juju-core

Merge lp:~thumper/juju-core/move-cert-gen-to-config into lp:~go-bot/juju-core/trunk

  1. move-cert-gen-to-config
  2. Merge into trunk
Proposed by Tim Penhey
Status: Merged
Approved by: John A Meinel
Approved revision: no longer in the source branch.
Merged at revision: 1391
Proposed branch: lp:~thumper/juju-core/move-cert-gen-to-config
Merge into: lp:~go-bot/juju-core/trunk
Diff against target: 447 lines (+148/-77)
3 files modified
environs/cloudinit.go (+1/-7)
environs/config/config.go (+21/-3)
environs/config/config_test.go (+126/-67)
To merge this branch: bzr merge lp:~thumper/juju-core/move-cert-gen-to-config
Reviewer Review Type Date Requested Status
Juju Engineering Pending
Review via email: mp+173117@code.launchpad.net

Commit message

Move state server cert gen to config.

This code was in cloudinit directly (the environs one anyway).
The local provider isn't going to use cloudinit to kick of
the bootstrapped mongo service, so the method needed to be
moved. Test added.

Drive-by fix to prefix gocheck.

https://codereview.appspot.com/10866044/

Description of the change

Move state server cert gen to config.

This code was in cloudinit directly (the environs one anyway).
The local provider isn't going to use cloudinit to kick of
the bootstrapped mongo service, so the method needed to be
moved. Test added.

Drive-by fix to prefix gocheck.

https://codereview.appspot.com/10866044/

To post a comment you must log in.
Revision history for this message
Tim Penhey (thumper) wrote :

Reviewers: mp+173117_code.launchpad.net,

Message:
Please take a look.

Description:
Move state server cert gen to config.

This code was in cloudinit directly (the environs one anyway).
The local provider isn't going to use cloudinit to kick of
the bootstrapped mongo service, so the method needed to be
moved. Test added.

Drive-by fix to prefix gocheck.

https://code.launchpad.net/~thumper/juju-core/move-cert-gen-to-config/+merge/173117

(do not edit description out of merge proposal)

Please review this at https://codereview.appspot.com/10866044/

Affected files:
   A [revision details]
   M environs/cloudinit.go
   M environs/config/config.go
   M environs/config/config_test.go

Revision history for this message
John A Meinel (jameinel) wrote :
Download full text (19.0 KiB)

Typo retruns, otherwise LGTM. I would find it easier to review if the
mechanical changes (import gc) were split out from the functional ones. It
makes it easier to focus on the real changes and rubber stamp the
mechanical ones.

John
=:->
On Jul 5, 2013 4:55 AM, "Tim Penhey" <email address hidden> wrote:

