zhatin
diff --git a/‎cert/cert.go
Lines changed: 2 additions & 2 deletions b/‎cert/cert.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎cert/cert_test.go
Lines changed: 20 additions & 10 deletions b/‎cert/cert_test.go
Lines changed: 20 additions & 10 deletions
diff --git a/‎cloudinit/sshinit/configure.go
Lines changed: 14 additions & 2 deletions b/‎cloudinit/sshinit/configure.go
Lines changed: 14 additions & 2 deletions
diff --git a/‎cloudinit/sshinit/configure_test.go
Lines changed: 9 additions & 6 deletions b/‎cloudinit/sshinit/configure_test.go
Lines changed: 9 additions & 6 deletions
diff --git a/‎cmd/envcmd/environmentcommand.go
Lines changed: 7 additions & 5 deletions b/‎cmd/envcmd/environmentcommand.go
Lines changed: 7 additions & 5 deletions
diff --git a/‎cmd/juju/addmachine.go
Lines changed: 14 additions & 0 deletions b/‎cmd/juju/addmachine.go
Lines changed: 14 additions & 0 deletions
@@ -94,7 +94,7 @@ func NewCA(envName string, expiry time.Time) (certPEM, keyPEM string, err error)
 			CommonName:   fmt.Sprintf("juju-generated CA for environment %q", envName),
 			Organization: []string{"juju"},
 		},
-		NotBefore:             now.UTC().Add(-5 * time.Minute),
+		NotBefore:             now.UTC().AddDate(0, 0, -7),
 		NotAfter:              expiry.UTC(),
 		SubjectKeyId:          bigIntHash(key.N),
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
@@ -160,7 +160,7 @@ func newLeaf(caCertPEM, caKeyPEM string, expiry time.Time, hostnames []string, e
 			CommonName:   "*",
 			Organization: []string{"juju"},
 		},
-		NotBefore: now.UTC().Add(-5 * time.Minute),
+		NotBefore: now.UTC().AddDate(0, 0, -7),
 		NotAfter:  expiry.UTC(),
 
 		SubjectKeyId: bigIntHash(key.N),
 
@@ -16,6 +16,7 @@ import (
 	"testing"
 	"time"
 
+	jc "github.com/juju/testing/checkers"
 	gc "launchpad.net/gocheck"
 
 	"github.com/juju/juju/cert"
@@ -53,23 +54,29 @@ func (certSuite) TestParseCertAndKey(c *gc.C) {
 }
 
 func (certSuite) TestNewCA(c *gc.C) {
-	expiry := roundTime(time.Now().AddDate(0, 0, 1))
+	now := time.Now()
+	expiry := roundTime(now.AddDate(0, 0, 1))
 	caCertPEM, caKeyPEM, err := cert.NewCA("foo", expiry)
 	c.Assert(err, gc.IsNil)
 
 	caCert, caKey, err := cert.ParseCertAndKey(caCertPEM, caKeyPEM)
 	c.Assert(err, gc.IsNil)
 
-	c.Assert(caKey, gc.FitsTypeOf, (*rsa.PrivateKey)(nil))
-	c.Assert(caCert.Subject.CommonName, gc.Equals, `juju-generated CA for environment "foo"`)
-	c.Assert(caCert.NotAfter.Equal(expiry), gc.Equals, true)
-	c.Assert(caCert.BasicConstraintsValid, gc.Equals, true)
-	c.Assert(caCert.IsCA, gc.Equals, true)
+	c.Check(caKey, gc.FitsTypeOf, (*rsa.PrivateKey)(nil))
+	c.Check(caCert.Subject.CommonName, gc.Equals, `juju-generated CA for environment "foo"`)
+	// Check that the certificate is valid from one week before today.
+	c.Check(caCert.NotBefore.Before(now), jc.IsTrue)
+	c.Check(caCert.NotBefore.Before(now.AddDate(0, 0, -6)), jc.IsTrue)
+	c.Check(caCert.NotBefore.After(now.AddDate(0, 0, -8)), jc.IsTrue)
+	c.Check(caCert.NotAfter.Equal(expiry), gc.Equals, true)
+	c.Check(caCert.BasicConstraintsValid, gc.Equals, true)
+	c.Check(caCert.IsCA, gc.Equals, true)
 	//c.Assert(caCert.MaxPathLen, Equals, 0)	TODO it ends up as -1 - check that this is ok.
 }
 
 func (certSuite) TestNewServer(c *gc.C) {
-	expiry := roundTime(time.Now().AddDate(1, 0, 0))
+	now := time.Now()
+	expiry := roundTime(now.AddDate(1, 0, 0))
 	caCertPEM, caKeyPEM, err := cert.NewCA("foo", expiry)
 	c.Assert(err, gc.IsNil)
 
