Merge lp:~thumper/juju-core/move-cert-gen-to-config into lp:~go-bot/juju-core/trunk
- move-cert-gen-to-config
- Merge into trunk
Status: | Merged |
---|---|
Approved by: | John A Meinel |
Approved revision: | no longer in the source branch. |
Merged at revision: | 1391 |
Proposed branch: | lp:~thumper/juju-core/move-cert-gen-to-config |
Merge into: | lp:~go-bot/juju-core/trunk |
Diff against target: |
447 lines (+148/-77) 3 files modified
environs/cloudinit.go (+1/-7) environs/config/config.go (+21/-3) environs/config/config_test.go (+126/-67) |
To merge this branch: | bzr merge lp:~thumper/juju-core/move-cert-gen-to-config |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Juju Engineering | Pending | ||
Review via email: mp+173117@code.launchpad.net |
Commit message
Move state server cert gen to config.
This code was in cloudinit directly (the environs one anyway).
The local provider isn't going to use cloudinit to kick of
the bootstrapped mongo service, so the method needed to be
moved. Test added.
Drive-by fix to prefix gocheck.
Description of the change
Move state server cert gen to config.
This code was in cloudinit directly (the environs one anyway).
The local provider isn't going to use cloudinit to kick of
the bootstrapped mongo service, so the method needed to be
moved. Test added.
Drive-by fix to prefix gocheck.
Tim Penhey (thumper) wrote : | # |
John A Meinel (jameinel) wrote : | # |
Typo retruns, otherwise LGTM. I would find it easier to review if the
mechanical changes (import gc) were split out from the functional ones. It
makes it easier to focus on the real changes and rubber stamp the
mechanical ones.
John
=:->
On Jul 5, 2013 4:55 AM, "Tim Penhey" <email address hidden> wrote:
> Tim Penhey has proposed merging
> lp:~thumper/juju-core/move-cert-gen-to-config into lp:juju-core.
>
> Requested reviews:
> juju hackers (juju)
>
> For more details, see:
>
> https:/
>
> Move state server cert gen to config.
>
> This code was in cloudinit directly (the environs one anyway).
> The local provider isn't going to use cloudinit to kick of
> the bootstrapped mongo service, so the method needed to be
> moved. Test added.
>
> Drive-by fix to prefix gocheck.
> --
>
> https:/
> You are subscribed to branch lp:juju-core.
>
> === modified file 'environs/
> --- environs/
> +++ environs/
> @@ -5,9 +5,7 @@
>
> import (
> "fmt"
> - "time"
>
> - "launchpad.
> "launchpad.
> "launchpad.
> "launchpad.
> @@ -64,11 +62,7 @@
> }
>
> // These really are directly relevant to running a state server.
> - caKey, hasCAKey := cfg.CAPrivateKey()
> - if !hasCAKey {
> - return fmt.Errorf(
> ca-private-key")
> - }
> - cert, key, err := cert.NewServer(
> time.Now(
> + cert, key, err := cfg.GenerateSta
> if err != nil {
> return fmt.Errorf("cannot generate state server
> certificate: %v", err)
> }
>
> === modified file 'environs/
> --- environs/
> +++ environs/
> @@ -6,12 +6,16 @@
> import (
> "fmt"
> "io/ioutil"
> - "launchpad.
> - "launchpad.
> - "launchpad.
> "os"
> "path/filepath"
> "strings"
> + "time"
> +
> + "launchpad.
> +
> + "launchpad.
> + "launchpad.
> + "launchpad.
> )
>
> var logger = loggo.GetLogger
> @@ -428,3 +432,17 @@
> }
> return result, nil
> }
> +
> +// GenerateStateSe
> and
> +// CAPrivateKey, generates and retruns new certificate and key.
> +func (cfg *Config) GenerateStateSe
> error) {
> + caCert, hasCACert := cfg.CACert()
> + if !hasCACert {
> + return nil, nil, fmt.Errorf(
> no ca-cert")
> + }
> + caKey, hasCAKey := cfg.CAPriv...
