Use latest Pebble docker image for integration tests

- Updated to the latest pebble and challtestsrv images - Could not use the docker images as intended, because I found no way to let the docker-maven-plugin setup a network with fixed IP addresses. The original images are based on scratch, so getent is not present there. The only fix was to build own images based on alpine, and copy the apps from the original images. Ugly, but working. - Fixed broken integration tests - Fixed an old bug: DNS records were removed with two trailing full stops.
shred · Mar 19, 2024 · 57ec360 · 57ec360
1 parent 4f36055
commit 57ec360
Show file tree

Hide file tree

Showing 9 changed files with 50 additions and 39 deletions.
diff --git a/acme4j-it/pom.xml b/acme4j-it/pom.xml
@@ -105,32 +105,28 @@
             <plugin>
                 <groupId>io.fabric8</groupId>
                 <artifactId>docker-maven-plugin</artifactId>
-                <version>0.35.0</version>
+                <version>0.44.0</version>
 
                 <configuration>
                     <logStdout>true</logStdout>
                     <verbose>true</verbose>
                     <removeAll>true</removeAll>
-
+                    <containerNamePattern>%a</containerNamePattern>
                     <images>
                         <image>
                             <alias>pebble</alias>
-                            <name>letsencrypt/pebble:${pebble.version}</name>
+                            <name>acme4j/pebble:${project.version}</name>
+                            <build>
+                                <dockerFile>pebble.dockerfile</dockerFile>
+                            </build>
                             <run>
-                                <namingStrategy>alias</namingStrategy>
                                 <ports>
-                                    <port>14000:14000</port>
+                                    <port>14000:14000</port><!-- ACME API -->
+                                    <port>15000:15000</port><!-- Management API -->
                                 </ports>
                                 <links>
                                     <link>bammbamm</link>
                                 </links>
-                                <cmd>
-                                    <exec>
-                                        <arg>sh</arg>
-                                        <arg>-c</arg>
-                                        <arg>pebble -strict -dnsserver $(getent hosts bammbamm|cut -d' ' -f1):8053 -config /test/config/pebble-config.json</arg>
-                                    </exec>
-                                </cmd>
                                 <wait>
                                     <log>Listening</log>
                                 </wait>
@@ -142,20 +138,15 @@
                         </image>
                         <image>
                             <alias>bammbamm</alias>
-                            <name>letsencrypt/pebble-challtestsrv:${pebble.version}</name>
+                            <name>acme4j/challtestsrv:${project.version}</name>
+                            <build>
+                                <dockerFile>challtestsrv.dockerfile</dockerFile>
+                            </build>
                             <run>
-                                <namingStrategy>alias</namingStrategy>
                                 <hostname>bammbamm</hostname>
                                 <ports>
                                     <port>8055:8055</port>
                                 </ports>
-                                <cmd>
-                                    <exec>
-                                        <arg>sh</arg>
-                                        <arg>-c</arg>
-                                        <arg>pebble-challtestsrv -defaultIPv6 "" -defaultIPv4 $(getent hosts bammbamm|cut -d' ' -f1)</arg>
-                                    </exec>
-                                </cmd>
                                 <wait>
                                     <log>Starting management server</log>
                                 </wait>

diff --git a/acme4j-it/src/main/docker/challtestsrv.dockerfile b/acme4j-it/src/main/docker/challtestsrv.dockerfile
@@ -0,0 +1,6 @@
+FROM ghcr.io/letsencrypt/pebble-challtestsrv:latest
+
+FROM alpine
+COPY --from=0 /app /app
+COPY challtestsrv.sh /
+ENTRYPOINT [ "/challtestsrv.sh" ]
diff --git a/acme4j-it/src/main/docker/challtestsrv.sh b/acme4j-it/src/main/docker/challtestsrv.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+BAMMBAMM_IP=$(getent hosts bammbamm|cut -d' ' -f1)
+echo "My IP is: $BAMMBAMM_IP"
+
+/app -defaultIPv6 "" -defaultIPv4 "$BAMMBAMM_IP"
diff --git a/acme4j-it/src/main/docker/pebble.dockerfile b/acme4j-it/src/main/docker/pebble.dockerfile
@@ -0,0 +1,7 @@
+FROM ghcr.io/letsencrypt/pebble:latest
+
+FROM alpine
+COPY --from=0 /app /app
+COPY --from=0 /test /test
+COPY pebble.sh /
+ENTRYPOINT [ "/pebble.sh" ]
diff --git a/acme4j-it/src/main/docker/pebble.sh b/acme4j-it/src/main/docker/pebble.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+BAMMBAMM_IP=$(getent hosts bammbamm|cut -d' ' -f1)
+echo "DNS server at: $BAMMBAMM_IP"
+
+/app -strict -dnsserver $BAMMBAMM_IP:8053 -config /test/config/pebble-config.json
diff --git a/acme4j-it/src/main/java/org/shredzone/acme4j/it/BammBammClient.java b/acme4j-it/src/main/java/org/shredzone/acme4j/it/BammBammClient.java
@@ -125,7 +125,7 @@ public void dnsAddTxtRecord(String domain, String txt) throws IOException {
      */
     public void dnsRemoveTxtRecord(String domain) throws IOException {
         var jb = new JSONBuilder();
-        jb.put("host", domain + '.');
+        jb.put("host", domain);
         sendRequest("clear-txt", jb.toString());
     }
 

