diff options
author | Ying Li <ying.li@docker.com> | 2017-04-12 15:10:18 -0700 |
---|---|---|
committer | Ying Li <ying.li@docker.com> | 2017-04-12 16:53:07 -0700 |
commit | 13eac920b44e4628f2e874ec255e73c3a1272def (patch) | |
tree | 9a12789c21983f3d28a44043fa367053775d3755 | |
parent | b569b8674cf17d2ecc85a7c9a7bf269c9fbc9909 (diff) | |
download | docker-13eac920b44e4628f2e874ec255e73c3a1272def.tar.gz |
Add tests to ensure we can add an external CA to the cluster without
error.
Signed-off-by: Ying Li <ying.li@docker.com>
-rw-r--r-- | integration-cli/docker_api_swarm_test.go | 19 | ||||
-rw-r--r-- | integration-cli/docker_cli_swarm_test.go | 11 |
2 files changed, 29 insertions, 1 deletions
diff --git a/integration-cli/docker_api_swarm_test.go b/integration-cli/docker_api_swarm_test.go index 5ba14e7737..7b131000c7 100644 --- a/integration-cli/docker_api_swarm_test.go +++ b/integration-cli/docker_api_swarm_test.go @@ -145,6 +145,25 @@ func (s *DockerSwarmSuite) TestAPISwarmJoinToken(c *check.C) { c.Assert(info.LocalNodeState, checker.Equals, swarm.LocalNodeStateInactive) } +func (s *DockerSwarmSuite) TestUpdateSwarmAddExternalCA(c *check.C) { + // TODO: when root rotation is in, convert to a series of root rotation tests instead. + // currently just makes sure that we don't have to provide a CA certificate when + // providing an external CA + d1 := s.AddDaemon(c, false, false) + c.Assert(d1.Init(swarm.InitRequest{}), checker.IsNil) + d1.UpdateSwarm(c, func(s *swarm.Spec) { + s.CAConfig.ExternalCAs = []*swarm.ExternalCA{ + { + Protocol: swarm.ExternalCAProtocolCFSSL, + URL: "https://thishasnoca.org", + }, + } + }) + info, err := d1.SwarmInfo() + c.Assert(err, checker.IsNil) + c.Assert(info.Cluster.Spec.CAConfig.ExternalCAs, checker.HasLen, 1) +} + func (s *DockerSwarmSuite) TestAPISwarmCAHash(c *check.C) { d1 := s.AddDaemon(c, true, true) d2 := s.AddDaemon(c, false, false) diff --git a/integration-cli/docker_cli_swarm_test.go b/integration-cli/docker_cli_swarm_test.go index f419e2bf8b..a6ac503d48 100644 --- a/integration-cli/docker_cli_swarm_test.go +++ b/integration-cli/docker_cli_swarm_test.go @@ -50,6 +50,13 @@ func (s *DockerSwarmSuite) TestSwarmUpdate(c *check.C) { c.Assert(out, checker.Contains, "minimum certificate expiry time") spec = getSpec() c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour) + + // passing an external CA (this is without starting a root rotation) does not fail + out, err = d.Cmd("swarm", "update", "--external-ca", "protocol=cfssl,url=https://something.org") + c.Assert(err, checker.IsNil, check.Commentf("out: %v", out)) + + spec = getSpec() + c.Assert(spec.CAConfig.ExternalCAs, checker.HasLen, 1) } func (s *DockerSwarmSuite) TestSwarmInit(c *check.C) { @@ -60,12 +67,14 @@ func (s *DockerSwarmSuite) TestSwarmInit(c *check.C) { return sw.Spec } - cli.Docker(cli.Args("swarm", "init", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s"), + cli.Docker(cli.Args("swarm", "init", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s", + "--external-ca", "protocol=cfssl,url=https://something.org"), cli.Daemon(d.Daemon)).Assert(c, icmd.Success) spec := getSpec() c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour) c.Assert(spec.Dispatcher.HeartbeatPeriod, checker.Equals, 11*time.Second) + c.Assert(spec.CAConfig.ExternalCAs, checker.HasLen, 1) c.Assert(d.Leave(true), checker.IsNil) time.Sleep(500 * time.Millisecond) // https://github.com/docker/swarmkit/issues/1421 |