Ian Booth (wallyworld) wrote : | # |
Go Bot (go-bot) wrote : | # |
The attempt to merge lp:~thumper/juju-core/move-cert-gen-to-config into lp:juju-core failed. Below is the output from the failed tests.
charm/url.go:9:2: import "labix.
charm/config.
charm/meta.go:12:2: import "launchpad.
charm/dir.go:12:2: import "launchpad.
charm/config.
cmd/cmd.go:12:2: import "launchpad.
cmd/version.go:8:2: import "launchpad.
cmd/logging.
cmd/builddb/
cmd/builddb/
cmd/builddb/
cmd/builddb/
cmd/builddb/
cmd/charmd/
cmd/charmload/
cmd/juju/
cmd/juju/
cmd/juju/
cmd/juju/
cmd/juju/
cmd/juju/
cmd/juju/
cmd/juju/
cmd/juju/
cmd/juju/
cmd/juju/
cmd/juju/
cmd/juju/
cmd/jujud/
cmd/jujud/
cmd/jujud/
cmd/jujud/
cmd/jujud/
cmd/jujud/
cmd/jujud/
Dave Cheney (dave-cheney) wrote : | # |
Right, bot, where is the rest of the log >?
On Mon, Jul 8, 2013 at 12:47 PM, Go Bot <email address hidden> wrote:
> The proposal to merge lp:~thumper/juju-core/move-cert-gen-to-config into
> lp:juju-core has been updated.
>
> Status: Approved => Needs review
>
> For more details, see:
>
> https:/
> --
>
> https:/
> You are subscribed to branch lp:juju-core.
>
John A Meinel (jameinel) wrote : | # |
That's all the log. When juju decides it needs to reinstall the charm it resets the GOPATH that I have set up in crontab.
From what I can see jujud lost connection with mongodb for a long time on July 5, and then it came back online and decided it needed to reset the charm. I don't understand why, though.
I may just take this machine out of being serviced by the tarmac charm, as it isn't quite sufficient for our needs. And it breaks things like this.
Preview Diff
1 | === modified file 'environs/cloudinit.go' |
2 | --- environs/cloudinit.go 2013-05-31 07:39:15 +0000 |
3 | +++ environs/cloudinit.go 2013-07-05 00:54:26 +0000 |
4 | @@ -5,9 +5,7 @@ |
5 | |
6 | import ( |
7 | "fmt" |
8 | - "time" |
9 | |
10 | - "launchpad.net/juju-core/cert" |
11 | "launchpad.net/juju-core/constraints" |
12 | "launchpad.net/juju-core/environs/cloudinit" |
13 | "launchpad.net/juju-core/environs/config" |
14 | @@ -64,11 +62,7 @@ |
15 | } |
16 | |
17 | // These really are directly relevant to running a state server. |
18 | - caKey, hasCAKey := cfg.CAPrivateKey() |
19 | - if !hasCAKey { |
20 | - return fmt.Errorf("environment configuration has no ca-private-key") |
21 | - } |
22 | - cert, key, err := cert.NewServer(cfg.Name(), caCert, caKey, time.Now().UTC().AddDate(10, 0, 0)) |
23 | + cert, key, err := cfg.GenerateStateServerCertAndKey() |
24 | if err != nil { |
25 | return fmt.Errorf("cannot generate state server certificate: %v", err) |
26 | } |
27 | |
28 | === modified file 'environs/config/config.go' |
29 | --- environs/config/config.go 2013-06-30 23:16:08 +0000 |
30 | +++ environs/config/config.go 2013-07-05 00:54:26 +0000 |
31 | @@ -6,12 +6,16 @@ |
32 | import ( |
33 | "fmt" |
34 | "io/ioutil" |
35 | - "launchpad.net/juju-core/schema" |
36 | - "launchpad.net/juju-core/version" |
37 | - "launchpad.net/loggo" |
38 | "os" |
39 | "path/filepath" |
40 | "strings" |
41 | + "time" |
42 | + |
43 | + "launchpad.net/loggo" |
44 | + |
45 | + "launchpad.net/juju-core/cert" |
46 | + "launchpad.net/juju-core/schema" |
47 | + "launchpad.net/juju-core/version" |
48 | ) |
49 | |
