Skip to content

Commit 2a22999

Browse files
GUIGUI
committed
Shift expiry specs to their own file.
1 parent 90427ac commit 2a22999

File tree

2 files changed

+154
-145
lines changed

2 files changed

+154
-145
lines changed

spec/expiry_spec.lua

Lines changed: 154 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,154 @@
1+
local cjson = require "cjson.safe"
2+
local file = require "pl.file"
3+
local http = require "resty.http"
4+
local server = require "spec.support.server"
5+
local shell_blocking = require "shell-games"
6+
7+
describe("expiry", function()
8+
before_each(server.stop)
9+
after_each(server.stop)
10+
11+
it("fills in missing expiry dates in storage from certificate expiration on renewal", function()
12+
server.start({
13+
auto_ssl_pre_new = [[
14+
options["renew_check_interval"] = 1
15+
]],
16+
})
17+
18+
local httpc = http.new()
19+
local _, connect_err = httpc:connect("127.0.0.1", 9443)
20+
assert.equal(nil, connect_err)
21+
22+
local _, ssl_err = httpc:ssl_handshake(nil, server.ngrok_hostname, true)
23+
assert.equal(nil, ssl_err)
24+
25+
local res, request_err = httpc:request({ path = "/foo" })
26+
assert.equal(nil, request_err)
27+
assert.equal(200, res.status)
28+
29+
local body, body_err = res:read_body()
30+
assert.equal(nil, body_err)
31+
assert.equal("foo", body)
32+
33+
local error_log = server.nginx_error_log_tail:read()
34+
assert.matches("issuing new certificate for", error_log, nil, true)
35+
36+
local cert_path = server.current_test_dir .. "/auto-ssl/storage/file/" .. ngx.escape_uri(server.ngrok_hostname .. ":latest")
37+
local content = assert(file.read(cert_path))
38+
assert.string(content)
39+
local data = assert(cjson.decode(content))
40+
local original_expiry = data["expiry"]
41+
assert.number(data["expiry"])
42+
43+
-- Unset the expiration time.
44+
data["expiry"] = nil
45+
assert.Nil(data["expiry"])
46+
47+
assert(file.write(cert_path, assert(cjson.encode(data))))
48+
49+
-- Wait for scheduled renewals to happen.
50+
ngx.sleep(3)
51+
52+
error_log = server.nginx_error_log_tail:read()
53+
assert.matches("auto-ssl: checking certificate renewals for " .. server.ngrok_hostname, error_log, nil, true)
54+
assert.matches("auto-ssl: setting expiration date of " .. server.ngrok_hostname, error_log, nil, true)
55+
assert.matches("auto-ssl: expiry date is more than 30 days out, skipping renewal: " .. server.ngrok_hostname, error_log, nil, true)
56+
57+
content = assert(file.read(cert_path))
58+
assert.string(content)
59+
data = assert(cjson.decode(content))
60+
assert.number(data["expiry"])
61+
assert.equal(original_expiry, data["expiry"])
62+
63+
error_log = server.read_error_log()
64+
assert.Not.matches("[warn]", error_log, nil, true)
65+
assert.Not.matches("[error]", error_log, nil, true)
66+
assert.Not.matches("[alert]", error_log, nil, true)
67+
assert.Not.matches("[emerg]", error_log, nil, true)
68+
end)
69+
70+
it("removes cert if expiration has expired and renewal fails", function()
71+
server.start({
72+
auto_ssl_pre_new = [[
73+
options["renew_check_interval"] = 1
74+
]],
75+
})
76+
77+
local httpc = http.new()
78+
local _, connect_err = httpc:connect("127.0.0.1", 9443)
79+
assert.equal(nil, connect_err)
80+
81+
local _, ssl_err = httpc:ssl_handshake(nil, server.ngrok_hostname, true)
82+
