMode,
-		CertPath: "/server-certs/public-key.pem",
-		KeyPath:  "/server-certs/private-key.pem",
-		CACertPaths: []string{
-			"/server-certs/ca-certificate.pem",
-		},
-	}
-	defaultClientTLSConfig = connection.TLSConfig{
-		Mode:     connection.MutualTLSMode,
-		CertPath: "/client-certs/public-key.pem",
-		KeyPath:  "/client-certs/private-key.pem",
-		CACertPaths: []string{
-			"/client-certs/ca-certificate.pem",
-		},
-	}
-)
+const artifactsPath = "/root/artifacts"
 
-const ordererRootCA = "/client-certs/orderer-ca-certificate.pem"
+var ordererRootCAs = []string{
+	filepath.Join(artifactsPath, test.OrdererRootCATLSPath),
+}
 
 func TestReadConfigSidecar(t *testing.T) {
 	t.Parallel()
+	sidecarTLSCreds := test.NewServiceTLSConfig(artifactsPath, "sidecar", connection.MutualTLSMode)
 	tests := []struct {
 		name           string
 		configFilePath string
@@ -92,7 +79,7 @@ func TestReadConfigSidecar(t *testing.T) {
 		expectedConfig: &sidecar.Config{
 			Server: &connection.ServerConfig{
 				Endpoint: *newEndpoint("", 4001),
-				TLS:      defaultServerTLSConfig,
+				TLS:      sidecarTLSCreds,
 				KeepAlive: &connection.ServerKeepAliveConfig{
 					Params: &connection.ServerKeepAliveParamsConfig{
 						Time:    300 * time.Second,
@@ -105,26 +92,25 @@ func TestReadConfigSidecar(t *testing.T) {
 				},
 				MaxConcurrentStreams: 10,
 			},
-			Monitoring: newServerConfigWithDefaultTLS(2114),
+			Monitoring: newServerConfigWithDefaultTLS("sidecar", 2114),
 			Orderer: ordererconn.Config{
 				ChannelID: "mychannel",
 				TLS: ordererconn.OrdererTLSConfig{
-					Mode:              defaultClientTLSConfig.Mode,
-					KeyPath:           defaultClientTLSConfig.KeyPath,
-					CertPath:          defaultClientTLSConfig.CertPath,
-					CommonCACertPaths: defaultClientTLSConfig.CACertPaths,
+					Mode:     sidecarTLSCreds.Mode,
+					KeyPath:  sidecarTLSCreds.KeyPath,
+					CertPath: sidecarTLSCreds.CertPath,
 				},
 				Organizations: map[string]*ordererconn.OrganizationConfig{
 					"org0": {
 						Endpoints: []*commontypes.OrdererEndpoint{
 							newOrdererEndpoint("", "orderer"),
 						},
-						CACerts: defaultClientTLSConfig.CACertPaths,
+						CACerts: ordererRootCAs,
 					},
 				},
 				Identity: newIdentityConfig(),
 			},
-			Committer: newClientConfigWithDefaultTLS("coordinator", 9001),
+			Committer: newClientConfigWithDefaultTLS("coordinator", "sidecar", 9001),
 			Ledger: sidecar.LedgerConfig{
 				Path:         "/root/sc/ledger",
 				SyncInterval: 100,
@@ -142,13 +128,13 @@ func TestReadConfigSidecar(t *testing.T) {
 			},
 		},
 	}}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 			v := NewViperWithSidecarDefaults()
-			c, err := ReadSidecarYamlAndSetupLogging(v, tt.configFilePath)
+			c, err := ReadSidecarYamlAndSetupLogging(v, tc.configFilePath)
 			require.NoError(t, err)
-			require.Equal(t, tt.expectedConfig, c)
+			require.Equal(t, tc.expectedConfig, c)
 		})
 	}
 }
@@ -175,10 +161,10 @@ func TestReadConfigCoordinator(t *testing.T) {
 		name:           "sample",
 		configFilePath: "samples/coordinator.yaml",
 		expectedConfig: &coordinator.Config{
-			Server:             newServerConfigWithDefaultTLS(9001),
-			Monitoring:         newServerConfigWithDefaultTLS(2119),
-			Verifier:           newMultiClientConfigWithDefaultTLS("verifier", 5001),
-			ValidatorCommitter: newMultiClientConfigWithDefaultTLS("vc", 6001),
+			Server:             newServerConfigWithDefaultTLS("coordinator", 9001),
+			Monitoring:         newServerConfigWithDefaultTLS("coordinator", 2119),
+			Verifier:           newMultiClientConfigWithDefaultTLS("verifier", "coordinator", 5001),
+			ValidatorCommitter: newMultiClientConfigWithDefaultTLS("vc", "coordinator", 6001),
 			DependencyGraph: &coordinator.DependencyGraphConfig{
 				NumOfLocalDepConstructors: 1,
 				WaitingTxsLimit:           100_000,
@@ -187,14 +173,13 @@ func TestReadConfigCoordinator(t *testing.T) {
 		},
 	}}
 