@@ -83,6 +90,10 @@ func (certSuite) TestNewServer(c *gc.C) {
 	srvCert, srvKey, err := cert.ParseCertAndKey(srvCertPEM, srvKeyPEM)
 	c.Assert(err, gc.IsNil)
 	c.Assert(srvCert.Subject.CommonName, gc.Equals, "*")
+	// Check that the certificate is valid from one week before today.
+	c.Check(srvCert.NotBefore.Before(now), jc.IsTrue)
+	c.Check(srvCert.NotBefore.Before(now.AddDate(0, 0, -6)), jc.IsTrue)
+	c.Check(srvCert.NotBefore.After(now.AddDate(0, 0, -8)), jc.IsTrue)
 	c.Assert(srvCert.NotAfter.Equal(expiry), gc.Equals, true)
 	c.Assert(srvCert.BasicConstraintsValid, gc.Equals, false)
 	c.Assert(srvCert.IsCA, gc.Equals, false)
@@ -164,9 +175,8 @@ func (certSuite) TestVerify(c *gc.C) {
 	err = cert.Verify(srvCert, caCert, now.Add(55*time.Second))
 	c.Assert(err, gc.IsNil)
 
-	// TODO(rog) why does this succeed?
-	// err = cert.Verify(srvCert, caCert, now.Add(-1 * time.Minute))
-	//c.Check(err, gc.ErrorMatches, "x509: certificate has expired or is not yet valid")
+	err = cert.Verify(srvCert, caCert, now.AddDate(0, 0, -8))
+	c.Check(err, gc.ErrorMatches, "x509: certificate has expired or is not yet valid")
 
 	err = cert.Verify(srvCert, caCert, now.Add(2*time.Minute))
 	c.Check(err, gc.ErrorMatches, "x509: certificate has expired or is not yet valid")
 
@@ -62,6 +62,10 @@ func RunConfigureScript(script string, params ConfigureParams) error {
 // ConfigureScript generates the bash script that applies
 // the specified cloud-config.
 func ConfigureScript(cloudcfg *cloudinit.Config) (string, error) {
+	if cloudcfg == nil {
+		panic("cloudcfg is nil")
+	}
+
 	// TODO(axw): 2013-08-23 bug 1215777
 	// Carry out configuration for ssh-keys-per-user,
 	// machine-updates-authkeys, using cloud-init config.
@@ -79,7 +83,7 @@ func ConfigureScript(cloudcfg *cloudinit.Config) (string, error) {
 		return "", err
 	}
 
-	// Add package sources and packages.
+	// Depending on cloudcfg, potentially add package sources and packages.
 	pkgcmds, err := addPackageCommands(cloudcfg)
 	if err != nil {
 		return "", err
@@ -124,6 +128,12 @@ const aptget = "apt-get --option Dpkg::Options::=--force-confold --assume-yes "
 // addPackageCommands returns a slice of commands that, when run,
 // will add the required apt repositories and packages.
 func addPackageCommands(cfg *cloudinit.Config) ([]string, error) {
+	if cfg == nil {
+		panic("cfg is nil")
+	} else if !cfg.AptUpdate() && len(cfg.AptSources()) > 0 {
+		return nil, fmt.Errorf("update sources were specified, but OS updates have been disabled.")
+	}
+
 	// If apt_get_wrapper is specified, then prepend it to aptget.
 	aptget := aptget
 	wrapper := cfg.AptGetWrapper()
@@ -158,10 +168,12 @@ func addPackageCommands(cfg *cloudinit.Config) ([]string, error) {
 			cmds = append(cmds, `printf '%s\n' `+contents+` > `+path)
 		}
 	}
-	if len(cfg.AptSources()) > 0 || cfg.AptUpdate() {
+
+	if cfg.AptUpdate() {
 		cmds = append(cmds, cloudinit.LogProgressCmd("Running apt-get update"))
 		cmds = append(cmds, aptget+"update")
 	}
+
 	if cfg.AptUpgrade() {
 		cmds = append(cmds, cloudinit.LogProgressCmd("Running apt-get upgrade"))
 		cmds = append(cmds, aptget+"upgrade")
 
