Move https integration tests as unit tests under client
Addresses #12255 Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
This commit is contained in:
Srini Brahmaroutu
parent
ccbb93e1cd
commit
05013f1250
13 changed files with 76 additions and 142 deletions
|
|
@ -910,3 +910,71 @@ func (s *DockerSuite) TestDaemonRestartKillWait(c *check.C) {
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
// TestHttpsInfo connects via two-way authenticated HTTPS to the info endpoint
|
||||
func (s *DockerSuite) TestHttpsInfo(c *check.C) {
|
||||
const (
|
||||
testDaemonHttpsAddr = "localhost:4271"
|
||||
)
|
||||
|
||||
d := NewDaemon(c)
|
||||
if err := d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem",
|
||||
"--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHttpsAddr); err != nil {
|
||||
c.Fatalf("Could not start daemon with busybox: %v", err)
|
||||
}
|
||||
defer d.Stop()
|
||||
|
||||
//force tcp protocol
|
||||
host := fmt.Sprintf("tcp://%s", testDaemonHttpsAddr)
|
||||
daemonArgs := []string{"--host", host, "--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/client-cert.pem", "--tlskey", "fixtures/https/client-key.pem"}
|
||||
out, err := d.CmdWithArgs(daemonArgs, "info")
|
||||
if err != nil {
|
||||
c.Fatalf("Error Occurred: %s and output: %s", err, out)
|
||||
}
|
||||
}
|
||||
|
||||
// TestHttpsInfoRogueCert connects via two-way authenticated HTTPS to the info endpoint
|
||||
// by using a rogue client certificate and checks that it fails with the expected error.
|
||||
func (s *DockerSuite) TestHttpsInfoRogueCert(c *check.C) {
|
||||
const (
|
||||
errBadCertificate = "remote error: bad certificate"
|
||||
testDaemonHttpsAddr = "localhost:4271"
|
||||
)
|
||||
d := NewDaemon(c)
|
||||
if err := d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem",
|
||||
"--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHttpsAddr); err != nil {
|
||||
c.Fatalf("Could not start daemon with busybox: %v", err)
|
||||
}
|
||||
defer d.Stop()
|
||||
|
||||
//force tcp protocol
|
||||
host := fmt.Sprintf("tcp://%s", testDaemonHttpsAddr)
|
||||
daemonArgs := []string{"--host", host, "--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/client-rogue-cert.pem", "--tlskey", "fixtures/https/client-rogue-key.pem"}
|
||||
out, err := d.CmdWithArgs(daemonArgs, "info")
|
||||
if err == nil || !strings.Contains(out, errBadCertificate) {
|
||||
c.Fatalf("Expected err: %s, got instead: %s and output: %s", errBadCertificate, err, out)
|
||||
}
|
||||
}
|
||||
|
||||
// TestHttpsInfoRogueServerCert connects via two-way authenticated HTTPS to the info endpoint
|
||||
// which provides a rogue server certificate and checks that it fails with the expected error
|
||||
func (s *DockerSuite) TestHttpsInfoRogueServerCert(c *check.C) {
|
||||
const (
|
||||
errCaUnknown = "x509: certificate signed by unknown authority"
|
||||
testDaemonRogueHttpsAddr = "localhost:4272"
|
||||
)
|
||||
d := NewDaemon(c)
|
||||
if err := d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-rogue-cert.pem",
|
||||
"--tlskey", "fixtures/https/server-rogue-key.pem", "-H", testDaemonRogueHttpsAddr); err != nil {
|
||||
c.Fatalf("Could not start daemon with busybox: %v", err)
|
||||
}
|
||||
defer d.Stop()
|
||||
|
||||
//force tcp protocol
|
||||
host := fmt.Sprintf("tcp://%s", testDaemonRogueHttpsAddr)
|
||||
daemonArgs := []string{"--host", host, "--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/client-rogue-cert.pem", "--tlskey", "fixtures/https/client-rogue-key.pem"}
|
||||
out, err := d.CmdWithArgs(daemonArgs, "info")
|
||||
if err == nil || !strings.Contains(out, errCaUnknown) {
|
||||
c.Fatalf("Expected err: %s, got instead: %s and output: %s", errCaUnknown, err, out)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -269,6 +269,14 @@ func (d *Daemon) Cmd(name string, arg ...string) (string, error) {
|
|||
return string(b), err
|
||||
}
|
||||
|
||||
func (d *Daemon) CmdWithArgs(daemonArgs []string, name string, arg ...string) (string, error) {
|
||||
args := append(daemonArgs, name)
|
||||
args = append(args, arg...)
|
||||
c := exec.Command(dockerBinary, args...)
|
||||
b, err := c.CombinedOutput()
|
||||
return string(b), err
|
||||
}
|
||||
|
||||
func (d *Daemon) LogfileName() string {
|
||||
return d.logFile.Name()
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,84 +0,0 @@
|
|||
package docker
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"io/ioutil"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/docker/docker/api/client"
|
||||
)
|
||||
|
||||
const (
|
||||
errBadCertificate = "remote error: bad certificate"
|
||||
errCaUnknown = "x509: certificate signed by unknown authority"
|
||||
)
|
||||
|
||||
func getTlsConfig(certFile, keyFile string, t *testing.T) *tls.Config {
|
||||
certPool := x509.NewCertPool()
|
||||
file, err := ioutil.ReadFile("fixtures/https/ca.pem")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
certPool.AppendCertsFromPEM(file)
|
||||
|
||||
cert, err := tls.LoadX509KeyPair("fixtures/https/"+certFile, "fixtures/https/"+keyFile)
|
||||
if err != nil {
|
||||
t.Fatalf("Couldn't load X509 key pair: %s", err)
|
||||
}
|
||||
tlsConfig := &tls.Config{
|
||||
RootCAs: certPool,
|
||||
Certificates: []tls.Certificate{cert},
|
||||
}
|
||||
return tlsConfig
|
||||
}
|
||||
|
||||
// TestHttpsInfo connects via two-way authenticated HTTPS to the info endpoint
|
||||
func TestHttpsInfo(t *testing.T) {
|
||||
cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto,
|
||||
testDaemonHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t))
|
||||
|
||||
setTimeout(t, "Reading command output time out", 10*time.Second, func() {
|
||||
if err := cli.CmdInfo(); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
// TestHttpsInfoRogueCert connects via two-way authenticated HTTPS to the info endpoint
|
||||
// by using a rogue client certificate and checks that it fails with the expected error.
