func (s *CertUpdaterSuite) TestStartStop(c *gc.C) {
var initialAddresses []string
setter := func(info params.StateServingInfo, dying <-chan struct{}) error {
// Only care about first time called.
if len(initialAddresses) > 0 {
return nil
}
srvCert, err := cert.ParseCert(info.Cert)
c.Assert(err, jc.ErrorIsNil)
initialAddresses = make([]string, len(srvCert.IPAddresses))
for i, ip := range srvCert.IPAddresses {
initialAddresses[i] = ip.String()
}
return nil
}
changes := make(chan struct{})
certChangedChan := make(chan params.StateServingInfo)
worker := certupdater.NewCertificateUpdater(
&mockMachine{changes}, s, &mockConfigGetter{}, &mockAPIHostGetter{}, setter, certChangedChan,
)
worker.Kill()
c.Assert(worker.Wait(), gc.IsNil)
// Initial cert addresses initialised to cloud local ones.
c.Assert(initialAddresses, jc.DeepEquals, []string{"192.168.1.1"})
}
func (s *CertUpdaterSuite) TestStartStop(c *gc.C) {
setter := func(info params.StateServingInfo, dying <-chan struct{}) error {
return nil
}
changes := make(chan struct{})
certChangedChan := make(chan params.StateServingInfo)
worker := certupdater.NewCertificateUpdater(
&mockMachine{changes}, &mockStateServingGetter{}, &mockConfigGetter{}, setter, certChangedChan,
)
worker.Kill()
c.Assert(worker.Wait(), gc.IsNil)
}
func (s *CertUpdaterSuite) TestAddressChange(c *gc.C) {
var srvCert *x509.Certificate
updated := make(chan struct{})
setter := func(info params.StateServingInfo, dying <-chan struct{}) error {
s.stateServingInfo = info
var err error
srvCert, err = cert.ParseCert(info.Cert)
c.Assert(err, jc.ErrorIsNil)
sanIPs := make([]string, len(srvCert.IPAddresses))
for i, ip := range srvCert.IPAddresses {
sanIPs[i] = ip.String()
}
sanIPsSet := set.NewStrings(sanIPs...)
if sanIPsSet.Size() == 2 && sanIPsSet.Contains("0.1.2.3") && sanIPsSet.Contains("192.168.1.1") {
close(updated)
}
return nil
}
changes := make(chan struct{})
certChangedChan := make(chan params.StateServingInfo)
worker := certupdater.NewCertificateUpdater(
&mockMachine{changes}, s, &mockConfigGetter{}, &mockAPIHostGetter{}, setter, certChangedChan,
)
defer func() { c.Assert(worker.Wait(), gc.IsNil) }()
defer worker.Kill()
changes <- struct{}{}
// Certificate should be updated with the address value.
select {
case <-updated:
case <-time.After(coretesting.LongWait):
c.Fatalf("timed out waiting for certificate to be updated")
}
// The server certificates must report "juju-apiserver" as a DNS
// name for backwards-compatibility with API clients. They must
// also report "juju-mongodb" because these certicates are also
// used for serving MongoDB connections.
c.Assert(srvCert.DNSNames, jc.SameContents,
[]string{"localhost", "juju-apiserver", "juju-mongodb", "anything"})
}
func (s *CertUpdaterSuite) TestAddressChangeNoCAKey(c *gc.C) {
updated := make(chan struct{})
setter := func(info params.StateServingInfo, dying <-chan struct{}) error {
close(updated)
return nil
}
changes := make(chan struct{})
worker := certupdater.NewCertificateUpdater(
&mockMachine{changes}, &mockStateServingGetterNoCAKey{}, &mockConfigGetter{}, &mockAPIHostGetter{}, setter,
)
defer func() { c.Assert(worker.Wait(), gc.IsNil) }()
defer worker.Kill()
changes <- struct{}{}
// Certificate should not be updated with the address value.
select {
case <-time.After(coretesting.ShortWait):
case <-updated:
c.Fatalf("set state serving info unexpectedly called")
}
}