@@ -15,7 +15,6 @@ import (
 	envcloudinit "github.com/juju/juju/environs/cloudinit"
 	"github.com/juju/juju/environs/config"
 	"github.com/juju/juju/environs/imagemetadata"
-	envtools "github.com/juju/juju/environs/tools"
 	"github.com/juju/juju/state/api/params"
 	coretesting "github.com/juju/juju/testing"
 	"github.com/juju/juju/tools"
@@ -56,7 +55,7 @@ func (s *configureSuite) getCloudConfig(c *gc.C, stateServer bool, vers version.
 	var mcfg *envcloudinit.MachineConfig
 	var err error
 	if stateServer {
-		mcfg, err = environs.NewBootstrapMachineConfig(constraints.Value{}, "private-key", vers.Series)
+		mcfg, err = environs.NewBootstrapMachineConfig(constraints.Value{}, vers.Series)
 		c.Assert(err, gc.IsNil)
 		mcfg.InstanceId = "instance-id"
 		mcfg.Jobs = []params.MachineJob{params.JobManageEnviron, params.JobHostUnits}
@@ -67,7 +66,7 @@ func (s *configureSuite) getCloudConfig(c *gc.C, stateServer bool, vers version.
 	}
 	mcfg.Tools = &tools.Tools{
 		Version: vers,
-		URL:     "file:///var/lib/juju/storage/" + envtools.StorageName(vers),
+		URL:     "http://testing.invalid/tools.tar.gz",
 	}
 	environConfig := testConfig(c, stateServer, vers)
 	err = environs.FinishMachineConfig(mcfg, environConfig)
@@ -144,18 +143,22 @@ func assertScriptMatches(c *gc.C, cfg *cloudinit.Config, pattern string, match b
 }
 
 func (s *configureSuite) TestAptUpdate(c *gc.C) {
-	// apt-get update is run if either AptUpdate is set,
-	// or apt sources are defined.
+	// apt-get update is run only if AptUpdate is set.
 	aptGetUpdatePattern := aptgetRegexp + "update(.|\n)*"
 	cfg := cloudinit.New()
+
 	c.Assert(cfg.AptUpdate(), gc.Equals, false)
 	c.Assert(cfg.AptSources(), gc.HasLen, 0)
 	assertScriptMatches(c, cfg, aptGetUpdatePattern, false)
+
 	cfg.SetAptUpdate(true)
 	assertScriptMatches(c, cfg, aptGetUpdatePattern, true)
+
+	// If we add sources, but disable updates, display an error.
 	cfg.SetAptUpdate(false)
 	cfg.AddAptSource("source", "key", nil)
-	assertScriptMatches(c, cfg, aptGetUpdatePattern, true)
+	_, err := sshinit.ConfigureScript(cfg)
+	c.Check(err, gc.ErrorMatches, "update sources were specified, but OS updates have been disabled.")
 }
 
 func (s *configureSuite) TestAptUpgrade(c *gc.C) {
 
@@ -142,7 +142,7 @@ func (c *EnvCommandBase) ConnectionCredentials() (configstore.APICredentials, er
 	if c.envName == "" {
 		return emptyCreds, errors.Trace(ErrNoEnvironmentSpecified)
 	}
-	info, err := connectionInfoForName(c.envName)
+	info, err := ConnectionInfoForName(c.envName)
 	if err != nil {
 		return emptyCreds, errors.Trace(err)
 	}
@@ -159,7 +159,7 @@ func (c *EnvCommandBase) ConnectionEndpoint(refresh bool) (configstore.APIEndpoi
 	if c.envName == "" {
 		return emptyEndpoint, errors.Trace(ErrNoEnvironmentSpecified)
 	}
-	info, err := connectionInfoForName(c.envName)
+	info, err := ConnectionInfoForName(c.envName)
 	if err != nil {
 		return emptyEndpoint, errors.Trace(err)
 	}
@@ -177,7 +177,7 @@ func (c *EnvCommandBase) ConnectionEndpoint(refresh bool) (configstore.APIEndpoi
 	}
 	refresher.Close()
 
-	info, err = connectionInfoForName(c.envName)
+	info, err = ConnectionInfoForName(c.envName)
 	if err != nil {
 		return emptyEndpoint, err
 	}
@@ -207,7 +207,9 @@ var getConfigStore = func() (configstore.Storage, error) {
 	return store, nil
 }
 
-func connectionInfoForName(envName string) (configstore.EnvironInfo, error) {
+// ConnectionInfoForName reads the environment information for the named
+// environment (envName) and returns it.
+func ConnectionInfoForName(envName string) (configstore.EnvironInfo, error) {
 	store, err := getConfigStore()
 	if err != nil {
 		return nil, errors.Trace(err)
@@ -229,7 +231,7 @@ func (c *EnvCommandBase) ConnectionWriter() (ConnectionWriter, error) {
 	if c.envName == "" {
 		return nil, errors.Trace(ErrNoEnvironmentSpecified)
 	}
-	return connectionInfoForName(c.envName)
+	return ConnectionInfoForName(c.envName)
 }
 
 // ConnectionName returns the name of the connection if there is one.
 
