github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity
docker-mailserver/test/tests/parallel/set1/tls/letsencrypt.bats

257 lines
11 KiB
Plaintext
Raw Normal View History

tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
load "${REPOSITORY_ROOT}/test/helper/common"
tests(refactor): Adjust `mail_changedetector` + change detection helpers (#2997) * tests(refactor): `mail_changedetector.bats` - Leverage DRY methods `supervisorctl tail` is not the most reliably way to get logs for the latest change detection and has been known to be fragile in the past. We can instead read the full log for the service directly with `tac` and `sed` to extract all log content since the last change detection. Common asserts have also been extracted out into separate methods. * tests(chore): Remove sleep and redundant change event Container 1 is still blocked at this point from an existing lock and change event. Make the lock stale immediately and no extra sleep is required when paired with the helper method to wait until the event is processed (which should remove the stale lock). * tests(refactor): Add more DRY methods - Simplify the test case so it's easier to grok. - 2nd test case (blocking) extracts out initial setup into a separate method and merges the later service restart logic which is redundant. - Additional comments for improved context of what is going on / expected. * tests(chore): Revise the change detection helper method - Add explicit counting arg to change detection support. - Extract revised logic into it's own generic helper method. - Utilize this for a separate method that monitors for a change event having started, but not waiting for completion. This allows dropping the 40 sec of remaining `sleep` in `mail_changedetector` test. It was also required due to potentially missing the timing of a change event completing concurrently in a 2nd container that needed to be waited on and then checked. * tests(chore): Migrate to current test conventions - Switch to common container setup helpers - Update container name and change usage to variables instead. - Adopt the new convention of prefix variable for test cases (revised test case descriptions). * tests(chore): Remove legacy change detection This has since been replaced with the new helper watches the `changedetector` service logs directly instead of only detecting a change has occurred via checksum comparison. No tests use this method anymore, it was originally for `tests.bats`. Thus the tests in `test_helper.bats` are being dropped too. The new helper has test coverage in `changedetector` tests. * chore: Lock removal should not incur `sleep 5` afterwards - A new lock should be created by this script after removal. The sleep doesn't help avoid a race condition with lock file creation after removal. - Reduces test time as a bonus. - Added some additional comments to test. * tests(chore): `tls_letsencrypt.bats` leverage improved change detection - No need to wait on the change detection service anymore during container startup. - No need to count change events processed either as waiting a fixed duration is no longer relied on. - This makes the reload count method redundant, dropped. * tests(chore): Convert `setup-cli.bats` to new test conventions This test file was already adapted to the original common setup helpers. - `TEST_NAME` replaced with `CONTAINER_NAME`. - Prefix var added, test case descriptions drop explicit prefix. - No other changes. * tests(chore): Extract out helpers related to change-detection - New helper file for sharing these helpers to tests. - Includes the helpful log method from changedetector tests. - No longer need to maintain duplicate copies of these methods during the test migration. All tests that use them are now importing the separate helper file. - `tls_letsencrypt.bats` has switched to using the log helper. - Generic log count helper is removed from `test_helper/common.bash` as any test that needs it in future can adapt to `helper/common.bash`. * tests(refactor): `tls_letsencrypt.bats` remove `_get_service_logs()` This helper does not seem useful as moving away from `supervisorctl tail` and no other tests had a need for it. * tests(chore): Remove common setup methods from `test_helper/common.bash` No other tests depend on this. Future tests will adopt the revised versions from `helper/setup.bash`. Additionally updates `helper/setup.bash` comments that are no longer applicable to `TEST_TMP_CONFIG` and `CONTAINER_NAME`. * chore: Use `|| true` to simplify setting `EXPECTED_COUNT` correctly
2023-01-16 07:39:46 +00:00
load "${REPOSITORY_ROOT}/test/helper/change-detection"
load "${REPOSITORY_ROOT}/test/helper/setup"
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
load "${REPOSITORY_ROOT}/test/helper/tls"
Modified letsencrypt support to add domain name checking in addition to hostname checking. Added necessary tests and renamed original manual ssl test to a name that supports adding the other SSL tests.
2020-05-12 03:36:46 +00:00
update BATS & helper + minor updates to BATS variables (#2988)
2023-01-09 07:54:04 +00:00
BATS_TEST_NAME_PREFIX='[Security] (TLS) (SSL_TYPE=letsencrypt) '
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
CONTAINER1_NAME='dms-test_tls-letsencrypt_default-hostname'
CONTAINER2_NAME='dms-test_tls-letsencrypt_fallback-domainname'
CONTAINER3_NAME='dms-test_tls-letsencrypt_support-acme-json'
export TEST_FQDN='mail.example.test'
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
function teardown() { _default_teardown ; }
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
# Similar to BATS `setup()` method, but invoked manually after
# CONTAINER_NAME has been adjusted for the running testcase.
function _initial_setup() {
tests(refactor): Improve consistency and documentation for test helpers (#3012)
