Merge pull request #12575 from brahmaroutu/integration_test7_12255

Move https tests as unit tests under client

integration-cli/docker_cli_daemon_test.go

@@ -910,3 +910,71 @@ func (s *DockerSuite) TestDaemonRestartKillWait(c *check.C) {
 	}
 
 }
+
+// TestHttpsInfo connects via two-way authenticated HTTPS to the info endpoint
+func (s *DockerSuite) TestHttpsInfo(c *check.C) {
+	const (
+		testDaemonHttpsAddr = "localhost:4271"
+	)
+
+	d := NewDaemon(c)
+	if err := d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem",
+		"--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHttpsAddr); err != nil {
+		c.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+	defer d.Stop()
+
+	//force tcp protocol
+	host := fmt.Sprintf("tcp://%s", testDaemonHttpsAddr)
+	daemonArgs := []string{"--host", host, "--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/client-cert.pem", "--tlskey", "fixtures/https/client-key.pem"}
+	out, err := d.CmdWithArgs(daemonArgs, "info")
+	if err != nil {
+		c.Fatalf("Error Occurred: %s and output: %s", err, out)
+	}
+}
+
+// TestHttpsInfoRogueCert connects via two-way authenticated HTTPS to the info endpoint
+// by using a rogue client certificate and checks that it fails with the expected error.
+func (s *DockerSuite) TestHttpsInfoRogueCert(c *check.C) {
+	const (
+		errBadCertificate   = "remote error: bad certificate"
+		testDaemonHttpsAddr = "localhost:4271"
+	)
+	d := NewDaemon(c)
+	if err := d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem",
+		"--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHttpsAddr); err != nil {
+		c.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+	defer d.Stop()
+
+	//force tcp protocol
+	host := fmt.Sprintf("tcp://%s", testDaemonHttpsAddr)
+	daemonArgs := []string{"--host", host, "--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/client-rogue-cert.pem", "--tlskey", "fixtures/https/client-rogue-key.pem"}
+	out, err := d.CmdWithArgs(daemonArgs, "info")
+	if err == nil || !strings.Contains(out, errBadCertificate) {
+		c.Fatalf("Expected err: %s, got instead: %s and output: %s", errBadCertificate, err, out)
+	}
+}
+
+// TestHttpsInfoRogueServerCert connects via two-way authenticated HTTPS to the info endpoint
+// which provides a rogue server certificate and checks that it fails with the expected error
+func (s *DockerSuite) TestHttpsInfoRogueServerCert(c *check.C) {
+	const (
+		errCaUnknown             = "x509: certificate signed by unknown authority"
+		testDaemonRogueHttpsAddr = "localhost:4272"
+	)
+	d := NewDaemon(c)
+	if err := d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-rogue-cert.pem",
+		"--tlskey", "fixtures/https/server-rogue-key.pem", "-H", testDaemonRogueHttpsAddr); err != nil {
+		c.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+	defer d.Stop()
+
+	//force tcp protocol
+	host := fmt.Sprintf("tcp://%s", testDaemonRogueHttpsAddr)
+	daemonArgs := []string{"--host", host, "--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/client-rogue-cert.pem", "--tlskey", "fixtures/https/client-rogue-key.pem"}
+	out, err := d.CmdWithArgs(daemonArgs, "info")
+	if err == nil || !strings.Contains(out, errCaUnknown) {
+		c.Fatalf("Expected err: %s, got instead: %s and output: %s", errCaUnknown, err, out)
+	}
+}

integration-cli/docker_utils.go

@@ -269,6 +269,14 @@ func (d *Daemon) Cmd(name string, arg ...string) (string, error) {
 	return string(b), err
 }
 
+func (d *Daemon) CmdWithArgs(daemonArgs []string, name string, arg ...string) (string, error) {
+	args := append(daemonArgs, name)
+	args = append(args, arg...)
+	c := exec.Command(dockerBinary, args...)
+	b, err := c.CombinedOutput()
+	return string(b), err
+}
+
 func (d *Daemon) LogfileName() string {
 	return d.logFile.Name()
 }

