diff options
| author | Aaron Lehmann <aaron.lehmann@docker.com> | 2017-04-16 12:40:11 -0700 |
|---|---|---|
| committer | Aaron Lehmann <aaron.lehmann@docker.com> | 2017-04-17 22:22:39 -0700 |
| commit | 2c096645748dab6b07d60fd2c7057b73d561827e (patch) | |
| tree | 742ffaefd6989957bf6fd73f618f4dd7df06f132 | |
| parent | caafc0d5aa3603b760f999b42c9d54715add6d18 (diff) | |
| download | docker-2c096645748dab6b07d60fd2c7057b73d561827e.tar.gz | |
integration-cli: Have TestSwarmJoinPromoteLocked wait for the role to change in the certificate
Since the certificate may be renewed multiple times, this check is
necessary.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 2b5ef9bfef0eed60356e2af3230b3b5bd782db2b)
| -rw-r--r-- | integration-cli/docker_cli_swarm_test.go | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/integration-cli/docker_cli_swarm_test.go b/integration-cli/docker_cli_swarm_test.go index a6ac503d48..f6b26ab5fd 100644 --- a/integration-cli/docker_cli_swarm_test.go +++ b/integration-cli/docker_cli_swarm_test.go @@ -15,6 +15,7 @@ import ( "strings" "time" + "github.com/cloudflare/cfssl/helpers" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/swarm" "github.com/docker/docker/integration-cli/checker" @@ -1221,10 +1222,6 @@ func (s *DockerSwarmSuite) TestSwarmJoinPromoteLocked(c *check.C) { c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive) } - // get d3's cert - d3cert, err := ioutil.ReadFile(filepath.Join(d3.Folder, "root", "swarm", "certificates", "swarm-node.crt")) - c.Assert(err, checker.IsNil) - // demote manager back to worker - workers are not locked outs, err = d1.Cmd("node", "demote", d3.Info.NodeID) c.Assert(err, checker.IsNil) @@ -1237,12 +1234,16 @@ func (s *DockerSwarmSuite) TestSwarmJoinPromoteLocked(c *check.C) { // is set to autolock) waitAndAssert(c, defaultReconciliationTimeout, d3.CheckControlAvailable, checker.False) waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { - cert, err := ioutil.ReadFile(filepath.Join(d3.Folder, "root", "swarm", "certificates", "swarm-node.crt")) + certBytes, err := ioutil.ReadFile(filepath.Join(d3.Folder, "root", "swarm", "certificates", "swarm-node.crt")) if err != nil { return "", check.Commentf("error: %v", err) } - return string(cert), check.Commentf("cert: %v", string(cert)) - }, checker.Not(checker.Equals), string(d3cert)) + certs, err := helpers.ParseCertificatesPEM(certBytes) + if err == nil && len(certs) > 0 && len(certs[0].Subject.OrganizationalUnit) > 0 { + return certs[0].Subject.OrganizationalUnit[0], nil + } + return "", check.Commentf("could not get organizational unit from certificate") + }, checker.Equals, "swarm-worker") // by now, it should *never* be locked on restart d3.Restart(c) |