From 57ec36054a70736b5ba3da80908302296a697629 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Richard=20K=C3=B6rber?= Date: Tue, 19 Mar 2024 22:16:35 +0100 Subject: [PATCH] Use latest Pebble docker image for integration tests - Updated to the latest pebble and challtestsrv images - Could not use the docker images as intended, because I found no way to let the docker-maven-plugin setup a network with fixed IP addresses. The original images are based on scratch, so getent is not present there. The only fix was to build own images based on alpine, and copy the apps from the original images. Ugly, but working. - Fixed broken integration tests - Fixed an old bug: DNS records were removed with two trailing full stops. --- acme4j-it/pom.xml | 33 +++++++------------ .../src/main/docker/challtestsrv.dockerfile | 6 ++++ acme4j-it/src/main/docker/challtestsrv.sh | 6 ++++ acme4j-it/src/main/docker/pebble.dockerfile | 7 ++++ acme4j-it/src/main/docker/pebble.sh | 6 ++++ .../shredzone/acme4j/it/BammBammClient.java | 2 +- .../shredzone/acme4j/it/pebble/OrderIT.java | 1 - .../acme4j/it/pebble/OrderWildcardIT.java | 24 ++++++-------- .../acme4j/it/pebble/PebbleITBase.java | 4 +-- 9 files changed, 50 insertions(+), 39 deletions(-) create mode 100644 acme4j-it/src/main/docker/challtestsrv.dockerfile create mode 100755 acme4j-it/src/main/docker/challtestsrv.sh create mode 100644 acme4j-it/src/main/docker/pebble.dockerfile create mode 100755 acme4j-it/src/main/docker/pebble.sh diff --git a/acme4j-it/pom.xml b/acme4j-it/pom.xml index 293826f6..ef4e705a 100644 --- a/acme4j-it/pom.xml +++ b/acme4j-it/pom.xml @@ -105,32 +105,28 @@ io.fabric8 docker-maven-plugin - 0.35.0 + 0.44.0 true true true - + %a pebble - letsencrypt/pebble:${pebble.version} + acme4j/pebble:${project.version} + + pebble.dockerfile + - alias - 14000:14000 + 14000:14000 + 15000:15000 bammbamm - - - sh - -c - pebble -strict -dnsserver $(getent hosts bammbamm|cut -d' ' -f1):8053 -config /test/config/pebble-config.json - - Listening @@ -142,20 +138,15 @@ bammbamm - letsencrypt/pebble-challtestsrv:${pebble.version} + acme4j/challtestsrv:${project.version} + + challtestsrv.dockerfile + - alias bammbamm 8055:8055 - - - sh - -c - pebble-challtestsrv -defaultIPv6 "" -defaultIPv4 $(getent hosts bammbamm|cut -d' ' -f1) - - Starting management server diff --git a/acme4j-it/src/main/docker/challtestsrv.dockerfile b/acme4j-it/src/main/docker/challtestsrv.dockerfile new file mode 100644 index 00000000..dd858648 --- /dev/null +++ b/acme4j-it/src/main/docker/challtestsrv.dockerfile @@ -0,0 +1,6 @@ +FROM ghcr.io/letsencrypt/pebble-challtestsrv:latest + +FROM alpine +COPY --from=0 /app /app +COPY challtestsrv.sh / +ENTRYPOINT [ "/challtestsrv.sh" ] \ No newline at end of file diff --git a/acme4j-it/src/main/docker/challtestsrv.sh b/acme4j-it/src/main/docker/challtestsrv.sh new file mode 100755 index 00000000..a9f32eb6 --- /dev/null +++ b/acme4j-it/src/main/docker/challtestsrv.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +BAMMBAMM_IP=$(getent hosts bammbamm|cut -d' ' -f1) +echo "My IP is: $BAMMBAMM_IP" + +/app -defaultIPv6 "" -defaultIPv4 "$BAMMBAMM_IP" diff --git a/acme4j-it/src/main/docker/pebble.dockerfile b/acme4j-it/src/main/docker/pebble.dockerfile new file mode 100644 index 00000000..5695f44c --- /dev/null +++ b/acme4j-it/src/main/docker/pebble.dockerfile @@ -0,0 +1,7 @@ +FROM ghcr.io/letsencrypt/pebble:latest + +FROM alpine +COPY --from=0 /app /app +COPY --from=0 /test /test +COPY pebble.sh / +ENTRYPOINT [ "/pebble.sh" ] diff --git a/acme4j-it/src/main/docker/pebble.sh b/acme4j-it/src/main/docker/pebble.sh new file mode 100755 index 00000000..f9705ee6 --- /dev/null +++ b/acme4j-it/src/main/docker/pebble.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +BAMMBAMM_IP=$(getent hosts bammbamm|cut -d' ' -f1) +echo "DNS server at: $BAMMBAMM_IP" + +/app -strict -dnsserver $BAMMBAMM_IP:8053 -config /test/config/pebble-config.json diff --git a/acme4j-it/src/main/java/org/shredzone/acme4j/it/BammBammClient.java b/acme4j-it/src/main/java/org/shredzone/acme4j/it/BammBammClient.java index bddf17e4..2de2f884 100644 --- a/acme4j-it/src/main/java/org/shredzone/acme4j/it/BammBammClient.java +++ b/acme4j-it/src/main/java/org/shredzone/acme4j/it/BammBammClient.java @@ -125,7 +125,7 @@ public class BammBammClient { */ public void dnsRemoveTxtRecord(String domain) throws IOException { var jb = new JSONBuilder(); - jb.put("host", domain + '.'); + jb.put("host", domain); sendRequest("clear-txt", jb.toString()); } diff --git a/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderIT.java b/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderIT.java index d7f16b50..2a0cdb7a 100644 --- a/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderIT.java +++ b/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderIT.java @@ -194,7 +194,6 @@ public class OrderIT extends PebbleITBase { assertThat(cert).isNotNull(); assertThat(cert.getNotBefore().toInstant()).isEqualTo(notBefore); assertThat(cert.getNotAfter().toInstant()).isEqualTo(notAfter); - assertThat(cert.getSubjectX500Principal().getName()).contains("CN=" + domain); for (var auth : order.getAuthorizations()) { assertThat(auth.getStatus()).isEqualTo(Status.VALID); diff --git a/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderWildcardIT.java b/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderWildcardIT.java index 79f2298c..55622155 100644 --- a/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderWildcardIT.java +++ b/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderWildcardIT.java @@ -69,7 +69,6 @@ public class OrderWildcardIT extends PebbleITBase { for (var auth : order.getAuthorizations()) { assertThat(auth.getIdentifier().getDomain()).isEqualTo(TEST_DOMAIN); - assertThat(auth.getStatus()).isEqualTo(Status.PENDING); if (auth.getStatus() == Status.VALID) { continue; @@ -80,16 +79,17 @@ public class OrderWildcardIT extends PebbleITBase { var challengeDomainName = Dns01Challenge.toRRName(TEST_DOMAIN); client.dnsAddTxtRecord(challengeDomainName, challenge.getDigest()); - cleanup(() -> client.dnsRemoveTxtRecord(challengeDomainName)); - challenge.trigger(); - - await() - .pollInterval(1, SECONDS) - .timeout(30, SECONDS) - .conditionEvaluationListener(cond -> updateAuth(auth)) - .untilAsserted(() -> assertThat( - auth.getStatus()).isNotIn(Status.PENDING, Status.PROCESSING)); + try { + challenge.trigger(); + await().pollInterval(1, SECONDS) + .timeout(30, SECONDS) + .conditionEvaluationListener(cond -> updateAuth(auth)) + .untilAsserted(() -> assertThat( + auth.getStatus()).isNotIn(Status.PENDING, Status.PROCESSING)); + } finally { + performCleanup(); + } assertThat(auth.getStatus()).isEqualTo(Status.VALID); } @@ -108,10 +108,6 @@ public class OrderWildcardIT extends PebbleITBase { assertThat(cert).isNotNull(); assertThat(cert.getNotAfter()).isNotEqualTo(notBefore); assertThat(cert.getNotBefore()).isNotEqualTo(notAfter); - assertThat(cert.getSubjectX500Principal().getName()).satisfiesAnyOf( - name -> assertThat(name).contains("CN=" + TEST_DOMAIN), - name -> assertThat(name).contains("CN=" + TEST_WILDCARD_DOMAIN) - ); var san = cert.getSubjectAlternativeNames().stream() .filter(it -> ((Number) it.get(0)).intValue() == GeneralName.dNSName) diff --git a/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/PebbleITBase.java b/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/PebbleITBase.java index 50a02673..27abaf0f 100644 --- a/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/PebbleITBase.java +++ b/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/PebbleITBase.java @@ -111,7 +111,7 @@ public abstract class PebbleITBase { */ protected void updateAuth(Authorization auth) { try { - auth.update(); + auth.fetch(); } catch (AcmeException ex) { throw new AcmeLazyLoadingException(auth, ex); } @@ -125,7 +125,7 @@ public abstract class PebbleITBase { */ protected void updateOrder(Order order) { try { - order.update(); + order.fetch(); } catch (AcmeException ex) { throw new AcmeLazyLoadingException(order, ex); }