本文整理匯總了Golang中github.com/docker/swarmkit/ca/testutils.AcceptancePolicy函數的典型用法代碼示例。如果您正苦於以下問題:Golang AcceptancePolicy函數的具體用法?Golang AcceptancePolicy怎麽用?Golang AcceptancePolicy使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了AcceptancePolicy函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。
示例1: agentTestEnv
func agentTestEnv(t *testing.T) (*Agent, func()) {
var cleanup []func()
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
cleanup = append(cleanup, func() { tc.Stop() })
agentSecurityConfig, err := tc.NewNodeConfig(ca.AgentRole)
assert.NoError(t, err)
addr := "localhost:4949"
remotes := picker.NewRemotes(api.Peer{Addr: addr})
conn, err := grpc.Dial(addr,
grpc.WithPicker(picker.NewPicker(remotes, addr)),
grpc.WithTransportCredentials(agentSecurityConfig.ClientTLSCreds))
assert.NoError(t, err)
db, cleanupStorage := storageTestEnv(t)
cleanup = append(cleanup, func() { cleanupStorage() })
agent, err := New(&Config{
Executor: &NoopExecutor{},
Managers: remotes,
Conn: conn,
DB: db,
})
return agent, func() {
for i := len(cleanup) - 1; i > 0; i-- {
cleanup[i]()
}
}
}
示例2: TestGetRemoteCAInvalidHash
func TestGetRemoteCAInvalidHash(t *testing.T) {
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
_, err := ca.GetRemoteCA(tc.Context, "sha256:2d2f968475269f0dde5299427cf74348ee1d6115b95c6e3f283e5a4de8da445b", tc.Picker)
assert.Error(t, err)
}
示例3: TestLoadOrCreateSecurityConfigInvalidKeyWithValidTempKey
func TestLoadOrCreateSecurityConfigInvalidKeyWithValidTempKey(t *testing.T) {
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
nodeConfig, err := ca.LoadOrCreateSecurityConfig(tc.Context, tc.TempDir, "", "", ca.AgentRole, tc.Picker, nil)
assert.NoError(t, err)
assert.NotNil(t, nodeConfig)
assert.NotNil(t, nodeConfig.ClientTLSCreds)
assert.NotNil(t, nodeConfig.ServerTLSCreds)
assert.NotNil(t, nodeConfig.RootCA().Pool)
assert.NotNil(t, nodeConfig.RootCA().Cert)
assert.NotNil(t, nodeConfig.RootCA().Signer)
// Write some garbage to the Key
assert.NoError(t, os.Rename(tc.Paths.Node.Key, filepath.Dir(tc.Paths.Node.Key)+"."+filepath.Base(tc.Paths.Node.Key)))
ioutil.WriteFile(tc.Paths.Node.Key, []byte(`-----BEGIN EC PRIVATE KEY-----\n
some random garbage\n
-----END EC PRIVATE KEY-----`), 0644)
nodeConfig, err = ca.LoadOrCreateSecurityConfig(tc.Context, tc.TempDir, "", "", ca.AgentRole, nil, nil)
assert.NoError(t, err)
assert.NotNil(t, nodeConfig)
assert.NotNil(t, nodeConfig.ClientTLSCreds)
assert.NotNil(t, nodeConfig.ServerTLSCreds)
assert.NotNil(t, nodeConfig.RootCA().Pool)
assert.NotNil(t, nodeConfig.RootCA().Cert)
assert.NotNil(t, nodeConfig.RootCA().Signer)
}
示例4: TestLoadOrCreateSecurityConfigNoCerts
func TestLoadOrCreateSecurityConfigNoCerts(t *testing.T) {
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
// Remove only the node certificates form the directory, and attest that we get
// new certificates that are locally signed
os.RemoveAll(tc.Paths.Node.Cert)
nodeConfig, err := ca.LoadOrCreateSecurityConfig(tc.Context, tc.TempDir, "", "", ca.AgentRole, tc.Picker, nil)
assert.NoError(t, err)
assert.NotNil(t, nodeConfig)
assert.NotNil(t, nodeConfig.ClientTLSCreds)
assert.NotNil(t, nodeConfig.ServerTLSCreds)
assert.NotNil(t, nodeConfig.RootCA().Pool)
assert.NotNil(t, nodeConfig.RootCA().Cert)
assert.NotNil(t, nodeConfig.RootCA().Signer)
assert.True(t, nodeConfig.RootCA().CanSign())
info := make(chan api.IssueNodeCertificateResponse, 1)
// Remove only the node certificates form the directory, and attest that we get
// new certificates that are issued by the remote CA
os.RemoveAll(tc.Paths.RootCA.Key)
os.RemoveAll(tc.Paths.Node.Cert)
nodeConfig, err = ca.LoadOrCreateSecurityConfig(tc.Context, tc.TempDir, "", "", ca.AgentRole, tc.Picker, info)
assert.NoError(t, err)
assert.NotNil(t, nodeConfig)
assert.NotNil(t, nodeConfig.ClientTLSCreds)
assert.NotNil(t, nodeConfig.ServerTLSCreds)
assert.NotNil(t, nodeConfig.RootCA().Pool)
assert.NotNil(t, nodeConfig.RootCA().Cert)
