Merge pull request #328 from cyli/de-duplicate-CAcert-flag

Fix warning in docker CLI when `swarm ca` is called with flags other than `--rotate`
This commit is contained in:
Sebastiaan van Stijn 2017-07-12 16:45:50 -07:00 committed by GitHub
commit dcd788b100
2 changed files with 68 additions and 1 deletions

View File

@ -60,7 +60,7 @@ func runCA(dockerCli command.Cli, flags *pflag.FlagSet, opts caOptions) error {
} }
if !opts.rotate { if !opts.rotate {
for _, f := range []string{flagCACert, flagCAKey, flagCACert, flagExternalCA} { for _, f := range []string{flagCACert, flagCAKey, flagCertExpiry, flagExternalCA} {
if flags.Changed(f) { if flags.Changed(f) {
return fmt.Errorf("`--%s` flag requires the `--rotate` flag to update the CA", f) return fmt.Errorf("`--%s` flag requires the `--rotate` flag to update the CA", f)
} }

View File

@ -2,10 +2,14 @@ package swarm
import ( import (
"bytes" "bytes"
"io/ioutil"
"os"
"testing" "testing"
"time" "time"
"github.com/docker/cli/cli/internal/test"
"github.com/docker/docker/api/types/swarm" "github.com/docker/docker/api/types/swarm"
"github.com/docker/docker/pkg/testutil"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -34,6 +38,69 @@ func TestDisplayTrustRootNoRoot(t *testing.T) {
assert.EqualError(t, err, "No CA information available") assert.EqualError(t, err, "No CA information available")
} }
func TestDisplayTrustRootInvalidFlags(t *testing.T) {
// we need an actual PEMfile to test
tmpfile, err := ioutil.TempFile("", "pemfile")
assert.NoError(t, err)
defer os.Remove(tmpfile.Name())
tmpfile.Write([]byte(`
-----BEGIN CERTIFICATE-----
MIIBajCCARCgAwIBAgIUe0+jYWhxN8fFOByC7yveIYgvx1kwCgYIKoZIzj0EAwIw
EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNjI3MTUxNDAwWhcNMzcwNjIyMTUx
NDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABGgbOZLd7b4b262+6m4ignIecbAZKim6djNiIS1Kl5IHciXYn7gnSpsayjn7
GQABpgkdPeM9TEQowmtR1qSnORujQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
Af8EBTADAQH/MB0GA1UdDgQWBBQ6Rtcn823/fxRZyheRDFpDzuBMpTAKBggqhkjO
PQQDAgNIADBFAiEAqD3Kb2rgsy6NoTk+zEgcUi/aGBCsvQDG3vML1PXN8j0CIBjj
4nDj+GmHXcnKa8wXx70Z8OZEpRQIiKDDLmcXuslp
-----END CERTIFICATE-----
`))
tmpfile.Close()
errorTestCases := [][]string{
{
"--ca-cert=" + tmpfile.Name(),
},
{
"--ca-key=" + tmpfile.Name(),
},
{ // to make sure we're not erroring because we didn't provide a CA key along with the CA cert
"--ca-cert=" + tmpfile.Name(),
"--ca-key=" + tmpfile.Name(),
},
{
"--cert-expiry=2160h0m0s",
},
{
"--external-ca=protocol=cfssl,url=https://some.com/https/url",
},
{ // to make sure we're not erroring because we didn't provide a CA cert and external CA
"--ca-cert=" + tmpfile.Name(),
"--external-ca=protocol=cfssl,url=https://some.com/https/url",
},
}
for _, args := range errorTestCases {
cmd := newCACommand(
test.NewFakeCli(&fakeClient{
swarmInspectFunc: func() (swarm.Swarm, error) {
return swarm.Swarm{
ClusterInfo: swarm.ClusterInfo{
TLSInfo: swarm.TLSInfo{
TrustRoot: "root",
},
},
}, nil
},
}))
assert.NoError(t, cmd.Flags().Parse(args))
cmd.SetOutput(ioutil.Discard)
testutil.ErrorContains(t, cmd.Execute(), "flag requires the `--rotate` flag to update the CA")
}
}
func TestDisplayTrustRoot(t *testing.T) { func TestDisplayTrustRoot(t *testing.T) {
buffer := new(bytes.Buffer) buffer := new(bytes.Buffer)
trustRoot := "trustme" trustRoot := "trustme"