50 | var logger = loggo.GetLogger("juju.environs.config") |
51 | @@ -428,3 +432,17 @@ |
52 | } |
53 | return result, nil |
54 | } |
55 | + |
56 | +// GenerateStateServerCertAndKey makes sure that the config has a CACert and |
57 | +// CAPrivateKey, generates and retruns new certificate and key. |
58 | +func (cfg *Config) GenerateStateServerCertAndKey() ([]byte, []byte, error) { |
59 | + caCert, hasCACert := cfg.CACert() |
60 | + if !hasCACert { |
61 | + return nil, nil, fmt.Errorf("environment configuration has no ca-cert") |
62 | + } |
63 | + caKey, hasCAKey := cfg.CAPrivateKey() |
64 | + if !hasCAKey { |
65 | + return nil, nil, fmt.Errorf("environment configuration has no ca-private-key") |
66 | + } |
67 | + return cert.NewServer(cfg.Name(), caCert, caKey, time.Now().UTC().AddDate(10, 0, 0)) |
68 | +} |
69 | |
70 | === modified file 'environs/config/config_test.go' |
71 | --- environs/config/config_test.go 2013-06-28 15:16:36 +0000 |
72 | +++ environs/config/config_test.go 2013-07-05 00:54:26 +0000 |
73 | @@ -4,16 +4,21 @@ |
74 | package config_test |
75 | |
76 | import ( |
77 | - . "launchpad.net/gocheck" |
78 | + stdtesting "testing" |
79 | + "time" |
80 | + |
81 | + gc "launchpad.net/gocheck" |
82 | + |
83 | + "launchpad.net/juju-core/cert" |
84 | "launchpad.net/juju-core/environs/config" |
85 | "launchpad.net/juju-core/schema" |
86 | "launchpad.net/juju-core/testing" |
87 | + jc "launchpad.net/juju-core/testing/checkers" |
88 | "launchpad.net/juju-core/version" |
89 | - stdtesting "testing" |
90 | ) |
91 | |
92 | func Test(t *stdtesting.T) { |
93 | - TestingT(t) |
94 | + gc.TestingT(t) |
95 | } |
96 | |
97 | type ConfigSuite struct { |
98 | @@ -21,7 +26,7 @@ |
99 | home string |
100 | } |
101 | |
102 | -var _ = Suite(&ConfigSuite{}) |
103 | +var _ = gc.Suite(&ConfigSuite{}) |
104 | |
105 | type attrs map[string]interface{} |
106 | |
107 | @@ -347,7 +352,7 @@ |
108 | name, data string |
109 | } |
110 | |
111 | -func (*ConfigSuite) TestConfig(c *C) { |
112 | +func (*ConfigSuite) TestConfig(c *gc.C) { |
113 | files := []testing.TestFile{ |
114 | {".ssh/id_dsa.pub", "dsa"}, |
115 | {".ssh/id_rsa.pub", "rsa\n"}, |
116 | @@ -390,7 +395,7 @@ |
117 | }, |
118 | } |
119 | |
120 | -func (*ConfigSuite) TestConfigNoCertFiles(c *C) { |
121 | +func (*ConfigSuite) TestConfigNoCertFiles(c *gc.C) { |
122 | h := testing.MakeEmptyFakeHome(c) |
123 | defer h.Restore() |
124 | for i, test := range noCertFilesTests { |
125 | @@ -447,7 +452,7 @@ |
126 | }, |
127 | } |
128 | |
129 | -func (*ConfigSuite) TestConfigEmptyCertFiles(c *C) { |
130 | +func (*ConfigSuite) TestConfigEmptyCertFiles(c *gc.C) { |
131 | files := []testing.TestFile{ |
132 | {".juju/my-name-cert.pem", ""}, |
133 | {".juju/my-name-private-key.pem", ""}, |
134 | @@ -461,105 +466,105 @@ |
135 | } |
136 | } |
137 | |
138 | -func (test configTest) check(c *C, home *testing.FakeHome) { |
139 | +func (test configTest) check(c *gc.C, home *testing.FakeHome) { |
140 | cfg, err := config.New(test.attrs) |
141 | if test.err != "" { |
142 | - c.Check(cfg, IsNil) |
143 | - c.Assert(err, ErrorMatches, test.err) |
144 | + c.Check(cfg, gc.IsNil) |
145 | + c.Assert(err, gc.ErrorMatches, test.err) |
146 | return |
147 | } |
148 | - c.Assert(err, IsNil) |
149 | + c.Assert(err, gc.IsNil) |