assert.Nil(t, nodeConfig.RootCA().Signer)
assert.False(t, nodeConfig.RootCA().CanSign())
assert.NotEmpty(t, <-info)
}
示例5: TestForceRenewTLSConfig
func TestForceRenewTLSConfig(t *testing.T) {
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
// Get a new managerConfig with a TLS cert that has 15 minutes to live
nodeConfig, err := tc.WriteNewNodeConfig(ca.ManagerRole)
assert.NoError(t, err)
var success, timeout bool
renew := make(chan struct{}, 1)
updates := ca.RenewTLSConfig(ctx, nodeConfig, tc.TempDir, tc.Picker, renew)
for {
renew <- struct{}{}
select {
case <-time.After(2 * time.Second):
timeout = true
case certUpdate := <-updates:
assert.NoError(t, certUpdate.Err)
assert.NotNil(t, certUpdate)
assert.Equal(t, certUpdate.Role, ca.ManagerRole)
success = true
}
if timeout {
assert.Fail(t, "TestForceRenewTLSConfig timed-out")
break
}
if success {
break
}
}
}
示例6: TestGetRemoteSignedCertificateAutoAccept
func TestGetRemoteSignedCertificateAutoAccept(t *testing.T) {
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
// Create a new CSR to be signed
csr, _, err := ca.GenerateAndWriteNewKey(tc.Paths.Node)
assert.NoError(t, err)
certs, err := ca.GetRemoteSignedCertificate(context.Background(), csr, ca.ManagerRole, "", tc.RootCA.Pool, tc.Picker, nil, nil)
assert.NoError(t, err)
assert.NotNil(t, certs)
// Test the expiration for a manager certificate
parsedCerts, err := helpers.ParseCertificatesPEM(certs)
assert.NoError(t, err)
assert.Len(t, parsedCerts, 2)
assert.True(t, time.Now().Add(ca.DefaultNodeCertExpiration).AddDate(0, 0, -1).Before(parsedCerts[0].NotAfter))
assert.True(t, time.Now().Add(ca.DefaultNodeCertExpiration).AddDate(0, 0, 1).After(parsedCerts[0].NotAfter))
assert.Equal(t, parsedCerts[0].Subject.OrganizationalUnit[0], ca.ManagerRole)
// Test the expiration for an agent certificate
certs, err = ca.GetRemoteSignedCertificate(tc.Context, csr, ca.AgentRole, "", tc.RootCA.Pool, tc.Picker, nil, nil)
assert.NoError(t, err)
assert.NotNil(t, certs)
parsedCerts, err = helpers.ParseCertificatesPEM(certs)
assert.NoError(t, err)
assert.Len(t, parsedCerts, 2)
assert.True(t, time.Now().Add(ca.DefaultNodeCertExpiration).AddDate(0, 0, -1).Before(parsedCerts[0].NotAfter))
assert.True(t, time.Now().Add(ca.DefaultNodeCertExpiration).AddDate(0, 0, 1).After(parsedCerts[0].NotAfter))
assert.Equal(t, parsedCerts[0].Subject.OrganizationalUnit[0], ca.AgentRole)
}
示例7: TestRenewTLSConfigManager
func TestRenewTLSConfigManager(t *testing.T) {
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
// Get a new nodeConfig with a TLS cert that has the default Cert duration
nodeConfig, err := tc.WriteNewNodeConfig(ca.ManagerRole)
assert.NoError(t, err)
// Create a new RootCA, and change the policy to issue 6 minute certificates
newRootCA, err := ca.NewRootCA(tc.RootCA.Cert, tc.RootCA.Key, ca.DefaultNodeCertExpiration)
assert.NoError(t, err)
newRootCA.Signer.SetPolicy(&cfconfig.Signing{
Default: &cfconfig.SigningProfile{
Usage: []string{"signing", "key encipherment", "server auth", "client auth"},
Expiry: 6 * time.Minute,
},
})
// Create a new CSR and overwrite the key on disk
csr, _, err := ca.GenerateAndWriteNewKey(tc.Paths.Node)
assert.NoError(t, err)
// Issue a new certificate with the same details as the current config, but with 6 min expiration time
c := nodeConfig.ClientTLSCreds
signedCert, err := newRootCA.ParseValidateAndSignCSR(csr, c.NodeID(), c.Role(), c.Organization())
assert.NoError(t, err)
assert.NotNil(t, signedCert)
// Overwrite the certificate on disk with one that expires in 1 minute
err = ioutils.AtomicWriteFile(tc.Paths.Node.Cert, signedCert, 0644)
assert.NoError(t, err)
// Get a new nodeConfig with a TLS cert that has 6 minutes to live
var success, timeout bool
renew := make(chan struct{})
updates := ca.RenewTLSConfig(ctx, nodeConfig, tc.TempDir, tc.Picker, renew)
for {
select {
case <-time.After(2 * time.Second):
timeout = true
case certUpdate := <-updates:
assert.NoError(t, certUpdate.Err)
