mirror of
https://github.com/certbot/certbot.git
synced 2026-06-08 16:22:18 -04:00
e394889864
During review of #6989, we saw that some of our test bash scripts were still used in the Boulder project in particular. It is about `tests/integration/_common.sh` in particular, to expose the `certbot_test` bash function, that is an appropriate way to execute a local version of certbot in test mode: define a custom server, remove several checks, full log and so on. This PR is an attempt to assert this goal: exposing a new `certbot_test` executable for test purpose. More generally, this PR is about giving well suited scripts to quickly make manual tests against certbot without launching the full automated pytest suite. The idea here is to leverage the existing logic in certbot-ci, and expose it as executable scripts. This is done thanks to the `console_scripts` entry of setuptools entrypoint feature, that install scripts in the `PATH`, when `pip install` is invoked, that delegate to specific functions in the installed packages. Two scripts are defined this way: * `certbot_test`: it executes certbot in test mode in a very similar way than the original `certbot_test` in `_common.sh`, by delegating to `certbot_integration_tests.utils.certbot_call:main`. By default this execution will target a pebble directory url started locally. The url, and also http-01/tls-alpn-01 challenge ports can be configured using ad-hoc environment variables. All arguments passed to `certbot_test` are transferred to the underlying certbot command. * `acme_server`: it set up a fully running instance of an ACME server, ready for tests (in particular, all FQDN resolves to localhost in order to target a locally running `certbot_test` command) by delegating to `certbot_integration_tests.utils.acme_server:main`. The choice of the ACME server is given by the first parameter passed to `acme_server`, it can be `pebble`, `boulder-v1` or `boulder-v2`. The command keeps running on foreground, displaying the logs of the ACME server on stdout/stderr. The server is shut down and resources cleaned upon entering CTRL+C. This two commands can be run also through the underlying python modules, that are executable. Finally, a typical workflow on certbot side to run manual tests would be: ``` cd certbot tools/venv.py source venv/bin/activate acme_server pebble & certbot_test certonly --standalone -d test.example.com ``` On boulder side it could be: ``` # Follow certbot dev environment setup instructions, then ... cd boulder docker-compose run --use-aliases -e FAKE_DNS=172.17.0.1 --service-ports boulder ./start.py SERVER=http://localhost:4001/directory certbot_test certonly --standalone -d test.example.com ``` * Configure certbot-ci to expose a certbot_test console script calling certbot in test mode against a local pebble instance * Add a command to start pebble/boulder * Use explicit start * Add execution permission to acme_server * Add a docstring to certbot_test function * Change executable name * Increase sleep to 3600s * Implement a context manager to handle the acme server * Add certbot_test workspace in .gitignore * Add documentation * Remove one function in context, split logic of certbot_test towards capturing non capturing * Use an explicit an properly configured ACMEServer as handler. * Add doc. Put constants.
79 lines
3.6 KiB
Python
79 lines
3.6 KiB
Python
"""Module to handle the context of integration tests."""
|
|
import os
|
|
import shutil
|
|
import sys
|
|
import tempfile
|
|
|
|
from certbot_integration_tests.utils import misc, certbot_call
|
|
|
|
|
|
class IntegrationTestsContext(object):
|
|
"""General fixture describing a certbot integration tests context"""
|
|
def __init__(self, request):
|
|
self.request = request
|
|
|
|
if hasattr(request.config, 'slaveinput'): # Worker node
|
|
self.worker_id = request.config.slaveinput['slaveid']
|
|
acme_xdist = request.config.slaveinput['acme_xdist']
|
|
else: # Primary node
|
|
self.worker_id = 'primary'
|
|
acme_xdist = request.config.acme_xdist
|
|
|
|
self.acme_server =acme_xdist['acme_server']
|
|
self.directory_url = acme_xdist['directory_url']
|
|
self.tls_alpn_01_port = acme_xdist['https_port'][self.worker_id]
|
|
self.http_01_port = acme_xdist['http_port'][self.worker_id]
|
|
self.other_port = acme_xdist['other_port'][self.worker_id]
|
|
# Challtestsrv REST API, that exposes entrypoints to register new DNS entries,
|
|
# is listening on challtestsrv_port.
|
|
self.challtestsrv_port = acme_xdist['challtestsrv_port']
|
|
|
|
self.workspace = tempfile.mkdtemp()
|
|
self.config_dir = os.path.join(self.workspace, 'conf')
|
|
self.hook_probe = tempfile.mkstemp(dir=self.workspace)[1]
|
|
|
|
self.manual_dns_auth_hook = (
|
|
'{0} -c "import os; import requests; import json; '
|
|
"assert not os.environ.get('CERTBOT_DOMAIN').startswith('fail'); "
|
|
"data = {{'host':'_acme-challenge.{{0}}.'.format(os.environ.get('CERTBOT_DOMAIN')),"
|
|
"'value':os.environ.get('CERTBOT_VALIDATION')}}; "
|
|
"request = requests.post('http://localhost:{1}/set-txt', data=json.dumps(data)); "
|
|
"request.raise_for_status(); "
|
|
'"'
|
|
).format(sys.executable, self.challtestsrv_port)
|
|
self.manual_dns_cleanup_hook = (
|
|
'{0} -c "import os; import requests; import json; '
|
|
"data = {{'host':'_acme-challenge.{{0}}.'.format(os.environ.get('CERTBOT_DOMAIN'))}}; "
|
|
"request = requests.post('http://localhost:{1}/clear-txt', data=json.dumps(data)); "
|
|
"request.raise_for_status(); "
|
|
'"'
|
|
).format(sys.executable, self.challtestsrv_port)
|
|
|
|
def cleanup(self):
|
|
"""Cleanup the integration test context."""
|
|
shutil.rmtree(self.workspace)
|
|
|
|
def certbot(self, args, force_renew=True):
|
|
"""
|
|
Execute certbot with given args, not renewing certificates by default.
|
|
:param args: args to pass to certbot
|
|
:param force_renew: set to False to not renew by default
|
|
:return: output of certbot execution
|
|
"""
|
|
command = ['--authenticator', 'standalone', '--installer', 'null']
|
|
command.extend(args)
|
|
return certbot_call.certbot_test(
|
|
command, self.directory_url, self.http_01_port, self.tls_alpn_01_port,
|
|
self.config_dir, self.workspace, force_renew=force_renew)
|
|
|
|
def get_domain(self, subdomain='le'):
|
|
"""
|
|
Generate a certificate domain name suitable for distributed certbot integration tests.
|
|
This is a requirement to let the distribution know how to redirect the challenge check
|
|
from the ACME server to the relevant pytest-xdist worker. This resolution is done by
|
|
appending the pytest worker id to the subdomain, using this pattern:
|
|
{subdomain}.{worker_id}.wtf
|
|
:param subdomain: the subdomain to use in the generated domain (default 'le')
|
|
:return: the well-formed domain suitable for redirection on
|
|
"""
|
|
return '{0}.{1}.wtf'.format(subdomain, self.worker_id)
|