Move all testing to BATS

6 years ago · 099a8e2571
--- a/+ 2
+++ b/+ 2
@ -325,15 +325,14 @@ check_challenge_completion() { # checks with the ACME server if our challenge is
    # if ACME response is that their check gave an invalid response, error exit
    if [[ "$status" == "invalid" ]] ; then
      err_detail=$(json_get "$response" detail)
      error_exit "$domain:Verify error:$err_detail"
      error_exit "$domain:Verify error:$(echo "$response" | grep "detail" | awk -F' "' '{print $3}')"
    fi
    # if ACME response is pending ( they haven't completed checks yet) then wait and try again.
    if [[ "$status" == "pending" ]] ; then
      info "Pending"
    else
      error_exit "$domain:Verify error:$response"
      error_exit "$domain:Verify error:$(echo "$response" | grep "detail")"
    fi
    debug "sleep 5 secs before testing verify again"
    sleep 5
--- a/test/Dockerfile-ubuntu
+++ b/test/Dockerfile-ubuntu
@ -14,8 +14,10 @@ RUN mkdir /etc/nginx/pki/private
 COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
 # BATS (Bash Automated Testings)
 # RUN git clone https://github.com/bats-core/bats-core.git
 # RUN bats-core/install.sh /usr/local
 RUN git clone https://github.com/bats-core/bats-core.git /bats-core
 RUN git clone https://github.com/jasonkarns/bats-support /bats-support
 RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert
 RUN /bats-core/install.sh /usr/local
 EXPOSE 80 443
--- a/test/README.md
+++ b/test/README.md
@ -6,7 +6,10 @@ Start up pebble, the challdnstest server for DNS challenges
 `docker-compose -f "docker-compose.yml" up -d --build`
 Run the tests
 `docker exec -it getssl /getssl/test/run-test.sh`
 `docker exec -it getssl bats /getssl/test`
 Run individual test
 `docker exec -it getssl bats /getssl/test/<filename.bats>`
 Debug (need to set CURL_CA_BUNDLE as pebble uses a local certificate, otherwise you get a "unknown API version" error)
 `docker exec -it getssl /bin/bash`
@ -14,7 +17,6 @@ Debug (need to set CURL_CA_BUNDLE as pebble uses a local certificate, otherwise
 `/getssl/getssl -d getssl`
 # TODO
 1. Move to BATS (bash automated testing) instead of run-test.sh
 2. Test RHEL6, Debian as well
 3. Test SSH, SFTP
 4. Test wildcards
 1. Test RHEL6, Debian as well
 2. Test SSH, SFTP
 3. Test wildcards
--- a/test/dual-rsa-ecdsa.bats
+++ b/test/dual-rsa-ecdsa.bats
@ -0,0 +1,40 @@
 #! /usr/bin/env bats
 load '/bats-support/load.bash'
 load '/bats-assert/load.bash'
 load '/getssl/test/test_helper.bash'
 # This is run for every test
 setup() {
    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
 }
@test "Create creating dual certificates using HTTP-01 verification" {
    CONFIG_FILE="getssl-http01-dual-rsa-ecdsa.cfg"
    setup_environment
    init_getssl
    create_certificate
 }
@test "Force renewal of dual certificates using HTTP-01" {
    #!FIXME test certificate has been updated
    run ${CODE_DIR}/getssl -f $HOST
    assert_success
 }
@test "Create creating dual certificates using DNS-01 verification" {
    CONFIG_FILE="getssl-dns01-dual-rsa-ecdsa.cfg"
    setup_environment
    init_getssl
    create_certificate
 }
@test "Force renewal of dual certificates using DNS-01" {
    #!FIXME test certificate has been updated
    run ${CODE_DIR}/getssl -f $HOST
    assert_success
 }
--- a/test/more-than-10-hosts.bats
+++ b/test/more-than-10-hosts.bats
@ -0,0 +1,32 @@
 #! /usr/bin/env bats
 load '/bats-support/load.bash'
 load '/bats-assert/load.bash'
 load '/getssl/test/test_helper.bash'
 # This is run for every test
 setup() {
    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
 }
@test "Create certificates for more than 10 hosts using HTTP-01 verification" {
    CONFIG_FILE="getssl-http01-10-hosts.cfg"
    setup_environment
    # Add 11 hosts to DNS (also need to be added as aliases in docker-compose.yml)
    for prefix in a b c d e f g h i j k; do
        curl -X POST -d '{"host":"'$prefix.$HOST'", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a
    done
    init_getssl
    create_certificate
 }
@test "Force renewal of all certificates using HTTP-01" {