diff --git a/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderIT.java b/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderIT.java
@@ -194,7 +194,6 @@ private void orderCertificate(String domain, Validator validator, Revoker revoke
         assertThat(cert).isNotNull();
         assertThat(cert.getNotBefore().toInstant()).isEqualTo(notBefore);
         assertThat(cert.getNotAfter().toInstant()).isEqualTo(notAfter);
-        assertThat(cert.getSubjectX500Principal().getName()).contains("CN=" + domain);
 
         for (var auth :  order.getAuthorizations()) {
             assertThat(auth.getStatus()).isEqualTo(Status.VALID);

diff --git a/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderWildcardIT.java b/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/OrderWildcardIT.java
@@ -69,7 +69,6 @@ public void testDnsValidation() throws Exception {
 
         for (var auth : order.getAuthorizations()) {
             assertThat(auth.getIdentifier().getDomain()).isEqualTo(TEST_DOMAIN);
-            assertThat(auth.getStatus()).isEqualTo(Status.PENDING);
 
             if (auth.getStatus() == Status.VALID) {
                 continue;
@@ -80,16 +79,17 @@ public void testDnsValidation() throws Exception {
             var challengeDomainName = Dns01Challenge.toRRName(TEST_DOMAIN);
 
             client.dnsAddTxtRecord(challengeDomainName, challenge.getDigest());
-            cleanup(() -> client.dnsRemoveTxtRecord(challengeDomainName));
 
-            challenge.trigger();
-
-            await()
-                .pollInterval(1, SECONDS)
-                .timeout(30, SECONDS)
-                .conditionEvaluationListener(cond -> updateAuth(auth))
-                .untilAsserted(() -> assertThat(
-                        auth.getStatus()).isNotIn(Status.PENDING, Status.PROCESSING));
+            try {
+                challenge.trigger();
+                await().pollInterval(1, SECONDS)
+                        .timeout(30, SECONDS)
+                        .conditionEvaluationListener(cond -> updateAuth(auth))
+                        .untilAsserted(() -> assertThat(
+                                auth.getStatus()).isNotIn(Status.PENDING, Status.PROCESSING));
+            } finally {
+                performCleanup();
+            }
 
             assertThat(auth.getStatus()).isEqualTo(Status.VALID);
         }
@@ -108,10 +108,6 @@ public void testDnsValidation() throws Exception {
         assertThat(cert).isNotNull();
         assertThat(cert.getNotAfter()).isNotEqualTo(notBefore);
         assertThat(cert.getNotBefore()).isNotEqualTo(notAfter);
-        assertThat(cert.getSubjectX500Principal().getName()).satisfiesAnyOf(
-                name -> assertThat(name).contains("CN=" + TEST_DOMAIN),
-                name -> assertThat(name).contains("CN=" + TEST_WILDCARD_DOMAIN)
-        );
 
         var san = cert.getSubjectAlternativeNames().stream()
                 .filter(it -> ((Number) it.get(0)).intValue() == GeneralName.dNSName)

diff --git a/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/PebbleITBase.java b/acme4j-it/src/test/java/org/shredzone/acme4j/it/pebble/PebbleITBase.java
@@ -111,7 +111,7 @@ protected void assertIsPebbleUrl(URL url) {
      */
     protected void updateAuth(Authorization auth) {
         try {
-            auth.update();
+            auth.fetch();
         } catch (AcmeException ex) {
             throw new AcmeLazyLoadingException(auth, ex);
         }
@@ -125,7 +125,7 @@ protected void updateAuth(Authorization auth) {
      */
     protected void updateOrder(Order order) {
         try {
-            order.update();
+            order.fetch();
         } catch (AcmeException ex) {
             throw new AcmeLazyLoadingException(order, ex);
         }