Improve integration test

letsencrypt · Nov 7, 2023 · a21e729 · a21e729
1 parent ccf81f8
commit a21e729
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 8 deletions.
diff --git a/test/integration/crl_test.go b/test/integration/crl_test.go
@@ -4,6 +4,8 @@ package integration
 
 import (
 	"database/sql"
+	"encoding/json"
+	"fmt"
 	"io"
 	"net/http"
 	"os"
@@ -16,6 +18,7 @@ import (
 
 	"github.com/jmhodges/clock"
 	"github.com/letsencrypt/boulder/core"
+	"github.com/letsencrypt/boulder/revocation"
 	"github.com/letsencrypt/boulder/test"
 	"github.com/letsencrypt/boulder/test/vars"
 )
@@ -83,9 +86,26 @@ func TestCRLPipeline(t *testing.T) {
 	test.AssertNotError(t, err, "s3-test-srv GET /query failed")
 	test.AssertEquals(t, resp.StatusCode, 200)
 
-	// Confirm that the revoked certificate entry has the correct reason.
-	reason, err := io.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	test.AssertNotError(t, err, "reading revocation reason")
-	test.AssertEquals(t, string(reason), "5")
 	resp.Body.Close()
+
+	var metadata struct {
+		Reason revocation.Reason
+		Shard  string
+	}
+	json.Unmarshal(body, &metadata)
+
+	// Confirm that the revoked certificate entry has the correct reason.
+	test.AssertEquals(t, metadata.Reason, revocation.Reason(5))
+
+	if strings.Contains(os.Getenv("BOULDER_CONFIG_DIR"), "test/config-next") {
+		// Confirm that the shard index in the new revokedCertificates table matches
+		// the shard we actually put the revocation entry in.
+		row := db.QueryRow(`SELECT shardIdx FROM revokedCertificates WHERE serial = ?`, serial)
+		var shard int
+		err = row.Scan(&shard)
+		test.AssertNotError(t, err, "reading shardIdx from db")
+		test.Assert(t, strings.HasSuffix(metadata.Shard, fmt.Sprintf("/%d.crl", shard)), "shard mismatch")
+	}
 }
diff --git a/test/s3-test-srv/main.go b/test/s3-test-srv/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"crypto/x509"
+	"encoding/json"
 	"flag"
 	"fmt"
 	"io"
@@ -15,9 +16,14 @@ import (
 	"github.com/letsencrypt/boulder/revocation"
 )
 
+type revocationMetadata struct {
+	Reason revocation.Reason
+	Shard  string
+}
+
 type s3TestSrv struct {
 	sync.RWMutex
-	allSerials map[string]revocation.Reason
+	allSerials map[string]revocationMetadata
 	allShards  map[string][]byte
 }
 
@@ -50,7 +56,10 @@ func (srv *s3TestSrv) handleUpload(w http.ResponseWriter, r *http.Request) {
 	defer srv.Unlock()
 	srv.allShards[r.URL.Path] = body
 	for _, rc := range crl.RevokedCertificateEntries {
-		srv.allSerials[core.SerialToString(rc.SerialNumber)] = revocation.Reason(rc.ReasonCode)
+		srv.allSerials[core.SerialToString(rc.SerialNumber)] = revocationMetadata{
+			Reason: revocation.Reason(rc.ReasonCode),
+			Shard:  r.URL.Path,
+		}
 	}
 
 	w.WriteHeader(200)
@@ -81,22 +90,28 @@ func (srv *s3TestSrv) handleQuery(w http.ResponseWriter, r *http.Request) {
 
 	srv.RLock()
 	defer srv.RUnlock()
-	reason, ok := srv.allSerials[serial]
+	metadata, ok := srv.allSerials[serial]
 	if !ok {
 		w.WriteHeader(404)
 		return
 	}
 
+	body, err := json.Marshal(metadata)
+	if err != nil {
+		w.WriteHeader(500)
+		return
+	}
+
 	w.WriteHeader(200)
-	w.Write([]byte(fmt.Sprintf("%d", reason)))
+	w.Write([]byte(body))
 }
 
 func main() {
 	listenAddr := flag.String("listen", "0.0.0.0:7890", "Address to listen on")
 	flag.Parse()
 
 	srv := s3TestSrv{
-		allSerials: make(map[string]revocation.Reason),
+		allSerials: make(map[string]revocationMetadata),
 		allShards:  make(map[string][]byte),
 	}