From 4615c92f661b724ece58937ccfecbb24f602fc32 Mon Sep 17 00:00:00 2001 From: Ying Li Date: Wed, 12 Jul 2017 11:44:47 -0700 Subject: [PATCH] Fix warning in docker CLI when `swarm ca --ca-cert`, etc. flags are passed, and add a test. Signed-off-by: Ying Li --- cli/command/swarm/ca.go | 2 +- cli/command/swarm/ca_test.go | 67 ++++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+), 1 deletion(-) diff --git a/cli/command/swarm/ca.go b/cli/command/swarm/ca.go index 83ac02e776..1c2f2d268b 100644 --- a/cli/command/swarm/ca.go +++ b/cli/command/swarm/ca.go @@ -60,7 +60,7 @@ func runCA(dockerCli command.Cli, flags *pflag.FlagSet, opts caOptions) error { } if !opts.rotate { - for _, f := range []string{flagCACert, flagCAKey, flagCACert, flagExternalCA} { + for _, f := range []string{flagCACert, flagCAKey, flagCertExpiry, flagExternalCA} { if flags.Changed(f) { return fmt.Errorf("`--%s` flag requires the `--rotate` flag to update the CA", f) } diff --git a/cli/command/swarm/ca_test.go b/cli/command/swarm/ca_test.go index f122567c47..a1a77d59c2 100644 --- a/cli/command/swarm/ca_test.go +++ b/cli/command/swarm/ca_test.go @@ -2,10 +2,14 @@ package swarm import ( "bytes" + "io/ioutil" + "os" "testing" "time" + "github.com/docker/cli/cli/internal/test" "github.com/docker/docker/api/types/swarm" + "github.com/docker/docker/pkg/testutil" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -34,6 +38,69 @@ func TestDisplayTrustRootNoRoot(t *testing.T) { assert.EqualError(t, err, "No CA information available") } +func TestDisplayTrustRootInvalidFlags(t *testing.T) { + // we need an actual PEMfile to test + tmpfile, err := ioutil.TempFile("", "pemfile") + assert.NoError(t, err) + defer os.Remove(tmpfile.Name()) + tmpfile.Write([]byte(` +-----BEGIN CERTIFICATE----- +MIIBajCCARCgAwIBAgIUe0+jYWhxN8fFOByC7yveIYgvx1kwCgYIKoZIzj0EAwIw +EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNjI3MTUxNDAwWhcNMzcwNjIyMTUx +NDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABGgbOZLd7b4b262+6m4ignIecbAZKim6djNiIS1Kl5IHciXYn7gnSpsayjn7 +GQABpgkdPeM9TEQowmtR1qSnORujQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB +Af8EBTADAQH/MB0GA1UdDgQWBBQ6Rtcn823/fxRZyheRDFpDzuBMpTAKBggqhkjO +PQQDAgNIADBFAiEAqD3Kb2rgsy6NoTk+zEgcUi/aGBCsvQDG3vML1PXN8j0CIBjj +4nDj+GmHXcnKa8wXx70Z8OZEpRQIiKDDLmcXuslp +-----END CERTIFICATE----- +`)) + tmpfile.Close() + + errorTestCases := [][]string{ + { + "--ca-cert=" + tmpfile.Name(), + }, + { + "--ca-key=" + tmpfile.Name(), + }, + { // to make sure we're not erroring because we didn't provide a CA key along with the CA cert + + "--ca-cert=" + tmpfile.Name(), + "--ca-key=" + tmpfile.Name(), + }, + { + "--cert-expiry=2160h0m0s", + }, + { + "--external-ca=protocol=cfssl,url=https://some.com/https/url", + }, + { // to make sure we're not erroring because we didn't provide a CA cert and external CA + + "--ca-cert=" + tmpfile.Name(), + "--external-ca=protocol=cfssl,url=https://some.com/https/url", + }, + } + + for _, args := range errorTestCases { + cmd := newCACommand( + test.NewFakeCli(&fakeClient{ + swarmInspectFunc: func() (swarm.Swarm, error) { + return swarm.Swarm{ + ClusterInfo: swarm.ClusterInfo{ + TLSInfo: swarm.TLSInfo{ + TrustRoot: "root", + }, + }, + }, nil + }, + })) + assert.NoError(t, cmd.Flags().Parse(args)) + cmd.SetOutput(ioutil.Discard) + testutil.ErrorContains(t, cmd.Execute(), "flag requires the `--rotate` flag to update the CA") + } +} + func TestDisplayTrustRoot(t *testing.T) { buffer := new(bytes.Buffer) trustRoot := "trustme"