From 0b3bff9082752df6e7703c6e302eff8385e21351 Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Wed, 26 Feb 2020 23:12:49 +0000 Subject: [PATCH] Test using nslookup and on ubuntu16 --- docker-compose.yml | 35 +++++++++++++-- ...ple-dns01.bats => 2-simple-dns01-dig.bats} | 14 +++--- test/2-simple-dns01-nslookup.bats | 34 +++++++++++++++ test/8-duckdns-ecdsa.bats | 43 ++++--------------- test/Dockerfile-ubuntu16 | 25 +++++++++++ test/debug-test.sh | 6 +-- test/run-all-tests.cmd | 9 ++++ test/test-config/getssl-duckdns01.cfg | 2 +- test/test_helper.bash | 3 +- 9 files changed, 122 insertions(+), 49 deletions(-) rename test/{2-simple-dns01.bats => 2-simple-dns01-dig.bats} (63%) create mode 100644 test/2-simple-dns01-nslookup.bats create mode 100644 test/Dockerfile-ubuntu16 diff --git a/docker-compose.yml b/docker-compose.yml index 3eb81b7..b493888 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -129,6 +129,33 @@ services: - i.ubuntu.getssl.test - j.ubuntu.getssl.test - k.ubuntu.getssl.test + getssl-ubuntu16: + build: + context: . + dockerfile: test/Dockerfile-ubuntu16 + container_name: getssl-ubuntu16 + volumes: + - .:/getssl + environment: + GETSSL_HOST: ubuntu16.getssl.test + GETSSL_IP: 10.30.50.14 + NGINX_CONFIG: /etc/nginx/sites-enabled/default + networks: + acmenet: + ipv4_address: 10.30.50.14 + aliases: + - ubuntu16.getssl.test + - a.ubuntu16.getssl.test + - b.ubuntu16.getssl.test + - c.ubuntu16.getssl.test + - d.ubuntu16.getssl.test + - e.ubuntu16.getssl.test + - f.ubuntu16.getssl.test + - g.ubuntu16.getssl.test + - h.ubuntu16.getssl.test + - i.ubuntu16.getssl.test + - j.ubuntu16.getssl.test + - k.ubuntu16.getssl.test getssl-ubuntu18: build: context: . @@ -138,11 +165,11 @@ services: - .:/getssl environment: GETSSL_HOST: ubuntu18.getssl.test - GETSSL_IP: 10.30.50.14 + GETSSL_IP: 10.30.50.15 NGINX_CONFIG: /etc/nginx/sites-enabled/default networks: acmenet: - ipv4_address: 10.30.50.14 + ipv4_address: 10.30.50.15 aliases: - ubuntu18.getssl.test - a.ubuntu18.getssl.test @@ -165,13 +192,13 @@ services: - .:/getssl environment: GETSSL_HOST: getssl.duckdns.org - GETSSL_IP: 10.30.50.15 + GETSSL_IP: 10.30.50.16 NGINX_CONFIG: /etc/nginx/sites-enabled/default DUCKDNS_TOKEN: $DUCKDNS_TOKEN STAGING: "true" networks: acmenet: - ipv4_address: 10.30.50.15 + ipv4_address: 10.30.50.16 aliases: - getssl.duckdns.org diff --git a/test/2-simple-dns01.bats b/test/2-simple-dns01-dig.bats similarity index 63% rename from test/2-simple-dns01.bats rename to test/2-simple-dns01-dig.bats index ffd0b9e..cbac598 100644 --- a/test/2-simple-dns01.bats +++ b/test/2-simple-dns01-dig.bats @@ -11,7 +11,7 @@ setup() { } -@test "Create new certificate using DNS-01 verification" { +@test "Create new certificate using DNS-01 verification (dig)" { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi @@ -19,22 +19,24 @@ setup() { CONFIG_FILE="getssl-dns01.cfg" setup_environment init_getssl - create_certificate + create_certificate -d assert_success + assert_output --partial "dig" refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' + refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' # don't fail for :error:badNonce refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' } -@test "Force renewal of certificate using DNS-01" { +@test "Force renewal of certificate using DNS-01 (dig)" { if [ -n "$STAGING" ]; then skip "Using staging server, skipping internal test" fi - run ${CODE_DIR}/getssl -f $GETSSL_HOST + run ${CODE_DIR}/getssl -d -f $GETSSL_HOST assert_success + assert_output --partial "dig" refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' + refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' # don't fail for :error:badNonce refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' cleanup_environment } diff --git a/test/2-simple-dns01-nslookup.bats b/test/2-simple-dns01-nslookup.bats new file mode 100644 index 0000000..f92d817 --- /dev/null +++ b/test/2-simple-dns01-nslookup.bats @@ -0,0 +1,34 @@ +#! /usr/bin/env bats + +load '/bats-support/load.bash' +load '/bats-assert/load.bash' +load '/getssl/test/test_helper.bash' + + +# This is run for every test +setup() { + export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt + mv /usr/bin/dig /usr/bin/dig.getssl.bak +} + + +teardown() { + mv /usr/bin/dig.getssl.bak /usr/bin/dig +} + + +@test "Create new certificate using DNS-01 verification (nslookup)" { + if [ -n "$STAGING" ]; then + skip "Using staging server, skipping internal test" + fi + + CONFIG_FILE="getssl-dns01.cfg" + setup_environment + init_getssl + create_certificate -d + assert_success + assert_output --partial "nslookup" + refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' + refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' # don't fail for :error:badNonce + refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' +} diff --git a/test/8-duckdns-ecdsa.bats b/test/8-duckdns-ecdsa.bats index f50dd05..0950d96 100644 --- a/test/8-duckdns-ecdsa.bats +++ b/test/8-duckdns-ecdsa.bats @@ -23,10 +23,10 @@ setup() { setup_environment init_getssl sed -e 's/rsa/prime256v1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" - run ${CODE_DIR}/getssl "$GETSSL_HOST" + run ${CODE_DIR}/getssl -d "$GETSSL_HOST" assert_success refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' + refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' } @@ -35,10 +35,10 @@ setup() { if [ -z "$STAGING" ]; then skip "Running internal tests, skipping external test" fi - run ${CODE_DIR}/getssl -f $GETSSL_HOST + run ${CODE_DIR}/getssl -d -f $GETSSL_HOST assert_success refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' + refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' cleanup_environment } @@ -54,10 +54,10 @@ setup() { setup_environment init_getssl sed -e 's/rsa/secp384r1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" - run ${CODE_DIR}/getssl "$GETSSL_HOST" + run ${CODE_DIR}/getssl -d "$GETSSL_HOST" assert_success refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' + refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' } @@ -66,38 +66,13 @@ setup() { if [ -z "$STAGING" ]; then skip "Running internal tests, skipping external test" fi - run ${CODE_DIR}/getssl -f $GETSSL_HOST + run ${CODE_DIR}/getssl -d -f $GETSSL_HOST assert_success refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' + refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]' refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' cleanup_environment } -@test "Create new certificate using staging server and secp521r1" { - skip "The staging server returns 'ECDSA curve P-521 not allowed'" - - CONFIG_FILE="getssl-duckdns01.cfg" - GETSSL_HOST=getssl.duckdns.org - - setup_environment - init_getssl - sed -e 's/rsa/secp521r1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" - run ${CODE_DIR}/getssl "$GETSSL_HOST" - assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' -} - - -@test "Force renewal of certificate using staging server and secp521r1" { - skip "The staging server returns 'ECDSA curve P-521 not allowed'" - run ${CODE_DIR}/getssl -f $GETSSL_HOST - assert_success - refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' - refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' - refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' - cleanup_environment -} +# Note letsencrypt doesn't support ECDSA curve P-521 as it's being deprecated diff --git a/test/Dockerfile-ubuntu16 b/test/Dockerfile-ubuntu16 new file mode 100644 index 0000000..958bb6f --- /dev/null +++ b/test/Dockerfile-ubuntu16 @@ -0,0 +1,25 @@ +FROM ubuntu:xenial +# xenial = 16 + +# Note this image uses mawk + +# Update and install required software +RUN apt-get update --fix-missing +RUN apt-get install -y git curl dnsutils wget nginx-light + +WORKDIR /root +RUN mkdir /etc/nginx/pki +RUN mkdir /etc/nginx/pki/private +COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default + +# Prevent "Can't load /root/.rnd into RNG" error from openssl +# RUN touch /root/.rnd + +# BATS (Bash Automated Testings) +RUN git clone https://github.com/bats-core/bats-core.git /bats-core +RUN git clone https://github.com/jasonkarns/bats-support /bats-support +RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert +RUN /bats-core/install.sh /usr/local + +# Run eternal loop - for testing +CMD tail -f /dev/null diff --git a/test/debug-test.sh b/test/debug-test.sh index 8807670..890366b 100644 --- a/test/debug-test.sh +++ b/test/debug-test.sh @@ -9,14 +9,14 @@ if [ $# -eq 2 ]; then shift fi +#shellcheck disable=SC1091 +source /getssl/test/test_helper.bash + CONFIG_FILE=$1 if [ ! -e "$CONFIG_FILE" ]; then CONFIG_FILE=${CODE_DIR}/test/test-config/${CONFIG_FILE} fi -#shellcheck disable=SC1091 -source /getssl/test/test_helper.bash - setup_environment 3>&1 # Only add the pebble CA to the cert bundle if using pebble diff --git a/test/run-all-tests.cmd b/test/run-all-tests.cmd index 2c5ff6c..e887b6e 100644 --- a/test/run-all-tests.cmd +++ b/test/run-all-tests.cmd @@ -1,6 +1,15 @@ +echo %time% docker exec -it getssl-alpine bats /getssl/test +echo %time% docker exec -it getssl-centos6 bats /getssl/test +echo %time% docker exec -it getssl-debian bats /getssl/test +echo %time% docker exec -it getssl-ubuntu bats /getssl/test +echo %time% docker exec -it getssl-ubuntu18 bats /getssl/test +echo %time% +docker exec -it getssl-ubuntu16 bats /getssl/test +echo %time% docker exec -it getssl-duckdns bats /getssl/test +echo %time% diff --git a/test/test-config/getssl-duckdns01.cfg b/test/test-config/getssl-duckdns01.cfg index 4a37bcd..10ac366 100644 --- a/test/test-config/getssl-duckdns01.cfg +++ b/test/test-config/getssl-duckdns01.cfg @@ -7,7 +7,7 @@ DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_duckdns" DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns" AUTH_DNS_SERVER=1.1.1.1 CHECK_ALL_AUTH_DNS=false -DNS_EXTRA_WAIT=20 +DNS_EXTRA_WAIT=30 ACCOUNT_KEY_TYPE="rsa" PRIVATE_KEY_ALG="rsa" diff --git a/test/test_helper.bash b/test/test_helper.bash index 554d60a..0d106fa 100644 --- a/test/test_helper.bash +++ b/test/test_helper.bash @@ -39,5 +39,6 @@ init_getssl() { create_certificate() { # Create certificate cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" - run ${CODE_DIR}/getssl "$GETSSL_HOST" + # shellcheck disable=SC2086 + run ${CODE_DIR}/getssl $1 "$GETSSL_HOST" }