|
@@ -15,6 +15,7 @@ import (
|
|
|
"strings"
|
|
"strings"
|
|
|
"time"
|
|
"time"
|
|
|
|
|
|
|
|
|
|
+ "github.com/cloudflare/cfssl/helpers"
|
|
|
"github.com/docker/docker/api/types"
|
|
"github.com/docker/docker/api/types"
|
|
|
"github.com/docker/docker/api/types/swarm"
|
|
"github.com/docker/docker/api/types/swarm"
|
|
|
"github.com/docker/docker/integration-cli/checker"
|
|
"github.com/docker/docker/integration-cli/checker"
|
|
@@ -1221,10 +1222,6 @@ func (s *DockerSwarmSuite) TestSwarmJoinPromoteLocked(c *check.C) {
|
|
|
c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
|
|
c.Assert(getNodeStatus(c, d), checker.Equals, swarm.LocalNodeStateActive)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- // get d3's cert
|
|
|
|
|
- d3cert, err := ioutil.ReadFile(filepath.Join(d3.Folder, "root", "swarm", "certificates", "swarm-node.crt"))
|
|
|
|
|
- c.Assert(err, checker.IsNil)
|
|
|
|
|
-
|
|
|
|
|
// demote manager back to worker - workers are not locked
|
|
// demote manager back to worker - workers are not locked
|
|
|
outs, err = d1.Cmd("node", "demote", d3.Info.NodeID)
|
|
outs, err = d1.Cmd("node", "demote", d3.Info.NodeID)
|
|
|
c.Assert(err, checker.IsNil)
|
|
c.Assert(err, checker.IsNil)
|
|
@@ -1237,12 +1234,16 @@ func (s *DockerSwarmSuite) TestSwarmJoinPromoteLocked(c *check.C) {
|
|
|
// is set to autolock)
|
|
// is set to autolock)
|
|
|
waitAndAssert(c, defaultReconciliationTimeout, d3.CheckControlAvailable, checker.False)
|
|
waitAndAssert(c, defaultReconciliationTimeout, d3.CheckControlAvailable, checker.False)
|
|
|
waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
|
|
waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) {
|
|
|
- cert, err := ioutil.ReadFile(filepath.Join(d3.Folder, "root", "swarm", "certificates", "swarm-node.crt"))
|
|
|
|
|
|
|
+ certBytes, err := ioutil.ReadFile(filepath.Join(d3.Folder, "root", "swarm", "certificates", "swarm-node.crt"))
|
|
|
if err != nil {
|
|
if err != nil {
|
|
|
return "", check.Commentf("error: %v", err)
|
|
return "", check.Commentf("error: %v", err)
|
|
|
}
|
|
}
|
|
|
- return string(cert), check.Commentf("cert: %v", string(cert))
|
|
|
|
|
- }, checker.Not(checker.Equals), string(d3cert))
|
|
|
|
|
|
|
+ certs, err := helpers.ParseCertificatesPEM(certBytes)
|
|
|
|
|
+ if err == nil && len(certs) > 0 && len(certs[0].Subject.OrganizationalUnit) > 0 {
|
|
|
|
|
+ return certs[0].Subject.OrganizationalUnit[0], nil
|
|
|
|
|
+ }
|
|
|
|
|
+ return "", check.Commentf("could not get organizational unit from certificate")
|
|
|
|
|
+ }, checker.Equals, "swarm-worker")
|
|
|
|
|
|
|
|
// by now, it should *never* be locked on restart
|
|
// by now, it should *never* be locked on restart
|
|
|
d3.Restart(c)
|
|
d3.Restart(c)
|
Aaron Lehmann