func (s *ConfigSuite) TestGenerateStateServerCertAndKey(c *gc.C) { // Add a cert. s.FakeHomeSuite.Home.AddFiles(c, testing.TestFile{".ssh/id_rsa.pub", "rsa\n"}) for _, test := range []struct { configValues map[string]interface{} errMatch string }{{ configValues: map[string]interface{}{ "name": "test-no-certs", "type": "dummy", }, errMatch: "environment configuration has no ca-cert", }, { configValues: map[string]interface{}{ "name": "test-no-certs", "type": "dummy", "ca-cert": testing.CACert, }, errMatch: "environment configuration has no ca-private-key", }, { configValues: map[string]interface{}{ "name": "test-no-certs", "type": "dummy", "ca-cert": testing.CACert, "ca-private-key": testing.CAKey, }, }} { cfg, err := config.New(config.UseDefaults, test.configValues) c.Assert(err, gc.IsNil) certPEM, keyPEM, err := cfg.GenerateStateServerCertAndKey() if test.errMatch == "" { c.Assert(err, gc.IsNil) _, _, err = cert.ParseCertAndKey(certPEM, keyPEM) c.Check(err, gc.IsNil) err = cert.Verify(certPEM, testing.CACert, time.Now()) c.Assert(err, gc.IsNil) err = cert.Verify(certPEM, testing.CACert, time.Now().AddDate(9, 0, 0)) c.Assert(err, gc.IsNil) err = cert.Verify(certPEM, testing.CACert, time.Now().AddDate(10, 0, 1)) c.Assert(err, gc.NotNil) } else { c.Assert(err, gc.ErrorMatches, test.errMatch) c.Assert(certPEM, gc.Equals, "") c.Assert(keyPEM, gc.Equals, "") } } }
func (s *RsyslogSuite) TestModeAccumulate(c *gc.C) { st, m := s.st, s.machine worker, err := rsyslog.NewRsyslogConfigWorker(st.Rsyslog(), rsyslog.RsyslogModeAccumulate, m.Tag(), "", nil) c.Assert(err, gc.IsNil) defer func() { c.Assert(worker.Wait(), gc.IsNil) }() defer worker.Kill() waitForFile(c, filepath.Join(*rsyslog.LogDir, "ca-cert.pem")) // We should have ca-cert.pem, rsyslog-cert.pem, and rsyslog-key.pem. caCertPEM, err := ioutil.ReadFile(filepath.Join(*rsyslog.LogDir, "ca-cert.pem")) c.Assert(err, gc.IsNil) rsyslogCertPEM, err := ioutil.ReadFile(filepath.Join(*rsyslog.LogDir, "rsyslog-cert.pem")) c.Assert(err, gc.IsNil) rsyslogKeyPEM, err := ioutil.ReadFile(filepath.Join(*rsyslog.LogDir, "rsyslog-key.pem")) c.Assert(err, gc.IsNil) _, _, err = cert.ParseCertAndKey(string(rsyslogCertPEM), string(rsyslogKeyPEM)) c.Assert(err, gc.IsNil) err = cert.Verify(string(rsyslogCertPEM), string(caCertPEM), time.Now().UTC()) c.Assert(err, gc.IsNil) // Verify rsyslog configuration. waitForFile(c, filepath.Join(*rsyslog.RsyslogConfDir, "25-juju.conf")) rsyslogConf, err := ioutil.ReadFile(filepath.Join(*rsyslog.RsyslogConfDir, "25-juju.conf")) c.Assert(err, gc.IsNil) syslogPort := s.Conn.Environ.Config().SyslogPort() syslogConfig := syslog.NewAccumulateConfig(m.Tag(), *rsyslog.LogDir, syslogPort, "", []string{}) syslogConfig.ConfigDir = *rsyslog.RsyslogConfDir rendered, err := syslogConfig.Render() c.Assert(err, gc.IsNil) c.Assert(string(rsyslogConf), gc.DeepEquals, string(rendered)) }
func (s *CloudInitSuite) TestFinishBootstrapConfig(c *gc.C) { attrs := dummySampleConfig().Merge(testing.Attrs{ "authorized-keys": "we-are-the-keys", "admin-secret": "lisboan-pork", "agent-version": "1.2.3", "state-server": false, }) cfg, err := config.New(config.NoDefaults, attrs) c.Assert(err, gc.IsNil) oldAttrs := cfg.AllAttrs() mcfg := &cloudinit.MachineConfig{ Bootstrap: true, } cons := constraints.MustParse("mem=1T cpu-power=999999999") err = environs.FinishMachineConfig(mcfg, cfg, cons) c.Assert(err, gc.IsNil) c.Check(mcfg.AuthorizedKeys, gc.Equals, "we-are-the-keys") c.Check(mcfg.DisableSSLHostnameVerification, jc.IsFalse) password := utils.UserPasswordHash("lisboan-pork", utils.CompatSalt) c.Check(mcfg.APIInfo, gc.DeepEquals, &api.Info{ Password: password, CACert: testing.CACert, }) c.Check(mcfg.StateInfo, gc.DeepEquals, &state.Info{ Password: password, CACert: testing.CACert, }) c.Check(mcfg.StateServingInfo.StatePort, gc.Equals, cfg.StatePort()) c.Check(mcfg.StateServingInfo.APIPort, gc.Equals, cfg.APIPort()) c.Check(mcfg.Constraints, gc.DeepEquals, cons) oldAttrs["ca-private-key"] = "" oldAttrs["admin-secret"] = "" c.Check(mcfg.Config.AllAttrs(), gc.DeepEquals, oldAttrs) srvCertPEM := mcfg.StateServingInfo.Cert srvKeyPEM := mcfg.StateServingInfo.PrivateKey _, _, err = cert.ParseCertAndKey(srvCertPEM, srvKeyPEM) c.Check(err, gc.IsNil) err = cert.Verify(srvCertPEM, testing.CACert, time.Now()) c.Assert(err, gc.IsNil) err = cert.Verify(srvCertPEM, testing.CACert, time.Now().AddDate(9, 0, 0)) c.Assert(err, gc.IsNil) err = cert.Verify(srvCertPEM, testing.CACert, time.Now().AddDate(10, 0, 1)) c.Assert(err, gc.NotNil) }