certbot-ci: fix boulder-v2 failures related to unexported challtestsrv port (#9235)

* certbot-ci: fix challtestsrv address for boulder-v2

The port is no longer exposed on the Docker host.

* vary the challtestsrv URL by acme server

* fix mypy

* fix comment

Co-authored-by: ohemorange <ebportnoy@gmail.com>

Co-authored-by: ohemorange <ebportnoy@gmail.com>

3 files changed, 16 insertions, 11 deletions

diff --git a/certbot-ci/certbot_integration_tests/certbot_tests/context.py b/certbot-ci/certbot_integration_tests/certbot_tests/context.py
index fdef82252..0dc732880 100644
--- a/certbot-ci/certbot_integration_tests/certbot_tests/context.py
+++ b/certbot-ci/certbot_integration_tests/certbot_tests/context.py
@@ -29,8 +29,8 @@ class IntegrationTestsContext:
         self.http_01_port = acme_xdist['http_port'][self.worker_id]
         self.other_port = acme_xdist['other_port'][self.worker_id]
         # Challtestsrv REST API, that exposes entrypoints to register new DNS entries,
-        # is listening on challtestsrv_port.
-        self.challtestsrv_port = acme_xdist['challtestsrv_port']
+        # is listening on challtestsrv_url.
+        self.challtestsrv_url = acme_xdist['challtestsrv_url']
 
         self.workspace = tempfile.mkdtemp()
         self.config_dir = os.path.join(self.workspace, 'conf')
@@ -44,17 +44,17 @@ class IntegrationTestsContext:
             "assert not os.environ.get('CERTBOT_DOMAIN').startswith('fail'); "
             "data = {{'host':'_acme-challenge.{{0}}.'.format(os.environ.get('CERTBOT_DOMAIN')),"
             "'value':os.environ.get('CERTBOT_VALIDATION')}}; "
-            "request = requests.post('http://localhost:{1}/set-txt', data=json.dumps(data)); "
+            "request = requests.post('{1}/set-txt', data=json.dumps(data)); "
             "request.raise_for_status(); "
             '"'
-        ).format(sys.executable, self.challtestsrv_port)
+        ).format(sys.executable, self.challtestsrv_url)
         self.manual_dns_cleanup_hook = (
             '{0} -c "import os; import requests; import json; '
             "data = {{'host':'_acme-challenge.{{0}}.'.format(os.environ.get('CERTBOT_DOMAIN'))}}; "
-            "request = requests.post('http://localhost:{1}/clear-txt', data=json.dumps(data)); "
+            "request = requests.post('{1}/clear-txt', data=json.dumps(data)); "
             "request.raise_for_status(); "
             '"'
-        ).format(sys.executable, self.challtestsrv_port)
+        ).format(sys.executable, self.challtestsrv_url)
 
     def cleanup(self) -> None:
         """Cleanup the integration test context."""
diff --git a/certbot-ci/certbot_integration_tests/utils/acme_server.py b/certbot-ci/certbot_integration_tests/utils/acme_server.py
index 00e895656..9e56e3036 100755
--- a/certbot-ci/certbot_integration_tests/utils/acme_server.py
+++ b/certbot-ci/certbot_integration_tests/utils/acme_server.py
@@ -122,14 +122,16 @@ class ACMEServer:
 
     def _construct_acme_xdist(self, acme_server: str, nodes: List[str]) -> None:
         """Generate and return the acme_xdist dict"""
-        acme_xdist = {'acme_server': acme_server, 'challtestsrv_port': CHALLTESTSRV_PORT}
+        acme_xdist: Dict[str, Any] = {'acme_server': acme_server}
 
         # Directory and ACME port are set implicitly in the docker-compose.yml
         # files of Boulder/Pebble.
         if acme_server == 'pebble':
             acme_xdist['directory_url'] = PEBBLE_DIRECTORY_URL
+            acme_xdist['challtestsrv_url'] = PEBBLE_CHALLTESTSRV_URL
         else:  # boulder
             acme_xdist['directory_url'] = BOULDER_V2_DIRECTORY_URL
+            acme_xdist['challtestsrv_url'] = BOULDER_V2_CHALLTESTSRV_URL
 
         acme_xdist['http_port'] = {
             node: port for (node, port) in  # pylint: disable=unnecessary-comprehension
@@ -182,7 +184,7 @@ class ACMEServer:
 
         # Wait for the ACME CA server to be up.
         print('=> Waiting for pebble instance to respond...')
-        misc.check_until_timeout(self.acme_xdist['directory_url'])  # type: ignore[arg-type]
+        misc.check_until_timeout(self.acme_xdist['directory_url'])
 
         print('=> Finished pebble instance deployment.')
 
@@ -216,12 +218,13 @@ class ACMEServer:
             # Wait for the ACME CA server to be up.
             print('=> Waiting for boulder instance to respond...')
             misc.check_until_timeout(
-                self.acme_xdist['directory_url'], attempts=300)  # type: ignore[arg-type]
+                self.acme_xdist['directory_url'], attempts=300)
 
             if not self._dns_server:
                 # Configure challtestsrv to answer any A record request with ip of the docker host.
-                response = requests.post('http://localhost:{0}/set-default-ipv4'.format(
-                    CHALLTESTSRV_PORT), json={'ip': '10.77.77.1'}
+                response = requests.post(
+                    f'{BOULDER_V2_CHALLTESTSRV_URL}/set-default-ipv4',
+                    json={'ip': '10.77.77.1'}
                 )
                 response.raise_for_status()
         except BaseException:
diff --git a/certbot-ci/certbot_integration_tests/utils/constants.py b/certbot-ci/certbot_integration_tests/utils/constants.py
index dd41d670e..a788881ef 100644
--- a/certbot-ci/certbot_integration_tests/utils/constants.py
+++ b/certbot-ci/certbot_integration_tests/utils/constants.py
@@ -2,8 +2,10 @@
 DEFAULT_HTTP_01_PORT = 5002
 TLS_ALPN_01_PORT = 5001
 CHALLTESTSRV_PORT = 8055
+BOULDER_V2_CHALLTESTSRV_URL = f'http://10.77.77.77:{CHALLTESTSRV_PORT}'
 BOULDER_V2_DIRECTORY_URL = 'http://localhost:4001/directory'
 PEBBLE_DIRECTORY_URL = 'https://localhost:14000/dir'
 PEBBLE_MANAGEMENT_URL = 'https://localhost:15000'
+PEBBLE_CHALLTESTSRV_URL = f'http://localhost:{CHALLTESTSRV_PORT}'
 MOCK_OCSP_SERVER_PORT = 4002
 PEBBLE_ALTERNATE_ROOTS = 2