Move all testing to BATS

getssl

@@ -325,15 +325,14 @@ check_challenge_completion() { # checks with the ACME server if our challenge is
 
     # if ACME response is that their check gave an invalid response, error exit
     if [[ "$status" == "invalid" ]] ; then
-      err_detail=$(json_get "$response" detail)
-      error_exit "$domain:Verify error:$err_detail"
+      error_exit "$domain:Verify error:$(echo "$response" | grep "detail" | awk -F' "' '{print $3}')"
     fi
 
     # if ACME response is pending ( they haven't completed checks yet) then wait and try again.
     if [[ "$status" == "pending" ]] ; then
       info "Pending"
     else
-      error_exit "$domain:Verify error:$response"
+      error_exit "$domain:Verify error:$(echo "$response" | grep "detail")"
     fi
     debug "sleep 5 secs before testing verify again"
     sleep 5

test/Dockerfile-ubuntu

@@ -14,8 +14,10 @@ RUN mkdir /etc/nginx/pki/private
 COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
 
 # BATS (Bash Automated Testings)
-# RUN git clone https://github.com/bats-core/bats-core.git
-# RUN bats-core/install.sh /usr/local
+RUN git clone https://github.com/bats-core/bats-core.git /bats-core
+RUN git clone https://github.com/jasonkarns/bats-support /bats-support
+RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert
+RUN /bats-core/install.sh /usr/local
 
 EXPOSE 80 443
 

test/README.md

@@ -6,7 +6,10 @@ Start up pebble, the challdnstest server for DNS challenges
 `docker-compose -f "docker-compose.yml" up -d --build`
 
 Run the tests
-`docker exec -it getssl /getssl/test/run-test.sh`
+`docker exec -it getssl bats /getssl/test`
+
+Run individual test
+`docker exec -it getssl bats /getssl/test/<filename.bats>`
 
 Debug (need to set CURL_CA_BUNDLE as pebble uses a local certificate, otherwise you get a "unknown API version" error)
 `docker exec -it getssl /bin/bash`
@@ -14,7 +17,6 @@ Debug (need to set CURL_CA_BUNDLE as pebble uses a local certificate, otherwise
 `/getssl/getssl -d getssl`
 
 # TODO
-1. Move to BATS (bash automated testing) instead of run-test.sh
-2. Test RHEL6, Debian as well
-3. Test SSH, SFTP
-4. Test wildcards
+1. Test RHEL6, Debian as well
+2. Test SSH, SFTP
+3. Test wildcards

test/dual-rsa-ecdsa.bats

@@ -0,0 +1,40 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+
+@test "Create creating dual certificates using HTTP-01 verification" {
+    CONFIG_FILE="getssl-http01-dual-rsa-ecdsa.cfg"
+    setup_environment
+    init_getssl
+    create_certificate
+}
+
+
+@test "Force renewal of dual certificates using HTTP-01" {
+    #!FIXME test certificate has been updated
+    run ${CODE_DIR}/getssl -f $HOST
+    assert_success
+}
+
+@test "Create creating dual certificates using DNS-01 verification" {
+    CONFIG_FILE="getssl-dns01-dual-rsa-ecdsa.cfg"
+    setup_environment
+    init_getssl
+    create_certificate
+}
+
+
+@test "Force renewal of dual certificates using DNS-01" {
+    #!FIXME test certificate has been updated
+    run ${CODE_DIR}/getssl -f $HOST
+    assert_success
+}

test/more-than-10-hosts.bats

@@ -0,0 +1,32 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+
+@test "Create certificates for more than 10 hosts using HTTP-01 verification" {
+    CONFIG_FILE="getssl-http01-10-hosts.cfg"
+    setup_environment
+
+    # Add 11 hosts to DNS (also need to be added as aliases in docker-compose.yml)
+    for prefix in a b c d e f g h i j k; do
+        curl -X POST -d '{"host":"'$prefix.$HOST'", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a
+    done
+
+    init_getssl
+    create_certificate
+}
+
+
+@test "Force renewal of all certificates using HTTP-01" {
+    #!FIXME test certificate has been updated
+    run ${CODE_DIR}/getssl -f $HOST
+    assert_success
+}

test/pebble-config.json

@@ -1,12 +0,0 @@
-{
-    "pebble": {
-      "listenAddress": "0.0.0.0:14000",
-      "managementListenAddress": "0.0.0.0:15000",
-      "certificate": "test/certs/localhost/cert.pem",
-      "privateKey": "test/certs/localhost/key.pem",
-      "httpPort": 5002,
-      "tlsPort": 5001,
-      "ocspResponderURL": "",
-      "externalAccountBindingRequired": false
-    }
-  }

test/pebble/config/pebble-config.json

@@ -1,11 +1,12 @@
-
-{
-    "pebble": {
-      "listenAddress": "0.0.0.0:14000",
-      "managementListenAddress": "0.0.0.0:15000",
-      "httpPort": 80,
-      "tlsPort": 443,
-      "ocspResponderURL": "",
-      "externalAccountBindingRequired": false
-    }
-  }
+{
+    "pebble": {
+      "listenAddress": "0.0.0.0:14000",
+      "managementListenAddress": "0.0.0.0:15000",
+      "certificate": "test/certs/localhost/cert.pem",
+      "privateKey": "test/certs/localhost/key.pem",
+      "httpPort": 5002,
+      "tlsPort": 5001,
+      "ocspResponderURL": "",
+      "externalAccountBindingRequired": false
+    }
+  }

