Skip to content

Commit

Permalink
Use latest Pebble docker image for integration tests
Browse files Browse the repository at this point in the history
- Updated to the latest pebble and challtestsrv images
- Could not use the docker images as intended, because I found no way to
  let the docker-maven-plugin setup a network with fixed IP addresses.
  The original images are based on scratch, so getent is not present
  there. The only fix was to build own images based on alpine, and copy
  the apps from the original images. Ugly, but working.
- Fixed broken integration tests
- Fixed an old bug: DNS records were removed with two trailing full
  stops.
shred committed Mar 19, 2024
1 parent 4f36055 commit 57ec360
Showing 9 changed files with 50 additions and 39 deletions.
33 changes: 12 additions & 21 deletions acme4j-it/pom.xml
Original file line number Diff line number Diff line change
@@ -105,32 +105,28 @@
<plugin>
<groupId>io.fabric8</groupId>
<artifactId>docker-maven-plugin</artifactId>
<version>0.35.0</version>
<version>0.44.0</version>

<configuration>
<logStdout>true</logStdout>
<verbose>true</verbose>
<removeAll>true</removeAll>

<containerNamePattern>%a</containerNamePattern>
<images>
<image>
<alias>pebble</alias>
<name>letsencrypt/pebble:${pebble.version}</name>
<name>acme4j/pebble:${project.version}</name>
<build>
<dockerFile>pebble.dockerfile</dockerFile>
</build>
<run>
<namingStrategy>alias</namingStrategy>
<ports>
<port>14000:14000</port>
<port>14000:14000</port><!-- ACME API -->
<port>15000:15000</port><!-- Management API -->
</ports>
<links>
<link>bammbamm</link>
</links>
<cmd>
<exec>
<arg>sh</arg>
<arg>-c</arg>
<arg>pebble -strict -dnsserver $(getent hosts bammbamm|cut -d' ' -f1):8053 -config /test/config/pebble-config.json</arg>
</exec>
</cmd>
<wait>
<log>Listening</log>
</wait>
@@ -142,20 +138,15 @@
</image>
<image>
<alias>bammbamm</alias>
<name>letsencrypt/pebble-challtestsrv:${pebble.version}</name>
<name>acme4j/challtestsrv:${project.version}</name>
<build>
<dockerFile>challtestsrv.dockerfile</dockerFile>
</build>
<run>
<namingStrategy>alias</namingStrategy>
<hostname>bammbamm</hostname>
<ports>
<port>8055:8055</port>
</ports>
<cmd>
<exec>
<arg>sh</arg>
<arg>-c</arg>
<arg>pebble-challtestsrv -defaultIPv6 "" -defaultIPv4 $(getent hosts bammbamm|cut -d' ' -f1)</arg>
</exec>
</cmd>
<wait>
<log>Starting management server</log>
</wait>
6 changes: 6 additions & 0 deletions acme4j-it/src/main/docker/challtestsrv.dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
FROM ghcr.io/letsencrypt/pebble-challtestsrv:latest

FROM alpine
COPY --from=0 /app /app
COPY challtestsrv.sh /
ENTRYPOINT [ "/challtestsrv.sh" ]
6 changes: 6 additions & 0 deletions acme4j-it/src/main/docker/challtestsrv.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/bin/sh

BAMMBAMM_IP=$(getent hosts bammbamm|cut -d' ' -f1)
echo "My IP is: $BAMMBAMM_IP"

/app -defaultIPv6 "" -defaultIPv4 "$BAMMBAMM_IP"
7 changes: 7 additions & 0 deletions acme4j-it/src/main/docker/pebble.dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
FROM ghcr.io/letsencrypt/pebble:latest

FROM alpine
COPY --from=0 /app /app
COPY --from=0 /test /test
COPY pebble.sh /
ENTRYPOINT [ "/pebble.sh" ]
6 changes: 6 additions & 0 deletions acme4j-it/src/main/docker/pebble.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/bin/sh

