moby · aaronlehmann · Jun 8, 2017 · Jun 7, 2017 · ijc · Jun 8, 2017
diff --git a/ca/certificates_test.go b/ca/certificates_test.go
@@ -340,8 +340,6 @@ func TestGetRemoteCAInvalidHash(t *testing.T) {
 
 // returns the issuer as well as all the parsed certs returned from the request
 func testRequestAndSaveNewCertificates(t *testing.T, tc *cautils.TestCA) (*ca.IssuerInfo, []*x509.Certificate) {
-	defer tc.Stop()
-
 	// Copy the current RootCA without the signer
 	rca := ca.RootCA{Certs: tc.RootCA.Certs, Pool: tc.RootCA.Pool}
 	tlsCert, issuerInfo, err := rca.RequestAndSaveNewCertificates(tc.Context, tc.KeyReadWriter,
@@ -371,6 +369,7 @@ func TestRequestAndSaveNewCertificatesNoIntermediate(t *testing.T) {
 	t.Parallel()
 
 	tc := cautils.NewTestCA(t)
+	defer tc.Stop()
 	issuerInfo, parsedCerts := testRequestAndSaveNewCertificates(t, tc)
 	require.Len(t, parsedCerts, 1)
 
@@ -397,6 +396,7 @@ func TestRequestAndSaveNewCertificatesWithIntermediates(t *testing.T) {
 	defer os.RemoveAll(tempdir)
 
 	tc := cautils.NewTestCAFromAPIRootCA(t, tempdir, apiRootCA, nil)
+	defer tc.Stop()
 	issuerInfo, parsedCerts := testRequestAndSaveNewCertificates(t, tc)
 	require.Len(t, parsedCerts, 2)
 
@@ -541,7 +541,7 @@ func TestGetRemoteSignedCertificate(t *testing.T) {
 	csr, _, err := ca.GenerateNewCSR()
 	assert.NoError(t, err)
 
-	certs, err := ca.GetRemoteSignedCertificate(context.Background(), csr, tc.RootCA.Pool,
+	certs, err := ca.GetRemoteSignedCertificate(tc.Context, csr, tc.RootCA.Pool,
 		ca.CertificateRequestConfig{
 			Token:      tc.ManagerToken,
 			ConnBroker: tc.ConnBroker,
@@ -581,7 +581,7 @@ func TestGetRemoteSignedCertificateNodeInfo(t *testing.T) {
 	csr, _, err := ca.GenerateNewCSR()
 	assert.NoError(t, err)
 
-	cert, err := ca.GetRemoteSignedCertificate(context.Background(), csr, tc.RootCA.Pool,
+	cert, err := ca.GetRemoteSignedCertificate(tc.Context, csr, tc.RootCA.Pool,
 		ca.CertificateRequestConfig{
 			Token:      tc.WorkerToken,
 			ConnBroker: tc.ConnBroker,
@@ -705,11 +705,12 @@ func TestGetRemoteSignedCertificateWithPending(t *testing.T) {
 	defer cancel()
 
 	fakeCAServer := newNonSigningCAServer(t, tc)
+	defer fakeCAServer.stop(t)
 
 	completed := make(chan error)
 	defer close(completed)
 	go func() {
-		_, err := ca.GetRemoteSignedCertificate(context.Background(), csr, tc.RootCA.Pool,
+		_, err := ca.GetRemoteSignedCertificate(tc.Context, csr, tc.RootCA.Pool,
 			ca.CertificateRequestConfig{
 				Token:      tc.WorkerToken,
 				ConnBroker: fakeCAServer.getConnBroker(),
@@ -764,7 +765,7 @@ func TestGetRemoteSignedCertificateWithPending(t *testing.T) {
 	// make sure if we time out the GetRemoteSignedCertificate call, it cancels immediately and doesn't keep
 	// polling the status
 	go func() {
-		ctx, _ := context.WithTimeout(context.Background(), 1*time.Second)
+		ctx, _ := context.WithTimeout(tc.Context, 1*time.Second)
 		_, err := ca.GetRemoteSignedCertificate(ctx, csr, tc.RootCA.Pool,
 			ca.CertificateRequestConfig{
 				Token:      tc.WorkerToken,
@@ -860,7 +861,7 @@ func TestGetRemoteSignedCertificateConnectionErrors(t *testing.T) {
 	defer close(completed)
 	defer close(done)
 	go func() {
-		_, err := ca.GetRemoteSignedCertificate(context.Background(), csr, tc.RootCA.Pool,
+		_, err := ca.GetRemoteSignedCertificate(tc.Context, csr, tc.RootCA.Pool,
 			ca.CertificateRequestConfig{
 				Token:      tc.WorkerToken,
 				ConnBroker: multiBroker,
@@ -917,7 +918,7 @@ func TestGetRemoteSignedCertificateConnectionErrors(t *testing.T) {
 			{Addr: fakeSigningServers[1].addr},
 		},
 	})
-	_, err = ca.GetRemoteSignedCertificate(context.Background(), csr, tc.RootCA.Pool,
+	_, err = ca.GetRemoteSignedCertificate(tc.Context, csr, tc.RootCA.Pool,
 		ca.CertificateRequestConfig{
 			Token:      tc.WorkerToken,
 			ConnBroker: multiBroker,
@@ -1289,7 +1290,7 @@ func TestRootCAWithCrossSignedIntermediates(t *testing.T) {
 	connectToExternalRootCA, err := ca.NewRootCA(append(cautils.ECDSACertChain[2], fauxRootCert...), cautils.ECDSACertChain[1],
 		cautils.ECDSACertChainKeys[1], ca.DefaultNodeCertExpiration, cautils.ECDSACertChain[1])
 	require.NoError(t, err)
-	secConfig, err := connectToExternalRootCA.CreateSecurityConfig(context.Background(), krw, ca.CertificateRequestConfig{})
+	secConfig, err := connectToExternalRootCA.CreateSecurityConfig(tc.Context, krw, ca.CertificateRequestConfig{})
 	require.NoError(t, err)
 
