github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/swarmkit/ca/renewer_test.go

github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/swarmkit/ca/renewer_test.go (about)

     1  package ca_test
     2  
     3  import (
     4  	"context"
     5  	"testing"
     6  	"time"
     7  
     8  	"github.com/docker/swarmkit/api"
     9  	"github.com/docker/swarmkit/ca"
    10  	"github.com/docker/swarmkit/ca/testutils"
    11  	"github.com/docker/swarmkit/manager/state/store"
    12  	"github.com/stretchr/testify/assert"
    13  	"github.com/stretchr/testify/require"
    14  )
    15  
    16  func TestForceRenewTLSConfig(t *testing.T) {
    17  	t.Parallel()
    18  
    19  	tc := testutils.NewTestCA(t)
    20  	defer tc.Stop()
    21  
    22  	ctx, cancel := context.WithCancel(tc.Context)
    23  	defer cancel()
    24  
    25  	// Get a new managerConfig with a TLS cert that has 15 minutes to live
    26  	nodeConfig, err := tc.WriteNewNodeConfig(ca.ManagerRole)
    27  	assert.NoError(t, err)
    28  
    29  	renewer := ca.NewTLSRenewer(nodeConfig, tc.ConnBroker, tc.Paths.RootCA)
    30  	updates := renewer.Start(ctx)
    31  	renewer.Renew()
    32  	select {
    33  	case <-time.After(10 * time.Second):
    34  		assert.Fail(t, "TestForceRenewTLSConfig timed-out")
    35  	case certUpdate := <-updates:
    36  		assert.NoError(t, certUpdate.Err)
    37  		assert.NotNil(t, certUpdate)
    38  		assert.Equal(t, certUpdate.Role, ca.ManagerRole)
    39  	}
    40  }
    41  
    42  func TestForceRenewExpectedRole(t *testing.T) {
    43  	t.Parallel()
    44  
    45  	tc := testutils.NewTestCA(t)
    46  	defer tc.Stop()
    47  
    48  	ctx, cancel := context.WithCancel(tc.Context)
    49  	defer cancel()
    50  
    51  	// Get a new managerConfig with a TLS cert that has 15 minutes to live
    52  	nodeConfig, err := tc.WriteNewNodeConfig(ca.ManagerRole)
    53  	assert.NoError(t, err)
    54  
    55  	go func() {
    56  		time.Sleep(750 * time.Millisecond)
    57  
    58  		err := tc.MemoryStore.Update(func(tx store.Tx) error {
    59  			node := store.GetNode(tx, nodeConfig.ClientTLSCreds.NodeID())
    60  			require.NotNil(t, node)
    61  
    62  			node.Spec.DesiredRole = api.NodeRoleWorker
    63  			node.Role = api.NodeRoleWorker
    64  
    65  			return store.UpdateNode(tx, node)
    66  		})
    67  		assert.NoError(t, err)
    68  	}()
    69  
    70  	renewer := ca.NewTLSRenewer(nodeConfig, tc.ConnBroker, tc.Paths.RootCA)
    71  	updates := renewer.Start(ctx)
    72  	renewer.SetExpectedRole(ca.WorkerRole)
    73  	renewer.Renew()
    74  	for {
    75  		select {
    76  		case <-time.After(10 * time.Second):
    77  			t.Fatal("timed out")
    78  		case certUpdate := <-updates:
    79  			assert.NoError(t, certUpdate.Err)
    80  			assert.NotNil(t, certUpdate)
    81  			if certUpdate.Role == ca.WorkerRole {
    82  				return
    83  			}
    84  		}
    85  	}
    86  }