|
||||
func TestHttpsInfoRogueCert(t *testing.T) {
|
||||
cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto,
|
||||
testDaemonHttpsAddr, getTlsConfig("client-rogue-cert.pem", "client-rogue-key.pem", t))
|
||||
|
||||
setTimeout(t, "Reading command output time out", 10*time.Second, func() {
|
||||
err := cli.CmdInfo()
|
||||
if err == nil {
|
||||
t.Fatal("Expected error but got nil")
|
||||
}
|
||||
if !strings.Contains(err.Error(), errBadCertificate) {
|
||||
t.Fatalf("Expected error: %s, got instead: %s", errBadCertificate, err)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
// TestHttpsInfoRogueServerCert connects via two-way authenticated HTTPS to the info endpoint
|
||||
// which provides a rogue server certificate and checks that it fails with the expected error
|
||||
func TestHttpsInfoRogueServerCert(t *testing.T) {
|
||||
cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto,
|
||||
testDaemonRogueHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t))
|
||||
|
||||
setTimeout(t, "Reading command output time out", 10*time.Second, func() {
|
||||
err := cli.CmdInfo()
|
||||
if err == nil {
|
||||
t.Fatal("Expected error but got nil")
|
||||
}
|
||||
|
||||
if !strings.Contains(err.Error(), errCaUnknown) {
|
||||
t.Fatalf("Expected error: %s, got instead: %s", errCaUnknown, err)
|
||||
}
|
||||
|
||||
})
|
||||
}
|
||||
|
|
@ -120,8 +120,6 @@ func init() {
|
|||
|
||||
// Create the "global daemon" with a long-running daemons for integration tests
|
||||
spawnGlobalDaemon()
|
||||
spawnLegitHttpsDaemon()
|
||||
spawnRogueHttpsDaemon()
|
||||
startFds, startGoroutines = fileutils.GetTotalUsedFds(), runtime.NumGoroutine()
|
||||
}
|
||||
|
||||
|
|
@ -175,62 +173,6 @@ func spawnGlobalDaemon() {
|
|||
api.AcceptConnections(getDaemon(eng))
|
||||
}
|
||||
|
||||
func spawnLegitHttpsDaemon() {
|
||||
if globalHttpsEngine != nil {
|
||||
return
|
||||
}
|
||||
globalHttpsEngine = spawnHttpsDaemon(testDaemonHttpsAddr, "fixtures/https/ca.pem",
|
||||
"fixtures/https/server-cert.pem", "fixtures/https/server-key.pem")
|
||||
}
|
||||
|
||||
func spawnRogueHttpsDaemon() {
|
||||
if globalRogueHttpsEngine != nil {
|
||||
return
|
||||
}
|
||||
globalRogueHttpsEngine = spawnHttpsDaemon(testDaemonRogueHttpsAddr, "fixtures/https/ca.pem",
|
||||
"fixtures/https/server-rogue-cert.pem", "fixtures/https/server-rogue-key.pem")
|
||||
}
|
||||
|
||||
func spawnHttpsDaemon(addr, cacert, cert, key string) *engine.Engine {
|
||||
t := std_log.New(os.Stderr, "", 0)
|
||||
root, err := newTestDirectory(unitTestStoreBase)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
// FIXME: here we don't use NewTestEngine because it configures the daemon with Autorestart=false,
|
||||
// and we want to set it to true.
|
||||
|
||||
eng := newTestEngine(t, true, root)
|
||||
|
||||
serverConfig := &apiserver.ServerConfig{
|
||||
Logging: true,
|
||||
Tls: true,
|
||||
TlsVerify: true,
|
||||
TlsCa: cacert,
|
||||
TlsCert: cert,
|
||||
TlsKey: key,
|
||||
}
|
||||
api := apiserver.New(serverConfig, eng)
|
||||
// Spawn a Daemon
|
||||
go func() {
|
||||
logrus.Debugf("Spawning https daemon for integration tests")
|
||||
listenURL := &url.URL{
|
||||
Scheme: testDaemonHttpsProto,
|
||||
Host: addr,
|
||||
}
|
||||
if err := api.ServeApi([]string{listenURL.String()}); err != nil {
|
||||
logrus.Fatalf("Unable to spawn the test daemon: %s", err)
|
||||
}
|
||||
}()
|
||||
|
||||
// Give some time to ListenAndServer to actually start
|
||||
time.Sleep(time.Second)
|
||||
|
||||
api.AcceptConnections(getDaemon(eng))
|
||||
|
||||
return eng
|
||||
}
|
||||
|
||||
// FIXME: test that ImagePull(json=true) send correct json output
|
||||
|
||||
func GetTestImage(daemon *daemon.Daemon) *image.Image {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue