mirror of
https://github.com/certbot/certbot.git
synced 2026-06-05 06:42:10 -04:00
6f27c32db1
Streamline and reorganize Certbot's CLI output.
This change is a substantial command-line UX overhaul,
based on previous user research. The main goal was to streamline
and clarify output. To see more verbose output, use the -v or -vv flags.
---
* nginx,apache: CLI logging changes
- Add "Successfully deployed ..." message using display_util
- Remove IReporter usage and replace with display_util
- Standardize "... could not find a VirtualHost ..." error
This changes also bumps the version of certbot required by certbot-nginx
and certbot-apache to take use of the new display_util function.
* fix certbot_compatibility_test
since the http plugins now require IDisplay, we need to inject it
* fix dependency version on certbot
* use better asserts
* try fix oldest deps
because certbot 1.10.0 depends on acme>=1.8.0, we need to use
acme==1.8.0 in the -oldest tests
* cli: redesign output of new certificate reporting
Changes the output of run, certonly and certonly --csr. No longer uses
IReporter.
* cli: redesign output of failed authz reporting
* fix problem sorting to be stable between py2 & 3
* add some catch-all error text
* cli: dont use IReporter for EFF donation prompt
* add per-authenticator hints
* pass achalls to auth_hint, write some tests
* exclude static auth hints from coverage
* dont call auth_hint unless derived from .Plugin
* dns fallback hint: dont assume --dns-blah works
--dns-blah won't work for third-party plugins, they need to be specified
using --authenticator dns-blah.
* add code comments about the auth_hint interface
* renew: don't restart the installer for dry-runs
Prevents Certbot from superfluously invoking the installer restart
during dry-run renewals. (This does not affect authenticator restarts).
Additionally removes some CLI output that was reporting the fullchain
path of the renewed certificate.
* update CHANGELOG.md
* cli: redesign output when cert installation failed
- Display a message when certificate installation begins.
- Don't use IReporter, just log errors immediately if restart/rollback
fails.
- Prompt the user with a command to retry the installation process once
they have fixed any underlying problems.
* vary by preconfigured_renewal
and move expiry date to be above the renewal advice
* update code comment
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* update code comment
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* fix lint
* derve cert name from cert_path, if possible
* fix type annotation
* text change in nginx hint
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* print message when restarting server after renewal
* log: print "advice" when exiting with an error
When running in non-quiet mode.
* try fix -oldest lock_test.py
* fix docstring
* s/Restarting/Reloading/ when notifying the user
* fix test name
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* type annotations
* s/using the {} plugin/installer: {}/
* copy: avoid "plugin" where possible
* link to user guide#automated-renewals
when not running with --preconfigured-renewal
* cli: reduce default logging verbosity
* fix lock_test: -vv is needed to see logger.debug
* Change comment in log.py to match the change to default verbosity
* Audit and adjust logging levels in apache module
* Audit and adjust logging levels in nginx module
* Audit, adjust logging levels, and improve logging calls in certbot module
* Fix tests to mock correct methods and classes
* typo in non-preconfigured-renewal message
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* fix test
* revert acme version bump
* catch up to python3 changes
* Revert "revert acme version bump"
This reverts commit fa83d6a51c.
* Change ocsp check error to warning since it's non-fatal
* Update storage_test in parallel with last change
* get rid of leading newline on "Deploying [...]"
* shrink renewal and installation success messages
* print logfile rather than logdir in exit handler
* Decrease logging level to info for idempotent operation where enhancement is already set
* Display cert not yet due for renewal message when renewing and no other action will be taken, and change cert to certificate
* also write to logger so it goes in the log file
* Don't double write to log file; fix main test
* cli: remove trailing newline on new cert reporting
* ignore type error
* revert accidental changes to dependencies
* Pass tests in any timezone by using utcfromtimestamp
* Add changelog entry
* fix nits
* Improve wording of try again message
* minor wording change to changelog
* hooks: send hook stdout to CLI stdout
includes both --manual and --{pre,post,renew} hooks
* update docstrings and remove TODO
* add a pending deprecation on execute_command
* add test coverage for both
* update deprecation text
Co-authored-by: ohemorange <ebportnoy@gmail.com>
Co-authored-by: Alex Zorin <alex@zorin.id.au>
Co-authored-by: alexzorin <alex@zor.io>
251 lines
10 KiB
Python
251 lines
10 KiB
Python
"""Tests for certbot_dns_cloudflare._internal.dns_cloudflare."""