150 | |
151 | typ, _ := test.attrs["type"].(string) |
152 | name, _ := test.attrs["name"].(string) |
153 | - c.Assert(cfg.Type(), Equals, typ) |
154 | - c.Assert(cfg.Name(), Equals, name) |
155 | + c.Assert(cfg.Type(), gc.Equals, typ) |
156 | + c.Assert(cfg.Name(), gc.Equals, name) |
157 | agentVersion, ok := cfg.AgentVersion() |
158 | if s := test.attrs["agent-version"]; s != nil { |
159 | - c.Assert(ok, Equals, true) |
160 | - c.Assert(agentVersion, Equals, version.MustParse(s.(string))) |
161 | + c.Assert(ok, jc.IsTrue) |
162 | + c.Assert(agentVersion, gc.Equals, version.MustParse(s.(string))) |
163 | } else { |
164 | - c.Assert(ok, Equals, false) |
165 | - c.Assert(agentVersion, Equals, version.Zero) |
166 | + c.Assert(ok, jc.IsFalse) |
167 | + c.Assert(agentVersion, gc.Equals, version.Zero) |
168 | } |
169 | |
170 | if statePort, _ := test.attrs["state-port"].(int); statePort != 0 { |
171 | - c.Assert(cfg.StatePort(), Equals, statePort) |
172 | + c.Assert(cfg.StatePort(), gc.Equals, statePort) |
173 | } |
174 | if apiPort, _ := test.attrs["api-port"].(int); apiPort != 0 { |
175 | - c.Assert(cfg.APIPort(), Equals, apiPort) |
176 | + c.Assert(cfg.APIPort(), gc.Equals, apiPort) |
177 | } |
178 | |
179 | dev, _ := test.attrs["development"].(bool) |
180 | - c.Assert(cfg.Development(), Equals, dev) |
181 | + c.Assert(cfg.Development(), gc.Equals, dev) |
182 | |
183 | if series, _ := test.attrs["default-series"].(string); series != "" { |
184 | - c.Assert(cfg.DefaultSeries(), Equals, series) |
185 | + c.Assert(cfg.DefaultSeries(), gc.Equals, series) |
186 | } else { |
187 | - c.Assert(cfg.DefaultSeries(), Equals, config.DefaultSeries) |
188 | + c.Assert(cfg.DefaultSeries(), gc.Equals, config.DefaultSeries) |
189 | } |
190 | |
191 | if m, _ := test.attrs["firewall-mode"].(string); m != "" { |
192 | - c.Assert(cfg.FirewallMode(), Equals, config.FirewallMode(m)) |
193 | + c.Assert(cfg.FirewallMode(), gc.Equals, config.FirewallMode(m)) |
194 | } |
195 | |
196 | if secret, _ := test.attrs["admin-secret"].(string); secret != "" { |
197 | - c.Assert(cfg.AdminSecret(), Equals, secret) |
198 | + c.Assert(cfg.AdminSecret(), gc.Equals, secret) |
199 | } |
200 | |
201 | if path, _ := test.attrs["authorized-keys-path"].(string); path != "" { |
202 | - c.Assert(cfg.AuthorizedKeys(), Equals, home.FileContents(c, path)) |
203 | - c.Assert(cfg.AllAttrs()["authorized-keys-path"], Equals, nil) |
204 | + c.Assert(cfg.AuthorizedKeys(), gc.Equals, home.FileContents(c, path)) |
205 | + c.Assert(cfg.AllAttrs()["authorized-keys-path"], gc.IsNil) |
206 | } else if keys, _ := test.attrs["authorized-keys"].(string); keys != "" { |
207 | - c.Assert(cfg.AuthorizedKeys(), Equals, keys) |
208 | + c.Assert(cfg.AuthorizedKeys(), gc.Equals, keys) |
209 | } else { |
210 | // Content of all the files that are read by default. |
211 | want := "dsa\nrsa\nidentity\n" |
212 | - c.Assert(cfg.AuthorizedKeys(), Equals, want) |
213 | + c.Assert(cfg.AuthorizedKeys(), gc.Equals, want) |
214 | } |
215 | |
216 | cert, certPresent := cfg.CACert() |
217 | if path, _ := test.attrs["ca-cert-path"].(string); path != "" { |
218 | - c.Assert(certPresent, Equals, true) |
219 | - c.Assert(string(cert), Equals, home.FileContents(c, path)) |
220 | + c.Assert(certPresent, jc.IsTrue) |
