diff --git a/test/4-more-than-10-hosts.bats b/test/4-more-than-10-hosts.bats index 5bdfc2a..bd93adc 100644 --- a/test/4-more-than-10-hosts.bats +++ b/test/4-more-than-10-hosts.bats @@ -44,6 +44,6 @@ setup() { # Remove all the dns aliases cleanup_environment for prefix in a b c d e f g h i j k; do - curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/del-a + curl --silent -X POST -d '{"host":"'$prefix.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a done } diff --git a/test/6-dual-rsa-ecdsa-copy-2-locations.bats b/test/6-dual-rsa-ecdsa-copy-2-locations.bats index aae21bb..73363ec 100644 --- a/test/6-dual-rsa-ecdsa-copy-2-locations.bats +++ b/test/6-dual-rsa-ecdsa-copy-2-locations.bats @@ -16,7 +16,7 @@ setup() { teardown() { if [ -z "$STAGING" ]; then - curl --silent -X POST -d '{"host":"'a.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/del-a + curl --silent -X POST -d '{"host":"'a.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a fi } diff --git a/test/7-duckdns-dns01.bats b/test/7-duckdns-dns01.bats index e81b414..9466f05 100644 --- a/test/7-duckdns-dns01.bats +++ b/test/7-duckdns-dns01.bats @@ -38,5 +38,5 @@ setup() { refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]' refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]' cleanup_environment - curl --silent -X POST -d '{"host":"getssl.duckdns.org", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/del-a + curl --silent -X POST -d '{"host":"getssl.duckdns.org"}' http://10.30.50.3:8055/clear-a } diff --git a/test/Dockerfile-alpine b/test/Dockerfile-alpine index 5a88865..0c166cb 100644 --- a/test/Dockerfile-alpine +++ b/test/Dockerfile-alpine @@ -18,5 +18,5 @@ RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert RUN /bats-core/install.sh /usr/local # Use supervisord to run nginx in the background -COPY ./test/alpine-supervisord.conf /etc/supervisord.conf +COPY ./test/test-config/alpine-supervisord.conf /etc/supervisord.conf CMD tail -f /dev/null diff --git a/test/README-Testing.md b/test/README-Testing.md new file mode 100644 index 0000000..6132f34 --- /dev/null +++ b/test/README-Testing.md @@ -0,0 +1,40 @@ +# Testing + +## Continuous Integration + +For continuous integration testing we have the following: + +`gitactions` script which runs whenever a PR is pushed: + +1. Uses `docker-compose` to start `pebble` (letsencrypt test server) and `challtestsrv` (minimal dns client for pebble) +2. Then runs the `bats` test scripts (all the files with a ".bats" extension) for each OS (alpine, centos6, debian, ubuntu) +3. Runs the `bats` test script against the staging server (using nn ubuntu docker image and duckdns.org) + +## To run all the tests locally + +1. Start `pebble` and `challtestsrv` using ```docker-compose up -d --build``` +2. Run the test suite `run-all-tests.cmd` + +## To run all the tests on a single OS + +1. Start `pebble` and `challtestsrv` using ```docker-compose up -d --build``` +2. Run the test suite ```run-test.cmd []``` +3. eg. `run-test.cmd ubuntu16` + +## To run a single bats test on a single OS + +1. Start `pebble` and `challtestsrv` using ```docker-compose up -d --build``` +2. ```run-test.cmd bats ``` +3. e.g. `run-test.cmd ubuntu bats /getssl/test/1-simple-http01.bats` + +## To debug a test + +1. Start `pebble` and `challtestsrv` using ```docker-compose up -d --build``` +2. ```run-test.cmd /getssl/test/debug-test.sh ``` +3. e.g. `run-test.cmd ubuntu /getssl/test/debug-test.sh -d /getssl/test/test-config/getssl-http01-cfg` + +## TODO + +1. Test wildcards +2. Test SSH, SFTP, SCP +3. Test change of key algorithm (should automatically delete and re-create account.key) diff --git a/test/README.md b/test/README.md deleted file mode 100644 index 7648f17..0000000 --- a/test/README.md +++ /dev/null @@ -1,40 +0,0 @@ -# Testing - -This directory contains a simple test script which tests creating -certificates with Pebble (testing version of the LetsEncrypt server) - -Start up pebble, the challdnstest server for DNS challenges - -```sh -docker-compose -f "docker-compose.yml" up -d --build -``` - -Run the tests - -```sh -test/run-all-tests.sh -``` - -Run individual test - -```sh -docker exec -it getssl bats /getssl/test/ -``` - -Debug (uses helper script to set `CURL_CA_BUNDLE` as pebble uses a local certificate, -otherwise you get a "unknown API version" error) - -```sh -docker exec -it getssl- /getssl/test/debug-test.sh ` - -eg. - -```sh -docker exec -it getssl-ubuntu18 /getssl/test/debug-test.sh getssl-http01.cfg -``` - -## TODO - -1. Test wildcards -2. Test SSH, SFTP, SCP -3. Test change of key algorithm diff --git a/test/no-ip2.conf b/test/no-ip2.conf deleted file mode 100644 index d0ae5fc..0000000 Binary files a/test/no-ip2.conf and /dev/null differ diff --git a/test/run-test.cmd b/test/run-test.cmd index 005956d..3d6d788 100644 --- a/test/run-test.cmd +++ b/test/run-test.cmd @@ -1,22 +1,26 @@ @echo off IF %1.==. GOTO NoOS set OS=%1 -IF %2.==. GOTO NoNGINX -set NGINX=%2% -IF %3.==. GOTO NoIP -set IP=%3 -IF %4.==. GOTO NoAlias -set ALIAS=%4 + +:CheckCommand +IF %2.==. GOTO NoCmd +set COMMAND=%2 %3 + +:CheckAlias +IF %OS%==duckdns GOTO duckdns +set ALIAS=%OS%.getssl.test GOTO Run :NoOS - set OS=ubuntu -:NoNGINX - set NGINX=/etc/nginx/sites-enabled/default -:NoIP - set IP=13 -:NoAlias - set ALIAS=%OS%.getssl.test +set OS=ubuntu +GOTO CheckCommand + +:NoCmd +set COMMAND=/getssl/test/run-bats.sh +GOTO CheckAlias + +:duckdns +set ALIAS=%OS%.duckdns.org :Run @@ -24,11 +28,8 @@ docker build --rm -f "test\Dockerfile-%OS%" -t getssl-%OS% . @echo on docker run -it ^ --env GETSSL_HOST=%OS%.getssl.test ^ - --env GETSSL_IP=10.30.50.%IP% ^ - --env NGINX_CONFIG=%NGINX% ^ -v %cd%:/getssl ^ --network getssl-timkimber_acmenet ^ - --ip 10.30.50.%IP% ^ --network-alias %ALIAS% ^ --network-alias a.%OS%.getssl.test ^ --network-alias b.%OS%.getssl.test ^ @@ -42,4 +43,4 @@ docker run -it ^ --network-alias j.%OS%.getssl.test ^ --network-alias k.%OS%.getssl.test ^ getssl-%OS% ^ - /getssl/test/run-bats.sh + %COMMAND% diff --git a/test/alpine-supervisord.conf b/test/test-config/alpine-supervisord.conf similarity index 100% rename from test/alpine-supervisord.conf rename to test/test-config/alpine-supervisord.conf diff --git a/test/test_helper.bash b/test/test_helper.bash index 0d106fa..c9bc867 100644 --- a/test/test_helper.bash +++ b/test/test_helper.bash @@ -8,15 +8,6 @@ setup_environment() { rm -r ${INSTALL_DIR}/.getssl fi - if [ ! -f ${INSTALL_DIR}/pebble.minica.pem ]; then - wget --quiet --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem 2>&1 - CERT_FILE=/etc/ssl/certs/ca-certificates.crt - if [ ! -f $CERT_FILE ]; then - CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt - fi - cat $CERT_FILE ${INSTALL_DIR}/pebble.minica.pem > ${INSTALL_DIR}/pebble-ca-bundle.crt - fi - curl --silent -X POST -d '{"host":"'"$GETSSL_HOST"'", "addresses":["'"$GETSSL_IP"'"]}' http://10.30.50.3:8055/add-a cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl "${NGINX_CONFIG}" /getssl/test/restart-nginx @@ -24,7 +15,7 @@ setup_environment() { cleanup_environment() { - curl --silent -X POST -d '{"host":"'"$GETSSL_HOST"'", "addresses":["'"$GETSSL_IP"'"]}' http://10.30.50.3:8055/del-a + curl --silent -X POST -d '{"host":"'"$GETSSL_HOST"'"}' http://10.30.50.3:8055/clear-a } @@ -42,3 +33,27 @@ create_certificate() { # shellcheck disable=SC2086 run ${CODE_DIR}/getssl $1 "$GETSSL_HOST" } + + + +# Find NGINX configuration directory for HTTP-01 testing (need to add SSL to config) +if [[ -d /etc/nginx/conf.d/default.conf ]]; then + export NGINX_CONFIG=/etc/nginx/conf.d/default.conf +elif [[ -f /etc/nginx/sites-enabled/default ]]; then + export NGINX_CONFIG=/etc/nginx/sites-enabled/default +else + echo "Can't find NGINX directory" + exit 1 +fi + +# Find IP address +export GETSSL_IP=$(ip address | awk '/10.30.50/ { print $2 }' | awk -F/ '{ print $1 }') + +if [ ! -f ${INSTALL_DIR}/pebble.minica.pem ]; then + wget --quiet --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem 2>&1 + CERT_FILE=/etc/ssl/certs/ca-certificates.crt + if [ ! -f $CERT_FILE ]; then + CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt + fi + cat $CERT_FILE ${INSTALL_DIR}/pebble.minica.pem > ${INSTALL_DIR}/pebble-ca-bundle.crt +fi