Move DNS used for staging tests to Dynu

5 years ago · 5732867d2d
--- a/dns_scripts/dns_add_dynu
+++ b/dns_scripts/dns_add_dynu
@ -28,10 +28,11 @@ fi
 curl_params=( -H "accept: application/json" -H "API-Key: $apikey" -H 'Content-Type: application/json' )

 # Get domain id
 resp=$(curl --silent "${curl_params[@]}" -X GET "$API")
 # curl -X GET https://api.dynu.com/v2/dns/getroot/ubuntu-getssl.freeddns.org
 resp=$(curl --silent "${curl_params[@]}" -X GET "$API/getroot/${fulldomain}")

 # Match domain id
 re="\"id\":([^,]*),\"name\":\"getssl-testing.freeddns.org\""
 re="\"id\":([^,]*),\"domainName\":\"${fulldomain}\""
 if [[ "$resp" =~ $re ]]; then
  domain_id="${BASH_REMATCH[1]}"
 fi
@ -42,6 +43,7 @@ if [[ -z "$domain_id" ]]; then
 fi

 # Check for existing _acme-challenge TXT record
 # curl -X GET "https://api.dynu.com/v2/dns/record/_acme-challenge.ubuntu-getssl.freeddns.org?recordType=TXT"
 resp=$(curl --silent "${curl_params[@]}" -X GET "${API}/record/_acme-challenge.${fulldomain}?recordType=TXT")
 re="\"id\":([^,]*)"
 if [[ "$resp" =~ $re ]]; then
@ -53,16 +55,18 @@ if [[ -z "$record_id" ]]; then
  resp=$(curl --silent \
    "${curl_params[@]}" \
    -X POST "${API}/${domain_id}/record" \
    --data "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"textData\":\"$token\"}")
    --data "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"state\":\"true\",\"textData\":\"$token\"}")
 else
  # Update existing record
  # curl -X POST https://api.dynu.com/v2/dns/9329328/record/7082063 -d "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"state\":\"true\",\"textData\":\"Test2\"}"
  resp=$(curl --silent \
    "${curl_params[@]}" \
    -X POST "${API}/${domain_id}/record/${record_id}" \
    --data "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"textData\":\"$token\"}")
    --data "{\"nodeName\":\"_acme-challenge\",\"recordType\":\"TXT\",\"state\":\"true\",\"textData\":\"$token\"}")
 fi

 # If adding record failed (exception:) then print error message
 if [[ "${resp// }" == *'"exception"'* ]]; then
 if [[ "$resp" != *"\"statusCode\":200"* ]]; then
  echo "Error: DNS challenge not added: unknown error - ${resp}"
  exit 3
 fi
--- a/dns_scripts/dns_del_dynu
+++ b/dns_scripts/dns_del_dynu
@ -10,6 +10,12 @@ apikey=${DYNU_API_KEY:-''}
 # 2 - error within internal processing
 # 3 - error in result ( domain not found in dynu.com etc)

 # After deleting the TXT record from Dynu.com it takes over 30 minutes to add a new TXT record!
 # This doesn't happen when updating the TXT record, just for delete then add
 # As this is used for testing, changed the delete to a no-op.

 exit 0

 fulldomain="${1}"

 API='https://api.dynu.com/v2/dns'
@ -20,17 +26,18 @@ if [[ -z "$fulldomain" ]]; then
  exit 1
 fi
 if [[ -z "$apikey" ]]; then
  echo "DNS script requires an apikey to be set"
  echo "DNS script requires apikey environment variable to be set"
  exit 1
 fi

 curl_params=( -H "accept: application/json" -H "API-Key: $apikey" -H 'Content-Type: application/json' )

 # Get domain id
 resp=$(curl --silent "${curl_params[@]}" -X GET "$API")
 # curl -X GET https://api.dynu.com/v2/dns/getroot/ubuntu-getssl.freeddns.org
 resp=$(curl --silent "${curl_params[@]}" -X GET "$API/getroot/${fulldomain}")

 # Match domain id
 re="\"id\":([^,]*),\"name\":\"getssl-testing.freeddns.org\""
 re="\"id\":([^,]*),\"domainName\":\"${fulldomain}\""
 if [[ "$resp" =~ $re ]]; then
  domain_id="${BASH_REMATCH[1]}"
 fi
@ -40,7 +47,8 @@ if [[ -z "$domain_id" ]]; then
  exit 3
 fi

 # Find existing _acme-challenge TXT record
 # Check for existing _acme-challenge TXT record
 # curl -X GET "https://api.dynu.com/v2/dns/record/_acme-challenge.ubuntu-getssl.freeddns.org?recordType=TXT"
 resp=$(curl --silent "${curl_params[@]}" -X GET "${API}/record/_acme-challenge.${fulldomain}?recordType=TXT")
 re="\"id\":([^,]*)"
 if [[ "$resp" =~ $re ]]; then
@ -48,8 +56,8 @@ if [[ "$resp" =~ $re ]]; then
 fi

 if [[ -z "$record_id" ]]; then
  echo "No _acme-challenge TXT record found for $fulldomain"
  exit 3
  echo "No _acme-challenge.${fulldomain} TXT record found"
  exit 0
 fi

 resp=$(curl --silent \
@ -57,7 +65,7 @@ resp=$(curl --silent \
  -X DELETE "${API}/${domain_id}/record/${record_id}")