> Tim Penhey has proposed merging
> lp:~thumper/juju-core/move-cert-gen-to-config into lp:juju-core.
>
> Requested reviews:
> juju hackers (juju)
>
> For more details, see:
>
> https://code.launchpad.net/~thumper/juju-core/move-cert-gen-to-config/+merge/173117
>
> Move state server cert gen to config.
>
> This code was in cloudinit directly (the environs one anyway).
> The local provider isn't going to use cloudinit to kick of
> the bootstrapped mongo service, so the method needed to be
> moved. Test added.
>
> Drive-by fix to prefix gocheck.
> --
>
> https://code.launchpad.net/~thumper/juju-core/move-cert-gen-to-config/+merge/173117
> You are subscribed to branch lp:juju-core.
>
> === modified file 'environs/cloudinit.go'
> --- environs/cloudinit.go 2013-05-31 07:39:15 +0000
> +++ environs/cloudinit.go 2013-07-05 00:54:26 +0000
> @@ -5,9 +5,7 @@
>
> import (
> "fmt"
> - "time"
>
> - "launchpad.net/juju-core/cert"
> "launchpad.net/juju-core/constraints"
> "launchpad.net/juju-core/environs/cloudinit"
> "launchpad.net/juju-core/environs/config"
> @@ -64,11 +62,7 @@
> }
>
> // These really are directly relevant to running a state server.
> - caKey, hasCAKey := cfg.CAPrivateKey()
> - if !hasCAKey {
> - return fmt.Errorf("environment configuration has no
> ca-private-key")
> - }
> - cert, key, err := cert.NewServer(cfg.Name(), caCert, caKey,
> time.Now().UTC().AddDate(10, 0, 0))
> + cert, key, err := cfg.GenerateStateServerCertAndKey()
> if err != nil {
> return fmt.Errorf("cannot generate state server
> certificate: %v", err)
> }
>
> === modified file 'environs/config/config.go'
> --- environs/config/config.go 2013-06-30 23:16:08 +0000
> +++ environs/config/config.go 2013-07-05 00:54:26 +0000
> @@ -6,12 +6,16 @@
> import (
> "fmt"
> "io/ioutil"
> - "launchpad.net/juju-core/schema"
> - "launchpad.net/juju-core/version"
> - "launchpad.net/loggo"
> "os"
> "path/filepath"
> "strings"
> + "time"
> +
> + "launchpad.net/loggo"
> +
> + "launchpad.net/juju-core/cert"
> + "launchpad.net/juju-core/schema"
> + "launchpad.net/juju-core/version"
> )
>
> var logger = loggo.GetLogger("juju.environs.config")
> @@ -428,3 +432,17 @@
> }
> return result, nil
> }
> +
> +// GenerateStateServerCertAndKey makes sure that the config has a CACert
> and
> +// CAPrivateKey, generates and retruns new certificate and key.
> +func (cfg *Config) GenerateStateServerCertAndKey() ([]byte, []byte,
> error) {
> + caCert, hasCACert := cfg.CACert()
> + if !hasCACert {
> + return nil, nil, fmt.Errorf("environment configuration has
> no ca-cert")
> + }
> + caKey, hasCAKey := cfg.CAPriv...

Revision history for this message
Ian Booth (wallyworld) wrote :

LGTM

https://codereview.appspot.com/10866044/

Revision history for this message
Go Bot (go-bot) wrote :
Download full text (8.5 KiB)

The attempt to merge lp:~thumper/juju-core/move-cert-gen-to-config into lp:juju-core failed. Below is the output from the failed tests.