2023-01-21 23:05:28 +00:00
_init_with_defaults
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
# Prepare certificates in the letsencrypt supported file structure:
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
# NOTE: Certbot uses `privkey.pem`.
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
# `fullchain.pem` is currently what's detected, but we're actually providing the equivalent of `cert.pem` here.
# TODO: Verify format/structure is supported for nginx-proxy + acme-companion (uses `acme.sh` to provision).
# `mail.example.test` (Only this FQDN is supported by this certificate):
_copy_to_letsencrypt_storage 'example.test/with_ca/ecdsa/cert.ecdsa.pem' 'mail.example.test/fullchain.pem'
_copy_to_letsencrypt_storage 'example.test/with_ca/ecdsa/key.ecdsa.pem' "mail.example.test/privkey.pem"
# `example.test` (Only this FQDN is supported by this certificate):
_copy_to_letsencrypt_storage 'example.test/with_ca/ecdsa/cert.rsa.pem' 'example.test/fullchain.pem'
_copy_to_letsencrypt_storage 'example.test/with_ca/ecdsa/key.rsa.pem' 'example.test/privkey.pem'
}
# Should detect and choose the cert for FQDN `mail.example.test` (HOSTNAME):
update BATS & helper + minor updates to BATS variables (#2988)
2023-01-09 07:54:04 +00:00
@test "Should default to HOSTNAME (${TEST_FQDN})" {
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
export CONTAINER_NAME=${CONTAINER1_NAME}
_initial_setup
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
local TARGET_DOMAIN=${TEST_FQDN}
local CUSTOM_SETUP_ARGUMENTS=(
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
--volume "${TEST_TMP_CONFIG}/letsencrypt/${TARGET_DOMAIN}/:/etc/letsencrypt/live/${TARGET_DOMAIN}/:ro"
PERMIT_DOCKER=none as new default value (#2424) Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-03-02 15:03:40 +00:00
--env PERMIT_DOCKER='container'
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
--env SSL_TYPE='letsencrypt'
)
tests(refactor): Improve consistency and documentation for test helpers (#3012)
2023-01-21 23:05:28 +00:00
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
# Test that certificate files exist for the configured `hostname`:
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
_should_have_valid_config "${TARGET_DOMAIN}" 'privkey.pem' 'fullchain.pem'
_should_succesfully_negotiate_tls "${TARGET_DOMAIN}"
refactor: letsencrypt implicit location discovery (#2525) * chore: Extract letsencrypt logic into methods This allows other scripts to share the functionality to discover the correct letsencrypt folder from the 3 possible locations (where specific order is important). As these methods should now return a string value, the `return 1` after a panic is now dropped. * chore: Update comments The todo is resolved with this PR, `_setup_ssl` will be called by both cert conditional statements with purpose for each better documented to maintainers at the start of the logic block. * refactor: Defer most logic to helper/ssl.sh The loop is no longer required, extraction is delegated to `_setup_ssl` now. For the change event prevention, we retrieve the relevant FQDN via the new helper method, beyond that it's just indentation diff. `check-for-changes.sh` adjusted to allow locally scoped var declarations by wrapping a function. Presently no loop control flow is needed so this seems fine. Made it clear that `CHANGED` is local and `CHKSUM_FILE` is not. Panic scope doesn't require `SSL_TYPE` for context, it's clearly`letsencrypt`. * fix: Correctly match wildcard results Now that the service configs are properly updated, when the services restart they will return a cert with the SAN `DNS:*.example.test`, which is valid for `mail.example.test`, however the test function did not properly account for this in the regexp query. Resolved by truncating the left-most DNS label from FQDN and adding a third check to match a returned wildcard DNS result. Extracted out the common logic to create the regexp query and renamed the methods to communicate more clearly that they check the FQDN is supported, not necessarily explicitly listed by the cert. * tests(letsencrypt): Enable remaining tests These will now pass. Adjusted comments accordingly. Added an additional test on a fake FQDN that should still be valid to a wildcard cert (SNI validation in a proper setup would reject the connection afterwards). Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-04-18 10:52:50 +00:00
_should_not_support_fqdn_in_cert 'example.test'
Modified letsencrypt support to add domain name checking in addition to hostname checking. Added necessary tests and renamed original manual ssl test to a name that supports adding the other SSL tests.
2020-05-12 03:36:46 +00:00
}
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
# Should detect and choose cert for FQDN `example.test` (DOMAINNAME),
# as fallback when no cert for FQDN `mail.example.test` (HOSTNAME) exists:
update BATS & helper + minor updates to BATS variables (#2988)
2023-01-09 07:54:04 +00:00
@test "Should fallback to DOMAINNAME (example.test)" {
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
export CONTAINER_NAME=${CONTAINER2_NAME}
_initial_setup
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
local TARGET_DOMAIN='example.test'
local CUSTOM_SETUP_ARGUMENTS=(
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
--volume "${TEST_TMP_CONFIG}/letsencrypt/${TARGET_DOMAIN}/:/etc/letsencrypt/live/${TARGET_DOMAIN}/:ro"
PERMIT_DOCKER=none as new default value (#2424) Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-03-02 15:03:40 +00:00
--env PERMIT_DOCKER='container'
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
--env SSL_TYPE='letsencrypt'
)
tests(refactor): Improve consistency and documentation for test helpers (#3012)
2023-01-21 23:05:28 +00:00
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
#test domain has certificate files
_should_have_valid_config "${TARGET_DOMAIN}" 'privkey.pem' 'fullchain.pem'
_should_succesfully_negotiate_tls "${TARGET_DOMAIN}"
refactor: letsencrypt implicit location discovery (#2525) * chore: Extract letsencrypt logic into methods This allows other scripts to share the functionality to discover the correct letsencrypt folder from the 3 possible locations (where specific order is important). As these methods should now return a string value, the `return 1` after a panic is now dropped. * chore: Update comments The todo is resolved with this PR, `_setup_ssl` will be called by both cert conditional statements with purpose for each better documented to maintainers at the start of the logic block. * refactor: Defer most logic to helper/ssl.sh The loop is no longer required, extraction is delegated to `_setup_ssl` now. For the change event prevention, we retrieve the relevant FQDN via the new helper method, beyond that it's just indentation diff. `check-for-changes.sh` adjusted to allow locally scoped var declarations by wrapping a function. Presently no loop control flow is needed so this seems fine. Made it clear that `CHANGED` is local and `CHKSUM_FILE` is not. Panic scope doesn't require `SSL_TYPE` for context, it's clearly`letsencrypt`. * fix: Correctly match wildcard results Now that the service configs are properly updated, when the services restart they will return a cert with the SAN `DNS:*.example.test`, which is valid for `mail.example.test`, however the test function did not properly account for this in the regexp query. Resolved by truncating the left-most DNS label from FQDN and adding a third check to match a returned wildcard DNS result. Extracted out the common logic to create the regexp query and renamed the methods to communicate more clearly that they check the FQDN is supported, not necessarily explicitly listed by the cert. * tests(letsencrypt): Enable remaining tests These will now pass. Adjusted comments accordingly. Added an additional test on a fake FQDN that should still be valid to a wildcard cert (SNI validation in a proper setup would reject the connection afterwards). Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-04-18 10:52:50 +00:00
_should_not_support_fqdn_in_cert 'mail.example.test'
Modified letsencrypt support to add domain name checking in addition to hostname checking. Added necessary tests and renamed original manual ssl test to a name that supports adding the other SSL tests.
