package testutils
import "github.com/moby/swarmkit/v2/ca/testutils"
Index ¶
- Variables
- func CreateCertFromSigner(rootCN string, priv crypto.Signer) ([]byte, error)
- func CreateRootCertAndKey(rootCN string) ([]byte, []byte, error)
- func ReDateCert(t *testing.T, cert, signerCert, signerKey []byte, notBefore, notAfter time.Time) []byte
- type ExternalSigningServer
- func NewExternalSigningServer(rootCA ca.RootCA, basedir string) (*ExternalSigningServer, error)
- func (ess *ExternalSigningServer) Deflake()
- func (ess *ExternalSigningServer) DisableCASigning()
- func (ess *ExternalSigningServer) EnableCASigning() error
- func (ess *ExternalSigningServer) Flake()
- func (ess *ExternalSigningServer) Stop() error
- type TestCA
- func NewFIPSTestCA(t *testing.T) *TestCA
- func NewTestCA(t *testing.T, krwGenerators ...func(ca.CertPaths) *ca.KeyReadWriter) *TestCA
- func NewTestCAFromAPIRootCA(t *testing.T, tempBaseDir string, apiRootCA api.RootCA, krwGenerators []func(ca.CertPaths) *ca.KeyReadWriter) *TestCA
- func (tc *TestCA) NewNodeConfig(role string) (*ca.SecurityConfig, error)
- func (tc *TestCA) NewNodeConfigOrg(role, org string) (*ca.SecurityConfig, error)
- func (tc *TestCA) Stop()
- func (tc *TestCA) WriteNewNodeConfig(role string) (*ca.SecurityConfig, error)
Variables ¶
var ( NotYetValidCert = []byte("" /* 553 byte string literal not displayed */, ) NotYetValidKey = []byte("" /* 230 byte string literal not displayed */, ) ExpiredCert = []byte("" /* 549 byte string literal not displayed */, ) ExpiredKey = []byte("" /* 230 byte string literal not displayed */, ) RSA2048SHA256Cert = []byte("" /* 1292 byte string literal not displayed */, ) RSA2048SHA1Cert = []byte("" /* 1292 byte string literal not displayed */, ) RSA2048Key = []byte("" /* 1682 byte string literal not displayed */, ) RSA1024Cert = []byte("" /* 939 byte string literal not displayed */, ) RSA1024Key = []byte("" /* 890 byte string literal not displayed */, ) ECDSA224Cert = []byte("" /* 732 byte string literal not displayed */, ) ECDSA224Key = []byte("" /* 210 byte string literal not displayed */, ) ECDSA256SHA256Cert = []byte("" /* 756 byte string literal not displayed */, ) ECDSA256SHA1Cert = []byte("" /* 756 byte string literal not displayed */, ) ECDSA256Key = []byte("" /* 230 byte string literal not displayed */, ) DSA2048Cert = []byte("" /* 1723 byte string literal not displayed */, ) DSA2048Key = []byte("" /* 1195 byte string literal not displayed */, ) ECDSACertChain = [][]byte{ []byte("" /* 712 byte string literal not displayed */, ), []byte("" /* 598 byte string literal not displayed */, ), []byte("" /* 553 byte string literal not displayed */, ), } ECDSACertChainKeys = [][]byte{ []byte("" /* 230 byte string literal not displayed */, ), []byte("" /* 230 byte string literal not displayed */, ), []byte("" /* 230 byte string literal not displayed */, ), } ECDSACertChainPKCS8Keys = [][]byte{ []byte("" /* 245 byte string literal not displayed */), []byte("" /* 245 byte string literal not displayed */), []byte("" /* 245 byte string literal not displayed */), } )
var External bool
External controls whether or not NewTestCA() will create a TestCA server configured to use an external signer or not.
