From ad0d10db0dc12e4629f63ff3847c72539198af43 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Wed, 22 Aug 2018 22:15:35 +0200 Subject: [PATCH] ACME: improve tests (new Pebble version, strict mode) (#44518) * Bump ACME test container version. * Re-adding key rollover test. --- .../targets/acme_account/tasks/impl.yml | 91 ++++++------------- .../targets/acme_account/tests/validate.yml | 44 +++------ test/runner/lib/cloud/acme.py | 2 +- 3 files changed, 39 insertions(+), 98 deletions(-) diff --git a/test/integration/targets/acme_account/tasks/impl.yml b/test/integration/targets/acme_account/tasks/impl.yml index 50d5a8a5aa..42104d930a 100644 --- a/test/integration/targets/acme_account/tasks/impl.yml +++ b/test/integration/targets/acme_account/tasks/impl.yml @@ -100,72 +100,23 @@ - name: Parse account key (to ease debugging some test failures) command: openssl ec -in {{ output_dir }}/accountkey2.pem -noout -text -# Note that pebble has no change key endpoint implemented yet! -# When it has (and the container was updated), uncomment the -# uncomment the following tests, and delete the ones below the -# out-commented ones. - -# - name: Change account key -# acme_account: -# select_crypto_backend: "{{ select_crypto_backend }}" -# account_key_src: "{{ output_dir }}/accountkey.pem" -# acme_version: 2 -# acme_directory: https://{{ acme_host }}:14000/dir -# validate_certs: no -# new_account_key_src: "{{ output_dir }}/accountkey2.pem" -# state: changed_key -# contact: -# - mailto:example@example.com -# register: account_change_key - -# - name: Deactivate account -# acme_account: -# select_crypto_backend: "{{ select_crypto_backend }}" -# account_key_src: "{{ output_dir }}/accountkey2.pem" -# acme_version: 2 -# acme_directory: https://{{ acme_host }}:14000/dir -# validate_certs: no -# state: absent -# register: account_deactivate - -# - name: Deactivate account (idempotent) -# acme_account: -# select_crypto_backend: "{{ select_crypto_backend }}" -# account_key_src: "{{ output_dir }}/accountkey2.pem" -# acme_version: 2 -# acme_directory: https://{{ acme_host }}:14000/dir -# validate_certs: no -# state: absent -# register: account_deactivate_idempotent - -# - name: Do not try to create account II -# acme_account: -# select_crypto_backend: "{{ select_crypto_backend }}" -# account_key_src: "{{ output_dir }}/accountkey2.pem" -# acme_version: 2 -# acme_directory: https://{{ acme_host }}:14000/dir -# validate_certs: no -# state: present -# allow_creation: no -# ignore_errors: yes -# register: account_not_created_2 - -# - name: Do not try to create account III -# acme_account: -# select_crypto_backend: "{{ select_crypto_backend }}" -# account_key_src: "{{ output_dir }}/accountkey.pem" -# acme_version: 2 -# acme_directory: https://{{ acme_host }}:14000/dir -# validate_certs: no -# state: present -# allow_creation: no -# ignore_errors: yes -# register: account_not_created_3 +- name: Change account key + acme_account: + select_crypto_backend: "{{ select_crypto_backend }}" + account_key_src: "{{ output_dir }}/accountkey.pem" + acme_version: 2 + acme_directory: https://{{ acme_host }}:14000/dir + validate_certs: no + new_account_key_src: "{{ output_dir }}/accountkey2.pem" + state: changed_key + contact: + - mailto:example@example.com + register: account_change_key - name: Deactivate account acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ output_dir }}/accountkey2.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -175,7 +126,7 @@ - name: Deactivate account (idempotent) acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ output_dir }}/accountkey2.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -185,7 +136,7 @@ - name: Do not try to create account II acme_account: select_crypto_backend: "{{ select_crypto_backend }}" - account_key_src: "{{ output_dir }}/accountkey.pem" + account_key_src: "{{ output_dir }}/accountkey2.pem" acme_version: 2 acme_directory: https://{{ acme_host }}:14000/dir validate_certs: no @@ -193,3 +144,15 @@ allow_creation: no ignore_errors: yes register: account_not_created_2 + +- name: Do not try to create account III + acme_account: + select_crypto_backend: "{{ select_crypto_backend }}" + account_key_src: "{{ output_dir }}/accountkey.pem" + acme_version: 2 + acme_directory: https://{{ acme_host }}:14000/dir + validate_certs: no + state: present + allow_creation: no + ignore_errors: yes + register: account_not_created_3 diff --git a/test/integration/targets/acme_account/tests/validate.yml b/test/integration/targets/acme_account/tests/validate.yml index e01c496130..ec0176ef8f 100644 --- a/test/integration/targets/acme_account/tests/validate.yml +++ b/test/integration/targets/acme_account/tests/validate.yml @@ -39,38 +39,11 @@ - account_modified_2_idempotent is not changed - account_modified_2_idempotent.account_uri is not none -# Note that pebble has no change key endpoint implemented yet! -# When it has (and the container was updated), uncomment the -# following validations, and delete the ones below the -# out-commented ones: - -#- name: Validate that the account key was changed -# assert: -# that: -# - account_change_key is changed -# - account_change_key.account_uri is not none -# -#- name: Validate that the account was deactivated -# assert: -# that: -# - account_deactivate is changed -# - account_deactivate.account_uri is not none -# -#- name: Validate that the account was really deactivated (idempotency) -# assert: -# that: -# - account_deactivate_idempotent is not changed -# - account_deactivate_idempotent.account_uri is not none -# -#- name: Validate that the account is gone (new account key) -# assert: -# that: -# - account_not_created_2 is failed -# -#- name: Validate that the account is gone (old account key) -# assert: -# that: -# - account_not_created_3 is failed +- name: Validate that the account key was changed + assert: + that: + - account_change_key is changed + - account_change_key.account_uri is not none - name: Validate that the account was deactivated assert: @@ -84,7 +57,12 @@ - account_deactivate_idempotent is not changed - account_deactivate_idempotent.account_uri is not none -- name: Validate that the account is gone +- name: Validate that the account is gone (new account key) assert: that: - account_not_created_2 is failed + +- name: Validate that the account is gone (old account key) + assert: + that: + - account_not_created_3 is failed diff --git a/test/runner/lib/cloud/acme.py b/test/runner/lib/cloud/acme.py index 8a04c2af35..0676cb30de 100644 --- a/test/runner/lib/cloud/acme.py +++ b/test/runner/lib/cloud/acme.py @@ -50,7 +50,7 @@ class ACMEProvider(CloudProvider): if os.environ.get('ANSIBLE_ACME_CONTAINER'): self.image = os.environ.get('ANSIBLE_ACME_CONTAINER') else: - self.image = 'quay.io/ansible/acme-test-container:1.2.0' + self.image = 'quay.io/ansible/acme-test-container:1.3.0' self.container_name = '' def _wait_for_service(self, protocol, acme_host, port, local_part, name):