221 | + c.Assert(string(cert), gc.Equals, home.FileContents(c, path)) |
222 | } else if v, ok := test.attrs["ca-cert"].(string); v != "" { |
223 | - c.Assert(certPresent, Equals, true) |
224 | - c.Assert(string(cert), Equals, v) |
225 | + c.Assert(certPresent, jc.IsTrue) |
226 | + c.Assert(string(cert), gc.Equals, v) |
227 | } else if ok { |
228 | - c.Check(cert, HasLen, 0) |
229 | - c.Assert(certPresent, Equals, false) |
230 | + c.Check(cert, gc.HasLen, 0) |
231 | + c.Assert(certPresent, jc.IsFalse) |
232 | } else if home.FileExists(".juju/my-name-cert.pem") { |
233 | - c.Assert(certPresent, Equals, true) |
234 | - c.Assert(string(cert), Equals, home.FileContents(c, "my-name-cert.pem")) |
235 | + c.Assert(certPresent, jc.IsTrue) |
236 | + c.Assert(string(cert), gc.Equals, home.FileContents(c, "my-name-cert.pem")) |
237 | } else { |
238 | - c.Check(cert, HasLen, 0) |
239 | - c.Assert(certPresent, Equals, false) |
240 | + c.Check(cert, gc.HasLen, 0) |
241 | + c.Assert(certPresent, jc.IsFalse) |
242 | } |
243 | |
244 | key, keyPresent := cfg.CAPrivateKey() |
245 | if path, _ := test.attrs["ca-private-key-path"].(string); path != "" { |
246 | - c.Assert(keyPresent, Equals, true) |
247 | - c.Assert(string(key), Equals, home.FileContents(c, path)) |
248 | + c.Assert(keyPresent, jc.IsTrue) |
249 | + c.Assert(string(key), gc.Equals, home.FileContents(c, path)) |
250 | } else if v, ok := test.attrs["ca-private-key"].(string); v != "" { |
251 | - c.Assert(keyPresent, Equals, true) |
252 | - c.Assert(string(key), Equals, v) |
253 | + c.Assert(keyPresent, jc.IsTrue) |
254 | + c.Assert(string(key), gc.Equals, v) |
255 | } else if ok { |
256 | - c.Check(key, HasLen, 0) |
257 | - c.Assert(keyPresent, Equals, false) |
258 | + c.Check(key, gc.HasLen, 0) |
259 | + c.Assert(keyPresent, jc.IsFalse) |
260 | } else if home.FileExists(".juju/my-name-private-key.pem") { |
261 | - c.Assert(keyPresent, Equals, true) |
262 | - c.Assert(string(key), Equals, home.FileContents(c, "my-name-private-key.pem")) |
263 | + c.Assert(keyPresent, jc.IsTrue) |
264 | + c.Assert(string(key), gc.Equals, home.FileContents(c, "my-name-private-key.pem")) |
265 | } else { |
266 | - c.Check(key, HasLen, 0) |
267 | - c.Assert(keyPresent, Equals, false) |
268 | + c.Check(key, gc.HasLen, 0) |
269 | + c.Assert(keyPresent, jc.IsFalse) |
270 | } |
271 | |
272 | if v, ok := test.attrs["ssl-hostname-verification"]; ok { |
273 | - c.Assert(cfg.SSLHostnameVerification(), Equals, v) |
274 | + c.Assert(cfg.SSLHostnameVerification(), gc.Equals, v) |
275 | } |
276 | } |
277 | |
278 | -func (*ConfigSuite) TestConfigAttrs(c *C) { |
279 | +func (*ConfigSuite) TestConfigAttrs(c *gc.C) { |
280 | attrs := map[string]interface{}{ |
281 | "type": "my-type", |
282 | "name": "my-name", |
283 | @@ -572,15 +577,15 @@ |
284 | "ssl-hostname-verification": true, |
285 | } |
286 | cfg, err := config.New(attrs) |
287 | - c.Assert(err, IsNil) |
288 | + c.Assert(err, gc.IsNil) |
289 | |
290 | // These attributes are added if not set. |
291 | attrs["development"] = false |
292 | attrs["default-series"] = config.DefaultSeries |
293 | // Default firewall mode is instance |
294 | attrs["firewall-mode"] = string(config.FwInstance) |
295 | - c.Assert(cfg.AllAttrs(), DeepEquals, attrs) |
