Use latest Pebble docker image for integration tests

- Updated to the latest pebble and challtestsrv images - Could not use the docker images as intended, because I found no way to let the docker-maven-plugin setup a network with fixed IP addresses. The original images are based on scratch, so getent is not present there. The only fix was to build own images based on alpine, and copy the apps from the original images. Ugly, but working. - Fixed broken integration tests - Fixed an old bug: DNS records were removed with two trailing full stops.
2024-03-19 22:16:35 +01:00 · 2024-03-19 22:16:35 +01:00 · 57ec36054a
parent 4f36055be5
commit 57ec36054a
9 changed files with 50 additions and 39 deletions
--- a/acme4j-it/pom.xml
+++ b/acme4j-it/pom.xml
@ -105,32 +105,28 @@
            <plugin>
                <groupId>io.fabric8</groupId>
                <artifactId>docker-maven-plugin</artifactId>
-                <version>0.35.0</version>
+                <version>0.44.0</version>

                <configuration>
                    <logStdout>true</logStdout>
                    <verbose>true</verbose>
                    <removeAll>true</removeAll>
-
+                    <containerNamePattern>%a</containerNamePattern>
                    <images>
                        <image>
                            <alias>pebble</alias>
-                            <name>letsencrypt/pebble:${pebble.version}</name>
+                            <name>acme4j/pebble:${project.version}</name>
+                            <build>
+                                <dockerFile>pebble.dockerfile</dockerFile>
+                            </build>
                            <run>
-                                <namingStrategy>alias</namingStrategy>
                                <ports>
-                                    <port>14000:14000</port>
+                                    <port>14000:14000</port><!-- ACME API -->
+                                    <port>15000:15000</port><!-- Management API -->
                                </ports>
                                <links>
                                    <link>bammbamm</link>
                                </links>
-                                <cmd>
-                                    <exec>
-                                        <arg>sh</arg>
-                                        <arg>-c</arg>
-                                        <arg>pebble -strict -dnsserver $(getent hosts bammbamm|cut -d' ' -f1):8053 -config /test/config/pebble-config.json</arg>
-                                    </exec>
-                                </cmd>
                                <wait>
                                    <log>Listening</log>
                                </wait>
@ -142,20 +138,15 @@
                        </image>
                        <image>
                            <alias>bammbamm</alias>
-                            <name>letsencrypt/pebble-challtestsrv:${pebble.version}</name>
+                            <name>acme4j/challtestsrv:${project.version}</name>
+                            <build>
+                                <dockerFile>challtestsrv.dockerfile</dockerFile>
+                            </build>
                            <run>
-                                <namingStrategy>alias</namingStrategy>
                                <hostname>bammbamm</hostname>
                                <ports>
                                    <port>8055:8055</port>
                                </ports>
-                                <cmd>
-                                    <exec>
-                                        <arg>sh</arg>
-                                        <arg>-c</arg>
-                                        <arg>pebble-challtestsrv -defaultIPv6 "" -defaultIPv4 $(getent hosts bammbamm|cut -d' ' -f1)</arg>
-                                    </exec>
-                                </cmd>
                                <wait>
                                    <log>Starting management server</log>
                                </wait>
--- a/acme4j-it/src/main/docker/challtestsrv.dockerfile
+++ b/acme4j-it/src/main/docker/challtestsrv.dockerfile
@ -0,0 +1,6 @@
+FROM ghcr.io/letsencrypt/pebble-challtestsrv:latest
+
+FROM alpine
+COPY --from=0 /app /app
+COPY challtestsrv.sh /
+ENTRYPOINT [ "/challtestsrv.sh" ]
--- a/acme4j-it/src/main/docker/challtestsrv.sh
+++ b/acme4j-it/src/main/docker/challtestsrv.sh
@ -0,0 +1,6 @@
+#!/bin/sh
+
+BAMMBAMM_IP=$(getent hosts bammbamm|cut -d' ' -f1)
+echo "My IP is: $BAMMBAMM_IP"
+
+/app -defaultIPv6 "" -defaultIPv4 "$BAMMBAMM_IP"
--- a/acme4j-it/src/main/docker/pebble.dockerfile
+++ b/acme4j-it/src/main/docker/pebble.dockerfile
@ -0,0 +1,7 @@
+FROM ghcr.io/letsencrypt/pebble:latest
+
+FROM alpine
+COPY --from=0 /app /app
+COPY --from=0 /test /test
+COPY pebble.sh /
+ENTRYPOINT [ "/pebble.sh" ]
--- a/acme4j-it/src/main/docker/pebble.sh
+++ b/acme4j-it/src/main/docker/pebble.sh
@ -0,0 +1,6 @@
+#!/bin/sh
+
+BAMMBAMM_IP=$(getent hosts bammbamm|cut -d' ' -f1)
+echo "DNS server at: $BAMMBAMM_IP"
+
+/app -strict -dnsserver $BAMMBAMM_IP:8053 -config /test/config/pebble-config.json
--- a/acme4j-it/src/main/java/org/shredzone/acme4j/it/BammBammClient.java
+++ b/acme4j-it/src/main/java/org/shredzone/acme4j/it/BammBammClient.java
@ -125,7 +125,7 @@ public class BammBammClient {
     */
    public void dnsRemoveTxtRecord(String domain) throws IOException {
        var jb = new JSONBuilder();
-        jb.put("host", domain + '.');
+        jb.put("host", domain);
        sendRequest("clear-txt", jb.toString());
    }