2020-05-12 03:36:46 +00:00
}
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
# When using `acme.json` (Traefik) - a wildcard cert `*.example.test` (SSL_DOMAIN)
# should be extracted and be chosen over an existing FQDN `mail.example.test` (HOSTNAME):
certificates from acme.json Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix. Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json`
2020-06-30 20:43:22 +00:00
#
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
# NOTE: Currently all of the `acme.json` configs have the FQDN match a SAN value,
# all Subject CN (`main` in acme.json) are `Smallstep Leaf` which is not an FQDN.
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
# While not using a FQDN is valid for that field,
# it does mean there is no test coverage against the `acme.json` field `main`.
update BATS & helper + minor updates to BATS variables (#2988)
2023-01-09 07:54:04 +00:00
@test "Traefik 'acme.json' (*.example.test)" {
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
export CONTAINER_NAME=${CONTAINER3_NAME}
_initial_setup
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
# Override the `_initial_setup()` default Root CA cert (used for verifying the chain of trust via `openssl`):
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
# shellcheck disable=SC2034
local TEST_CA_CERT="${TEST_FILES_CONTAINER_PATH}/ssl/example.test/with_ca/rsa/ca-cert.rsa.pem"
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
# This test group switches to certs that are signed with an RSA Root CA key instead.
# All of these certs support both FQDNs (`mail.example.test` and `example.test`),
# Except for the wildcard cert (`*.example.test`), that was created with `example.test` intentionally excluded from SAN.
# We want to maintain the same FQDN (`mail.example.test`) between the _acme_ecdsa and _acme_rsa tests.
local LOCAL_BASE_PATH="${PWD}/test/test-files/ssl/example.test/with_ca/rsa"
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
function _prepare() {
# Default `acme.json` for _acme_ecdsa test:
cp "${LOCAL_BASE_PATH}/ecdsa.acme.json" "${TEST_TMP_CONFIG}/letsencrypt/acme.json"
# TODO: Provision wildcard certs via Traefik to inspect if `example.test` non-wildcard is also added to the cert.
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
local CUSTOM_SETUP_ARGUMENTS=(
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
--volume "${TEST_TMP_CONFIG}/letsencrypt/acme.json:/etc/letsencrypt/acme.json:ro"
scripts: refactored `check-for-changes.sh` (#2498) * refactored `check-for-changes.sh` I refactored `check-for-changes.sh` and used the new log. `_notify` can therefore be deleted as it is used no more. I opted to source `/etc/dms-settings` as a whole to future-proof the script. When the DNS adjustments PRs (that do not exist by now but will exit in the future) are done, we can then remove `_obtain_hostname_and_domainname` because we're already writing the variables to `/etc/dms-settings`. I left instructions in the script in the form of TODO comments. Because we now log the date for all messages of the changedetector, we need to `tail` a bit more log than before.
2022-04-02 17:39:15 +00:00
--env LOG_LEVEL='trace'
PERMIT_DOCKER=none as new default value (#2424) Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2022-03-02 15:03:40 +00:00
--env PERMIT_DOCKER='container'
--env SSL_DOMAIN='*.example.test'
--env SSL_TYPE='letsencrypt'
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
)
tests(refactor): Improve consistency and documentation for test helpers (#3012)
2023-01-21 23:05:28 +00:00
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
_wait_for_service 'changedetector'