charm/url.go:9:2: import "labix.org/v2/mgo/bson": cannot find package
charm/config.go:12:2: import "launchpad.net/goyaml": cannot find package
charm/meta.go:12:2: import "launchpad.net/juju-core/charm/hooks": cannot find package
charm/dir.go:12:2: import "launchpad.net/juju-core/log": cannot find package
charm/config.go:13:2: import "launchpad.net/juju-core/schema": cannot find package
cmd/cmd.go:12:2: import "launchpad.net/gnuflag": cannot find package
cmd/version.go:8:2: import "launchpad.net/juju-core/version": cannot find package
cmd/logging.go:11:2: import "launchpad.net/loggo": cannot find package
cmd/builddb/main.go:12:2: import "launchpad.net/juju-core/charm": cannot find package
cmd/builddb/main.go:13:2: import "launchpad.net/juju-core/environs": cannot find package
cmd/builddb/main.go:21:2: import "launchpad.net/juju-core/environs/all": cannot find package
cmd/builddb/main.go:14:2: import "launchpad.net/juju-core/juju": cannot find package
cmd/builddb/main.go:15:2: import "launchpad.net/juju-core/state/api/params": cannot find package
cmd/charmd/main.go:10:2: import "launchpad.net/juju-core/store": cannot find package
cmd/charmload/main.go:11:2: import "launchpad.net/lpad": cannot find package
cmd/juju/imagemetadata.go:9:2: import "launchpad.net/goose/identity": cannot find package
cmd/juju/publish.go:9:2: import "launchpad.net/juju-core/bzr": cannot find package
cmd/juju/addmachine.go:9:2: import "launchpad.net/juju-core/cmd": cannot find package
cmd/juju/addmachine.go:10:2: import "launchpad.net/juju-core/constraints": cannot find package
cmd/juju/bootstrap.go:13:2: import "launchpad.net/juju-core/environs/config": cannot find package
cmd/juju/synctools.go:14:2: import "launchpad.net/juju-core/environs/ec2": cannot find package
cmd/juju/imagemetadata.go:12:2: import "launchpad.net/juju-core/environs/imagemetadata": cannot find package
cmd/juju/synctools.go:15:2: import "launchpad.net/juju-core/environs/tools": cannot find package
cmd/juju/status.go:13:2: import "launchpad.net/juju-core/errors": cannot find package
cmd/juju/addmachine.go:11:2: import "launchpad.net/juju-core/instance": cannot find package
cmd/juju/addmachine.go:14:2: import "launchpad.net/juju-core/state": cannot find package
cmd/juju/addrelation.go:11:2: import "launchpad.net/juju-core/state/statecmd": cannot find package
cmd/juju/bootstrap.go:14:2: import "launchpad.net/juju-core/utils/set": cannot find package
cmd/jujud/upgrade.go:8:2: import "launchpad.net/juju-core/downloader": cannot find package
cmd/jujud/agent.go:11:2: import "launchpad.net/juju-core/environs/agent": cannot find package
cmd/jujud/agent.go:15:2: import "launchpad.net/juju-core/state/api": cannot find package
cmd/jujud/machine.go:15:2: import "launchpad.net/juju-core/state/api/machineagent": cannot find package
cmd/jujud/machine.go:17:2: import "launchpad.net/juju-core/state/apiserver": cannot find package
cmd/jujud/upgrade.go:14:2: import "launchpad.net/juju-core/state/watcher": cannot find package
cmd/jujud/bootstrap.go:17:2: import "launchpad.net/juju-co...

Read more...

Revision history for this message
Dave Cheney (dave-cheney) wrote :

Right, bot, where is the rest of the log >?

On Mon, Jul 8, 2013 at 12:47 PM, Go Bot <email address hidden> wrote:

> The proposal to merge lp:~thumper/juju-core/move-cert-gen-to-config into
> lp:juju-core has been updated.
>
> Status: Approved => Needs review
>
> For more details, see:
>
> https://code.launchpad.net/~thumper/juju-core/move-cert-gen-to-config/+merge/173117
> --
>
> https://code.launchpad.net/~thumper/juju-core/move-cert-gen-to-config/+merge/173117
> You are subscribed to branch lp:juju-core.
>

Revision history for this message
John A Meinel (jameinel) wrote :

That's all the log. When juju decides it needs to reinstall the charm it resets the GOPATH that I have set up in crontab.

From what I can see jujud lost connection with mongodb for a long time on July 5, and then it came back online and decided it needed to reset the charm. I don't understand why, though.

