package testutils
import "github.com/moby/swarmkit/v2/ca/testutils"
Index ¶
- Variables
- func CreateCertFromSigner(rootCN string, priv crypto.Signer) ([]byte, error)
- func CreateRootCertAndKey(rootCN string) ([]byte, []byte, error)
- func ReDateCert(t *testing.T, cert, signerCert, signerKey []byte, notBefore, notAfter time.Time) []byte
- type ExternalSigningServer
- func NewExternalSigningServer(rootCA ca.RootCA, basedir string) (*ExternalSigningServer, error)
- func (ess *ExternalSigningServer) Deflake()
- func (ess *ExternalSigningServer) DisableCASigning()
- func (ess *ExternalSigningServer) EnableCASigning() error
- func (ess *ExternalSigningServer) Flake()
- func (ess *ExternalSigningServer) Stop() error
- type TestCA
- func NewFIPSTestCA(t *testing.T) *TestCA
- func NewTestCA(t *testing.T, krwGenerators ...func(ca.CertPaths) *ca.KeyReadWriter) *TestCA
- func NewTestCAFromAPIRootCA(t *testing.T, tempBaseDir string, apiRootCA api.RootCA, krwGenerators []func(ca.CertPaths) *ca.KeyReadWriter) *TestCA
- func (tc *TestCA) NewNodeConfig(role string) (*ca.SecurityConfig, error)
- func (tc *TestCA) NewNodeConfigOrg(role, org string) (*ca.SecurityConfig, error)
- func (tc *TestCA) Stop()
- func (tc *TestCA) WriteNewNodeConfig(role string) (*ca.SecurityConfig, error)
Variables ¶
var ( NotYetValidCert = []byte("" /* 553 byte string literal not displayed */, ) NotYetValidKey = []byte("" /* 230 byte string literal not displayed */, ) ExpiredCert = []byte("" /* 549 byte string literal not displayed */, ) ExpiredKey = []byte("" /* 230 byte string literal not displayed */, ) RSA2048SHA256Cert = []byte("" /* 1292 byte string literal not displayed */, ) RSA2048SHA1Cert = []byte("" /* 1292 byte string literal not displayed */, ) RSA2048Key = []byte("" /* 1682 byte string literal not displayed */, ) RSA1024Cert = []byte("" /* 939 byte string literal not displayed */, ) RSA1024Key = []byte("" /* 890 byte string literal not displayed */, ) ECDSA224Cert = []byte("" /* 732 byte string literal not displayed */, ) ECDSA224Key = []byte("" /* 210 byte string literal not displayed */, ) ECDSA256SHA256Cert = []byte("" /* 756 byte string literal not displayed */, ) ECDSA256SHA1Cert = []byte("" /* 756 byte string literal not displayed */, ) ECDSA256Key = []byte("" /* 230 byte string literal not displayed */, ) DSA2048Cert = []byte("" /* 1723 byte string literal not displayed */, ) DSA2048Key = []byte("" /* 1195 byte string literal not displayed */, ) ECDSACertChain = [][]byte{ []byte("" /* 712 byte string literal not displayed */, ), []byte("" /* 598 byte string literal not displayed */, ), []byte("" /* 553 byte string literal not displayed */, ), } ECDSACertChainKeys = [][]byte{ []byte("" /* 230 byte string literal not displayed */, ), []byte("" /* 230 byte string literal not displayed */, ), []byte("" /* 230 byte string literal not displayed */, ), } ECDSACertChainPKCS8Keys = [][]byte{ []byte("" /* 245 byte string literal not displayed */), []byte("" /* 245 byte string literal not displayed */), []byte("" /* 245 byte string literal not displayed */), } )
var External bool
External controls whether or not NewTestCA() will create a TestCA server configured to use an external signer or not.