|
|
|
|
import unittest
|
|
|
|
import CloudFlare
|
|
try:
|
|
import mock
|
|
except ImportError: # pragma: no cover
|
|
from unittest import mock # type: ignore
|
|
|
|
from certbot import errors
|
|
from certbot.compat import os
|
|
from certbot.plugins import dns_test_common
|
|
from certbot.plugins.dns_test_common import DOMAIN
|
|
from certbot.tests import util as test_util
|
|
|
|
API_ERROR = CloudFlare.exceptions.CloudFlareAPIError(1000, '', '')
|
|
|
|
API_TOKEN = 'an-api-token'
|
|
|
|
API_KEY = 'an-api-key'
|
|
EMAIL = 'example@example.com'
|
|
|
|
|
|
class AuthenticatorTest(test_util.TempDirTestCase, dns_test_common.BaseAuthenticatorTest):
|
|
|
|
def setUp(self):
|
|
from certbot_dns_cloudflare._internal.dns_cloudflare import Authenticator
|
|
|
|
super().setUp()
|
|
|
|
path = os.path.join(self.tempdir, 'file.ini')
|
|
dns_test_common.write({"cloudflare_email": EMAIL, "cloudflare_api_key": API_KEY}, path)
|
|
|
|
self.config = mock.MagicMock(cloudflare_credentials=path,
|
|
cloudflare_propagation_seconds=0) # don't wait during tests
|
|
|
|
self.auth = Authenticator(self.config, "cloudflare")
|
|
|
|
self.mock_client = mock.MagicMock()
|
|
# _get_cloudflare_client | pylint: disable=protected-access
|
|
self.auth._get_cloudflare_client = mock.MagicMock(return_value=self.mock_client)
|
|
|
|
@test_util.patch_get_utility()
|
|
def test_perform(self, unused_mock_get_utility):
|
|
self.auth.perform([self.achall])
|
|
|
|
expected = [mock.call.add_txt_record(DOMAIN, '_acme-challenge.'+DOMAIN, mock.ANY, mock.ANY)]
|
|
self.assertEqual(expected, self.mock_client.mock_calls)
|
|
|
|
def test_cleanup(self):
|
|
# _attempt_cleanup | pylint: disable=protected-access
|
|
self.auth._attempt_cleanup = True
|
|
self.auth.cleanup([self.achall])
|
|
|
|
expected = [mock.call.del_txt_record(DOMAIN, '_acme-challenge.'+DOMAIN, mock.ANY)]
|
|
self.assertEqual(expected, self.mock_client.mock_calls)
|
|
|
|
@test_util.patch_get_utility()
|
|
def test_api_token(self, unused_mock_get_utility):
|
|
dns_test_common.write({"cloudflare_api_token": API_TOKEN},
|
|
self.config.cloudflare_credentials)
|
|
self.auth.perform([self.achall])
|
|
|
|
expected = [mock.call.add_txt_record(DOMAIN, '_acme-challenge.'+DOMAIN, mock.ANY, mock.ANY)]
|
|
self.assertEqual(expected, self.mock_client.mock_calls)
|
|
|
|
def test_no_creds(self):
|
|
dns_test_common.write({}, self.config.cloudflare_credentials)
|
|
self.assertRaises(errors.PluginError,
|
|
self.auth.perform,
|
|
[self.achall])
|
|
|
|
def test_missing_email_or_key(self):
|
|
dns_test_common.write({"cloudflare_api_key": API_KEY}, self.config.cloudflare_credentials)
|
|
self.assertRaises(errors.PluginError,
|
|
self.auth.perform,
|
|
[self.achall])
|
|
|
|
dns_test_common.write({"cloudflare_email": EMAIL}, self.config.cloudflare_credentials)
|
|
self.assertRaises(errors.PluginError,
|
|
self.auth.perform,
|
|
[self.achall])
|
|
|
|
def test_email_or_key_with_token(self):
|
|
dns_test_common.write({"cloudflare_api_token": API_TOKEN, "cloudflare_email": EMAIL},
|
|
self.config.cloudflare_credentials)
|
|
self.assertRaises(errors.PluginError,
|
|
self.auth.perform,
|
|
