From 4bec07a7668f744f24ed1b3eb9c8dea4a1d3a9d3 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Thu, 28 Sep 2017 17:51:48 -0700 Subject: [PATCH] Add integration tests for hook directories --- tests/boulder-integration.sh | 81 ++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) diff --git a/tests/boulder-integration.sh b/tests/boulder-integration.sh index 181dcc5fb..e67aba220 100755 --- a/tests/boulder-integration.sh +++ b/tests/boulder-integration.sh @@ -28,11 +28,67 @@ cleanup_and_exit() { : "------------------ ------------------ ------------------" : "------------------ end boulder logs ------------------" : "------------------ ------------------ ------------------" + if [ -f "$HOOK_DIRS_TEST" ]; then + rm -f "$HOOK_DIRS_TEST" + fi exit $EXIT_STATUS } trap cleanup_and_exit EXIT +export HOOK_DIRS_TEST="$(mktemp)" +renewal_hooks_root="$config_dir/renewal-hooks" +renewal_hooks_dirs=$(echo "$renewal_hooks_root/"{pre,deploy,post}) +renewal_dir_pre_hook="$(echo $renewal_hooks_dirs | cut -f 1 -d " ")/hook.sh" +renewal_dir_deploy_hook="$(echo $renewal_hooks_dirs | cut -f 2 -d " ")/hook.sh" +renewal_dir_post_hook="$(echo $renewal_hooks_dirs | cut -f 3 -d " ")/hook.sh" + +# Creates hooks in Certbot's renewal hook directory that write to a file +CreateDirHooks() { + for hook_dir in $renewal_hooks_dirs; do + mkdir -p $hook_dir + hook_path="$hook_dir/hook.sh" + cat << EOF > "$hook_path" +#!/bin/bash -xe +if [ "\$0" = "$renewal_dir_deploy_hook" ]; then + if [ -z "\$RENEWED_DOMAINS" -o -z "\$RENEWED_LINEAGE" ]; then + echo "Environment variables not properly set!" >&2 + exit 1 + fi +fi +echo \$(basename \$(dirname "\$0")) >> "\$HOOK_DIRS_TEST" +EOF + chmod +x "$hook_path" + done +} +CreateDirHooks + +# Asserts that the hooks created by CreateDirHooks have been run once and +# resets the file. +# +# Arguments: +# The number of times the deploy hook should have been run. (It should run +# once for each certificate that was issued in that run of Certbot.) +CheckDirHooks() { + expected="pre\n" + for ((i=0; i<$1; i++)); do + expected=$expected"deploy\n" + done + expected=$expected"post" + + if ! diff "$HOOK_DIRS_TEST" <(echo -e "$expected"); then + echo "Unexpected directory hook output!" >&2 + echo "Expected:" >&2 + echo -e "$expected" >&2 + echo "Got:" >&2 + cat "$HOOK_DIRS_TEST" >&2 + exit 1 + fi + + rm -f "$HOOK_DIRS_TEST" + export HOOK_DIRS_TEST="$(mktemp)" +} + common_no_force_renew() { certbot_test_no_force_renew \ --authenticator standalone \ @@ -213,11 +269,21 @@ CheckCertCount "le.wtf" 1 # This won't renew (because it's not time yet) common_no_force_renew renew CheckCertCount "le.wtf" 1 +if [ -s "$HOOK_DIRS_TEST" ]; then + echo "Directory hooks were executed for non-renewal!" >&2; + exit 1 +fi +rm -rf "$renewal_hooks_root" # renew using HTTP manual auth hooks common renew --cert-name le.wtf --authenticator manual CheckCertCount "le.wtf" 2 +# test renewal with no executables in hook directories +for hook_dir in $renewal_hooks_dirs; do + touch "$hook_dir/file" + mkdir "$hook_dir/dir" +done # renew using DNS manual auth hooks common renew --cert-name dns.le.wtf --authenticator manual CheckCertCount "dns.le.wtf" 2 @@ -239,11 +305,26 @@ if [ "$size1" -lt 3000 ] || [ "$size2" -lt 3000 ] || [ "$size3" -gt 1800 ] ; the exit 1 fi +# test with directory hooks +rm -rf "$renewal_hooks_root" +CreateDirHooks # --renew-by-default is used, so renewal should occur [ -f "$HOOK_TEST" ] && rm -f "$HOOK_TEST" common renew CheckCertCount "le.wtf" 4 CheckHooks +CheckDirHooks 5 + +# test with overlapping directory hooks on the command line +common renew --cert-name le2.wtf \ + --pre-hook "$renewal_dir_pre_hook" \ + --renew-hook "$renewal_dir_deploy_hook" \ + --post-hook "$renewal_dir_post_hook" +CheckDirHooks 1 + +# test with overlapping directory hooks in the renewal conf files +common renew --cert-name le2.wtf +CheckDirHooks 1 # ECDSA openssl ecparam -genkey -name secp384r1 -out "${root}/privkey-p384.pem"