@@ -14,6 +14,8 @@ import (
 
 	"github.com/juju/juju/cmd/envcmd"
 	"github.com/juju/juju/constraints"
+	"github.com/juju/juju/environs/config"
+	"github.com/juju/juju/environs/configstore"
 	"github.com/juju/juju/environs/manual"
 	"github.com/juju/juju/instance"
 	"github.com/juju/juju/state/api/params"
@@ -128,12 +130,24 @@ func (c *AddMachineCommand) Run(ctx *cmd.Context) error {
 	defer client.Close()
 
 	if c.Placement != nil && c.Placement.Scope == "ssh" {
+
+		var config *config.Config
+		if defaultStore, err := configstore.Default(); err != nil {
+			return err
+		} else if config, err = c.Config(defaultStore); err != nil {
+			return err
+		}
+
 		args := manual.ProvisionMachineArgs{
 			Host:   c.Placement.Directive,
 			Client: client,
 			Stdin:  ctx.Stdin,
 			Stdout: ctx.Stdout,
 			Stderr: ctx.Stderr,
+			UpdateBehavior: &params.UpdateBehavior{
+				config.EnableOSRefreshUpdate(),
+				config.EnableOSUpgrade(),
+			},
 		}
 		machineId, err := manualProvisioner(args)
 		if err == nil {
Original file line number	Diff line number	Diff line change
`@@ -142,7 +142,7 @@ func (c *EnvCommandBase) ConnectionCredentials() (configstore.APICredentials, er`
`142`	`142`	`if c.envName == "" {`
`143`	`143`	`return emptyCreds, errors.Trace(ErrNoEnvironmentSpecified)`
`144`	`144`	`}`
`145`		`- info, err := connectionInfoForName(c.envName)`
	`145`	`+ info, err := ConnectionInfoForName(c.envName)`
`146`	`146`	`if err != nil {`
`147`	`147`	`return emptyCreds, errors.Trace(err)`
`148`	`148`	`}`
`@@ -159,7 +159,7 @@ func (c *EnvCommandBase) ConnectionEndpoint(refresh bool) (configstore.APIEndpoi`
`159`	`159`	`if c.envName == "" {`
`160`	`160`	`return emptyEndpoint, errors.Trace(ErrNoEnvironmentSpecified)`
`161`	`161`	`}`
`162`		`- info, err := connectionInfoForName(c.envName)`
	`162`	`+ info, err := ConnectionInfoForName(c.envName)`
`163`	`163`	`if err != nil {`
`164`	`164`	`return emptyEndpoint, errors.Trace(err)`
`165`	`165`	`}`
`@@ -177,7 +177,7 @@ func (c *EnvCommandBase) ConnectionEndpoint(refresh bool) (configstore.APIEndpoi`
`177`	`177`	`}`
`178`	`178`	`refresher.Close()`
`179`	`179`
`180`		`- info, err = connectionInfoForName(c.envName)`
	`180`	`+ info, err = ConnectionInfoForName(c.envName)`
`181`	`181`	`if err != nil {`
`182`	`182`	`return emptyEndpoint, err`
`183`	`183`	`}`
`@@ -207,7 +207,9 @@ var getConfigStore = func() (configstore.Storage, error) {`
`207`	`207`	`return store, nil`
`208`	`208`	`}`
`209`	`209`
`210`		`-func connectionInfoForName(envName string) (configstore.EnvironInfo, error) {`
	`210`	`+// ConnectionInfoForName reads the environment information for the named`
	`211`	`+// environment (envName) and returns it.`
	`212`	`+func ConnectionInfoForName(envName string) (configstore.EnvironInfo, error) {`
`211`	`213`	`store, err := getConfigStore()`
`212`	`214`	`if err != nil {`
`213`	`215`	`return nil, errors.Trace(err)`
`@@ -229,7 +231,7 @@ func (c *EnvCommandBase) ConnectionWriter() (ConnectionWriter, error) {`
`229`	`231`	`if c.envName == "" {`
`230`	`232`	`return nil, errors.Trace(ErrNoEnvironmentSpecified)`
`231`	`233`	`}`
`232`		`- return connectionInfoForName(c.envName)`
	`234`	`+ return ConnectionInfoForName(c.envName)`
`233`	`235`	`}`
`234`	`236`
`235`	`237`	`// ConnectionName returns the name of the connection if there is one.`