Signed-off-by: Ying Li <ying.li@docker.com>
Ying Li authored on 2017/04/13 07:10:18... | ... |
@@ -145,6 +145,25 @@ func (s *DockerSwarmSuite) TestAPISwarmJoinToken(c *check.C) { |
145 | 145 |
c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive) |
146 | 146 |
} |
147 | 147 |
|
148 |
+func (s *DockerSwarmSuite) TestUpdateSwarmAddExternalCA(c *check.C) { |
|
149 |
+ // TODO: when root rotation is in, convert to a series of root rotation tests instead. |
|
150 |
+ // currently just makes sure that we don't have to provide a CA certificate when |
|
151 |
+ // providing an external CA |
|
152 |
+ d1 := s.AddDaemon(c, false, false) |
|
153 |
+ c.Assert(d1.Init(swarm.InitRequest{}), checker.IsNil) |
|
154 |
+ d1.UpdateSwarm(c, func(s *swarm.Spec) { |
|
155 |
+ s.CAConfig.ExternalCAs = []*swarm.ExternalCA{ |
|
156 |
+ { |
|
157 |
+ Protocol: swarm.ExternalCAProtocolCFSSL, |
|
158 |
+ URL: "https://thishasnoca.org", |
|
159 |
+ }, |
|
160 |
+ } |
|
161 |
+ }) |
|
162 |
+ info, err := d1.SwarmInfo() |
|
163 |
+ c.Assert(err, checker.IsNil) |
|
164 |
+ c.Assert(info.Cluster.Spec.CAConfig.ExternalCAs, checker.HasLen, 1) |
|
165 |
+} |
|
166 |
+ |
|
148 | 167 |
func (s *DockerSwarmSuite) TestAPISwarmCAHash(c *check.C) { |
149 | 168 |
d1 := s.AddDaemon(c, true, true) |
150 | 169 |
d2 := s.AddDaemon(c, false, false) |
... | ... |
@@ -50,6 +50,13 @@ func (s *DockerSwarmSuite) TestSwarmUpdate(c *check.C) { |
50 | 50 |
c.Assert(out, checker.Contains, "minimum certificate expiry time") |
51 | 51 |
spec = getSpec() |
52 | 52 |
c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour) |
53 |
+ |
|
54 |
+ // passing an external CA (this is without starting a root rotation) does not fail |
|
55 |
+ out, err = d.Cmd("swarm", "update", "--external-ca", "protocol=cfssl,url=https://something.org") |
|
56 |
+ c.Assert(err, checker.IsNil, check.Commentf("out: %v", out)) |
|
57 |
+ |
|
58 |
+ spec = getSpec() |
|
59 |
+ c.Assert(spec.CAConfig.ExternalCAs, checker.HasLen, 1) |
|
53 | 60 |
} |
54 | 61 |
|
55 | 62 |
func (s *DockerSwarmSuite) TestSwarmInit(c *check.C) { |
... | ... |
@@ -60,12 +67,14 @@ func (s *DockerSwarmSuite) TestSwarmInit(c *check.C) { |
60 | 60 |
return sw.Spec |
61 | 61 |
} |
62 | 62 |
|
63 |
- cli.Docker(cli.Args("swarm", "init", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s"), |
|
63 |
+ cli.Docker(cli.Args("swarm", "init", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s", |
|
64 |
+ "--external-ca", "protocol=cfssl,url=https://something.org"), |
|
64 | 65 |
cli.Daemon(d.Daemon)).Assert(c, icmd.Success) |
65 | 66 |
|
66 | 67 |
spec := getSpec() |
67 | 68 |
c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour) |
68 | 69 |
c.Assert(spec.Dispatcher.HeartbeatPeriod, checker.Equals, 11*time.Second) |
70 |
+ c.Assert(spec.CAConfig.ExternalCAs, checker.HasLen, 1) |
|
69 | 71 |
|
70 | 72 |
c.Assert(d.Leave(true), checker.IsNil) |
71 | 73 |
time.Sleep(500 * time.Millisecond) // https://github.com/docker/swarmkit/issues/1421 |