I may just take this machine out of being serviced by the tarmac charm, as it isn't quite sufficient for our needs. And it breaks things like this.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'environs/cloudinit.go'
2--- environs/cloudinit.go 2013-05-31 07:39:15 +0000
3+++ environs/cloudinit.go 2013-07-05 00:54:26 +0000
4@@ -5,9 +5,7 @@
5
6 import (
7 "fmt"
8- "time"
9
10- "launchpad.net/juju-core/cert"
11 "launchpad.net/juju-core/constraints"
12 "launchpad.net/juju-core/environs/cloudinit"
13 "launchpad.net/juju-core/environs/config"
14@@ -64,11 +62,7 @@
15 }
16
17 // These really are directly relevant to running a state server.
18- caKey, hasCAKey := cfg.CAPrivateKey()
19- if !hasCAKey {
20- return fmt.Errorf("environment configuration has no ca-private-key")
21- }
22- cert, key, err := cert.NewServer(cfg.Name(), caCert, caKey, time.Now().UTC().AddDate(10, 0, 0))
23+ cert, key, err := cfg.GenerateStateServerCertAndKey()
24 if err != nil {
25 return fmt.Errorf("cannot generate state server certificate: %v", err)
26 }
27
28=== modified file 'environs/config/config.go'
29--- environs/config/config.go 2013-06-30 23:16:08 +0000
30+++ environs/config/config.go 2013-07-05 00:54:26 +0000
31@@ -6,12 +6,16 @@
32 import (
33 "fmt"
34 "io/ioutil"
35- "launchpad.net/juju-core/schema"
36- "launchpad.net/juju-core/version"
37- "launchpad.net/loggo"
38 "os"
39 "path/filepath"
40 "strings"
41+ "time"
42+
43+ "launchpad.net/loggo"
44+
45+ "launchpad.net/juju-core/cert"
46+ "launchpad.net/juju-core/schema"
47+ "launchpad.net/juju-core/version"
48 )
49
50 var logger = loggo.GetLogger("juju.environs.config")
51@@ -428,3 +432,17 @@
52 }
53 return result, nil
54 }
55+
56+// GenerateStateServerCertAndKey makes sure that the config has a CACert and
57+// CAPrivateKey, generates and retruns new certificate and key.
58+func (cfg *Config) GenerateStateServerCertAndKey() ([]byte, []byte, error) {
59+ caCert, hasCACert := cfg.CACert()
60+ if !hasCACert {
61+ return nil, nil, fmt.Errorf("environment configuration has no ca-cert")
62+ }
63+ caKey, hasCAKey := cfg.CAPrivateKey()
64+ if !hasCAKey {
65+ return nil, nil, fmt.Errorf("environment configuration has no ca-private-key")
66+ }
67+ return cert.NewServer(cfg.Name(), caCert, caKey, time.Now().UTC().AddDate(10, 0, 0))
68+}
69
70=== modified file 'environs/config/config_test.go'
71--- environs/config/config_test.go 2013-06-28 15:16:36 +0000
72+++ environs/config/config_test.go 2013-07-05 00:54:26 +0000
73@@ -4,16 +4,21 @@
74 package config_test
75
76 import (
77- . "launchpad.net/gocheck"
78+ stdtesting "testing"
79+ "time"
80+
81+ gc "launchpad.net/gocheck"
82+
83+ "launchpad.net/juju-core/cert"
84 "launchpad.net/juju-core/environs/config"
85 "launchpad.net/juju-core/schema"
86 "launchpad.net/juju-core/testing"
87+ jc "launchpad.net/juju-core/testing/checkers"
88 "launchpad.net/juju-core/version"
89- stdtesting "testing"
90 )
91
92 func Test(t *stdtesting.T) {
93- TestingT(t)
94+ gc.TestingT(t)
95 }
96
97 type ConfigSuite struct {
98@@ -21,7 +26,7 @@
99 home string
100 }
101
102-var _ = Suite(&ConfigSuite{})