    #!FIXME test certificate has been updated
    run ${CODE_DIR}/getssl -f $HOST
    assert_success
 }
--- a/test/pebble-config.json
+++ b/test/pebble-config.json
@ -1,12 +0,0 @@
 {
    "pebble": {
      "listenAddress": "0.0.0.0:14000",
      "managementListenAddress": "0.0.0.0:15000",
      "certificate": "test/certs/localhost/cert.pem",
      "privateKey": "test/certs/localhost/key.pem",
      "httpPort": 5002,
      "tlsPort": 5001,
      "ocspResponderURL": "",
      "externalAccountBindingRequired": false
    }
  }
--- a/test/pebble/config/pebble-config.json
+++ b/test/pebble/config/pebble-config.json
@ -1,11 +1,12 @@
 {
    "pebble": {
      "listenAddress": "0.0.0.0:14000",
      "managementListenAddress": "0.0.0.0:15000",
      "httpPort": 80,
      "tlsPort": 443,
      "ocspResponderURL": "",
      "externalAccountBindingRequired": false
    }
  }
 {
    "pebble": {
      "listenAddress": "0.0.0.0:14000",
      "managementListenAddress": "0.0.0.0:15000",
      "certificate": "test/certs/localhost/cert.pem",
      "privateKey": "test/certs/localhost/key.pem",
      "httpPort": 5002,
      "tlsPort": 5001,
      "ocspResponderURL": "",
      "externalAccountBindingRequired": false
    }
  }
--- a/test/run-test-dual-eca.sh
+++ b/test/run-test-dual-eca.sh
@ -1,46 +0,0 @@
 #! /bin/bash
 set -e
 # Test setup
 if [[ -d /root/.getssl ]]; then
    rm -r /root/.getssl
 fi
 HOST=getssl.test
 wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem
 # cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
 cat /etc/ssl/certs/ca-certificates.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
 export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
 curl -X POST -d '{"host":"'$HOST'", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a
 # Test #1 - http-01 verification
 echo Test \#1 - http-01 verification
 cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
 service nginx restart
 /getssl/getssl -c $HOST
 cp /getssl/test/test-config/getssl-http01-dual-rsa-ecdsa.cfg /root/.getssl/${HOST}/getssl.cfg
 /getssl/getssl -f $HOST
 # Test #2 - http-01 forced renewal
 echo Test \#2 - http-01 forced renewal
 /getssl/getssl $HOST -f
 # Test cleanup
 rm -r /root/.getssl
 # Test #3 - dns-01 verification
 echo Test \#3 - dns-01 verification
 cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
 service nginx restart
 /getssl/getssl -c $HOST
 cp /getssl/test/test-config/getssl-dns01-dual-rsa-ecdsa.cfg /root/.getssl/${HOST}/getssl.cfg
 /getssl/getssl $HOST
 # Test #4 - dns-01 forced renewal
 echo Test \#4 - dns-01 forced renewal
 /getssl/getssl $HOST -f
--- a/test/run-test.sh
+++ b/test/run-test.sh
@ -1,45 +0,0 @@
 #! /bin/bash
 set -e
 # Test setup
 if [[ -d /root/.getssl ]]; then
    rm -r /root/.getssl
 fi
 HOST=getssl.test
 wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem
 # cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
 cat /etc/ssl/certs/ca-certificates.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
 export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
 curl -X POST -d '{"host":"'$HOST'", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a
 # Test #1 - http-01 verification
 echo Test \#1 - http-01 verification
 cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
 service nginx restart
 /getssl/getssl -c $HOST
 cp /getssl/test/test-config/getssl-http01.cfg /root/.getssl/${HOST}/getssl.cfg
 /getssl/getssl -f $HOST
 # Test #2 - http-01 forced renewal
 echo Test \#2 - http-01 forced renewal
 /getssl/getssl $HOST -f
 # Test cleanup
 rm -r /root/.getssl
 # Test #3 - dns-01 verification
 echo Test \#3 - dns-01 verification
 cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
 service nginx restart
 /getssl/getssl -c $HOST
 cp /getssl/test/test-config/getssl-dns01.cfg /root/.getssl/${HOST}/getssl.cfg
 /getssl/getssl $HOST
 # Test #4 - dns-01 forced renewal
 echo Test \#4 - dns-01 forced renewal
 /getssl/getssl $HOST -f
--- a/test/simple-dns01.bats
+++ b/test/simple-dns01.bats
@ -0,0 +1,26 @@
 #! /usr/bin/env bats
 load '/bats-support/load.bash'