Functions ¶
func CreateCertFromSigner ¶
CreateCertFromSigner creates a Certificate authority for a new Swarm Cluster given an existing key only.
func CreateRootCertAndKey ¶
CreateRootCertAndKey returns a generated certificate and key for a root CA
func ReDateCert ¶
func ReDateCert(t *testing.T, cert, signerCert, signerKey []byte, notBefore, notAfter time.Time) []byte
ReDateCert takes an existing cert and changes the not before and not after date, to make it easier to test expiry
Types ¶
type ExternalSigningServer ¶
type ExternalSigningServer struct {
NumIssued uint64
URL string
// contains filtered or unexported fields
}
ExternalSigningServer runs an HTTPS server with an endpoint at a specified URL which signs node certificate requests from a swarm manager client.
func NewExternalSigningServer ¶
func NewExternalSigningServer(rootCA ca.RootCA, basedir string) (*ExternalSigningServer, error)
NewExternalSigningServer creates and runs a new ExternalSigningServer which uses the given rootCA to sign node certificates. A server key and cert are generated and saved into the given basedir and then a TLS listener is started on a random available port. On success, an HTTPS server will be running in a separate goroutine. The URL of the singing endpoint is available in the returned *ExternalSignerServer value. Calling the Close() method will stop the server.
func (*ExternalSigningServer) Deflake ¶
func (ess *ExternalSigningServer) Deflake()
Deflake restores normal operation after a call to Flake.
func (*ExternalSigningServer) DisableCASigning ¶
func (ess *ExternalSigningServer) DisableCASigning()
DisableCASigning prevents the server from being able to sign CA certificates
func (*ExternalSigningServer) EnableCASigning ¶
func (ess *ExternalSigningServer) EnableCASigning() error
EnableCASigning updates the root CA signer to be able to sign CAs
func (*ExternalSigningServer) Flake ¶
func (ess *ExternalSigningServer) Flake()
Flake makes the signing server return HTTP 500 errors.
func (*ExternalSigningServer) Stop ¶
func (ess *ExternalSigningServer) Stop() error
Stop stops this signing server by closing the underlying TCP/TLS listener.
type TestCA ¶
type TestCA struct {
RootCA ca.RootCA
ExternalSigningServer *ExternalSigningServer
MemoryStore *store.MemoryStore
Addr, TempDir, Organization string
Paths *ca.SecurityConfigPaths
Server *grpc.Server
ServingSecurityConfig *ca.SecurityConfig
CAServer *ca.Server
Context context.Context
NodeCAClients []api.NodeCAClient
CAClients []api.CAClient
Conns []*grpc.ClientConn
WorkerToken string
ManagerToken string
ConnBroker *connectionbroker.Broker
KeyReadWriter *ca.KeyReadWriter
// contains filtered or unexported fields
}
TestCA is a structure that encapsulates everything needed to test a CA Server
func NewFIPSTestCA ¶
NewFIPSTestCA is a helper method that creates a mandatory fips TestCA and a bunch of default connections and security configs.
func NewTestCA ¶
NewTestCA is a helper method that creates a TestCA and a bunch of default connections and security configs.
func NewTestCAFromAPIRootCA ¶
func NewTestCAFromAPIRootCA(t *testing.T, tempBaseDir string, apiRootCA api.RootCA, krwGenerators []func(ca.CertPaths) *ca.KeyReadWriter) *TestCA
NewTestCAFromAPIRootCA is a helper method that creates a TestCA and a bunch of default connections and security configs, given a temp directory and an api.RootCA to use for creating a cluster and for signing.
func (*TestCA) NewNodeConfig ¶
func (tc *TestCA) NewNodeConfig(role string) (*ca.SecurityConfig, error)
NewNodeConfig returns security config for a new node, given a role
func (*TestCA) NewNodeConfigOrg ¶
func (tc *TestCA) NewNodeConfigOrg(role, org string) (*ca.SecurityConfig, error)
NewNodeConfigOrg returns security config for a new node, given a role and an org
func (*TestCA) Stop ¶
func (tc *TestCA) Stop()
Stop cleans up after TestCA
func (*TestCA) WriteNewNodeConfig ¶
func (tc *TestCA) WriteNewNodeConfig(role string) (*ca.SecurityConfig, error)
WriteNewNodeConfig returns security config for a new node, given a role saving the generated key and certificates to disk
Source Files ¶
cautils.go externalutils.go staticcerts.go
- Version
- v2.1.1 (latest)
- Published
- Oct 7, 2025
- Platform
- linux/amd64
- Imports
- 41 packages
- Last checked
- 4 months ago –
Tools for package owners.