296 | - c.Assert(cfg.UnknownAttrs(), DeepEquals, map[string]interface{}{"unknown": "my-unknown"}) |
297 | + c.Assert(cfg.AllAttrs(), gc.DeepEquals, attrs) |
298 | + c.Assert(cfg.UnknownAttrs(), gc.DeepEquals, map[string]interface{}{"unknown": "my-unknown"}) |
299 | |
300 | newcfg, err := cfg.Apply(map[string]interface{}{ |
301 | "name": "new-name", |
302 | @@ -589,7 +594,7 @@ |
303 | |
304 | attrs["name"] = "new-name" |
305 | attrs["new-unknown"] = "my-new-unknown" |
306 | - c.Assert(newcfg.AllAttrs(), DeepEquals, attrs) |
307 | + c.Assert(newcfg.AllAttrs(), gc.DeepEquals, attrs) |
308 | } |
309 | |
310 | type validationTest struct { |
311 | @@ -655,7 +660,7 @@ |
312 | err: `cannot change api-port from 17070 to 42`, |
313 | }} |
314 | |
315 | -func (*ConfigSuite) TestValidateChange(c *C) { |
316 | +func (*ConfigSuite) TestValidateChange(c *gc.C) { |
317 | files := []testing.TestFile{ |
318 | {".ssh/identity.pub", "identity"}, |
319 | } |
320 | @@ -668,14 +673,14 @@ |
321 | oldConfig := newTestConfig(c, test.old) |
322 | err := config.Validate(newConfig, oldConfig) |
323 | if test.err == "" { |
324 | - c.Assert(err, IsNil) |
325 | + c.Assert(err, gc.IsNil) |
326 | } else { |
327 | - c.Assert(err, ErrorMatches, test.err) |
328 | + c.Assert(err, gc.ErrorMatches, test.err) |
329 | } |
330 | } |
331 | } |
332 | |
333 | -func (*ConfigSuite) TestValidateUnknownAttrs(c *C) { |
334 | +func (*ConfigSuite) TestValidateUnknownAttrs(c *gc.C) { |
335 | defer testing.MakeFakeHomeWithFiles(c, []testing.TestFile{ |
336 | {".ssh/id_rsa.pub", "rsa\n"}, |
337 | {".juju/myenv-cert.pem", caCert}, |
338 | @@ -690,8 +695,8 @@ |
339 | |
340 | // No fields: all attrs passed through. |
341 | attrs, err := cfg.ValidateUnknownAttrs(nil, nil) |
342 | - c.Assert(err, IsNil) |
343 | - c.Assert(attrs, DeepEquals, map[string]interface{}{ |
344 | + c.Assert(err, gc.IsNil) |
345 | + c.Assert(attrs, gc.DeepEquals, map[string]interface{}{ |
346 | "known": "this", |
347 | "unknown": "that", |
348 | }) |
349 | @@ -699,8 +704,8 @@ |
350 | // Valid field: that and other attrs passed through. |
351 | fields := schema.Fields{"known": schema.String()} |
352 | attrs, err = cfg.ValidateUnknownAttrs(fields, nil) |
353 | - c.Assert(err, IsNil) |
354 | - c.Assert(attrs, DeepEquals, map[string]interface{}{ |
355 | + c.Assert(err, gc.IsNil) |
356 | + c.Assert(attrs, gc.DeepEquals, map[string]interface{}{ |
357 | "known": "this", |
358 | "unknown": "that", |
359 | }) |
360 | @@ -709,8 +714,8 @@ |
361 | fields["default"] = schema.String() |
362 | defaults := schema.Defaults{"default": "the other"} |
363 | attrs, err = cfg.ValidateUnknownAttrs(fields, defaults) |
364 | - c.Assert(err, IsNil) |
365 | - c.Assert(attrs, DeepEquals, map[string]interface{}{ |
366 | + c.Assert(err, gc.IsNil) |
367 | + c.Assert(attrs, gc.DeepEquals, map[string]interface{}{ |
368 | "known": "this", |
369 | "unknown": "that", |
370 | "default": "the other", |
371 | @@ -719,19 +724,73 @@ |
372 | // Invalid field: failure. |
373 | fields["known"] = schema.Int() |
374 | _, err = cfg.ValidateUnknownAttrs(fields, defaults) |
375 | - c.Assert(err, ErrorMatches, `known: expected int, got "this"`) |
376 | + c.Assert(err, gc.ErrorMatches, `known: expected int, got "this"`) |
377 | } |