[self.achall])
|
|
|
|
dns_test_common.write({"cloudflare_api_token": API_TOKEN, "cloudflare_api_key": API_KEY},
|
|
self.config.cloudflare_credentials)
|
|
self.assertRaises(errors.PluginError,
|
|
self.auth.perform,
|
|
[self.achall])
|
|
|
|
dns_test_common.write({"cloudflare_api_token": API_TOKEN, "cloudflare_email": EMAIL,
|
|
"cloudflare_api_key": API_KEY}, self.config.cloudflare_credentials)
|
|
self.assertRaises(errors.PluginError,
|
|
self.auth.perform,
|
|
[self.achall])
|
|
|
|
|
|
class CloudflareClientTest(unittest.TestCase):
|
|
record_name = "foo"
|
|
record_content = "bar"
|
|
record_ttl = 42
|
|
zone_id = 1
|
|
record_id = 2
|
|
|
|
def setUp(self):
|
|
from certbot_dns_cloudflare._internal.dns_cloudflare import _CloudflareClient
|
|
|
|
self.cloudflare_client = _CloudflareClient(EMAIL, API_KEY)
|
|
|
|
self.cf = mock.MagicMock()
|
|
self.cloudflare_client.cf = self.cf
|
|
|
|
def test_add_txt_record(self):
|
|
self.cf.zones.get.return_value = [{'id': self.zone_id}]
|
|
|
|
self.cloudflare_client.add_txt_record(DOMAIN, self.record_name, self.record_content,
|
|
self.record_ttl)
|
|
|
|
self.cf.zones.dns_records.post.assert_called_with(self.zone_id, data=mock.ANY)
|
|
|
|
post_data = self.cf.zones.dns_records.post.call_args[1]['data']
|
|
|
|
self.assertEqual('TXT', post_data['type'])
|
|
self.assertEqual(self.record_name, post_data['name'])
|
|
self.assertEqual(self.record_content, post_data['content'])
|
|
self.assertEqual(self.record_ttl, post_data['ttl'])
|
|
|
|
def test_add_txt_record_error(self):
|
|
self.cf.zones.get.return_value = [{'id': self.zone_id}]
|
|
|
|
self.cf.zones.dns_records.post.side_effect = CloudFlare.exceptions.CloudFlareAPIError(1009, '', '')
|
|
|
|
self.assertRaises(
|
|
errors.PluginError,
|
|
self.cloudflare_client.add_txt_record,
|
|
DOMAIN, self.record_name, self.record_content, self.record_ttl)
|
|
|
|
def test_add_txt_record_error_during_zone_lookup(self):
|
|
self.cf.zones.get.side_effect = API_ERROR
|
|
|
|
self.assertRaises(
|
|
errors.PluginError,
|
|
self.cloudflare_client.add_txt_record,
|
|
DOMAIN, self.record_name, self.record_content, self.record_ttl)
|
|
|
|
def test_add_txt_record_zone_not_found(self):
|
|
self.cf.zones.get.return_value = []
|
|
|
|
self.assertRaises(
|
|
errors.PluginError,
|
|
self.cloudflare_client.add_txt_record,
|
|
DOMAIN, self.record_name, self.record_content, self.record_ttl)
|
|
|
|
def test_add_txt_record_bad_creds(self):
|
|
self.cf.zones.get.side_effect = CloudFlare.exceptions.CloudFlareAPIError(6003, '', '')
|
|
self.assertRaises(
|
|
errors.PluginError,
|
|
self.cloudflare_client.add_txt_record,
|
|
DOMAIN, self.record_name, self.record_content, self.record_ttl)
|
|
|
|
self.cf.zones.get.side_effect = CloudFlare.exceptions.CloudFlareAPIError(9103, '', '')
|
|
self.assertRaises(
|
|
errors.PluginError,
|
|
self.cloudflare_client.add_txt_record,
|
|
DOMAIN, self.record_name, self.record_content, self.record_ttl)
|
|
|
|
self.cf.zones.get.side_effect = CloudFlare.exceptions.CloudFlareAPIError(9109, '', '')
|
|
self.assertRaises(
|
|
errors.PluginError,
|
|
self.cloudflare_client.add_txt_record,
|
|
DOMAIN, self.record_name, self.record_content, self.record_ttl)
|
|
|
|
self.cf.zones.get.side_effect = CloudFlare.exceptions.CloudFlareAPIError(0, 'com.cloudflare.api.account.zone.list', '')
|
|
self.assertRaises(
|
|
errors.PluginError,
|
|
self.cloudflare_client.add_txt_record,
|
|
DOMAIN, self.record_name, self.record_content, self.record_ttl)
|
|
|
|
def test_del_txt_record(self):
|
|
self.cf.zones.get.return_value = [{'id': self.zone_id}]
|
|
self.cf.zones.dns_records.get.return_value = [{'id': self.record_id}]
|
|
|
|
self.cloudflare_client.del_txt_record(DOMAIN, self.record_name, self.record_content)
|
|
|
|
expected = [mock.call.zones.get(params=mock.ANY),
|
|
mock.call.zones.dns_records.get(self.zone_id, params=mock.ANY),
|
|
mock.call.zones.dns_records.delete(self.zone_id, self.record_id)]
|
|
|
|
self.assertEqual(expected, self.cf.mock_calls)
|
|
|
|
get_data = self.cf.zones.dns_records.get.call_args[1]['params']
|
|
|
|
self.assertEqual('TXT', get_data['type'])
|
|
self.assertEqual(self.record_name, get_data['name'])
|
|
self.assertEqual(self.record_content, get_data['content'])
|
|
|
|
def test_del_txt_record_error_during_zone_lookup(self):
|
|
self.cf.zones.get.side_effect = API_ERROR
|
|
|
|
self.cloudflare_client.del_txt_record(DOMAIN, self.record_name, self.record_content)
|
|
|
|
def test_del_txt_record_error_during_delete(self):
|
|
self.cf.zones.get.return_value = [{'id': self.zone_id}]
|
|
self.cf.zones.dns_records.get.return_value = [{'id': self.record_id}]
|
|
self.cf.zones.dns_records.delete.side_effect = API_ERROR
|
|
|
|
self.cloudflare_client.del_txt_record(DOMAIN, self.record_name, self.record_content)
|
|
expected = [mock.call.zones.get(params=mock.ANY),
|
|
mock.call.zones.dns_records.get(self.zone_id, params=mock.ANY),
|
|
mock.call.zones.dns_records.delete(self.zone_id, self.record_id)]
|
|
|
|
self.assertEqual(expected, self.cf.mock_calls)
|
|
|
|
def test_del_txt_record_error_during_get(self):
|
|
self.cf.zones.get.return_value = [{'id': self.zone_id}]
|
|
self.cf.zones.dns_records.get.side_effect = API_ERROR
|
|
|
|
self.cloudflare_client.del_txt_record(DOMAIN, self.record_name, self.record_content)
|
|
expected = [mock.call.zones.get(params=mock.ANY),
|
|
mock.call.zones.dns_records.get(self.zone_id, params=mock.ANY)]
|
|
|
|
self.assertEqual(expected, self.cf.mock_calls)
|
|
|
|
def test_del_txt_record_no_record(self):
|
|
self.cf.zones.get.return_value = [{'id': self.zone_id}]
|
|
self.cf.zones.dns_records.get.return_value = []
|
|
|
|
self.cloudflare_client.del_txt_record(DOMAIN, self.record_name, self.record_content)
|
|
expected = [mock.call.zones.get(params=mock.ANY),
|
|
mock.call.zones.dns_records.get(self.zone_id, params=mock.ANY)]
|
|
|
|
self.assertEqual(expected, self.cf.mock_calls)
|
|
|
|
def test_del_txt_record_no_zone(self):
|
|
self.cf.zones.get.return_value = [{'id': None}]
|
|
|
|
self.cloudflare_client.del_txt_record(DOMAIN, self.record_name, self.record_content)
|
|
expected = [mock.call.zones.get(params=mock.ANY)]
|
|
|
|
self.assertEqual(expected, self.cf.mock_calls)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main() # pragma: no cover
|