BAMMBAMM_IP=$(getent hosts bammbamm|cut -d' ' -f1)
echo "DNS server at: $BAMMBAMM_IP"

/app -strict -dnsserver $BAMMBAMM_IP:8053 -config /test/config/pebble-config.json
Original file line number Diff line number Diff line change
@@ -125,7 +125,7 @@ public void dnsAddTxtRecord(String domain, String txt) throws IOException {
*/
public void dnsRemoveTxtRecord(String domain) throws IOException {
var jb = new JSONBuilder();
jb.put("host", domain + '.');
jb.put("host", domain);
sendRequest("clear-txt", jb.toString());
}

Original file line number Diff line number Diff line change
@@ -194,7 +194,6 @@ private void orderCertificate(String domain, Validator validator, Revoker revoke
assertThat(cert).isNotNull();
assertThat(cert.getNotBefore().toInstant()).isEqualTo(notBefore);
assertThat(cert.getNotAfter().toInstant()).isEqualTo(notAfter);
assertThat(cert.getSubjectX500Principal().getName()).contains("CN=" + domain);

for (var auth : order.getAuthorizations()) {
assertThat(auth.getStatus()).isEqualTo(Status.VALID);
Original file line number Diff line number Diff line change
@@ -69,7 +69,6 @@ public void testDnsValidation() throws Exception {

for (var auth : order.getAuthorizations()) {
assertThat(auth.getIdentifier().getDomain()).isEqualTo(TEST_DOMAIN);
assertThat(auth.getStatus()).isEqualTo(Status.PENDING);

if (auth.getStatus() == Status.VALID) {
continue;
@@ -80,16 +79,17 @@ public void testDnsValidation() throws Exception {
var challengeDomainName = Dns01Challenge.toRRName(TEST_DOMAIN);

client.dnsAddTxtRecord(challengeDomainName, challenge.getDigest());
cleanup(() -> client.dnsRemoveTxtRecord(challengeDomainName));

challenge.trigger();

await()
.pollInterval(1, SECONDS)
.timeout(30, SECONDS)
.conditionEvaluationListener(cond -> updateAuth(auth))
.untilAsserted(() -> assertThat(
auth.getStatus()).isNotIn(Status.PENDING, Status.PROCESSING));
try {
challenge.trigger();
await().pollInterval(1, SECONDS)
.timeout(30, SECONDS)
.conditionEvaluationListener(cond -> updateAuth(auth))
.untilAsserted(() -> assertThat(
auth.getStatus()).isNotIn(Status.PENDING, Status.PROCESSING));
} finally {
performCleanup();
}

assertThat(auth.getStatus()).isEqualTo(Status.VALID);
}
@@ -108,10 +108,6 @@ public void testDnsValidation() throws Exception {
assertThat(cert).isNotNull();
assertThat(cert.getNotAfter()).isNotEqualTo(notBefore);
assertThat(cert.getNotBefore()).isNotEqualTo(notAfter);
assertThat(cert.getSubjectX500Principal().getName()).satisfiesAnyOf(
name -> assertThat(name).contains("CN=" + TEST_DOMAIN),
name -> assertThat(name).contains("CN=" + TEST_WILDCARD_DOMAIN)
);

var san = cert.getSubjectAlternativeNames().stream()
.filter(it -> ((Number) it.get(0)).intValue() == GeneralName.dNSName)
Original file line number Diff line number Diff line change
@@ -111,7 +111,7 @@ protected void assertIsPebbleUrl(URL url) {
*/
protected void updateAuth(Authorization auth) {
try {
auth.update();
auth.fetch();
} catch (AcmeException ex) {
throw new AcmeLazyLoadingException(auth, ex);
}
@@ -125,7 +125,7 @@ protected void updateAuth(Authorization auth) {
*/
protected void updateOrder(Order order) {
try {
order.update();
order.fetch();
} catch (AcmeException ex) {
throw new AcmeLazyLoadingException(order, ex);
}

0 comments on commit 57ec360

Please sign in to comment.