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
}
# Test `acme.json` extraction works at container startup:
# It should have already extracted `mail.example.test` from the original mounted `acme.json`.
function _acme_ecdsa() {
tests(refactor): Adjust `mail_changedetector` + change detection helpers (#2997) * tests(refactor): `mail_changedetector.bats` - Leverage DRY methods `supervisorctl tail` is not the most reliably way to get logs for the latest change detection and has been known to be fragile in the past. We can instead read the full log for the service directly with `tac` and `sed` to extract all log content since the last change detection. Common asserts have also been extracted out into separate methods. * tests(chore): Remove sleep and redundant change event Container 1 is still blocked at this point from an existing lock and change event. Make the lock stale immediately and no extra sleep is required when paired with the helper method to wait until the event is processed (which should remove the stale lock). * tests(refactor): Add more DRY methods - Simplify the test case so it's easier to grok. - 2nd test case (blocking) extracts out initial setup into a separate method and merges the later service restart logic which is redundant. - Additional comments for improved context of what is going on / expected. * tests(chore): Revise the change detection helper method - Add explicit counting arg to change detection support. - Extract revised logic into it's own generic helper method. - Utilize this for a separate method that monitors for a change event having started, but not waiting for completion. This allows dropping the 40 sec of remaining `sleep` in `mail_changedetector` test. It was also required due to potentially missing the timing of a change event completing concurrently in a 2nd container that needed to be waited on and then checked. * tests(chore): Migrate to current test conventions - Switch to common container setup helpers - Update container name and change usage to variables instead. - Adopt the new convention of prefix variable for test cases (revised test case descriptions). * tests(chore): Remove legacy change detection This has since been replaced with the new helper watches the `changedetector` service logs directly instead of only detecting a change has occurred via checksum comparison. No tests use this method anymore, it was originally for `tests.bats`. Thus the tests in `test_helper.bats` are being dropped too. The new helper has test coverage in `changedetector` tests. * chore: Lock removal should not incur `sleep 5` afterwards - A new lock should be created by this script after removal. The sleep doesn't help avoid a race condition with lock file creation after removal. - Reduces test time as a bonus. - Added some additional comments to test. * tests(chore): `tls_letsencrypt.bats` leverage improved change detection - No need to wait on the change detection service anymore during container startup. - No need to count change events processed either as waiting a fixed duration is no longer relied on. - This makes the reload count method redundant, dropped. * tests(chore): Convert `setup-cli.bats` to new test conventions This test file was already adapted to the original common setup helpers. - `TEST_NAME` replaced with `CONTAINER_NAME`. - Prefix var added, test case descriptions drop explicit prefix. - No other changes. * tests(chore): Extract out helpers related to change-detection - New helper file for sharing these helpers to tests. - Includes the helpful log method from changedetector tests. - No longer need to maintain duplicate copies of these methods during the test migration. All tests that use them are now importing the separate helper file. - `tls_letsencrypt.bats` has switched to using the log helper. - Generic log count helper is removed from `test_helper/common.bash` as any test that needs it in future can adapt to `helper/common.bash`. * tests(refactor): `tls_letsencrypt.bats` remove `_get_service_logs()` This helper does not seem useful as moving away from `supervisorctl tail` and no other tests had a need for it. * tests(chore): Remove common setup methods from `test_helper/common.bash` No other tests depend on this. Future tests will adopt the revised versions from `helper/setup.bash`. Additionally updates `helper/setup.bash` comments that are no longer applicable to `TEST_TMP_CONFIG` and `CONTAINER_NAME`. * chore: Use `|| true` to simplify setting `EXPECTED_COUNT` correctly
2023-01-16 07:39:46 +00:00
# SSL_DOMAIN value should not be present in current `acme.json`:
_should_fail_to_extract_for_wildcard_env
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
_should_have_valid_config 'mail.example.test' 'key.pem' 'fullchain.pem'
local ECDSA_KEY_PATH="${LOCAL_BASE_PATH}/key.ecdsa.pem"
local ECDSA_CERT_PATH="${LOCAL_BASE_PATH}/cert.ecdsa.pem"
_should_have_expected_files 'mail.example.test' "${ECDSA_KEY_PATH}" "${ECDSA_CERT_PATH}"
}
# Test `acme.json` extraction is triggered via change detection:
# The updated `acme.json` roughly emulates a renewal, but changes from an ECDSA cert to an RSA one.
# It should replace the cert files in the existing `letsencrypt/live/mail.example.test/` folder.
function _acme_rsa() {
_should_extract_on_changes 'mail.example.test' "${LOCAL_BASE_PATH}/rsa.acme.json"
local RSA_KEY_PATH="${LOCAL_BASE_PATH}/key.rsa.pem"
local RSA_CERT_PATH="${LOCAL_BASE_PATH}/cert.rsa.pem"
_should_have_expected_files 'mail.example.test' "${RSA_KEY_PATH}" "${RSA_CERT_PATH}"
