Add integration tests for hook directories

tests/boulder-integration.sh

@@ -28,11 +28,67 @@ cleanup_and_exit() {
     : "------------------ ------------------ ------------------"
     : "------------------  end boulder logs  ------------------"
     : "------------------ ------------------ ------------------"
+    if [ -f "$HOOK_DIRS_TEST" ]; then
+        rm -f "$HOOK_DIRS_TEST"
+    fi
     exit $EXIT_STATUS
 }
 
 trap cleanup_and_exit EXIT
 
+export HOOK_DIRS_TEST="$(mktemp)"
+renewal_hooks_root="$config_dir/renewal-hooks"
+renewal_hooks_dirs=$(echo "$renewal_hooks_root/"{pre,deploy,post})
+renewal_dir_pre_hook="$(echo $renewal_hooks_dirs | cut -f 1 -d " ")/hook.sh"
+renewal_dir_deploy_hook="$(echo $renewal_hooks_dirs | cut -f 2 -d " ")/hook.sh"
+renewal_dir_post_hook="$(echo $renewal_hooks_dirs | cut -f 3 -d " ")/hook.sh"
+
+# Creates hooks in Certbot's renewal hook directory that write to a file
+CreateDirHooks() {
+    for hook_dir in $renewal_hooks_dirs; do
+        mkdir -p $hook_dir
+        hook_path="$hook_dir/hook.sh"
+        cat << EOF > "$hook_path"
+#!/bin/bash -xe
+if [ "\$0" = "$renewal_dir_deploy_hook" ]; then
+    if [ -z "\$RENEWED_DOMAINS" -o -z "\$RENEWED_LINEAGE" ]; then
+        echo "Environment variables not properly set!" >&2
+        exit 1
+    fi
+fi
+echo \$(basename \$(dirname "\$0")) >> "\$HOOK_DIRS_TEST"
+EOF
+        chmod +x "$hook_path"
+    done
+}
+CreateDirHooks
+
+# Asserts that the hooks created by CreateDirHooks have been run once and
+# resets the file.
+#
+# Arguments:
+#     The number of times the deploy hook should have been run. (It should run
+#     once for each certificate that was issued in that run of Certbot.)
+CheckDirHooks() {
+    expected="pre\n"
+    for ((i=0; i<$1; i++)); do
+        expected=$expected"deploy\n"
+    done
+    expected=$expected"post"
+
+    if ! diff "$HOOK_DIRS_TEST" <(echo -e "$expected"); then
+        echo "Unexpected directory hook output!" >&2
+        echo "Expected:" >&2
+        echo -e "$expected" >&2
+        echo "Got:" >&2
+        cat "$HOOK_DIRS_TEST" >&2
+        exit 1
+    fi
+
+    rm -f "$HOOK_DIRS_TEST"
+    export HOOK_DIRS_TEST="$(mktemp)"
+}
+
 common_no_force_renew() {
     certbot_test_no_force_renew \
         --authenticator standalone \
@@ -213,11 +269,21 @@ CheckCertCount "le.wtf" 1
 # This won't renew (because it's not time yet)
 common_no_force_renew renew
 CheckCertCount "le.wtf" 1
+if [ -s "$HOOK_DIRS_TEST" ]; then
+    echo "Directory hooks were executed for non-renewal!" >&2;
+    exit 1
+fi
 
+rm -rf "$renewal_hooks_root"
 # renew using HTTP manual auth hooks
 common renew --cert-name le.wtf --authenticator manual
 CheckCertCount "le.wtf" 2
 
+# test renewal with no executables in hook directories
+for hook_dir in $renewal_hooks_dirs; do
+    touch "$hook_dir/file"
+    mkdir "$hook_dir/dir"
+done
 # renew using DNS manual auth hooks
 common renew --cert-name dns.le.wtf --authenticator manual
 CheckCertCount "dns.le.wtf" 2
@@ -239,11 +305,26 @@ if [ "$size1" -lt 3000 ] || [ "$size2" -lt 3000 ] || [ "$size3" -gt 1800 ] ; the
     exit 1
 fi
 
+# test with directory hooks
+rm -rf "$renewal_hooks_root"
+CreateDirHooks
 # --renew-by-default is used, so renewal should occur
 [ -f "$HOOK_TEST" ] && rm -f "$HOOK_TEST"
 common renew
 CheckCertCount "le.wtf" 4
 CheckHooks
+CheckDirHooks 5
+
+# test with overlapping directory hooks on the command line
+common renew --cert-name le2.wtf \
+    --pre-hook "$renewal_dir_pre_hook" \
+    --renew-hook "$renewal_dir_deploy_hook" \
+    --post-hook "$renewal_dir_post_hook"
+CheckDirHooks 1
+
+# test with overlapping directory hooks in the renewal conf files
+common renew --cert-name le2.wtf
+CheckDirHooks 1
 
 # ECDSA
 openssl ecparam -genkey -name secp384r1 -out "${root}/privkey-p384.pem"