103+var _ = gc.Suite(&ConfigSuite{})
104
105 type attrs map[string]interface{}
106
107@@ -347,7 +352,7 @@
108 name, data string
109 }
110
111-func (*ConfigSuite) TestConfig(c *C) {
112+func (*ConfigSuite) TestConfig(c *gc.C) {
113 files := []testing.TestFile{
114 {".ssh/id_dsa.pub", "dsa"},
115 {".ssh/id_rsa.pub", "rsa\n"},
116@@ -390,7 +395,7 @@
117 },
118 }
119
120-func (*ConfigSuite) TestConfigNoCertFiles(c *C) {
121+func (*ConfigSuite) TestConfigNoCertFiles(c *gc.C) {
122 h := testing.MakeEmptyFakeHome(c)
123 defer h.Restore()
124 for i, test := range noCertFilesTests {
125@@ -447,7 +452,7 @@
126 },
127 }
128
129-func (*ConfigSuite) TestConfigEmptyCertFiles(c *C) {
130+func (*ConfigSuite) TestConfigEmptyCertFiles(c *gc.C) {
131 files := []testing.TestFile{
132 {".juju/my-name-cert.pem", ""},
133 {".juju/my-name-private-key.pem", ""},
134@@ -461,105 +466,105 @@
135 }
136 }
137
138-func (test configTest) check(c *C, home *testing.FakeHome) {
139+func (test configTest) check(c *gc.C, home *testing.FakeHome) {
140 cfg, err := config.New(test.attrs)
141 if test.err != "" {
142- c.Check(cfg, IsNil)
143- c.Assert(err, ErrorMatches, test.err)
144+ c.Check(cfg, gc.IsNil)
145+ c.Assert(err, gc.ErrorMatches, test.err)
146 return
147 }
148- c.Assert(err, IsNil)
149+ c.Assert(err, gc.IsNil)
150
151 typ, _ := test.attrs["type"].(string)
152 name, _ := test.attrs["name"].(string)
153- c.Assert(cfg.Type(), Equals, typ)
154- c.Assert(cfg.Name(), Equals, name)
155+ c.Assert(cfg.Type(), gc.Equals, typ)
156+ c.Assert(cfg.Name(), gc.Equals, name)
157 agentVersion, ok := cfg.AgentVersion()
158 if s := test.attrs["agent-version"]; s != nil {
159- c.Assert(ok, Equals, true)
160- c.Assert(agentVersion, Equals, version.MustParse(s.(string)))
161+ c.Assert(ok, jc.IsTrue)
162+ c.Assert(agentVersion, gc.Equals, version.MustParse(s.(string)))
163 } else {
164- c.Assert(ok, Equals, false)
165- c.Assert(agentVersion, Equals, version.Zero)
166+ c.Assert(ok, jc.IsFalse)
167+ c.Assert(agentVersion, gc.Equals, version.Zero)
168 }
169
170 if statePort, _ := test.attrs["state-port"].(int); statePort != 0 {
171- c.Assert(cfg.StatePort(), Equals, statePort)
172+ c.Assert(cfg.StatePort(), gc.Equals, statePort)
173 }
174 if apiPort, _ := test.attrs["api-port"].(int); apiPort != 0 {
175- c.Assert(cfg.APIPort(), Equals, apiPort)
176+ c.Assert(cfg.APIPort(), gc.Equals, apiPort)
177 }
178
179 dev, _ := test.attrs["development"].(bool)
180- c.Assert(cfg.Development(), Equals, dev)
181+ c.Assert(cfg.Development(), gc.Equals, dev)
182
183 if series, _ := test.attrs["default-series"].(string); series != "" {
184- c.Assert(cfg.DefaultSeries(), Equals, series)
185+ c.Assert(cfg.DefaultSeries(), gc.Equals, series)
186 } else {
187- c.Assert(cfg.DefaultSeries(), Equals, config.DefaultSeries)
188+ c.Assert(cfg.DefaultSeries(), gc.Equals, config.DefaultSeries)
189 }
190
191 if m, _ := test.attrs["firewall-mode"].(string); m != "" {
192- c.Assert(cfg.FirewallMode(), Equals, config.FirewallMode(m))
193+ c.Assert(cfg.FirewallMode(), gc.Equals, config.FirewallMode(m))
194 }
195