-	for _, test := range tests {
-		tt := test
-		t.Run(tt.name, func(t *testing.T) {
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 			v := NewViperWithCoordinatorDefaults()
-			c, err := ReadCoordinatorYamlAndSetupLogging(v, tt.configFilePath)
+			c, err := ReadCoordinatorYamlAndSetupLogging(v, tc.configFilePath)
 			require.NoError(t, err)
-			require.Equal(t, tt.expectedConfig, c)
+			require.Equal(t, tc.expectedConfig, c)
 		})
 	}
 }
@@ -224,8 +209,8 @@ func TestReadConfigVC(t *testing.T) {
 		name:           "sample",
 		configFilePath: "samples/vc.yaml",
 		expectedConfig: &vc.Config{
-			Server:     newServerConfigWithDefaultTLS(6001),
-			Monitoring: newServerConfigWithDefaultTLS(2116),
+			Server:     newServerConfigWithDefaultTLS("vc", 6001),
+			Monitoring: newServerConfigWithDefaultTLS("vc", 2116),
 			Database:   defaultSampleDBConfig(),
 			ResourceLimits: &vc.ResourceLimitsConfig{
 				MaxWorkersForPreparer:             1,
@@ -237,14 +222,13 @@ func TestReadConfigVC(t *testing.T) {
 		},
 	}}
 
-	for _, test := range tests {
-		tt := test
-		t.Run(tt.name, func(t *testing.T) {
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 			v := NewViperWithVCDefaults()
-			c, err := ReadVCYamlAndSetupLogging(v, tt.configFilePath)
+			c, err := ReadVCYamlAndSetupLogging(v, tc.configFilePath)
 			require.NoError(t, err)
-			require.Equal(t, tt.expectedConfig, c)
+			require.Equal(t, tc.expectedConfig, c)
 		})
 	}
 }
@@ -272,8 +256,8 @@ func TestReadConfigVerifier(t *testing.T) {
 		name:           "sample",
 		configFilePath: "samples/verifier.yaml",
 		expectedConfig: &verifier.Config{
-			Server:     newServerConfigWithDefaultTLS(5001),
-			Monitoring: newServerConfigWithDefaultTLS(2115),
+			Server:     newServerConfigWithDefaultTLS("verifier", 5001),
+			Monitoring: newServerConfigWithDefaultTLS("verifier", 2115),
 			ParallelExecutor: verifier.ExecutorConfig{
 				BatchSizeCutoff:   50,
 				BatchTimeCutoff:   10 * time.Millisecond,
@@ -283,14 +267,13 @@ func TestReadConfigVerifier(t *testing.T) {
 		},
 	}}
 
-	for _, test := range tests {
-		tt := test
-		t.Run(tt.name, func(t *testing.T) {
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 			v := NewViperWithVerifierDefaults()
-			c, err := ReadVerifierYamlAndSetupLogging(v, tt.configFilePath)
+			c, err := ReadVerifierYamlAndSetupLogging(v, tc.configFilePath)
 			require.NoError(t, err)
-			require.Equal(t, tt.expectedConfig, c)
+			require.Equal(t, tc.expectedConfig, c)
 		})
 	}
 }
@@ -326,8 +309,8 @@ func TestReadConfigQuery(t *testing.T) {
 		name:           "sample",
 		configFilePath: "samples/query.yaml",
 		expectedConfig: &query.Config{
-			Server:                newServerConfigWithDefaultTLS(7001),
-			Monitoring:            newServerConfigWithDefaultTLS(2117),
+			Server:                newServerConfigWithDefaultTLS("query", 7001),
+			Monitoring:            newServerConfigWithDefaultTLS("query", 2117),
 			Database:              defaultSampleDBConfig(),
 			MinBatchKeys:          1024,
 			MaxBatchWait:          100 * time.Millisecond,
@@ -339,20 +322,20 @@ func TestReadConfigQuery(t *testing.T) {
 		},
 	}}
 
-	for _, test := range tests {
-		tt := test
-		t.Run(tt.name, func(t *testing.T) {
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 			v := NewViperWithQueryDefaults()
-			c, err := ReadQueryYamlAndSetupLogging(v, tt.configFilePath)
+			c, err := ReadQueryYamlAndSetupLogging(v, tc.configFilePath)
 			require.NoError(t, err)
-			require.Equal(t, tt.expectedConfig, c)
+			require.Equal(t, tc.expectedConfig, c)
 		})
 	}
 }
 