 	externalCA := secConfig.ExternalCA()
@@ -1298,7 +1299,7 @@ func TestRootCAWithCrossSignedIntermediates(t *testing.T) {
 	newCSR, _, err := ca.GenerateNewCSR()
 	require.NoError(t, err)
 
-	tlsCert, err = externalCA.Sign(context.Background(), ca.PrepareCSR(newCSR, "cn", ca.ManagerRole, secConfig.ClientTLSCreds.Organization()))
+	tlsCert, err = externalCA.Sign(tc.Context, ca.PrepareCSR(newCSR, "cn", ca.ManagerRole, secConfig.ClientTLSCreds.Organization()))
 	require.NoError(t, err)
 
 	checkValidateAgainstAllRoots(tlsCert)

diff --git a/ca/config_test.go b/ca/config_test.go
@@ -15,11 +15,13 @@ import (
 
 	"golang.org/x/net/context"
 
+	"github.com/Sirupsen/logrus"
 	cfconfig "github.com/cloudflare/cfssl/config"
 	"github.com/cloudflare/cfssl/helpers"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/ca"
 	"github.com/docker/swarmkit/ca/testutils"
+	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/docker/swarmkit/watch"
 	"github.com/pkg/errors"
@@ -264,17 +266,22 @@ func TestLoadSecurityConfigIntermediates(t *testing.T) {
 	rootCA, err := ca.NewRootCA(testutils.ECDSACertChain[2], nil, nil, ca.DefaultNodeCertExpiration, nil)
 	require.NoError(t, err)
 
+	ctx := log.WithLogger(context.Background(), log.L.WithFields(logrus.Fields{
+		"testname":          t.Name(),
+		"testHasExternalCA": false,
+	}))
+
 	// loading the incomplete chain fails
 	require.NoError(t, krw.Write(testutils.ECDSACertChain[0], testutils.ECDSACertChainKeys[0], nil))
-	_, err = ca.LoadSecurityConfig(context.Background(), rootCA, krw, false)
+	_, err = ca.LoadSecurityConfig(ctx, rootCA, krw, false)
 	require.Error(t, err)
 
 	intermediate, err := helpers.ParseCertificatePEM(testutils.ECDSACertChain[1])
 	require.NoError(t, err)
 
 	// loading the complete chain succeeds
 	require.NoError(t, krw.Write(append(testutils.ECDSACertChain[0], testutils.ECDSACertChain[1]...), testutils.ECDSACertChainKeys[0], nil))
-	secConfig, err := ca.LoadSecurityConfig(context.Background(), rootCA, krw, false)
+	secConfig, err := ca.LoadSecurityConfig(ctx, rootCA, krw, false)
 	require.NoError(t, err)
 	require.NotNil(t, secConfig)
 	issuerInfo := secConfig.IssuerInfo()
@@ -322,7 +329,7 @@ func TestSecurityConfigUpdateRootCA(t *testing.T) {
 	defer os.RemoveAll(tempdir)
 	configPaths := ca.NewConfigPaths(tempdir)
 