}
# Test that `acme.json` also works with wildcard certificates:
# Additionally tests that SSL_DOMAIN is prioritized when `letsencrypt/live/` already has a HOSTNAME dir available.
# Wildcard `*.example.test` should extract to `example.test/` in `letsencrypt/live/`:
function _acme_wildcard() {
_should_extract_on_changes 'example.test' "${LOCAL_BASE_PATH}/wildcard/rsa.acme.json"
refactor: letsencrypt implicit location discovery (#2525) * chore: Extract letsencrypt logic into methods This allows other scripts to share the functionality to discover the correct letsencrypt folder from the 3 possible locations (where specific order is important). As these methods should now return a string value, the `return 1` after a panic is now dropped. * chore: Update comments The todo is resolved with this PR, `_setup_ssl` will be called by both cert conditional statements with purpose for each better documented to maintainers at the start of the logic block. * refactor: Defer most logic to helper/ssl.sh The loop is no longer required, extraction is delegated to `_setup_ssl` now. For the change event prevention, we retrieve the relevant FQDN via the new helper method, beyond that it's just indentation diff. `check-for-changes.sh` adjusted to allow locally scoped var declarations by wrapping a function. Presently no loop control flow is needed so this seems fine. Made it clear that `CHANGED` is local and `CHKSUM_FILE` is not. Panic scope doesn't require `SSL_TYPE` for context, it's clearly`letsencrypt`. * fix: Correctly match wildcard results Now that the service configs are properly updated, when the services restart they will return a cert with the SAN `DNS:*.example.test`, which is valid for `mail.example.test`, however the test function did not properly account for this in the regexp query. Resolved by truncating the left-most DNS label from FQDN and adding a third check to match a returned wildcard DNS result. Extracted out the common logic to create the regexp query and renamed the methods to communicate more clearly that they check the FQDN is supported, not necessarily explicitly listed by the cert. * tests(letsencrypt): Enable remaining tests These will now pass. Adjusted comments accordingly. Added an additional test on a fake FQDN that should still be valid to a wildcard cert (SNI validation in a proper setup would reject the connection afterwards). Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-04-18 10:52:50 +00:00
# As the FQDN has changed since startup, the Postfix + Dovecot configs should be updated:
_should_have_valid_config 'example.test' 'key.pem' 'fullchain.pem'
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
local WILDCARD_KEY_PATH="${LOCAL_BASE_PATH}/wildcard/key.rsa.pem"
local WILDCARD_CERT_PATH="${LOCAL_BASE_PATH}/wildcard/cert.rsa.pem"
_should_have_expected_files 'example.test' "${WILDCARD_KEY_PATH}" "${WILDCARD_CERT_PATH}"
refactor: letsencrypt implicit location discovery (#2525) * chore: Extract letsencrypt logic into methods This allows other scripts to share the functionality to discover the correct letsencrypt folder from the 3 possible locations (where specific order is important). As these methods should now return a string value, the `return 1` after a panic is now dropped. * chore: Update comments The todo is resolved with this PR, `_setup_ssl` will be called by both cert conditional statements with purpose for each better documented to maintainers at the start of the logic block. * refactor: Defer most logic to helper/ssl.sh The loop is no longer required, extraction is delegated to `_setup_ssl` now. For the change event prevention, we retrieve the relevant FQDN via the new helper method, beyond that it's just indentation diff. `check-for-changes.sh` adjusted to allow locally scoped var declarations by wrapping a function. Presently no loop control flow is needed so this seems fine. Made it clear that `CHANGED` is local and `CHKSUM_FILE` is not. Panic scope doesn't require `SSL_TYPE` for context, it's clearly`letsencrypt`. * fix: Correctly match wildcard results Now that the service configs are properly updated, when the services restart they will return a cert with the SAN `DNS:*.example.test`, which is valid for `mail.example.test`, however the test function did not properly account for this in the regexp query. Resolved by truncating the left-most DNS label from FQDN and adding a third check to match a returned wildcard DNS result. Extracted out the common logic to create the regexp query and renamed the methods to communicate more clearly that they check the FQDN is supported, not necessarily explicitly listed by the cert. * tests(letsencrypt): Enable remaining tests These will now pass. Adjusted comments accordingly. Added an additional test on a fake FQDN that should still be valid to a wildcard cert (SNI validation in a proper setup would reject the connection afterwards). Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-04-18 10:52:50 +00:00
# These two tests will confirm wildcard support is working, the supported SANs changed:
# Before (_acme_rsa cert): `DNS:example.test, DNS:mail.example.test`
# After (_acme_wildcard cert): `DNS:*.example.test`
# The difference in support is:
# - `example.test` should no longer be valid.
# - `mail.example.test` should remain valid, but also allow any other subdomain/hostname.
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
_should_succesfully_negotiate_tls 'mail.example.test'
refactor: letsencrypt implicit location discovery (#2525) * chore: Extract letsencrypt logic into methods This allows other scripts to share the functionality to discover the correct letsencrypt folder from the 3 possible locations (where specific order is important). As these methods should now return a string value, the `return 1` after a panic is now dropped. * chore: Update comments The todo is resolved with this PR, `_setup_ssl` will be called by both cert conditional statements with purpose for each better documented to maintainers at the start of the logic block. * refactor: Defer most logic to helper/ssl.sh The loop is no longer required, extraction is delegated to `_setup_ssl` now. For the change event prevention, we retrieve the relevant FQDN via the new helper method, beyond that it's just indentation diff. `check-for-changes.sh` adjusted to allow locally scoped var declarations by wrapping a function. Presently no loop control flow is needed so this seems fine. Made it clear that `CHANGED` is local and `CHKSUM_FILE` is not. Panic scope doesn't require `SSL_TYPE` for context, it's clearly`letsencrypt`. * fix: Correctly match wildcard results Now that the service configs are properly updated, when the services restart they will return a cert with the SAN `DNS:*.example.test`, which is valid for `mail.example.test`, however the test function did not properly account for this in the regexp query. Resolved by truncating the left-most DNS label from FQDN and adding a third check to match a returned wildcard DNS result. Extracted out the common logic to create the regexp query and renamed the methods to communicate more clearly that they check the FQDN is supported, not necessarily explicitly listed by the cert. * tests(letsencrypt): Enable remaining tests These will now pass. Adjusted comments accordingly. Added an additional test on a fake FQDN that should still be valid to a wildcard cert (SNI validation in a proper setup would reject the connection afterwards). Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-04-18 10:52:50 +00:00
_should_support_fqdn_in_cert 'fake.example.test'
_should_not_support_fqdn_in_cert 'example.test'