196 if secret, _ := test.attrs["admin-secret"].(string); secret != "" {
197- c.Assert(cfg.AdminSecret(), Equals, secret)
198+ c.Assert(cfg.AdminSecret(), gc.Equals, secret)
199 }
200
201 if path, _ := test.attrs["authorized-keys-path"].(string); path != "" {
202- c.Assert(cfg.AuthorizedKeys(), Equals, home.FileContents(c, path))
203- c.Assert(cfg.AllAttrs()["authorized-keys-path"], Equals, nil)
204+ c.Assert(cfg.AuthorizedKeys(), gc.Equals, home.FileContents(c, path))
205+ c.Assert(cfg.AllAttrs()["authorized-keys-path"], gc.IsNil)
206 } else if keys, _ := test.attrs["authorized-keys"].(string); keys != "" {
207- c.Assert(cfg.AuthorizedKeys(), Equals, keys)
208+ c.Assert(cfg.AuthorizedKeys(), gc.Equals, keys)
209 } else {
210 // Content of all the files that are read by default.
211 want := "dsa\nrsa\nidentity\n"
212- c.Assert(cfg.AuthorizedKeys(), Equals, want)
213+ c.Assert(cfg.AuthorizedKeys(), gc.Equals, want)
214 }
215
216 cert, certPresent := cfg.CACert()
217 if path, _ := test.attrs["ca-cert-path"].(string); path != "" {
218- c.Assert(certPresent, Equals, true)
219- c.Assert(string(cert), Equals, home.FileContents(c, path))
220+ c.Assert(certPresent, jc.IsTrue)
221+ c.Assert(string(cert), gc.Equals, home.FileContents(c, path))
222 } else if v, ok := test.attrs["ca-cert"].(string); v != "" {
223- c.Assert(certPresent, Equals, true)
224- c.Assert(string(cert), Equals, v)
225+ c.Assert(certPresent, jc.IsTrue)
226+ c.Assert(string(cert), gc.Equals, v)
227 } else if ok {
228- c.Check(cert, HasLen, 0)
229- c.Assert(certPresent, Equals, false)
230+ c.Check(cert, gc.HasLen, 0)
231+ c.Assert(certPresent, jc.IsFalse)
232 } else if home.FileExists(".juju/my-name-cert.pem") {
233- c.Assert(certPresent, Equals, true)
234- c.Assert(string(cert), Equals, home.FileContents(c, "my-name-cert.pem"))
235+ c.Assert(certPresent, jc.IsTrue)
236+ c.Assert(string(cert), gc.Equals, home.FileContents(c, "my-name-cert.pem"))
237 } else {
238- c.Check(cert, HasLen, 0)
239- c.Assert(certPresent, Equals, false)
240+ c.Check(cert, gc.HasLen, 0)
241+ c.Assert(certPresent, jc.IsFalse)
242 }
243
244 key, keyPresent := cfg.CAPrivateKey()
245 if path, _ := test.attrs["ca-private-key-path"].(string); path != "" {
246- c.Assert(keyPresent, Equals, true)
247- c.Assert(string(key), Equals, home.FileContents(c, path))
248+ c.Assert(keyPresent, jc.IsTrue)
249+ c.Assert(string(key), gc.Equals, home.FileContents(c, path))
250 } else if v, ok := test.attrs["ca-private-key"].(string); v != "" {
251- c.Assert(keyPresent, Equals, true)
252- c.Assert(string(key), Equals, v)
253+ c.Assert(keyPresent, jc.IsTrue)
254+ c.Assert(string(key), gc.Equals, v)
255 } else if ok {
256- c.Check(key, HasLen, 0)
257- c.Assert(keyPresent, Equals, false)
258+ c.Check(key, gc.HasLen, 0)
259+ c.Assert(keyPresent, jc.IsFalse)
260 } else if home.FileExists(".juju/my-name-private-key.pem") {
261- c.Assert(keyPresent, Equals, true)
262- c.Assert(string(key), Equals, home.FileContents(c, "my-name-private-key.pem"))
263+ c.Assert(keyPresent, jc.IsTrue)
264+ c.Assert(string(key), gc.Equals, home.FileContents(c, "my-name-private-key.pem"))
