From ffdfb09577947c66590fb1a0f04fe21e3e67f3b8 Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Thu, 26 Sep 2024 14:05:05 +0100 Subject: [PATCH] Retry drill if the output contains SERVFAIL to fix test instability --- getssl | 12 +++++++++--- test/24-wildcard-sans.bats | 2 -- test/README-Testing.md | 17 +++++++++-------- test/run-test.sh | 14 ++++++++++++++ test/u2-test-get_auth_dns-drill.bats | 4 ++-- 5 files changed, 34 insertions(+), 15 deletions(-) diff --git a/getssl b/getssl index d3d8059..98e664f 100755 --- a/getssl +++ b/getssl @@ -1622,9 +1622,15 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n # Query for NS records if [[ -z "$res" ]]; then - debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} NS ${gad_d}" to find primary nameserver - # shellcheck disable=SC2086 - res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} NS "${gad_d}"| grep -E "IN\W(NS|SOA)\W") + out="SERVFAIL" + i=0 + while [[ "$out" == *"SERVFAIL"* ]] && [[ $i -lt 5 ]]; do + debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} NS ${gad_d}" to find primary nameserver + # shellcheck disable=SC2086 + out=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} NS "${gad_d}") + res=$(echo "$out"| grep -E "IN\W(NS|SOA)\W") + ((i++)) + done fi if [[ -n "$res" ]]; then diff --git a/test/24-wildcard-sans.bats b/test/24-wildcard-sans.bats index 1ce09c2..10de29f 100644 --- a/test/24-wildcard-sans.bats +++ b/test/24-wildcard-sans.bats @@ -50,7 +50,6 @@ teardown_file() { check_output_for_errors run openssl x509 -noout -text -in "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt" # verify certificate is for wildcard domain with non-wildcard domain in the Subject Alternative Name list - assert_output --regexp "Subject: CN[ ]?=[ ]?\*.wild-${GETSSL_HOST}" assert_output --partial "DNS:${GETSSL_HOST}" } @@ -69,6 +68,5 @@ teardown_file() { check_output_for_errors run openssl x509 -noout -text -in "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.crt" # verify certificate is for non-wildcard domain with wildcard domain in the Subject Alternative Name list - assert_output --regexp "Subject: CN[ ]?=[ ]?${GETSSL_HOST}" assert_output --partial "DNS:*.wild-${GETSSL_HOST}" } diff --git a/test/README-Testing.md b/test/README-Testing.md index 9936541..10786bc 100644 --- a/test/README-Testing.md +++ b/test/README-Testing.md @@ -15,34 +15,35 @@ Tests can also be triggered manually from the GitHub website. For dynamic DNS tests, you need accounts on duckdns.org and dynu.com, and need to create 4 domain names in each account. For duckdns.org: + - Add DUCKDNS_TOKEN to your repository's environment secrets. The value is your account's token -- Add domains -centos7-getssl.duckdns.org, wild--centos7.duckdns.org, -ubuntu-getssl.duckdns.org, and wild--ubuntu-getssl.duckdns.org +- Add domains \-centos7-getssl.duckdns.org, wild-\-centos7.duckdns.org, \-ubuntu-getssl.duckdns.org, and wild-\-ubuntu-getssl.duckdns.org For dynu.com: - - Add DYNU_API_KEY to your repository's environment secrets. The value is your account's API Key. - - Add domains -centos7-getssl.freedns.org, wild--centos7.freedns.org, -ubuntu-getssl.freedns.org, and wild--ubuntu-getssl.freedns.org -To run dynamic DNS tests outside the CI environment, you need accounts without in the domain names. Export the environment variable corresponding to the secrets (with the same values). +- Add DYNU_API_KEY to your repository's environment secrets. The value is your account's API Key. +- Add domains \-centos7-getssl.freedns.org, wild-\-centos7.freedns.org, \-ubuntu-getssl.freedns.org, and wild-\-ubuntu-getssl.freedns.org -For individual accounts, is your github account name. +To run dynamic DNS tests outside the CI environment, you need accounts without \ in the domain names. Export the environment variable corresponding to the secrets (with the same values). +For individual accounts, \ is your github account name. ## To run all the tests on a single OS 1. Start `pebble` and `challtestsrv` using ```docker-compose up -d --build``` -2. Run the test suite ```test/run-test.sh []``` +2. Run the test suite ```test/run-test.sh [\]``` 3. eg. `test/run-test.sh ubuntu16` ## To run a single bats test on a single OS 1. Start `pebble` and `challtestsrv` using ```docker-compose up -d --build``` -2. ```test/run-test.sh bats ``` +2. ```test/run-test.sh \ bats \``` 3. e.g. `test/run-test.sh ubuntu bats /getssl/test/1-simple-http01.bats` ## To debug a test 1. Start `pebble` and `challtestsrv` using ```docker-compose up -d --build``` -2. ```run-test.sh /getssl/test/debug-test.sh ``` +2. ```run-test.sh \ /getssl/test/debug-test.sh \``` 3. e.g. `test/run-test.sh ubuntu /getssl/test/debug-test.sh -d /getssl/test/test-config/getssl-http01-cfg` ## TODO diff --git a/test/run-test.sh b/test/run-test.sh index caf8ceb..62bee66 100755 --- a/test/run-test.sh +++ b/test/run-test.sh @@ -10,6 +10,20 @@ OS=$1 if [ $# -gt 1 ]; then shift COMMAND=$* + if [[ $COMMAND != bash ]]; then + if [[ $COMMAND != "bats /getssl/test"* ]]; then + if [[ $COMMAND == /getssl/test* ]]; then + COMMAND="bats $COMMAND" + elif [[ $COMMAND == test/* ]]; then + COMMAND="bats /getssl/$COMMAND" + else + COMMAND="bats /getssl/test/$COMMAND" + fi + fi + if [[ $COMMAND != *.bats ]]; then + COMMAND="${COMMAND}.bats" + fi + fi else COMMAND="bats /getssl/test --timing" fi diff --git a/test/u2-test-get_auth_dns-drill.bats b/test/u2-test-get_auth_dns-drill.bats index 3ac8a87..72fa6dc 100644 --- a/test/u2-test-get_auth_dns-drill.bats +++ b/test/u2-test-get_auth_dns-drill.bats @@ -66,14 +66,14 @@ teardown() { run get_auth_dns ubuntu-getssl.ignorelist.com # Assert that we've found the primary_ns server - assert_output --regexp 'set primary_ns = ns[1-3]+\.afraid\.org' + assert_output --regexp 'set primary_ns = ns[1-4]+\.afraid\.org' # Assert that we had to use drill NS assert_line --regexp 'Using drill.* NS' # Check all Authoritive DNS servers are returned if requested CHECK_ALL_AUTH_DNS=true run get_auth_dns ubuntu-getssl.ignorelist.com - assert_output --regexp 'set primary_ns = (ns[1-3]+\.afraid\.org ?)+' + assert_output --regexp 'set primary_ns = (ns[1-4]+\.afraid\.org ?)+' }