assert.equal(nil, ssl_err)
83+
84+
local res, request_err = httpc:request({ path = "/foo" })
85+
assert.equal(nil, request_err)
86+
assert.equal(200, res.status)
87+
88+
local body, body_err = res:read_body()
89+
assert.equal(nil, body_err)
90+
assert.equal("foo", body)
91+
92+
local error_log = server.nginx_error_log_tail:read()
93+
assert.matches("issuing new certificate for", error_log, nil, true)
94+
95+
local cert_path = server.current_test_dir .. "/auto-ssl/storage/file/" .. ngx.escape_uri(server.ngrok_hostname .. ":latest")
96+
local content = assert(file.read(cert_path))
97+
assert.string(content)
98+
local data = assert(cjson.decode(content))
99+
assert.number(data["expiry"])
100+
101+
-- Set the expiration time to some time in the past.
102+
data["expiry"] = 1000
103+
104+
assert(file.write(cert_path, assert(cjson.encode(data))))
105+
106+
-- Wait for scheduled renewals to happen.
107+
ngx.sleep(3)
108+
109+
error_log = server.nginx_error_log_tail:read()
110+
assert.matches("auto-ssl: checking certificate renewals for " .. server.ngrok_hostname, error_log, nil, true)
111+
assert.matches("Skipping renew!", error_log, nil, true)
112+
113+
-- Since this cert renewal is still valid, it should still remain despite
114+
-- being marked as expired.
115+
content = assert(file.read(cert_path))
116+
assert.string(content)
117+
data = assert(cjson.decode(content))
118+
assert.number(data["expiry"])
119+
120+
-- Copy the cert to an unresolvable domain to verify that failed renewals
121+
-- will be removed.
122+
local unresolvable_cert_path = server.current_test_dir .. "/auto-ssl/storage/file/" .. ngx.escape_uri("unresolvable-sdjfklsdjf.example:latest")
123+
local _, cp_err = shell_blocking.capture_combined({ "cp", "-p", cert_path, unresolvable_cert_path })
124+
assert.equal(nil, cp_err)
125+
126+
-- Wait for scheduled renewals to happen.
127+
ngx.sleep(5)
128+
129+
error_log = server.nginx_error_log_tail:read()
130+
assert.matches("auto-ssl: checking certificate renewals for " .. server.ngrok_hostname, error_log, nil, true)
131+
assert.matches("Skipping renew!", error_log, nil, true)
132+
assert.matches("auto-ssl: checking certificate renewals for unresolvable-sdjfklsdjf.example", error_log, nil, true)
133+
assert.matches("Ignoring because renew was forced!", error_log, nil, true)
134+
assert.matches("Name does not end in a public suffix", error_log, nil, true)
135+
assert.matches("auto-ssl: issuing renewal certificate failed: dehydrated failure", error_log, nil, true)
136+
assert.matches("auto-ssl: existing certificate is expired, deleting: unresolvable-sdjfklsdjf.example", error_log, nil, true)
137+
138+
-- Verify that the valid cert still remains (despite being marked as
139+
-- expired).
140+
content = assert(file.read(cert_path))
141+
assert.string(content)
142+
data = assert(cjson.decode(content))
143+
assert.number(data["expiry"])
144+
145+
-- Verify that the failed renewal gets deleted.
146+
local file_content, file_err = file.read(unresolvable_cert_path)
147+
assert.equal(nil, file_content)
148+
assert.matches("No such file or directory", file_err, nil, true)
149+
150+
error_log = server.read_error_log()
151+
assert.Not.matches("[alert]", error_log, nil, true)
152+
assert.Not.matches("[emerg]", error_log, nil, true)
153+
end)
154+
end)