integration/https_test.go

@@ -1,84 +0,0 @@
-package docker
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"io/ioutil"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/docker/docker/api/client"
-)
-
-const (
-	errBadCertificate = "remote error: bad certificate"
-	errCaUnknown      = "x509: certificate signed by unknown authority"
-)
-
-func getTlsConfig(certFile, keyFile string, t *testing.T) *tls.Config {
-	certPool := x509.NewCertPool()
-	file, err := ioutil.ReadFile("fixtures/https/ca.pem")
-	if err != nil {
-		t.Fatal(err)
-	}
-	certPool.AppendCertsFromPEM(file)
-
-	cert, err := tls.LoadX509KeyPair("fixtures/https/"+certFile, "fixtures/https/"+keyFile)
-	if err != nil {
-		t.Fatalf("Couldn't load X509 key pair: %s", err)
-	}
-	tlsConfig := &tls.Config{
-		RootCAs:      certPool,
-		Certificates: []tls.Certificate{cert},
-	}
-	return tlsConfig
-}
-
-// TestHttpsInfo connects via two-way authenticated HTTPS to the info endpoint
-func TestHttpsInfo(t *testing.T) {
-	cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto,
-		testDaemonHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t))
-
-	setTimeout(t, "Reading command output time out", 10*time.Second, func() {
-		if err := cli.CmdInfo(); err != nil {
-			t.Fatal(err)
-		}
-	})
-}
-
-// TestHttpsInfoRogueCert connects via two-way authenticated HTTPS to the info endpoint
-// by using a rogue client certificate and checks that it fails with the expected error.
-func TestHttpsInfoRogueCert(t *testing.T) {
-	cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto,
-		testDaemonHttpsAddr, getTlsConfig("client-rogue-cert.pem", "client-rogue-key.pem", t))
-
-	setTimeout(t, "Reading command output time out", 10*time.Second, func() {
-		err := cli.CmdInfo()
-		if err == nil {
-			t.Fatal("Expected error but got nil")
-		}
-		if !strings.Contains(err.Error(), errBadCertificate) {
-			t.Fatalf("Expected error: %s, got instead: %s", errBadCertificate, err)
-		}
-	})
-}
-
-// TestHttpsInfoRogueServerCert connects via two-way authenticated HTTPS to the info endpoint
-// which provides a rogue server certificate and checks that it fails with the expected error
-func TestHttpsInfoRogueServerCert(t *testing.T) {
-	cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto,
-		testDaemonRogueHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t))
-
-	setTimeout(t, "Reading command output time out", 10*time.Second, func() {
-		err := cli.CmdInfo()
-		if err == nil {
-			t.Fatal("Expected error but got nil")
-		}
-
-		if !strings.Contains(err.Error(), errCaUnknown) {
-			t.Fatalf("Expected error: %s, got instead: %s", errCaUnknown, err)
-		}
-
-	})
-}

integration/runtime_test.go

@@ -120,8 +120,6 @@ func init() {
 
 	// Create the "global daemon" with a long-running daemons for integration tests
 	spawnGlobalDaemon()
-	spawnLegitHttpsDaemon()
-	spawnRogueHttpsDaemon()
 	startFds, startGoroutines = fileutils.GetTotalUsedFds(), runtime.NumGoroutine()
 }
 
@@ -175,62 +173,6 @@ func spawnGlobalDaemon() {
 	api.AcceptConnections(getDaemon(eng))
 }
 
-func spawnLegitHttpsDaemon() {
-	if globalHttpsEngine != nil {
-		return
-	}
-	globalHttpsEngine = spawnHttpsDaemon(testDaemonHttpsAddr, "fixtures/https/ca.pem",
-		"fixtures/https/server-cert.pem", "fixtures/https/server-key.pem")
-}
-
-func spawnRogueHttpsDaemon() {
-	if globalRogueHttpsEngine != nil {
-		return
-	}
-	globalRogueHttpsEngine = spawnHttpsDaemon(testDaemonRogueHttpsAddr, "fixtures/https/ca.pem",
-		"fixtures/https/server-rogue-cert.pem", "fixtures/https/server-rogue-key.pem")
-}
-
-func spawnHttpsDaemon(addr, cacert, cert, key string) *engine.Engine {
-	t := std_log.New(os.Stderr, "", 0)
-	root, err := newTestDirectory(unitTestStoreBase)
-	if err != nil {
-		t.Fatal(err)
-	}
-	// FIXME: here we don't use NewTestEngine because it configures the daemon with Autorestart=false,
-	// and we want to set it to true.
-
-	eng := newTestEngine(t, true, root)
-
-	serverConfig := &apiserver.ServerConfig{
-		Logging:   true,
-		Tls:       true,
-		TlsVerify: true,
-		TlsCa:     cacert,
-		TlsCert:   cert,
-		TlsKey:    key,
-	}
-	api := apiserver.New(serverConfig, eng)
-	// Spawn a Daemon
-	go func() {
-		logrus.Debugf("Spawning https daemon for integration tests")
-		listenURL := &url.URL{
-			Scheme: testDaemonHttpsProto,
-			Host:   addr,
-		}
-		if err := api.ServeApi([]string{listenURL.String()}); err != nil {
-			logrus.Fatalf("Unable to spawn the test daemon: %s", err)
-		}
-	}()
-
-	// Give some time to ListenAndServer to actually start
-	time.Sleep(time.Second)
-
-	api.AcceptConnections(getDaemon(eng))
-
-	return eng
-}
-
 // FIXME: test that ImagePull(json=true) send correct json output
 
 func GetTestImage(daemon *daemon.Daemon) *image.Image {