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
}
_prepare
# Unleash the `acme.json` tests!
# TODO: Extract methods to separate test cases.
_acme_ecdsa
_acme_rsa
_acme_wildcard
}
#
# Test Methods
certificates from acme.json Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix. Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json`
2020-06-30 20:43:22 +00:00
#
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
# Check that Dovecot and Postfix are configured to use a cert for the expected FQDN:
function _should_have_valid_config() {
local EXPECTED_FQDN=${1}
local LE_KEY_PATH="/etc/letsencrypt/live/${EXPECTED_FQDN}/${2}"
local LE_CERT_PATH="/etc/letsencrypt/live/${EXPECTED_FQDN}/${3}"
_has_matching_line 'postconf' "smtpd_tls_chain_files = ${LE_KEY_PATH} ${LE_CERT_PATH}"
_has_matching_line 'doveconf' "ssl_cert = <${LE_CERT_PATH}"
# `-P` is required to prevent redacting secrets
_has_matching_line 'doveconf -P' "ssl_key = <${LE_KEY_PATH}"
certificates from acme.json Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix. Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json`
2020-06-30 20:43:22 +00:00
}
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
# CMD ${1} run in container with output checked to match value of ${2}:
function _has_matching_line() {
tests(refactor): Improve consistency and documentation for test helpers (#3012)
2023-01-21 23:05:28 +00:00
_run_in_container_bash "${1} | grep '${2}'"
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
assert_output "${2}"
}
certificates from acme.json Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix. Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json`
2020-06-30 20:43:22 +00:00
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
#
# Traefik `acme.json` specific
#
tests(refactor): Adjust `mail_changedetector` + change detection helpers (#2997) * tests(refactor): `mail_changedetector.bats` - Leverage DRY methods `supervisorctl tail` is not the most reliably way to get logs for the latest change detection and has been known to be fragile in the past. We can instead read the full log for the service directly with `tac` and `sed` to extract all log content since the last change detection. Common asserts have also been extracted out into separate methods. * tests(chore): Remove sleep and redundant change event Container 1 is still blocked at this point from an existing lock and change event. Make the lock stale immediately and no extra sleep is required when paired with the helper method to wait until the event is processed (which should remove the stale lock). * tests(refactor): Add more DRY methods - Simplify the test case so it's easier to grok. - 2nd test case (blocking) extracts out initial setup into a separate method and merges the later service restart logic which is redundant. - Additional comments for improved context of what is going on / expected. * tests(chore): Revise the change detection helper method - Add explicit counting arg to change detection support. - Extract revised logic into it's own generic helper method. - Utilize this for a separate method that monitors for a change event having started, but not waiting for completion. This allows dropping the 40 sec of remaining `sleep` in `mail_changedetector` test. It was also required due to potentially missing the timing of a change event completing concurrently in a 2nd container that needed to be waited on and then checked. * tests(chore): Migrate to current test conventions - Switch to common container setup helpers - Update container name and change usage to variables instead. - Adopt the new convention of prefix variable for test cases (revised test case descriptions). * tests(chore): Remove legacy change detection This has since been replaced with the new helper watches the `changedetector` service logs directly instead of only detecting a change has occurred via checksum comparison. No tests use this method anymore, it was originally for `tests.bats`. Thus the tests in `test_helper.bats` are being dropped too. The new helper has test coverage in `changedetector` tests. * chore: Lock removal should not incur `sleep 5` afterwards - A new lock should be created by this script after removal. The sleep doesn't help avoid a race condition with lock file creation after removal. - Reduces test time as a bonus. - Added some additional comments to test. * tests(chore): `tls_letsencrypt.bats` leverage improved change detection - No need to wait on the change detection service anymore during container startup. - No need to count change events processed either as waiting a fixed duration is no longer relied on. - This makes the reload count method redundant, dropped. * tests(chore): Convert `setup-cli.bats` to new test conventions This test file was already adapted to the original common setup helpers. - `TEST_NAME` replaced with `CONTAINER_NAME`. - Prefix var added, test case descriptions drop explicit prefix. - No other changes. * tests(chore): Extract out helpers related to change-detection - New helper file for sharing these helpers to tests. - Includes the helpful log method from changedetector tests. - No longer need to maintain duplicate copies of these methods during the test migration. All tests that use them are now importing the separate helper file. - `tls_letsencrypt.bats` has switched to using the log helper. - Generic log count helper is removed from `test_helper/common.bash` as any test that needs it in future can adapt to `helper/common.bash`. * tests(refactor): `tls_letsencrypt.bats` remove `_get_service_logs()` This helper does not seem useful as moving away from `supervisorctl tail` and no other tests had a need for it. * tests(chore): Remove common setup methods from `test_helper/common.bash` No other tests depend on this. Future tests will adopt the revised versions from `helper/setup.bash`. Additionally updates `helper/setup.bash` comments that are no longer applicable to `TEST_TMP_CONFIG` and `CONTAINER_NAME`. * chore: Use `|| true` to simplify setting `EXPECTED_COUNT` correctly
2023-01-16 07:39:46 +00:00
function _should_fail_to_extract_for_wildcard_env() {
# Set as value for ENV `SSL_DOMAIN`, but during startup it should fail to find a match in the current `acme.json`:
local DOMAIN_WILDCARD='*.example.test'
# The expected domain to be found and extracted instead (value from container `--hostname`):
local DOMAIN_MAIL='mail.example.test'
# /var/log/mail/mail.log is not equivalent to stdout content,
# Relevant log content only available via docker logs:
run docker logs "${CONTAINER_NAME}"
assert_output --partial "_extract_certs_from_acme | Unable to find key and/or cert for '${DOMAIN_WILDCARD}' in '/etc/letsencrypt/acme.json'"
assert_output --partial "_extract_certs_from_acme | Certificate successfully extracted for '${DOMAIN_MAIL}'"
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
}
certificates from acme.json Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix. Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json`
