github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/swarmkit/ca/transport_test.go

github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/swarmkit/ca/transport_test.go (about)

     1  package ca
     2  
     3  import (
     4  	"crypto/tls"
     5  	"io/ioutil"
     6  	"os"
     7  	"testing"
     8  
     9  	"github.com/stretchr/testify/assert"
    10  	"github.com/stretchr/testify/require"
    11  )
    12  
    13  func TestNewMutableTLS(t *testing.T) {
    14  	tempdir, err := ioutil.TempDir("", "test-transport")
    15  	require.NoError(t, err)
    16  	defer os.RemoveAll(tempdir)
    17  	paths := NewConfigPaths(tempdir)
    18  	krw := NewKeyReadWriter(paths.Node, nil, nil)
    19  
    20  	rootCA, err := CreateRootCA("rootCN")
    21  	require.NoError(t, err)
    22  
    23  	cert, _, err := rootCA.IssueAndSaveNewCertificates(krw, "CN", ManagerRole, "org")
    24  	assert.NoError(t, err)
    25  
    26  	tlsConfig, err := NewServerTLSConfig([]tls.Certificate{*cert}, rootCA.Pool)
    27  	assert.NoError(t, err)
    28  	creds, err := NewMutableTLS(tlsConfig)
    29  	assert.NoError(t, err)
    30  	assert.Equal(t, ManagerRole, creds.Role())
    31  	assert.Equal(t, "CN", creds.NodeID())
    32  }
    33  
    34  func TestGetAndValidateCertificateSubject(t *testing.T) {
    35  	tempdir, err := ioutil.TempDir("", "test-transport")
    36  	require.NoError(t, err)
    37  	defer os.RemoveAll(tempdir)
    38  	paths := NewConfigPaths(tempdir)
    39  	krw := NewKeyReadWriter(paths.Node, nil, nil)
    40  
    41  	rootCA, err := CreateRootCA("rootCN")
    42  	require.NoError(t, err)
    43  
    44  	cert, _, err := rootCA.IssueAndSaveNewCertificates(krw, "CN", ManagerRole, "org")
    45  	assert.NoError(t, err)
    46  
    47  	name, err := GetAndValidateCertificateSubject([]tls.Certificate{*cert})
    48  	assert.NoError(t, err)
    49  	assert.Equal(t, "CN", name.CommonName)
    50  	assert.Len(t, name.OrganizationalUnit, 1)
    51  	assert.Equal(t, ManagerRole, name.OrganizationalUnit[0])
    52  }
    53  
    54  func TestLoadNewTLSConfig(t *testing.T) {
    55  	tempdir, err := ioutil.TempDir("", "test-transport")
    56  	require.NoError(t, err)
    57  	defer os.RemoveAll(tempdir)
    58  	paths := NewConfigPaths(tempdir)
    59  	krw := NewKeyReadWriter(paths.Node, nil, nil)
    60  
    61  	rootCA, err := CreateRootCA("rootCN")
    62  	require.NoError(t, err)
    63  
    64  	// Create two different certs and two different TLS configs
    65  	cert1, _, err := rootCA.IssueAndSaveNewCertificates(krw, "CN1", ManagerRole, "org")
    66  	assert.NoError(t, err)
    67  	cert2, _, err := rootCA.IssueAndSaveNewCertificates(krw, "CN2", WorkerRole, "org")
    68  	assert.NoError(t, err)
    69  	tlsConfig1, err := NewServerTLSConfig([]tls.Certificate{*cert1}, rootCA.Pool)
    70  	assert.NoError(t, err)
    71  	tlsConfig2, err := NewServerTLSConfig([]tls.Certificate{*cert2}, rootCA.Pool)
    72  	assert.NoError(t, err)
    73  
    74  	// Load the first TLS config into a MutableTLS
    75  	creds, err := NewMutableTLS(tlsConfig1)
    76  	assert.NoError(t, err)
    77  	assert.Equal(t, ManagerRole, creds.Role())
    78  	assert.Equal(t, "CN1", creds.NodeID())
    79  
    80  	// Load the new Config and assert it changed
    81  	err = creds.loadNewTLSConfig(tlsConfig2)
    82  	assert.NoError(t, err)
    83  	assert.Equal(t, WorkerRole, creds.Role())
    84  	assert.Equal(t, "CN2", creds.NodeID())
    85  }