 # If adding record failed (exception:) then print error message
 if [[ "${resp// }" == *'"exception"'* ]]; then
 if [[ "$resp" != *"\"statusCode\":200"* ]]; then
  echo "Error: DNS challenge not added: unknown error - ${resp}"
  exit 3
 fi
--- a/test/15-test-revoke-no-suffix.bats
+++ b/test/15-test-revoke-no-suffix.bats
@ -15,10 +15,12 @@ setup() {

@test "Create certificate to check revoke (no suffix)" {
    if [ -n "$STAGING" ]; then
        CONFIG_FILE="getssl-staging-dns01-no-suffix.cfg"
        CONFIG_FILE="getssl-staging-dns01.cfg"
    else
        CONFIG_FILE="getssl-http01-no-suffix.cfg"
    fi
    echo 'CA="https://acme-staging-v02.api.letsencrypt.org"' >> ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg

    . "${CODE_DIR}/test/test-config/${CONFIG_FILE}"
    setup_environment
    init_getssl
@ -34,6 +36,8 @@ setup() {
    else
        CONFIG_FILE="getssl-http01.cfg"
    fi
    echo 'CA="https://acme-staging-v02.api.letsencrypt.org"' >> ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg

    . "${CODE_DIR}/test/test-config/${CONFIG_FILE}"
    CERT=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt
    KEY=${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key
--- a/test/18-staging-retry-dns-add.bats
+++ b/test/18-staging-retry-dns-add.bats
@ -6,14 +6,26 @@ load '/getssl/test/test_helper.bash'



@test "Check retry add dns command if dns isn't updated (DuckDNS)" {
@test "Check retry add dns command if dns isn't updated" {
    if [ -z "$STAGING" ]; then
        skip "Running internal tests, skipping external test"
    fi
    CONFIG_FILE="getssl-staging-dns01-fail-dns-add.cfg"

    CONFIG_FILE="getssl-staging-dns01.cfg"

    setup_environment
    init_getssl

    cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
 DNS_ADD_COMMAND="/getssl/test/dns_add_fail"

 # Speed up the test by reducing the number or retries and the wait between retries.
 DNS_WAIT=2
 DNS_WAIT_COUNT=11
 DNS_EXTRA_WAIT=0
 CHECK_ALL_AUTH_DNS="false"
 CHECK_PUBLIC_DNS_SERVER="false"
 EOF
    create_certificate -d
    assert_failure
    assert_line --partial "Retrying adding dns via command"
--- a/test/Dockerfile-centos7-staging
+++ b/test/Dockerfile-centos7-staging
@ -9,6 +9,7 @@ RUN yum -y install git curl bind-utils ldns wget which nginx

 ENV staging "true"
 ENV DUCKDNS_TOKEN 1d616aa9-b8e4-4bb4-b312-3289de82badb
 ENV DYNU_API_KEY 65cXefd35XbYf36546eg5dYcZT6X52Y2

 WORKDIR /root
 RUN mkdir /etc/nginx/pki
--- a/test/Dockerfile-ubuntu-staging
+++ b/test/Dockerfile-ubuntu-staging
@ -8,6 +8,7 @@ ENV DEBIAN_FRONTEND noninteractive
 # Ensure tests in this image use the staging server
 ENV staging "true"
 ENV DUCKDNS_TOKEN 1d616aa9-b8e4-4bb4-b312-3289de82badb
 ENV DYNU_API_KEY 65cXefd35XbYf36546eg5dYcZT6X52Y2

 # Update and install required software
 RUN apt-get update --fix-missing
--- a/test/dns_add_fail
+++ b/test/dns_add_fail
@ -0,0 +1,6 @@
 #!/bin/bash

 # Special test script which will always fail to update dns

 echo "This is a test script to check retry works if DNS isn't updated"
 exit 0
--- a/test/dns_fail_add_duckdns
+++ b/test/dns_fail_add_duckdns
@ -1,19 +0,0 @@
 #!/bin/bash

 # Special test script which will always fail to update dns

 token=${DUCKDNS_TOKEN:-}

 if [ -z "$token" ]; then
    echo "DUCKDNS_TOKEN not set"
    exit 1
 fi

 domain="$1"

 response=$(curl --retry 5 --silent "https://www.duckdns.org/update?domains=${domain}&token=${token}&txt=FAIL")
 if [ "$response" != "OK" ]; then
    echo "Failed to update TXT record for ${domain} at duckdns.org (is the TOKEN valid?)"
    echo "Response: $response"
    exit 1
 fi
--- a/test/run-test.cmd
+++ b/test/run-test.cmd
@ -23,7 +23,7 @@ set COMMAND=bats /getssl/test
 GOTO CheckAlias