265 } else {
266- c.Check(key, HasLen, 0)
267- c.Assert(keyPresent, Equals, false)
268+ c.Check(key, gc.HasLen, 0)
269+ c.Assert(keyPresent, jc.IsFalse)
270 }
271
272 if v, ok := test.attrs["ssl-hostname-verification"]; ok {
273- c.Assert(cfg.SSLHostnameVerification(), Equals, v)
274+ c.Assert(cfg.SSLHostnameVerification(), gc.Equals, v)
275 }
276 }
277
278-func (*ConfigSuite) TestConfigAttrs(c *C) {
279+func (*ConfigSuite) TestConfigAttrs(c *gc.C) {
280 attrs := map[string]interface{}{
281 "type": "my-type",
282 "name": "my-name",
283@@ -572,15 +577,15 @@
284 "ssl-hostname-verification": true,
285 }
286 cfg, err := config.New(attrs)
287- c.Assert(err, IsNil)
288+ c.Assert(err, gc.IsNil)
289
290 // These attributes are added if not set.
291 attrs["development"] = false
292 attrs["default-series"] = config.DefaultSeries
293 // Default firewall mode is instance
294 attrs["firewall-mode"] = string(config.FwInstance)
295- c.Assert(cfg.AllAttrs(), DeepEquals, attrs)
296- c.Assert(cfg.UnknownAttrs(), DeepEquals, map[string]interface{}{"unknown": "my-unknown"})
297+ c.Assert(cfg.AllAttrs(), gc.DeepEquals, attrs)
298+ c.Assert(cfg.UnknownAttrs(), gc.DeepEquals, map[string]interface{}{"unknown": "my-unknown"})
299
300 newcfg, err := cfg.Apply(map[string]interface{}{
301 "name": "new-name",
302@@ -589,7 +594,7 @@
303
304 attrs["name"] = "new-name"
305 attrs["new-unknown"] = "my-new-unknown"
306- c.Assert(newcfg.AllAttrs(), DeepEquals, attrs)
307+ c.Assert(newcfg.AllAttrs(), gc.DeepEquals, attrs)
308 }
309
310 type validationTest struct {
311@@ -655,7 +660,7 @@
312 err: `cannot change api-port from 17070 to 42`,
313 }}
314
315-func (*ConfigSuite) TestValidateChange(c *C) {
316+func (*ConfigSuite) TestValidateChange(c *gc.C) {
317 files := []testing.TestFile{
318 {".ssh/identity.pub", "identity"},
319 }
320@@ -668,14 +673,14 @@
321 oldConfig := newTestConfig(c, test.old)
322 err := config.Validate(newConfig, oldConfig)
323 if test.err == "" {
324- c.Assert(err, IsNil)
325+ c.Assert(err, gc.IsNil)
326 } else {
327- c.Assert(err, ErrorMatches, test.err)
328+ c.Assert(err, gc.ErrorMatches, test.err)
329 }
330 }
331 }
332
333-func (*ConfigSuite) TestValidateUnknownAttrs(c *C) {
334+func (*ConfigSuite) TestValidateUnknownAttrs(c *gc.C) {
335 defer testing.MakeFakeHomeWithFiles(c, []testing.TestFile{
336 {".ssh/id_rsa.pub", "rsa\n"},
337 {".juju/myenv-cert.pem", caCert},
338@@ -690,8 +695,8 @@
339
340 // No fields: all attrs passed through.
341 attrs, err := cfg.ValidateUnknownAttrs(nil, nil)
342- c.Assert(err, IsNil)
343- c.Assert(attrs, DeepEquals, map[string]interface{}{
344+ c.Assert(err, gc.IsNil)
345+ c.Assert(attrs, gc.DeepEquals, map[string]interface{}{
346 "known": "this",
347 "unknown": "that",
348 })
349@@ -699,8 +704,8 @@
350 // Valid field: that and other attrs passed through.
351 fields := schema.Fields{"known": schema.String()}
352 attrs, err = cfg.ValidateUnknownAttrs(fields, nil)
353- c.Assert(err, IsNil)
354- c.Assert(attrs, DeepEquals, map[string]interface{}{
355+ c.Assert(err, gc.IsNil)
356+ c.Assert(attrs, gc.DeepEquals, map[string]interface{}{