2020-06-30 20:43:22 +00:00
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
# Replace the mounted `acme.json` and wait to see if changes were detected.
function _should_extract_on_changes() {
local EXPECTED_DOMAIN=${1}
local ACME_JSON=${2}
cp "${ACME_JSON}" "${TEST_TMP_CONFIG}/letsencrypt/acme.json"
tests(refactor): Improve consistency and documentation for test helpers (#3012)
2023-01-21 23:05:28 +00:00
_wait_until_change_detection_event_completes
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
# Expected log lines from the changedetector service:
tests(refactor): Adjust `mail_changedetector` + change detection helpers (#2997) * tests(refactor): `mail_changedetector.bats` - Leverage DRY methods `supervisorctl tail` is not the most reliably way to get logs for the latest change detection and has been known to be fragile in the past. We can instead read the full log for the service directly with `tac` and `sed` to extract all log content since the last change detection. Common asserts have also been extracted out into separate methods. * tests(chore): Remove sleep and redundant change event Container 1 is still blocked at this point from an existing lock and change event. Make the lock stale immediately and no extra sleep is required when paired with the helper method to wait until the event is processed (which should remove the stale lock). * tests(refactor): Add more DRY methods - Simplify the test case so it's easier to grok. - 2nd test case (blocking) extracts out initial setup into a separate method and merges the later service restart logic which is redundant. - Additional comments for improved context of what is going on / expected. * tests(chore): Revise the change detection helper method - Add explicit counting arg to change detection support. - Extract revised logic into it's own generic helper method. - Utilize this for a separate method that monitors for a change event having started, but not waiting for completion. This allows dropping the 40 sec of remaining `sleep` in `mail_changedetector` test. It was also required due to potentially missing the timing of a change event completing concurrently in a 2nd container that needed to be waited on and then checked. * tests(chore): Migrate to current test conventions - Switch to common container setup helpers - Update container name and change usage to variables instead. - Adopt the new convention of prefix variable for test cases (revised test case descriptions). * tests(chore): Remove legacy change detection This has since been replaced with the new helper watches the `changedetector` service logs directly instead of only detecting a change has occurred via checksum comparison. No tests use this method anymore, it was originally for `tests.bats`. Thus the tests in `test_helper.bats` are being dropped too. The new helper has test coverage in `changedetector` tests. * chore: Lock removal should not incur `sleep 5` afterwards - A new lock should be created by this script after removal. The sleep doesn't help avoid a race condition with lock file creation after removal. - Reduces test time as a bonus. - Added some additional comments to test. * tests(chore): `tls_letsencrypt.bats` leverage improved change detection - No need to wait on the change detection service anymore during container startup. - No need to count change events processed either as waiting a fixed duration is no longer relied on. - This makes the reload count method redundant, dropped. * tests(chore): Convert `setup-cli.bats` to new test conventions This test file was already adapted to the original common setup helpers. - `TEST_NAME` replaced with `CONTAINER_NAME`. - Prefix var added, test case descriptions drop explicit prefix. - No other changes. * tests(chore): Extract out helpers related to change-detection - New helper file for sharing these helpers to tests. - Includes the helpful log method from changedetector tests. - No longer need to maintain duplicate copies of these methods during the test migration. All tests that use them are now importing the separate helper file. - `tls_letsencrypt.bats` has switched to using the log helper. - Generic log count helper is removed from `test_helper/common.bash` as any test that needs it in future can adapt to `helper/common.bash`. * tests(refactor): `tls_letsencrypt.bats` remove `_get_service_logs()` This helper does not seem useful as moving away from `supervisorctl tail` and no other tests had a need for it. * tests(chore): Remove common setup methods from `test_helper/common.bash` No other tests depend on this. Future tests will adopt the revised versions from `helper/setup.bash`. Additionally updates `helper/setup.bash` comments that are no longer applicable to `TEST_TMP_CONFIG` and `CONTAINER_NAME`. * chore: Use `|| true` to simplify setting `EXPECTED_COUNT` correctly
2023-01-16 07:39:46 +00:00
run _get_logs_since_last_change_detection "${CONTAINER_NAME}"
scripts: refactored `check-for-changes.sh` (#2498) * refactored `check-for-changes.sh` I refactored `check-for-changes.sh` and used the new log. `_notify` can therefore be deleted as it is used no more. I opted to source `/etc/dms-settings` as a whole to future-proof the script. When the DNS adjustments PRs (that do not exist by now but will exit in the future) are done, we can then remove `_obtain_hostname_and_domainname` because we're already writing the variables to `/etc/dms-settings`. I left instructions in the script in the form of TODO comments. Because we now log the date for all messages of the changedetector, we need to `tail` a bit more log than before.
2022-04-02 17:39:15 +00:00
assert_output --partial "'/etc/letsencrypt/acme.json' has changed - extracting certificates"
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
assert_output --partial "_extract_certs_from_acme | Certificate successfully extracted for '${EXPECTED_DOMAIN}'"
}
# Extracted cert files from `acme.json` have content matching the expected reference files:
function _should_have_expected_files() {
local LE_BASE_PATH="/etc/letsencrypt/live/${1}"
local LE_KEY_PATH="${LE_BASE_PATH}/key.pem"
local LE_CERT_PATH="${LE_BASE_PATH}/fullchain.pem"
local EXPECTED_KEY_PATH=${2}
local EXPECTED_CERT_PATH=${3}
_should_be_equal_in_content "${LE_KEY_PATH}" "${EXPECTED_KEY_PATH}"
_should_be_equal_in_content "${LE_CERT_PATH}" "${EXPECTED_CERT_PATH}"
}
#
# Misc
#
# Rename test certificate files to match the expected file structure for letsencrypt:
function _copy_to_letsencrypt_storage() {
local SRC=${1}
local DEST=${2}
local FQDN_DIR
FQDN_DIR=$(echo "${DEST}" | cut -d '/' -f1)
mkdir -p "${TEST_TMP_CONFIG}/letsencrypt/${FQDN_DIR}"
change if style (#3361)
2023-05-24 07:06:59 +00:00
if ! cp "${PWD}/test/test-files/ssl/${SRC}" "${TEST_TMP_CONFIG}/letsencrypt/${DEST}"; then
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
echo "Could not copy cert file '${SRC}'' to '${DEST}'" >&2
exit 1
fi
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
}
function _should_be_equal_in_content() {
local CONTAINER_PATH=${1}
local LOCAL_PATH=${2}
tests: Adjust parallel tests - The usual serial to parallel test conversion to utilize the `setup.bash` common setup structure, and adding a `TEST_PREFIX` var for each test case to leverage. - Standardize on parallel test naming conventions for variables / values. - More consistent use of `bash -c` instead of `/bin/bash -c` or `/bin/sh -c`. - Using the `_run_in_container` helper instead of `run docker exec ${CONTAINER_NAME}`. - Updates tests to use the `check_if_process_is_running` helper. --- chore: Revise inline docs for the `ssl_letsencrypt` test - Moves the override to be in closer proximity to the `initial_setup` call, and better communicates the intent to override. - Removes top comment block that is no longer providing value or correct information to maintainers. - Revised `acme.json` test case inline doc comments.