--- a/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderIT.java
+++ b/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderIT.java
@ -194,7 +194,6 @@ public class OrderIT extends PebbleITBase {
        assertThat(cert).isNotNull();
        assertThat(cert.getNotBefore().toInstant()).isEqualTo(notBefore);
        assertThat(cert.getNotAfter().toInstant()).isEqualTo(notAfter);
-        assertThat(cert.getSubjectX500Principal().getName()).contains("CN=" + domain);

        for (var auth :  order.getAuthorizations()) {
            assertThat(auth.getStatus()).isEqualTo(Status.VALID);
--- a/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderWildcardIT.java
+++ b/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderWildcardIT.java
@ -69,7 +69,6 @@ public class OrderWildcardIT extends PebbleITBase {

        for (var auth : order.getAuthorizations()) {
            assertThat(auth.getIdentifier().getDomain()).isEqualTo(TEST_DOMAIN);
-            assertThat(auth.getStatus()).isEqualTo(Status.PENDING);

            if (auth.getStatus() == Status.VALID) {
                continue;
@ -80,16 +79,17 @@ public class OrderWildcardIT extends PebbleITBase {
            var challengeDomainName = Dns01Challenge.toRRName(TEST_DOMAIN);

            client.dnsAddTxtRecord(challengeDomainName, challenge.getDigest());
-            cleanup(() -> client.dnsRemoveTxtRecord(challengeDomainName));

-            challenge.trigger();
-
-            await()
-                .pollInterval(1, SECONDS)
-                .timeout(30, SECONDS)
-                .conditionEvaluationListener(cond -> updateAuth(auth))
-                .untilAsserted(() -> assertThat(
-                        auth.getStatus()).isNotIn(Status.PENDING, Status.PROCESSING));
+            try {
+                challenge.trigger();
+                await().pollInterval(1, SECONDS)
+                        .timeout(30, SECONDS)
+                        .conditionEvaluationListener(cond -> updateAuth(auth))
+                        .untilAsserted(() -> assertThat(
+                                auth.getStatus()).isNotIn(Status.PENDING, Status.PROCESSING));
+            } finally {
+                performCleanup();
+            }

            assertThat(auth.getStatus()).isEqualTo(Status.VALID);
        }
@ -108,10 +108,6 @@ public class OrderWildcardIT extends PebbleITBase {
        assertThat(cert).isNotNull();
        assertThat(cert.getNotAfter()).isNotEqualTo(notBefore);
        assertThat(cert.getNotBefore()).isNotEqualTo(notAfter);
-        assertThat(cert.getSubjectX500Principal().getName()).satisfiesAnyOf(
-                name -> assertThat(name).contains("CN=" + TEST_DOMAIN),
-                name -> assertThat(name).contains("CN=" + TEST_WILDCARD_DOMAIN)
-        );

        var san = cert.getSubjectAlternativeNames().stream()
                .filter(it -> ((Number) it.get(0)).intValue() == GeneralName.dNSName)
--- a/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/PebbleITBase.java
+++ b/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/PebbleITBase.java
@ -111,7 +111,7 @@ public abstract class PebbleITBase {
     */
    protected void updateAuth(Authorization auth) {
        try {
-            auth.update();
+            auth.fetch();
        } catch (AcmeException ex) {
            throw new AcmeLazyLoadingException(auth, ex);
        }
@ -125,7 +125,7 @@ public abstract class PebbleITBase {
     */
    protected void updateOrder(Order order) {
        try {
-            order.update();
+            order.fetch();
        } catch (AcmeException ex) {
            throw new AcmeLazyLoadingException(order, ex);
        }