Browse code
Add tests to ensure we can add an external CA to the cluster without error.
Signed-off-by: Ying Li <ying.li@docker.com>
Ying Li authored on 2017/04/13 07:10:18Showing 2 changed files
| ... | ... |
@@ -145,6 +145,25 @@ func (s *DockerSwarmSuite) TestAPISwarmJoinToken(c *check.C) {
|
| 145 | 145 |
c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive) |
| 146 | 146 |
} |
| 147 | 147 |
|
| 148 |
+func (s *DockerSwarmSuite) TestUpdateSwarmAddExternalCA(c *check.C) {
|
|
| 149 |
+ // TODO: when root rotation is in, convert to a series of root rotation tests instead. |
|
| 150 |
+ // currently just makes sure that we don't have to provide a CA certificate when |
|
| 151 |
+ // providing an external CA |
|
| 152 |
+ d1 := s.AddDaemon(c, false, false) |
|
| 153 |
+ c.Assert(d1.Init(swarm.InitRequest{}), checker.IsNil)
|
|
| 154 |
+ d1.UpdateSwarm(c, func(s *swarm.Spec) {
|
|
| 155 |
+ s.CAConfig.ExternalCAs = []*swarm.ExternalCA{
|
|
| 156 |
+ {
|
|
| 157 |
+ Protocol: swarm.ExternalCAProtocolCFSSL, |
|
| 158 |
+ URL: "https://thishasnoca.org", |
|
| 159 |
+ }, |
|
| 160 |
+ } |
|
| 161 |
+ }) |
|
| 162 |
+ info, err := d1.SwarmInfo() |
|
| 163 |
+ c.Assert(err, checker.IsNil) |
|
| 164 |
+ c.Assert(info.Cluster.Spec.CAConfig.ExternalCAs, checker.HasLen, 1) |
|
| 165 |
+} |
|
| 166 |
+ |
|
| 148 | 167 |
func (s *DockerSwarmSuite) TestAPISwarmCAHash(c *check.C) {
|
| 149 | 168 |
d1 := s.AddDaemon(c, true, true) |
| 150 | 169 |
d2 := s.AddDaemon(c, false, false) |
| ... | ... |
@@ -50,6 +50,13 @@ func (s *DockerSwarmSuite) TestSwarmUpdate(c *check.C) {
|
| 50 | 50 |
c.Assert(out, checker.Contains, "minimum certificate expiry time") |
| 51 | 51 |
spec = getSpec() |
| 52 | 52 |
c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour) |
| 53 |
+ |
|
| 54 |
+ // passing an external CA (this is without starting a root rotation) does not fail |
|
| 55 |
+ out, err = d.Cmd("swarm", "update", "--external-ca", "protocol=cfssl,url=https://something.org")
|
|
| 56 |
+ c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
|
|
| 57 |
+ |
|
| 58 |
+ spec = getSpec() |
|
| 59 |
+ c.Assert(spec.CAConfig.ExternalCAs, checker.HasLen, 1) |
|
| 53 | 60 |
} |
| 54 | 61 |
|
| 55 | 62 |
func (s *DockerSwarmSuite) TestSwarmInit(c *check.C) {
|
| ... | ... |
@@ -60,12 +67,14 @@ func (s *DockerSwarmSuite) TestSwarmInit(c *check.C) {
|
| 60 | 60 |
return sw.Spec |
| 61 | 61 |
} |
| 62 | 62 |
|
| 63 |
- cli.Docker(cli.Args("swarm", "init", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s"),
|
|
| 63 |
+ cli.Docker(cli.Args("swarm", "init", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s",
|
|
| 64 |
+ "--external-ca", "protocol=cfssl,url=https://something.org"), |
|
| 64 | 65 |
cli.Daemon(d.Daemon)).Assert(c, icmd.Success) |
| 65 | 66 |
|
| 66 | 67 |
spec := getSpec() |
| 67 | 68 |
c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour) |
| 68 | 69 |
c.Assert(spec.Dispatcher.HeartbeatPeriod, checker.Equals, 11*time.Second) |
| 70 |
+ c.Assert(spec.CAConfig.ExternalCAs, checker.HasLen, 1) |
|
| 69 | 71 |
|
| 70 | 72 |
c.Assert(d.Leave(true), checker.IsNil) |
| 71 | 73 |
time.Sleep(500 * time.Millisecond) // https://github.com/docker/swarmkit/issues/1421 |