2023-01-03 05:58:09 +00:00
_run_in_container /bin/bash -c "cat ${CONTAINER_PATH}"
tests(feat): Complete rewrite of letsencrypt tests (#2286) * chore: Normalize container setup Easier to grok what is different between configurations. - Container name usage replaced with variable - Volumes defined earlier and redeclared when relevant (only real difference is `VOLUME_LETSENCRYPT`) - Contextual comment about the `acme.json` copy. - Quoting `SSL_TYPE`, `SSL_DOMAIN` and `-h` values for syntax highlighting. - Moved `-t` and `${NAME}` to separate line. - Consistent indentation. * chore: DRY test logic Extracts out repeated test logic into methods * chore: Scope configs to individual test cases (1/3) - Preparation step for shifting out the container configs to their own scoped test cases. Split into multiple commits to ease reviewing by diffs for this change. - Re-arrange the hostname and domain configs to match the expected order of the new test cases. - Shuffle the hostname and domainname grouped tests into tests per container config scope. - Collapse the `acme.json` test cases into single test case. * chore: Scope configs to individual test cases (2/3) - Shifts the hostname and domainname container configs into their respective scoped test cases. - Moving the `acme.json` container config produces a less favorable diff, so is deferred to a follow-up commit. - Test cases updated to refer to their `${CONTAINER_NAME}` var instead of the hard-coded string name. * chore: Scope configs to individual test cases (3/3) Final commit to shift out the container configs. - Common vars are exported in `setup_file()` for the test cases to use without needing to repeat the declaration in each test case. - `teardown_file()` shifts container removal at end of scoped test case. * chore: Adapt to `common_container_setup` template - `CONTAINER_NAME` becomes `TEST_NAME` (`common.bash` helper via `init_with_defaults`). - `docker run ...` and related configuration is now outsourced to the `common.bash` helper, only extra args that the default template does not cover are defined in the test case. - `TARGET_DOMAIN`establishes the domain folder name for `/etc/letsencrypt/live`. - `_should*` methods no longer manage a `CONTAINER_NAME` arg, instead using the `TEST_NAME` global that should be valid as test is run as a sequence of test cases. - `PRIVATE_CONFIG` and the `private_config_path ...` are now using the global `TEST_TMP_CONFIG` initialized at the start of each test case, slightly different as not locally defined/scoped like `PRIVATE_CONFIG` would be within the test case, hence the explicit choice of a different name for context. * chore: Minor tweaks - Test case comment descriptions. - DRY: `docker rm -f` lines moved to `teardown()` - Use `wait_for_service` helper instead of checking the `changedetector` script itself is running. - There is a startup delay before the `changedetector` begins monitoring, wait until it ready event is logged. - Added a helper to query logs for a service (useful later). - `/bin/sh` commands reduced to `sh`. - Change the config check to match and compare output, not number of lines returned. Provides better failure output by bats to debug against. * chore: Add more test functions for `acme.json` This just extracts out existing logic from the test case to functions to make the test case itself more readable/terse. * chore: Housekeeping No changes, just moving logic around and grouping into inline functions, with some added comments. * chore: Switch to `example.test` certs This also required copying the source files to match the expected letsencrypt file structure expected in the test/container usage. * chore: Delete `test/config/letsencrypt/` No longer necessary, using the `example.test/` certs instead. These letsencrypt certs weren't for the domains they were used for, and of course long expired. * chore: Housekeeping Add more maintainer comments, rename some functions. * tests: Expand `acme.json` extraction coverage Finally able to add more test coverage! :) - Two new methods to validate expected success/failure of extraction for a given FQDN. - Added an RSA test prior to the wildcard to test a renewal simulation (just with different cert type). - Added extra method to make sure we're detecting multiple successful change events, not just a previous logged success (false positive). * tests: Refactor the negotiate_tls functionality Covers all ports (except POP) and correctly tests against expected verification status with new `example.test` certs. The `FQDN` var will be put to use in a follow-up commit. * tests: Verify the certs contain the expected FQDNs * chore: Extract TLS test methods into a separate helper script Can be useful for other TLS tests to utilize. * chore: Housekeeping * chore: Fix test typo There was a mismatch between the output and expected output between these two files "find key for" and "find key & cert for". Changed to "find key and/or cert for" to make the warning more clear that it's issued for either or both failure conditions. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2021-11-16 15:00:16 +00:00
assert_output "$(cat "${LOCAL_PATH}")"
certificates from acme.json Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix. Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json`
2020-06-30 20:43:22 +00:00
assert_success
}
Reference in a new issue Copy permalink