spec/renewal_spec.lua

Lines changed: 0 additions & 145 deletions
Original file line numberDiff line numberDiff line change
@@ -2,156 +2,11 @@ local cjson = require "cjson.safe"
22
local file = require "pl.file"
33
local http = require "resty.http"
44
local server = require "spec.support.server"
5-
local shell_blocking = require "shell-games"
65

76
describe("renewal", function()
87
before_each(server.stop)
98
after_each(server.stop)
109

11-
it("fills in missing expiry dates in storage from certificate expiration on renewal", function()
12-
server.start({
13-
auto_ssl_pre_new = [[
14-
options["renew_check_interval"] = 1
15-
]],
16-
})
17-
18-
local httpc = http.new()
19-
local _, connect_err = httpc:connect("127.0.0.1", 9443)
20-
assert.equal(nil, connect_err)
21-
22-
local _, ssl_err = httpc:ssl_handshake(nil, server.ngrok_hostname, true)
23-
assert.equal(nil, ssl_err)
24-
25-
local res, request_err = httpc:request({ path = "/foo" })
26-
assert.equal(nil, request_err)
27-
assert.equal(200, res.status)
28-
29-
local body, body_err = res:read_body()
30-
assert.equal(nil, body_err)
31-
assert.equal("foo", body)
32-
33-
local error_log = server.nginx_error_log_tail:read()
34-
assert.matches("issuing new certificate for", error_log, nil, true)
35-
36-
local cert_path = server.current_test_dir .. "/auto-ssl/storage/file/" .. ngx.escape_uri(server.ngrok_hostname .. ":latest")
37-
local content = assert(file.read(cert_path))
38-
assert.string(content)
39-
local data = assert(cjson.decode(content))
40-
local original_expiry = data["expiry"]
41-
assert.number(data["expiry"])
42-
43-
-- Unset the expiration time.
44-
data["expiry"] = nil
45-
assert.Nil(data["expiry"])
46-
47-
assert(file.write(cert_path, assert(cjson.encode(data))))
48-
49-
-- Wait for scheduled renewals to happen.
50-
ngx.sleep(3)
51-
52-
error_log = server.nginx_error_log_tail:read()
53-
assert.matches("auto-ssl: checking certificate renewals for " .. server.ngrok_hostname, error_log, nil, true)
54-
assert.matches("auto-ssl: setting expiration date of " .. server.ngrok_hostname, error_log, nil, true)
55-
assert.matches("auto-ssl: expiry date is more than 30 days out, skipping renewal: " .. server.ngrok_hostname, error_log, nil, true)
56-
57-
content = assert(file.read(cert_path))
58-
assert.string(content)
59-
data = assert(cjson.decode(content))
60-
assert.number(data["expiry"])
61-
assert.equal(original_expiry, data["expiry"])
62-
63-
error_log = server.read_error_log()
64-
assert.Not.matches("[warn]", error_log, nil, true)
65-
assert.Not.matches("[error]", error_log, nil, true)
66-
assert.Not.matches("[alert]", error_log, nil, true)
67-
assert.Not.matches("[emerg]", error_log, nil, true)
68-
end)
69-
70-
it("removes cert if expiration has expired and renewal fails", function()
71-
server.start({
72-
auto_ssl_pre_new = [[
73-
options["renew_check_interval"] = 1
74-
]],
75-
})
76-
77-
local httpc = http.new()
78-
local _, connect_err = httpc:connect("127.0.0.1", 9443)
79-
assert.equal(nil, connect_err)
80-
81-
local _, ssl_err = httpc:ssl_handshake(nil, server.ngrok_hostname, true)
82-
assert.equal(nil, ssl_err)
83-
84-
local res, request_err = httpc:request({ path = "/foo" })
85-
assert.equal(nil, request_err)
86-
assert.equal(200, res.status)
87-
88-
local body, body_err = res:read_body()
89-
assert.equal(nil, body_err)
90-
assert.equal("foo", body)
91-
92-
local error_log = server.nginx_error_log_tail:read()
93-
assert.matches("issuing new certificate for", error_log, nil, true)
94-
95-
local cert_path = server.current_test_dir .. "/auto-ssl/storage/file/" .. ngx.escape_uri(server.ngrok_hostname .. ":latest")
96-
local content = assert(file.read(cert_path))
97-
assert.string(content)
98-
local data = assert(cjson.decode(content))
99-
assert.number(data["expiry"])
100-
101-
-- Set the expiration time to some time in the past.
102-
data["expiry"] = 1000
103-
104-
assert(file.write(cert_path, assert(cjson.encode(data))))
105-
106-
-- Wait for scheduled renewals to happen.
107-
ngx.sleep(3)
108-
109-
error_log = server.nginx_error_log_tail:read()
110-
assert.matches("auto-ssl: checking certificate renewals for " .. server.ngrok_hostname, error_log, nil, true)
111-
assert.matches("Skipping renew!", error_log, nil, true)
112-
113-
-- Since this cert renewal is still valid, it should still remain despite
114-
-- being marked as expired.
115-
content = assert(file.read(cert_path))
116-
assert.string(content)
117-
data = assert(cjson.decode(content))
118-
assert.number(data["expiry"])
119-
120-
-- Copy the cert to an unresolvable domain to verify that failed renewals
121-
-- will be removed.
122-
local unresolvable_cert_path = server.current_test_dir .. "/auto-ssl/storage/file/" .. ngx.escape_uri("unresolvable-sdjfklsdjf.example:latest")
123-
local _, cp_err = shell_blocking.capture_combined({ "cp", "-p", cert_path, unresolvable_cert_path })
124-
assert.equal(nil, cp_err)
125-
126-
-- Wait for scheduled renewals to happen.
127-
ngx.sleep(5)
128-
129-
error_log = server.nginx_error_log_tail:read()
130-
assert.matches("auto-ssl: checking certificate renewals for " .. server.ngrok_hostname, error_log, nil, true)
131-
assert.matches("Skipping renew!", error_log, nil, true)
132-
assert.matches("auto-ssl: checking certificate renewals for unresolvable-sdjfklsdjf.example", error_log, nil, true)
133-
assert.matches("Ignoring because renew was forced!", error_log, nil, true)
134-
assert.matches("Name does not end in a public suffix", error_log, nil, true)
135-
assert.matches("auto-ssl: issuing renewal certificate failed: dehydrated failure", error_log, nil, true)
136-
assert.matches("auto-ssl: existing certificate is expired, deleting: unresolvable-sdjfklsdjf.example", error_log, nil, true)
137-
138-
-- Verify that the valid cert still remains (despite being marked as
139-
-- expired).
140-
content = assert(file.read(cert_path))
141-
assert.string(content)
142-
data = assert(cjson.decode(content))
143-
assert.number(data["expiry"])
144-
145-
-- Verify that the failed renewal gets deleted.
146-
local file_content, file_err = file.read(unresolvable_cert_path)
147-
assert.equal(nil, file_content)
148-
assert.matches("No such file or directory", file_err, nil, true)
149-
150-
error_log = server.read_error_log()
151-
assert.Not.matches("[alert]", error_log, nil, true)
152-
assert.Not.matches("[emerg]", error_log, nil, true)
153-
end)
154-
15510
it("calls the allow_domain callback on renewals", function()
15611
server.start({
15712
auto_ssl_pre_new = [[

0 commit comments

Comments
 (0)