test/run-test-dual-eca.sh

@@ -1,46 +0,0 @@
-#! /bin/bash
-
-set -e
-
-# Test setup
-if [[ -d /root/.getssl ]]; then
-    rm -r /root/.getssl
-fi
-
-HOST=getssl.test
-
-wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem
-# cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
-cat /etc/ssl/certs/ca-certificates.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
-export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
-
-curl -X POST -d '{"host":"'$HOST'", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a
-
-# Test #1 - http-01 verification
-echo Test \#1 - http-01 verification
-
-cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
-service nginx restart
-/getssl/getssl -c $HOST
-cp /getssl/test/test-config/getssl-http01-dual-rsa-ecdsa.cfg /root/.getssl/${HOST}/getssl.cfg
-/getssl/getssl -f $HOST
-
-# Test #2 - http-01 forced renewal
-echo Test \#2 - http-01 forced renewal
-/getssl/getssl $HOST -f
-
-# Test cleanup
-rm -r /root/.getssl
-
-# Test #3 - dns-01 verification
-echo Test \#3 - dns-01 verification
-
-cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
-service nginx restart
-/getssl/getssl -c $HOST
-cp /getssl/test/test-config/getssl-dns01-dual-rsa-ecdsa.cfg /root/.getssl/${HOST}/getssl.cfg
-/getssl/getssl $HOST
-
-# Test #4 - dns-01 forced renewal
-echo Test \#4 - dns-01 forced renewal
-/getssl/getssl $HOST -f

test/run-test.sh

@@ -1,45 +0,0 @@
-#! /bin/bash
-
-set -e
-
-# Test setup
-if [[ -d /root/.getssl ]]; then
-    rm -r /root/.getssl
-fi
-
-HOST=getssl.test
-
-wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem
-# cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
-cat /etc/ssl/certs/ca-certificates.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
-export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
-
-curl -X POST -d '{"host":"'$HOST'", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a
-
-# Test #1 - http-01 verification
-echo Test \#1 - http-01 verification
-
-cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
-service nginx restart
-/getssl/getssl -c $HOST
-cp /getssl/test/test-config/getssl-http01.cfg /root/.getssl/${HOST}/getssl.cfg
-/getssl/getssl -f $HOST
-
-# Test #2 - http-01 forced renewal
-echo Test \#2 - http-01 forced renewal
-/getssl/getssl $HOST -f
-
-# Test cleanup
-rm -r /root/.getssl
-
-# Test #3 - dns-01 verification
-echo Test \#3 - dns-01 verification
-cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
-service nginx restart
-/getssl/getssl -c $HOST
-cp /getssl/test/test-config/getssl-dns01.cfg /root/.getssl/${HOST}/getssl.cfg
-/getssl/getssl $HOST
-
-# Test #4 - dns-01 forced renewal
-echo Test \#4 - dns-01 forced renewal
-/getssl/getssl $HOST -f

test/simple-dns01.bats

@@ -0,0 +1,26 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+
+@test "Create new certificate using DNS-01 verification" {
+    CONFIG_FILE="getssl-dns01.cfg"
+    setup_environment
+    init_getssl
+    create_certificate
+}
+
+
+@test "Force renewal of certificate using DNS-01" {
+    #!FIXME test certificate has been updated
+    run ${CODE_DIR}/getssl -f $HOST
+    assert_success
+}

test/simple-http01.bats

@@ -0,0 +1,26 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+
+@test "Create new certificate using HTTP-01 verification" {
+    CONFIG_FILE="getssl-http01.cfg"
+    setup_environment
+    init_getssl
+    create_certificate
+}
+
+
+@test "Force renewal of certificate using HTTP-01" {
+    #!FIXME test certificate has been updated
+    run ${CODE_DIR}/getssl -f $HOST
+    assert_success
+}

test/test-config/getssl-dns01-dual-rsa-ecdsa.cfg

@@ -47,7 +47,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which

test/test-config/getssl-dns01.cfg

@@ -44,7 +44,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which

test/test-config/getssl-http01-10-hosts.cfg

@@ -22,7 +22,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 
 #SERVER_TYPE="https"
 #CHECK_REMOTE="true"

test/test-config/getssl-http01-dual-rsa-ecdsa.cfg

@@ -45,7 +45,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which

test/test-config/getssl-http01.cfg

@@ -43,7 +43,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which

test/test_helper.bash

@@ -0,0 +1,37 @@
+INSTALL_DIR=/root
+CODE_DIR=/getssl
+HOST=getssl.test
+
+setup_environment() {
+    # One-off test setup
+    if [[ -d ${INSTALL_DIR}/.getssl ]]; then
+        rm -r ${INSTALL_DIR}/.getssl
+    fi
+
+    if [ ! -f ${INSTALL_DIR}/pebble.minica.pem ]; then
+        wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem 2>&1 # | sed 's/^/# /' >&3
+        # cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt  # RHEL6?
+        cat /etc/ssl/certs/ca-certificates.crt ${INSTALL_DIR}/pebble.minica.pem > ${INSTALL_DIR}/pebble-ca-bundle.crt
+    fi
+
+    curl -X POST -d '{"host":"'$HOST'", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a
+    cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
+    service nginx restart >&3-
+}
+
+
+init_getssl() {
+    # Run initialisation (create account key, etc)
+    run ${CODE_DIR}/getssl -c $HOST
+    assert_success
+    [ -d "$INSTALL_DIR/.getssl" ]
+}
+
+
+create_certificate() {
+    # Create certificate
+    cp ${CODE_DIR}/test/test-config/${CONFIG_FILE} ${INSTALL_DIR}/.getssl/${HOST}/getssl.cfg
+    run ${CODE_DIR}/getssl $HOST
+    assert_success
+    #!FIXME test certificate has been placed in the expected location
+}