-	secConfig, err := rootCA.CreateSecurityConfig(context.Background(),
+	secConfig, err := rootCA.CreateSecurityConfig(tc.Context,
 		ca.NewKeyReadWriter(configPaths.Node, nil, nil), ca.CertificateRequestConfig{})
 	require.NoError(t, err)
 	// update the server TLS to require certificates, otherwise this will all pass
@@ -370,7 +377,7 @@ func TestSecurityConfigUpdateRootCA(t *testing.T) {
 		defer externalServer.Stop()
 
 		secConfig.ExternalCA().UpdateURLs(externalServer.URL)
-		_, err = secConfig.ExternalCA().Sign(context.Background(), req)
+		_, err = secConfig.ExternalCA().Sign(tc.Context, req)
 		require.Error(t, err)
 		// the type is weird (it's wrapped in a bunch of other things in ctxhttp), so just compare strings
 		require.Contains(t, err.Error(), x509.UnknownAuthorityError{}.Error())
@@ -408,7 +415,7 @@ func TestSecurityConfigUpdateRootCA(t *testing.T) {
 	if testutils.External {
 		// we can also now connect to the test CA's external signing server
 		secConfig.ExternalCA().UpdateURLs(externalServer.URL)
-		generatedCert, err = secConfig.ExternalCA().Sign(context.Background(), req)
+		generatedCert, err = secConfig.ExternalCA().Sign(tc.Context, req)
 		require.NoError(t, err)
 	} else {
 		krw := ca.NewKeyReadWriter(configPaths.Node, nil, nil)
@@ -441,7 +448,7 @@ func TestSecurityConfigSetWatch(t *testing.T) {
 	configWatch, configCancel := w.Watch()
 	defer configCancel()
 
-	require.NoError(t, ca.RenewTLSConfigNow(context.Background(), secConfig, tc.ConnBroker))
+	require.NoError(t, ca.RenewTLSConfigNow(tc.Context, secConfig, tc.ConnBroker))
 	select {
 	case ev := <-configWatch:
 		nodeTLSInfo, ok := ev.(*api.NodeTLSInfo)
@@ -474,7 +481,7 @@ func TestSecurityConfigSetWatch(t *testing.T) {
 
 	// ensure that we can still update tls certs and roots without error even though the watch is closed
 	require.NoError(t, secConfig.UpdateRootCA(&tc.RootCA, tc.RootCA.Pool))
-	require.NoError(t, ca.RenewTLSConfigNow(context.Background(), secConfig, tc.ConnBroker))
+	require.NoError(t, ca.RenewTLSConfigNow(tc.Context, secConfig, tc.ConnBroker))
 }
 
 // enforce that no matter what order updating the root CA and updating TLS credential happens, we
@@ -511,7 +518,7 @@ func TestRenewTLSConfigUpdateRootCARace(t *testing.T) {
 		cert, _, err := testutils.CreateRootCertAndKey(fmt.Sprintf("root %d", i+2))
 		require.NoError(t, err)
 
-		ctx, cancel := context.WithCancel(context.Background())
+		ctx, cancel := context.WithCancel(tc.Context)
 		defer cancel()
 
 		done1, done2 := make(chan struct{}), make(chan struct{})
@@ -546,7 +553,7 @@ func TestRenewTLSConfigUpdateRootCARace(t *testing.T) {
 		require.Len(t, secConfig.ClientTLSCreds.Config().RootCAs.Subjects(), i+2)
 		require.Len(t, secConfig.ServerTLSCreds.Config().RootCAs.Subjects(), i+2)
 		// no matter what, the external CA still has the extra external CA root cert
-		_, err = secConfig.ExternalCA().Sign(context.Background(), signReq)
+		_, err = secConfig.ExternalCA().Sign(tc.Context, signReq)
 		require.NoError(t, err)
 	}
 }
@@ -581,7 +588,7 @@ func TestRenewTLSConfigWorker(t *testing.T) {
 	tc := testutils.NewTestCA(t)
 	defer tc.Stop()
 
-	ctx, cancel := context.WithCancel(context.Background())
+	ctx, cancel := context.WithCancel(tc.Context)
 	defer cancel()
 
 	// Get a new nodeConfig with a TLS cert that has the default Cert duration, but overwrite
@@ -617,7 +624,7 @@ func TestRenewTLSConfigManager(t *testing.T) {
 	tc := testutils.NewTestCA(t)
 	defer tc.Stop()
 
-	ctx, cancel := context.WithCancel(context.Background())
+	ctx, cancel := context.WithCancel(tc.Context)
 	defer cancel()
 
 	// Get a new nodeConfig with a TLS cert that has the default Cert duration, but overwrite
@@ -653,7 +660,7 @@ func TestRenewTLSConfigWithNoNode(t *testing.T) {
 	tc := testutils.NewTestCA(t)
 	defer tc.Stop()
 