Functions ¶
func CreateCertFromSigner ¶
CreateCertFromSigner creates a Certificate authority for a new Swarm Cluster given an existing key only.
func CreateRootCertAndKey ¶
CreateRootCertAndKey returns a generated certificate and key for a root CA
func ReDateCert ¶
func ReDateCert(t *testing.T, cert, signerCert, signerKey []byte, notBefore, notAfter time.Time) []byte
ReDateCert takes an existing cert and changes the not before and not after date, to make it easier to test expiry
Types ¶
type ExternalSigningServer ¶
type ExternalSigningServer struct { NumIssued uint64 URL string // contains filtered or unexported fields }
ExternalSigningServer runs an HTTPS server with an endpoint at a specified URL which signs node certificate requests from a swarm manager client.
func NewExternalSigningServer ¶
func NewExternalSigningServer(rootCA ca.RootCA, basedir string) (*ExternalSigningServer, error)
NewExternalSigningServer creates and runs a new ExternalSigningServer which uses the given rootCA to sign node certificates. A server key and cert are generated and saved into the given basedir and then a TLS listener is started on a random available port. On success, an HTTPS server will be running in a separate goroutine. The URL of the singing endpoint is available in the returned *ExternalSignerServer value. Calling the Close() method will stop the server.
func (*ExternalSigningServer) Deflake ¶
func (ess *ExternalSigningServer) Deflake()
Deflake restores normal operation after a call to Flake.
func (*ExternalSigningServer) DisableCASigning ¶
func (ess *ExternalSigningServer) DisableCASigning()
DisableCASigning prevents the server from being able to sign CA certificates
func (*ExternalSigningServer) EnableCASigning ¶
func (ess *ExternalSigningServer) EnableCASigning() error
EnableCASigning updates the root CA signer to be able to sign CAs
func (*ExternalSigningServer) Flake ¶
func (ess *ExternalSigningServer) Flake()
Flake makes the signing server return HTTP 500 errors.
func (*ExternalSigningServer) Stop ¶
func (ess *ExternalSigningServer) Stop() error
Stop stops this signing server by closing the underlying TCP/TLS listener.
type TestCA ¶
type TestCA struct { RootCA ca.RootCA ExternalSigningServer *ExternalSigningServer MemoryStore *store.MemoryStore Addr, TempDir, Organization string Paths *ca.SecurityConfigPaths Server *grpc.Server ServingSecurityConfig *ca.SecurityConfig CAServer *ca.Server Context context.Context NodeCAClients []api.NodeCAClient CAClients []api.CAClient Conns []*grpc.ClientConn WorkerToken string ManagerToken string ConnBroker *connectionbroker.Broker KeyReadWriter *ca.KeyReadWriter // contains filtered or unexported fields }
TestCA is a structure that encapsulates everything needed to test a CA Server
func NewFIPSTestCA ¶
NewFIPSTestCA is a helper method that creates a mandatory fips TestCA and a bunch of default connections and security configs.
func NewTestCA ¶
NewTestCA is a helper method that creates a TestCA and a bunch of default connections and security configs.
func NewTestCAFromAPIRootCA ¶
func NewTestCAFromAPIRootCA(t *testing.T, tempBaseDir string, apiRootCA api.RootCA, krwGenerators []func(ca.CertPaths) *ca.KeyReadWriter) *TestCA
NewTestCAFromAPIRootCA is a helper method that creates a TestCA and a bunch of default connections and security configs, given a temp directory and an api.RootCA to use for creating a cluster and for signing.
func (*TestCA) NewNodeConfig ¶
func (tc *TestCA) NewNodeConfig(role string) (*ca.SecurityConfig, error)
NewNodeConfig returns security config for a new node, given a role
func (*TestCA) NewNodeConfigOrg ¶
func (tc *TestCA) NewNodeConfigOrg(role, org string) (*ca.SecurityConfig, error)
NewNodeConfigOrg returns security config for a new node, given a role and an org
func (*TestCA) Stop ¶
func (tc *TestCA) Stop()
Stop cleans up after TestCA
func (*TestCA) WriteNewNodeConfig ¶
func (tc *TestCA) WriteNewNodeConfig(role string) (*ca.SecurityConfig, error)
WriteNewNodeConfig returns security config for a new node, given a role saving the generated key and certificates to disk
Source Files ¶
cautils.go externalutils.go staticcerts.go
- Version
- v2.0.0-20250103191802-8c1959736554 (latest)
- Published
- Jan 3, 2025
- Platform
- linux/amd64
- Imports
- 41 packages
- Last checked
- 1 week ago –
Tools for package owners.