 func TestReadConfigLoadGen(t *testing.T) {
 	t.Parallel()
+	loadgenTLSCreds := test.NewServiceTLSConfig(artifactsPath, "loadgen", connection.MutualTLSMode)
 	tests := []struct {
 		name           string
 		configFilePath string
@@ -370,10 +353,10 @@ func TestReadConfigLoadGen(t *testing.T) {
 		name:           "sample",
 		configFilePath: "samples/loadgen.yaml",
 		expectedConfig: &loadgen.ClientConfig{
-			Server:     newServerConfigWithDefaultTLS(8001),
+			Server:     newServerConfigWithDefaultTLS("loadgen", 8001),
 			HTTPServer: newServerConfig("", 6997),
 			Monitoring: metrics.Config{
-				ServerConfig: *newServerConfigWithDefaultTLS(2118),
+				ServerConfig: *newServerConfigWithDefaultTLS("loadgen", 2118),
 				Latency: metrics.LatencyConfig{
 					SamplerConfig: metrics.SamplerConfig{
 						Portion: 0.01,
@@ -387,23 +370,22 @@ func TestReadConfigLoadGen(t *testing.T) {
 			},
 			Adapter: adapters.AdapterConfig{
 				OrdererClient: &adapters.OrdererClientConfig{
-					SidecarClient: newClientConfigWithDefaultTLS("sidecar", 4001),
+					SidecarClient: newClientConfigWithDefaultTLS("sidecar", "loadgen", 4001),
 					Orderer: ordererconn.Config{
 						ChannelID:     "mychannel",
 						ConsensusType: ordererconn.Bft,
 						Identity:      newIdentityConfig(),
 						TLS: ordererconn.OrdererTLSConfig{
-							Mode:              defaultClientTLSConfig.Mode,
-							KeyPath:           defaultClientTLSConfig.KeyPath,
-							CertPath:          defaultClientTLSConfig.CertPath,
-							CommonCACertPaths: defaultClientTLSConfig.CACertPaths,
+							Mode:     loadgenTLSCreds.Mode,
+							KeyPath:  loadgenTLSCreds.KeyPath,
+							CertPath: loadgenTLSCreds.CertPath,
 						},
 						Organizations: map[string]*ordererconn.OrganizationConfig{
 							"org0": {
 								Endpoints: []*commontypes.OrdererEndpoint{
 									newOrdererEndpoint("", "orderer"),
 								},
-								CACerts: []string{ordererRootCA},
+								CACerts: ordererRootCAs,
 							},
 						},
 					},
@@ -454,14 +436,13 @@ func TestReadConfigLoadGen(t *testing.T) {
 		},
 	}}
 
-	for _, test := range tests {
-		tt := test
-		t.Run(tt.name, func(t *testing.T) {
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 			v := NewViperWithLoadGenDefaults()
-			c, err := ReadLoadGenYamlAndSetupLogging(v, tt.configFilePath)
+			c, err := ReadLoadGenYamlAndSetupLogging(v, tc.configFilePath)
 			require.NoError(t, err)
-			require.Equal(t, tt.expectedConfig, c)
+			require.Equal(t, tc.expectedConfig, c)
 		})
 	}
 }
@@ -488,7 +469,7 @@ func defaultSampleDBConfig() *vc.DatabaseConfig {
 		Database:  "yugabyte",
 		TLS: dbconn.DatabaseTLSConfig{
 			Mode:       connection.OneSideTLSMode,
-			CACertPath: "/server-certs/ca-certificate.pem",
+			CACertPath: filepath.Join(artifactsPath, test.OrgRootCA),
 		},
 		MaxConnections: 10,
 		MinConnections: 5,
@@ -503,26 +484,26 @@ func defaultSampleDBConfig() *vc.DatabaseConfig {
 	}
 }
 
-func newClientConfigWithDefaultTLS(host string, port int) *connection.ClientConfig {
+func newClientConfigWithDefaultTLS(host, fromService string, port int) *connection.ClientConfig {
 	return &connection.ClientConfig{
 		Endpoint: newEndpoint(host, port),
-		TLS:      defaultClientTLSConfig,
+		TLS:      test.NewServiceTLSConfig(artifactsPath, fromService, connection.MutualTLSMode),
 	}
 }
 
-func newMultiClientConfigWithDefaultTLS(host string, port int) connection.MultiClientConfig {
+func newMultiClientConfigWithDefaultTLS(host, fromService string, port int) connection.MultiClientConfig {
 	return connection.MultiClientConfig{
 		Endpoints: []*connection.Endpoint{
 			newEndpoint(host, port),
 		},
-		TLS: defaultClientTLSConfig,
+		TLS: test.NewServiceTLSConfig(artifactsPath, fromService, connection.MutualTLSMode),
 	}
 }
 
-func newServerConfigWithDefaultTLS(port int) *connection.ServerConfig {
+func newServerConfigWithDefaultTLS(serviceName string, port int) *connection.ServerConfig {
 	return &connection.ServerConfig{
 		Endpoint: *newEndpoint("", port),
-		TLS:      defaultServerTLSConfig,
+		TLS:      test.NewServiceTLSConfig(artifactsPath, serviceName, connection.MutualTLSMode),
 	}
 }