-	ctx, cancel := context.WithCancel(context.Background())
+	ctx, cancel := context.WithCancel(tc.Context)
 	defer cancel()
 
 	// Get a new nodeConfig with a TLS cert that has the default Cert duration, but overwrite

diff --git a/ca/external.go b/ca/external.go
@@ -18,6 +18,7 @@ import (
 	"github.com/cloudflare/cfssl/config"
 	"github.com/cloudflare/cfssl/csr"
 	"github.com/cloudflare/cfssl/signer"
+	"github.com/docker/swarmkit/log"
 	"github.com/pkg/errors"
 	"golang.org/x/net/context"
 	"golang.org/x/net/context/ctxhttp"
@@ -126,7 +127,7 @@ func (eca *ExternalCA) Sign(ctx context.Context, req signer.SignRequest) (cert [
 		if err == nil {
 			return append(cert, intermediates...), err
 		}
-		logrus.Debugf("unable to proxy certificate signing request to %s: %s", url, err)
+		log.G(ctx).Debugf("unable to proxy certificate signing request to %s: %s", url, err)
 	}
 
 	return nil, err

diff --git a/ca/testutils/cautils.go b/ca/testutils/cautils.go
@@ -12,6 +12,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/Sirupsen/logrus"
 	cfcsr "github.com/cloudflare/cfssl/csr"
 	"github.com/cloudflare/cfssl/helpers"
 	"github.com/cloudflare/cfssl/initca"
@@ -49,12 +50,13 @@ type TestCA struct {
 	ManagerToken                string
 	ConnBroker                  *connectionbroker.Broker
 	KeyReadWriter               *ca.KeyReadWriter
-	watchCancel                 func()
+	ctxCancel, watchCancel      func()
 }
 
 // Stop cleans up after TestCA
 func (tc *TestCA) Stop() {
 	tc.watchCancel()
+	tc.ctxCancel()
 	os.RemoveAll(tc.TempDir)
 	for _, conn := range tc.Conns {
 		conn.Close()
@@ -200,7 +202,11 @@ func NewTestCAFromAPIRootCA(t *testing.T, tempBaseDir string, apiRootCA api.Root
 	api.RegisterCAServer(grpcServer, caServer)
 	api.RegisterNodeCAServer(grpcServer, caServer)
 
-	ctx := context.Background()
+	fields := logrus.Fields{"testHasExternalCA": External}
+	if t != nil {
+		fields["testname"] = t.Name()
+	}
+	ctx, ctxCancel := context.WithCancel(log.WithLogger(context.Background(), log.L.WithFields(fields)))
 
 	clusterWatch, clusterWatchCancel, err := store.ViewAndWatch(
 		s, func(tx store.ReadTx) error {
@@ -260,6 +266,7 @@ func NewTestCAFromAPIRootCA(t *testing.T, tempBaseDir string, apiRootCA api.Root
 		ConnBroker:            connectionbroker.New(remotes),
 		KeyReadWriter:         krw,
 		watchCancel:           clusterWatchCancel,
+		ctxCancel:             ctxCancel,
 	}
 }
 

diff --git a/integration/integration_test.go b/integration/integration_test.go
@@ -152,18 +152,7 @@ func pollServiceReady(t *testing.T, c *testCluster, sid string, replicas int) {
 }
 
 func newCluster(t *testing.T, numWorker, numManager int) *testCluster {
-	// Get name of caller
-	var testName string
-	pc, _, _, ok := runtime.Caller(1)
-	if ok {
-		funcName := runtime.FuncForPC(pc).Name()
-		splitted := strings.Split(funcName, ".")
-		if len(splitted) > 1 {
-			testName = splitted[len(splitted)-1]
-		}
-	}
-
-	cl := newTestCluster(testName)
+	cl := newTestCluster(t.Name())
 	for i := 0; i < numManager; i++ {
 		require.NoError(t, cl.AddManager(false, nil), "manager number %d", i+1)
 	}
@@ -190,7 +179,7 @@ func TestServiceCreateLateBind(t *testing.T) {
 
 	numWorker, numManager := 3, 3
 
-	cl := newTestCluster("TestServiceCreateLateBind")
+	cl := newTestCluster(t.Name())
 	for i := 0; i < numManager; i++ {
 		require.NoError(t, cl.AddManager(true, nil), "manager number %d", i+1)
 	}
@@ -501,7 +490,7 @@ func TestForceNewCluster(t *testing.T) {
 
 	// start a new cluster with the external CA bootstrapped
 	numWorker, numManager := 0, 1
-	cl := newTestCluster("TestForceNewCluster")
+	cl := newTestCluster(t.Name())
 	defer func() {
 		require.NoError(t, cl.Stop())
 	}()