Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

If `docker swarm ca` is not called with the `--rotate` flag, the other 

flags, including cert expiry, will be ignored, so warn if a user attempts
to use `docker swarm ca --cert-expiry` or something.

Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
Ying Li 2017-06-19 13:34:18 -07:00
parent 5dd30732a2
commit 32b43bc21a
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cli/command/swarm/ca.go
View File

@ -61,6 +61,11 @@ func runRotateCA(dockerCli command.Cli, flags *pflag.FlagSet, opts caOptions) er
} }
if !opts.rotate { if !opts.rotate {
for _, f := range []string{flagCACert, flagCAKey, flagCACert, flagExternalCA} {
if flags.Changed(f) {
return fmt.Errorf("`--%s` flag requires the `--rotate` flag to update the CA", f)
}
}
if swarmInspect.ClusterInfo.TLSInfo.TrustRoot == "" { if swarmInspect.ClusterInfo.TLSInfo.TrustRoot == "" {
fmt.Fprintln(dockerCli.Out(), "No CA information available") fmt.Fprintln(dockerCli.Out(), "No CA information available")
} else { } else {
@ -71,7 +76,7 @@ func runRotateCA(dockerCli command.Cli, flags *pflag.FlagSet, opts caOptions) er
genRootCA := true genRootCA := true
spec := &swarmInspect.Spec spec := &swarmInspect.Spec
opts.mergeSwarmSpec(spec, flags) opts.mergeSwarmSpec(spec, flags) // updates the spec given the cert expiry or external CA flag
if flags.Changed(flagCACert) { if flags.Changed(flagCACert) {
spec.CAConfig.SigningCACert = opts.rootCACert.Contents() spec.CAConfig.SigningCACert = opts.rootCACert.Contents()
genRootCA = false genRootCA = false