 :staging
 set ALIAS=%OS:-staging=%-getssl.duckdns.org
 set ALIAS=%OS:-staging=%-getssl.freeddns.org
 set STAGING=--env STAGING=true

 :Run
--- a/test/run-test.sh
+++ b/test/run-test.sh
@ -15,7 +15,8 @@ else
 fi

 if [[ "$OS" == *"staging"* ]]; then
    ALIAS="${OS%-staging}-getssl.duckdns.org"
    #ALIAS="${OS%-staging}-getssl.duckdns.org"
    ALIAS="${OS%-staging}-getssl.freeddns.org"
    STAGING="--env STAGING=true"
 else
    ALIAS="$OS.getssl.test"
--- a/test/test-config/getssl-staging-dns01-fail-dns-add.cfg
+++ b/test/test-config/getssl-staging-dns01-fail-dns-add.cfg
@ -1,33 +0,0 @@
 # Special config to test that the retry dns_add_command logic works
 #
 CA="https://acme-staging-v02.api.letsencrypt.org/directory"

 # Generic staging config
 VALIDATE_VIA_DNS=true
 DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns"
 PUBLIC_DNS_SERVER=ns2.duckdns.org
 CHECK_ALL_AUTH_DNS=true

 # Test that the retry works (dns_add_command will always fail)
 DNS_WAIT_RETRY_ADD="true"
 DNS_ADD_COMMAND="/getssl/test/dns_fail_add_duckdns"

 # Speed up the test by reducing the number or retries and the wait between retries.
 DNS_WAIT=2
 DNS_WAIT_COUNT=11
 DNS_EXTRA_WAIT=0

 # Standard config
 ACCOUNT_KEY_TYPE="rsa"
 PRIVATE_KEY_ALG="rsa"
 SANS=""
 ACL=('/var/www/html/.well-known/acme-challenge')
 USE_SINGLE_ACL="false"
 DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
 DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
 CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
 DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
 SERVER_TYPE="https"
 CHECK_REMOTE="true"
--- a/test/test-config/getssl-staging-dns01-no-suffix.cfg
+++ b/test/test-config/getssl-staging-dns01-no-suffix.cfg
@ -1,36 +0,0 @@
 # Test that the script works with external dns provider and staging server
 #
 CA="https://acme-staging-v02.api.letsencrypt.org"

 VALIDATE_VIA_DNS=true
 DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_duckdns"
 DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns"
 PUBLIC_DNS_SERVER=ns2.duckdns.org
 CHECK_ALL_AUTH_DNS=true
 DNS_EXTRA_WAIT=120

 # Speed up the test by reducing the number or retries and the wait between retries.
 DNS_WAIT=2
 DNS_WAIT_COUNT=11
 DNS_WAIT_RETRY_ADD="true"

 ACCOUNT_KEY_TYPE="rsa"
 PRIVATE_KEY_ALG="rsa"

 # Additional domains - this could be multiple domains / subdomains in a comma separated list
 SANS=""

 # Location for all your certs, these can either be on the server (full path name)
 # or using ssh /sftp as for the ACL
 DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
 DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
 CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
 DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert

 # The command needed to reload apache / nginx or whatever you use
 RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"

 # Define the server type and confirm correct certificate is installed (using a custom port)
 SERVER_TYPE="https"
 CHECK_REMOTE="true"
--- a/test/test-config/getssl-staging-dns01.cfg
+++ b/test/test-config/getssl-staging-dns01.cfg
@ -3,15 +3,17 @@
 CA="https://acme-staging-v02.api.letsencrypt.org/directory"

 VALIDATE_VIA_DNS=true
 DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_duckdns"
 DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns"
 PUBLIC_DNS_SERVER=1.1.1.1
 DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_dynu"
 DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_dynu"
 PUBLIC_DNS_SERVER="8.8.8.8 resolver1.infoserve.de"
 AUTH_DNS_SERVER=ns1.dynu.com
 CHECK_ALL_AUTH_DNS="true"
 CHECK_PUBLIC_DNS_SERVER="true"
 DNS_EXTRA_WAIT=120

 # Speed up the test by reducing the number or retries and retrying DNS_ADD after 10 failures
 DNS_WAIT_COUNT=20
 DNS_WAIT=30
 DNS_WAIT_RETRY_ADD="true"

 ACCOUNT_KEY_TYPE="rsa"
@ -38,3 +40,6 @@ CHECK_REMOTE="true"
 if [[ -s "$DOMAIN_DIR/getssl_test_specific.cfg" ]]; then
    . $DOMAIN_DIR/getssl_test_specific.cfg
 fi

 #_RUNNING_TEST=1
 #_USE_DEBUG=1