certbot-ci: fix boulder-v2 failures related to unexported challtestsrv port (#9235)

* certbot-ci: fix challtestsrv address for boulder-v2 The port is no longer exposed on the Docker host. * vary the challtestsrv URL by acme server * fix mypy * fix comment Co-authored-by: ohemorange <ebportnoy@gmail.com> Co-authored-by: ohemorange <ebportnoy@gmail.com>
2026-05-28 04:34:11 -04:00 · 2022-03-16 08:50:26 +11:00 · 2022-03-16 08:50:26 +11:00 · f54d9a3257
commit f54d9a3257
parent ae41832f7c
3 changed files with 16 additions and 11 deletions
--- a/certbot-ci/certbot_integration_tests/certbot_tests/context.py
+++ b/certbot-ci/certbot_integration_tests/certbot_tests/context.py
@ -29,8 +29,8 @@ class IntegrationTestsContext:
        self.http_01_port = acme_xdist['http_port'][self.worker_id]
        self.other_port = acme_xdist['other_port'][self.worker_id]
        # Challtestsrv REST API, that exposes entrypoints to register new DNS entries,
-        # is listening on challtestsrv_port.
-        self.challtestsrv_port = acme_xdist['challtestsrv_port']
+        # is listening on challtestsrv_url.
+        self.challtestsrv_url = acme_xdist['challtestsrv_url']

        self.workspace = tempfile.mkdtemp()
        self.config_dir = os.path.join(self.workspace, 'conf')
@ -44,17 +44,17 @@ class IntegrationTestsContext:
            "assert not os.environ.get('CERTBOT_DOMAIN').startswith('fail'); "
            "data = {{'host':'_acme-challenge.{{0}}.'.format(os.environ.get('CERTBOT_DOMAIN')),"
            "'value':os.environ.get('CERTBOT_VALIDATION')}}; "
-            "request = requests.post('http://localhost:{1}/set-txt', data=json.dumps(data)); "
+            "request = requests.post('{1}/set-txt', data=json.dumps(data)); "
            "request.raise_for_status(); "
            '"'
-        ).format(sys.executable, self.challtestsrv_port)
+        ).format(sys.executable, self.challtestsrv_url)
        self.manual_dns_cleanup_hook = (
            '{0} -c "import os; import requests; import json; '
            "data = {{'host':'_acme-challenge.{{0}}.'.format(os.environ.get('CERTBOT_DOMAIN'))}}; "
-            "request = requests.post('http://localhost:{1}/clear-txt', data=json.dumps(data)); "
+            "request = requests.post('{1}/clear-txt', data=json.dumps(data)); "
            "request.raise_for_status(); "
            '"'
-        ).format(sys.executable, self.challtestsrv_port)
+        ).format(sys.executable, self.challtestsrv_url)

    def cleanup(self) -> None:
        """Cleanup the integration test context."""
--- a/certbot-ci/certbot_integration_tests/utils/acme_server.py
+++ b/certbot-ci/certbot_integration_tests/utils/acme_server.py
@ -122,14 +122,16 @@ class ACMEServer:

    def _construct_acme_xdist(self, acme_server: str, nodes: List[str]) -> None:
        """Generate and return the acme_xdist dict"""
-        acme_xdist = {'acme_server': acme_server, 'challtestsrv_port': CHALLTESTSRV_PORT}
+        acme_xdist: Dict[str, Any] = {'acme_server': acme_server}

        # Directory and ACME port are set implicitly in the docker-compose.yml
        # files of Boulder/Pebble.
        if acme_server == 'pebble':
            acme_xdist['directory_url'] = PEBBLE_DIRECTORY_URL
+            acme_xdist['challtestsrv_url'] = PEBBLE_CHALLTESTSRV_URL
        else:  # boulder
            acme_xdist['directory_url'] = BOULDER_V2_DIRECTORY_URL
+            acme_xdist['challtestsrv_url'] = BOULDER_V2_CHALLTESTSRV_URL

        acme_xdist['http_port'] = {
            node: port for (node, port) in  # pylint: disable=unnecessary-comprehension
@ -182,7 +184,7 @@ class ACMEServer:

        # Wait for the ACME CA server to be up.
        print('=> Waiting for pebble instance to respond...')
-        misc.check_until_timeout(self.acme_xdist['directory_url'])  # type: ignore[arg-type]
+        misc.check_until_timeout(self.acme_xdist['directory_url'])

        print('=> Finished pebble instance deployment.')

@ -216,12 +218,13 @@ class ACMEServer:
            # Wait for the ACME CA server to be up.
            print('=> Waiting for boulder instance to respond...')
            misc.check_until_timeout(
-                self.acme_xdist['directory_url'], attempts=300)  # type: ignore[arg-type]
+                self.acme_xdist['directory_url'], attempts=300)

            if not self._dns_server:
                # Configure challtestsrv to answer any A record request with ip of the docker host.
-                response = requests.post('http://localhost:{0}/set-default-ipv4'.format(
-                    CHALLTESTSRV_PORT), json={'ip': '10.77.77.1'}
+                response = requests.post(
+                    f'{BOULDER_V2_CHALLTESTSRV_URL}/set-default-ipv4',
+                    json={'ip': '10.77.77.1'}
                )
                response.raise_for_status()
        except BaseException:
--- a/certbot-ci/certbot_integration_tests/utils/constants.py
+++ b/certbot-ci/certbot_integration_tests/utils/constants.py
@ -2,8 +2,10 @@
 DEFAULT_HTTP_01_PORT = 5002
 TLS_ALPN_01_PORT = 5001
 CHALLTESTSRV_PORT = 8055
+BOULDER_V2_CHALLTESTSRV_URL = f'http://10.77.77.77:{CHALLTESTSRV_PORT}'
 BOULDER_V2_DIRECTORY_URL = 'http://localhost:4001/directory'
 PEBBLE_DIRECTORY_URL = 'https://localhost:14000/dir'
 PEBBLE_MANAGEMENT_URL = 'https://localhost:15000'
+PEBBLE_CHALLTESTSRV_URL = f'http://localhost:{CHALLTESTSRV_PORT}'
 MOCK_OCSP_SERVER_PORT = 4002
 PEBBLE_ALTERNATE_ROOTS = 2