378 | |
379 | -func newTestConfig(c *C, explicit attrs) *config.Config { |
380 | +func newTestConfig(c *gc.C, explicit attrs) *config.Config { |
381 | final := attrs{"type": "my-type", "name": "my-name"} |
382 | for key, value := range explicit { |
383 | final[key] = value |
384 | } |
385 | result, err := config.New(final) |
386 | - c.Assert(err, IsNil) |
387 | + c.Assert(err, gc.IsNil) |
388 | return result |
389 | } |
390 | |
391 | +func (*ConfigSuite) TestGenerateStateServerCertAndKey(c *gc.C) { |
392 | + // In order to test missing certs, it checks the JUJU_HOME dir, so we need |
393 | + // a fake home. |
394 | + defer testing.MakeFakeHomeWithFiles(c, []testing.TestFile{ |
395 | + {".ssh/id_rsa.pub", "rsa\n"}, |
396 | + }).Restore() |
397 | + |
398 | + for _, test := range []struct { |
399 | + configValues map[string]interface{} |
400 | + errMatch string |
401 | + }{{ |
402 | + configValues: map[string]interface{}{ |
403 | + "name": "test-no-certs", |
404 | + "type": "dummy", |
405 | + }, |
406 | + errMatch: "environment configuration has no ca-cert", |
407 | + }, { |
408 | + configValues: map[string]interface{}{ |
409 | + "name": "test-no-certs", |
410 | + "type": "dummy", |
411 | + "ca-cert": testing.CACert, |
412 | + }, |
413 | + errMatch: "environment configuration has no ca-private-key", |
414 | + }, { |
415 | + configValues: map[string]interface{}{ |
416 | + "name": "test-no-certs", |
417 | + "type": "dummy", |
418 | + "ca-cert": testing.CACert, |
419 | + "ca-private-key": testing.CAKey, |
420 | + }, |
421 | + }} { |
422 | + cfg, err := config.New(test.configValues) |
423 | + c.Assert(err, gc.IsNil) |
424 | + certPEM, keyPEM, err := cfg.GenerateStateServerCertAndKey() |
425 | + if test.errMatch == "" { |
426 | + c.Assert(err, gc.IsNil) |
427 | + |
428 | + _, _, err = cert.ParseCertAndKey(certPEM, keyPEM) |
429 | + c.Check(err, gc.IsNil) |
430 | + |
431 | + err = cert.Verify(certPEM, []byte(testing.CACert), time.Now()) |
432 | + c.Assert(err, gc.IsNil) |
433 | + err = cert.Verify(certPEM, []byte(testing.CACert), time.Now().AddDate(9, 0, 0)) |
434 | + c.Assert(err, gc.IsNil) |
435 | + err = cert.Verify(certPEM, []byte(testing.CACert), time.Now().AddDate(10, 0, 1)) |
436 | + c.Assert(err, gc.NotNil) |
437 | + } else { |
438 | + c.Assert(err, gc.ErrorMatches, test.errMatch) |
439 | + c.Assert(certPEM, gc.IsNil) |
440 | + c.Assert(keyPEM, gc.IsNil) |
441 | + } |
442 | + } |
443 | +} |
444 | + |
445 | var caCert = ` |
446 | -----BEGIN CERTIFICATE----- |
447 | MIIBjDCCATigAwIBAgIBADALBgkqhkiG9w0BAQUwHjENMAsGA1UEChMEanVqdTEN |
Reviewers: mp+173117_ code.launchpad. net,
Message:
Please take a look.
Description:
Move state server cert gen to config.
This code was in cloudinit directly (the environs one anyway).
The local provider isn't going to use cloudinit to kick of
the bootstrapped mongo service, so the method needed to be
moved. Test added.
Drive-by fix to prefix gocheck.
https:/ /code.launchpad .net/~thumper/ juju-core/ move-cert- gen-to- config/ +merge/ 173117
(do not edit description out of merge proposal)
Please review this at https:/ /codereview. appspot. com/10866044/
Affected files: cloudinit. go config/ config. go config/ config_ test.go
A [revision details]
M environs/
M environs/
M environs/