357 "known": "this",
358 "unknown": "that",
359 })
360@@ -709,8 +714,8 @@
361 fields["default"] = schema.String()
362 defaults := schema.Defaults{"default": "the other"}
363 attrs, err = cfg.ValidateUnknownAttrs(fields, defaults)
364- c.Assert(err, IsNil)
365- c.Assert(attrs, DeepEquals, map[string]interface{}{
366+ c.Assert(err, gc.IsNil)
367+ c.Assert(attrs, gc.DeepEquals, map[string]interface{}{
368 "known": "this",
369 "unknown": "that",
370 "default": "the other",
371@@ -719,19 +724,73 @@
372 // Invalid field: failure.
373 fields["known"] = schema.Int()
374 _, err = cfg.ValidateUnknownAttrs(fields, defaults)
375- c.Assert(err, ErrorMatches, `known: expected int, got "this"`)
376+ c.Assert(err, gc.ErrorMatches, `known: expected int, got "this"`)
377 }
378
379-func newTestConfig(c *C, explicit attrs) *config.Config {
380+func newTestConfig(c *gc.C, explicit attrs) *config.Config {
381 final := attrs{"type": "my-type", "name": "my-name"}
382 for key, value := range explicit {
383 final[key] = value
384 }
385 result, err := config.New(final)
386- c.Assert(err, IsNil)
387+ c.Assert(err, gc.IsNil)
388 return result
389 }
390
391+func (*ConfigSuite) TestGenerateStateServerCertAndKey(c *gc.C) {
392+ // In order to test missing certs, it checks the JUJU_HOME dir, so we need
393+ // a fake home.
394+ defer testing.MakeFakeHomeWithFiles(c, []testing.TestFile{
395+ {".ssh/id_rsa.pub", "rsa\n"},
396+ }).Restore()
397+
398+ for _, test := range []struct {
399+ configValues map[string]interface{}
400+ errMatch string
401+ }{{
402+ configValues: map[string]interface{}{
403+ "name": "test-no-certs",
404+ "type": "dummy",
405+ },
406+ errMatch: "environment configuration has no ca-cert",
407+ }, {
408+ configValues: map[string]interface{}{
409+ "name": "test-no-certs",
410+ "type": "dummy",
411+ "ca-cert": testing.CACert,
412+ },
413+ errMatch: "environment configuration has no ca-private-key",
414+ }, {
415+ configValues: map[string]interface{}{
416+ "name": "test-no-certs",
417+ "type": "dummy",
418+ "ca-cert": testing.CACert,
419+ "ca-private-key": testing.CAKey,
420+ },
421+ }} {
422+ cfg, err := config.New(test.configValues)
423+ c.Assert(err, gc.IsNil)
424+ certPEM, keyPEM, err := cfg.GenerateStateServerCertAndKey()
425+ if test.errMatch == "" {
426+ c.Assert(err, gc.IsNil)
427+
428+ _, _, err = cert.ParseCertAndKey(certPEM, keyPEM)
429+ c.Check(err, gc.IsNil)
430+
431+ err = cert.Verify(certPEM, []byte(testing.CACert), time.Now())
432+ c.Assert(err, gc.IsNil)
433+ err = cert.Verify(certPEM, []byte(testing.CACert), time.Now().AddDate(9, 0, 0))
434+ c.Assert(err, gc.IsNil)
435+ err = cert.Verify(certPEM, []byte(testing.CACert), time.Now().AddDate(10, 0, 1))
436+ c.Assert(err, gc.NotNil)
437+ } else {
438+ c.Assert(err, gc.ErrorMatches, test.errMatch)
439+ c.Assert(certPEM, gc.IsNil)
440+ c.Assert(keyPEM, gc.IsNil)
441+ }
442+ }
443+}
444+
445 var caCert = `
446 -----BEGIN CERTIFICATE-----
447 MIIBjDCCATigAwIBAgIBADALBgkqhkiG9w0BAQUwHjENMAsGA1UEChMEanVqdTEN

Subscribers

People subscribed via source and target branches

to status/vote changes: