From f54d9a325716d91ecc334496d231808fea6e245f Mon Sep 17 00:00:00 2001 From: alexzorin Date: Wed, 16 Mar 2022 08:50:26 +1100 Subject: certbot-ci: fix boulder-v2 failures related to unexported challtestsrv port (#9235) * certbot-ci: fix challtestsrv address for boulder-v2 The port is no longer exposed on the Docker host. * vary the challtestsrv URL by acme server * fix mypy * fix comment Co-authored-by: ohemorange Co-authored-by: ohemorange --- .../certbot_integration_tests/certbot_tests/context.py | 12 ++++++------ certbot-ci/certbot_integration_tests/utils/acme_server.py | 13 ++++++++----- certbot-ci/certbot_integration_tests/utils/constants.py | 2 ++ 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/certbot-ci/certbot_integration_tests/certbot_tests/context.py b/certbot-ci/certbot_integration_tests/certbot_tests/context.py index fdef82252..0dc732880 100644 --- a/certbot-ci/certbot_integration_tests/certbot_tests/context.py +++ b/certbot-ci/certbot_integration_tests/certbot_tests/context.py @@ -29,8 +29,8 @@ class IntegrationTestsContext: self.http_01_port = acme_xdist['http_port'][self.worker_id] self.other_port = acme_xdist['other_port'][self.worker_id] # Challtestsrv REST API, that exposes entrypoints to register new DNS entries, - # is listening on challtestsrv_port. - self.challtestsrv_port = acme_xdist['challtestsrv_port'] + # is listening on challtestsrv_url. + self.challtestsrv_url = acme_xdist['challtestsrv_url'] self.workspace = tempfile.mkdtemp() self.config_dir = os.path.join(self.workspace, 'conf') @@ -44,17 +44,17 @@ class IntegrationTestsContext: "assert not os.environ.get('CERTBOT_DOMAIN').startswith('fail'); " "data = {{'host':'_acme-challenge.{{0}}.'.format(os.environ.get('CERTBOT_DOMAIN'))," "'value':os.environ.get('CERTBOT_VALIDATION')}}; " - "request = requests.post('http://localhost:{1}/set-txt', data=json.dumps(data)); " + "request = requests.post('{1}/set-txt', data=json.dumps(data)); " "request.raise_for_status(); " '"' - ).format(sys.executable, self.challtestsrv_port) + ).format(sys.executable, self.challtestsrv_url) self.manual_dns_cleanup_hook = ( '{0} -c "import os; import requests; import json; ' "data = {{'host':'_acme-challenge.{{0}}.'.format(os.environ.get('CERTBOT_DOMAIN'))}}; " - "request = requests.post('http://localhost:{1}/clear-txt', data=json.dumps(data)); " + "request = requests.post('{1}/clear-txt', data=json.dumps(data)); " "request.raise_for_status(); " '"' - ).format(sys.executable, self.challtestsrv_port) + ).format(sys.executable, self.challtestsrv_url) def cleanup(self) -> None: """Cleanup the integration test context.""" diff --git a/certbot-ci/certbot_integration_tests/utils/acme_server.py b/certbot-ci/certbot_integration_tests/utils/acme_server.py index 00e895656..9e56e3036 100755 --- a/certbot-ci/certbot_integration_tests/utils/acme_server.py +++ b/certbot-ci/certbot_integration_tests/utils/acme_server.py @@ -122,14 +122,16 @@ class ACMEServer: def _construct_acme_xdist(self, acme_server: str, nodes: List[str]) -> None: """Generate and return the acme_xdist dict""" - acme_xdist = {'acme_server': acme_server, 'challtestsrv_port': CHALLTESTSRV_PORT} + acme_xdist: Dict[str, Any] = {'acme_server': acme_server} # Directory and ACME port are set implicitly in the docker-compose.yml # files of Boulder/Pebble. if acme_server == 'pebble': acme_xdist['directory_url'] = PEBBLE_DIRECTORY_URL + acme_xdist['challtestsrv_url'] = PEBBLE_CHALLTESTSRV_URL else: # boulder acme_xdist['directory_url'] = BOULDER_V2_DIRECTORY_URL + acme_xdist['challtestsrv_url'] = BOULDER_V2_CHALLTESTSRV_URL acme_xdist['http_port'] = { node: port for (node, port) in # pylint: disable=unnecessary-comprehension @@ -182,7 +184,7 @@ class ACMEServer: # Wait for the ACME CA server to be up. print('=> Waiting for pebble instance to respond...') - misc.check_until_timeout(self.acme_xdist['directory_url']) # type: ignore[arg-type] + misc.check_until_timeout(self.acme_xdist['directory_url']) print('=> Finished pebble instance deployment.') @@ -216,12 +218,13 @@ class ACMEServer: # Wait for the ACME CA server to be up. print('=> Waiting for boulder instance to respond...') misc.check_until_timeout( - self.acme_xdist['directory_url'], attempts=300) # type: ignore[arg-type] + self.acme_xdist['directory_url'], attempts=300) if not self._dns_server: # Configure challtestsrv to answer any A record request with ip of the docker host. - response = requests.post('http://localhost:{0}/set-default-ipv4'.format( - CHALLTESTSRV_PORT), json={'ip': '10.77.77.1'} + response = requests.post( + f'{BOULDER_V2_CHALLTESTSRV_URL}/set-default-ipv4', + json={'ip': '10.77.77.1'} ) response.raise_for_status() except BaseException: diff --git a/certbot-ci/certbot_integration_tests/utils/constants.py b/certbot-ci/certbot_integration_tests/utils/constants.py index dd41d670e..a788881ef 100644 --- a/certbot-ci/certbot_integration_tests/utils/constants.py +++ b/certbot-ci/certbot_integration_tests/utils/constants.py @@ -2,8 +2,10 @@ DEFAULT_HTTP_01_PORT = 5002 TLS_ALPN_01_PORT = 5001 CHALLTESTSRV_PORT = 8055 +BOULDER_V2_CHALLTESTSRV_URL = f'http://10.77.77.77:{CHALLTESTSRV_PORT}' BOULDER_V2_DIRECTORY_URL = 'http://localhost:4001/directory' PEBBLE_DIRECTORY_URL = 'https://localhost:14000/dir' PEBBLE_MANAGEMENT_URL = 'https://localhost:15000' +PEBBLE_CHALLTESTSRV_URL = f'http://localhost:{CHALLTESTSRV_PORT}' MOCK_OCSP_SERVER_PORT = 4002 PEBBLE_ALTERNATE_ROOTS = 2 -- cgit v1.2.3