 load '/bats-assert/load.bash'
 load '/getssl/test/test_helper.bash'
 # This is run for every test
 setup() {
    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
 }
@test "Create new certificate using DNS-01 verification" {
    CONFIG_FILE="getssl-dns01.cfg"
    setup_environment
    init_getssl
    create_certificate
 }
@test "Force renewal of certificate using DNS-01" {
    #!FIXME test certificate has been updated
    run ${CODE_DIR}/getssl -f $HOST
    assert_success
 }
--- a/test/simple-http01.bats
+++ b/test/simple-http01.bats
@ -0,0 +1,26 @@
 #! /usr/bin/env bats
 load '/bats-support/load.bash'
 load '/bats-assert/load.bash'
 load '/getssl/test/test_helper.bash'
 # This is run for every test
 setup() {
    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
 }
@test "Create new certificate using HTTP-01 verification" {
    CONFIG_FILE="getssl-http01.cfg"
    setup_environment
    init_getssl
    create_certificate
 }
@test "Force renewal of certificate using HTTP-01" {
    #!FIXME test certificate has been updated
    run ${CODE_DIR}/getssl -f $HOST
    assert_success
 }
--- a/test/test-config/getssl-dns01-dual-rsa-ecdsa.cfg
+++ b/test/test-config/getssl-dns01-dual-rsa-ecdsa.cfg
@ -47,7 +47,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 # The command needed to reload apache / nginx or whatever you use
 RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
 RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
--- a/test/test-config/getssl-dns01.cfg
+++ b/test/test-config/getssl-dns01.cfg
@ -44,7 +44,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 # The command needed to reload apache / nginx or whatever you use
 RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
 RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
--- a/test/test-config/getssl-http01-10-hosts.cfg
+++ b/test/test-config/getssl-http01-10-hosts.cfg
@ -22,7 +22,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 # The command needed to reload apache / nginx or whatever you use
 RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
 RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 #SERVER_TYPE="https"
 #CHECK_REMOTE="true"
--- a/test/test-config/getssl-http01-dual-rsa-ecdsa.cfg
+++ b/test/test-config/getssl-http01-dual-rsa-ecdsa.cfg
@ -45,7 +45,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 # The command needed to reload apache / nginx or whatever you use
 RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
 RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
--- a/test/test-config/getssl-http01.cfg
+++ b/test/test-config/getssl-http01.cfg
@ -43,7 +43,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 # The command needed to reload apache / nginx or whatever you use
 RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
 RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
--- a/test/test_helper.bash
+++ b/test/test_helper.bash
@ -0,0 +1,37 @@
 INSTALL_DIR=/root
 CODE_DIR=/getssl
 HOST=getssl.test
 setup_environment() {
    # One-off test setup
    if [[ -d ${INSTALL_DIR}/.getssl ]]; then
        rm -r ${INSTALL_DIR}/.getssl
    fi
    if [ ! -f ${INSTALL_DIR}/pebble.minica.pem ]; then
        wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem 2>&1 # | sed 's/^/# /' >&3
        # cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt  # RHEL6?
        cat /etc/ssl/certs/ca-certificates.crt ${INSTALL_DIR}/pebble.minica.pem > ${INSTALL_DIR}/pebble-ca-bundle.crt
    fi
    curl -X POST -d '{"host":"'$HOST'", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a
    cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
    service nginx restart >&3-
 }
 init_getssl() {
    # Run initialisation (create account key, etc)
    run ${CODE_DIR}/getssl -c $HOST
    assert_success
    [ -d "$INSTALL_DIR/.getssl" ]
 }
 create_certificate() {
    # Create certificate
    cp ${CODE_DIR}/test/test-config/${CONFIG_FILE} ${INSTALL_DIR}/.getssl/${HOST}/getssl.cfg
    run ${CODE_DIR}/getssl $HOST
    assert_success
    #!FIXME test certificate has been placed in the expected location
 }