assert.NotNil(t, certUpdate)
assert.Equal(t, ca.ManagerRole, certUpdate.Role)
success = true
}
if timeout {
assert.Fail(t, "TestRenewTLSConfig timed-out")
break
}
if success {
break
}
}
}
示例8: TestCanSign
func TestCanSign(t *testing.T) {
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
assert.True(t, tc.RootCA.CanSign())
tc.RootCA.Signer = nil
assert.False(t, tc.RootCA.CanSign())
}
示例9: TestLoadOrCreateSecurityConfigNoCertsAndNoRemote
func TestLoadOrCreateSecurityConfigNoCertsAndNoRemote(t *testing.T) {
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
// Remove the certificate from the temp dir and try loading with a new manager
os.Remove(tc.Paths.Node.Cert)
os.Remove(tc.Paths.RootCA.Key)
_, err := ca.LoadOrCreateSecurityConfig(tc.Context, tc.TempDir, "", "", ca.AgentRole, nil, nil)
assert.EqualError(t, err, "valid remote address picker required")
}
示例10: createManagersCluster
func createManagersCluster(t *testing.T, managersCount, agentsCount int) *managersCluster {
tc := catestutils.NewTestCA(t, catestutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
mc := &managersCluster{tc: tc}
require.NoError(t, mc.addManagers(t, managersCount))
time.Sleep(5 * time.Second)
require.NoError(t, mc.addAgents(agentsCount))
time.Sleep(10 * time.Second)
return mc
}
示例11: TestLoadOrCreateSecurityConfigNoLocalCACertNoRemote
func TestLoadOrCreateSecurityConfigNoLocalCACertNoRemote(t *testing.T) {
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
// Delete the root CA file so that LoadOrCreateSecurityConfig falls
// back to using the remote.
assert.Nil(t, os.Remove(tc.Paths.RootCA.Cert))
nodeConfig, err := ca.LoadOrCreateSecurityConfig(tc.Context, tc.TempDir, "", "", ca.AgentRole, nil, nil)
assert.EqualError(t, err, "valid remote address picker required")
assert.Nil(t, nodeConfig)
}
示例12: TestLoadOrCreateSecurityConfigInvalidCAKey
func TestLoadOrCreateSecurityConfigInvalidCAKey(t *testing.T) {
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
// Write some garbage to the root key
ioutil.WriteFile(tc.Paths.RootCA.Key, []byte(`-----BEGIN EC PRIVATE KEY-----\n
some random garbage\n
-----END EC PRIVATE KEY-----`), 0644)
// We should get an error when the local ca private key is invalid.
_, err := ca.LoadOrCreateSecurityConfig(tc.Context, tc.TempDir, "", "", ca.AgentRole, tc.Picker, nil)
assert.Error(t, err)
}
示例13: TestGetRemoteSignedCertificateNodeInfo
func TestGetRemoteSignedCertificateNodeInfo(t *testing.T) {
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
// Create a new CSR to be signed
csr, _, err := ca.GenerateAndWriteNewKey(tc.Paths.Node)
assert.NoError(t, err)
info := make(chan api.IssueNodeCertificateResponse, 1)
cert, err := ca.GetRemoteSignedCertificate(context.Background(), csr, ca.ManagerRole, "", tc.RootCA.Pool, tc.Picker, nil, info)
assert.NoError(t, err)
assert.NotNil(t, cert)
assert.NotEmpty(t, <-info)
}
示例14: TestRequestAndSaveNewCertificates
func TestRequestAndSaveNewCertificates(t *testing.T) {
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
info := make(chan api.IssueNodeCertificateResponse, 1)
// Copy the current RootCA without the signer
rca := ca.RootCA{Cert: tc.RootCA.Cert, Pool: tc.RootCA.Pool}
cert, err := rca.RequestAndSaveNewCertificates(tc.Context, tc.Paths.Node, ca.ManagerRole, "", tc.Picker, nil, info)
assert.NoError(t, err)
assert.NotNil(t, cert)
perms, err := permbits.Stat(tc.Paths.Node.Cert)
assert.NoError(t, err)
assert.False(t, perms.GroupWrite())
assert.False(t, perms.OtherWrite())
assert.NotEmpty(t, <-info)
}
示例15: TestGetRemoteCA
func TestGetRemoteCA(t *testing.T) {
tc := testutils.NewTestCA(t, testutils.AcceptancePolicy(true, true, ""))
defer tc.Stop()
shaHash := sha256.New()
shaHash.Write(tc.RootCA.Cert)
md := shaHash.Sum(nil)
mdStr := hex.EncodeToString(md)
d, err := digest.ParseDigest("sha256:" + mdStr)
assert.NoError(t, err)
cert, err := ca.GetRemoteCA(tc.Context, d, tc.Picker)
assert.NoError(t, err)
assert.NotNil(t, cert)
}