IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

acme: add certbot dns-01 test

Browse Source 
Add a test for the dns-01 challenge using Certbot.  This test uses
the new hook scripts distributed in the freeipa-client package.

Part of: https://pagure.io/freeipa/issue/4751

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Fraser Tweedale 2020-06-25 15:00:03 +10:00 committed by Rob Crittenden
parent a83eaa8b6d
commit 678b8e682b
1 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
ipatests/test_integration/test_acme.py
View File

@ -23,6 +23,8 @@ skip_certbot_tests = osinfo.id not in ['fedora',]
# RHEL version has the patches. # RHEL version has the patches.
skip_mod_md_tests = osinfo.id not in ['rhel',] skip_mod_md_tests = osinfo.id not in ['rhel',]
CERTBOT_DNS_IPA_SCRIPT = '/usr/libexec/ipa/acme/certbot-dns-ipa'
class TestACME(IntegrationTest): class TestACME(IntegrationTest):
""" """
@ -32,14 +34,12 @@ class TestACME(IntegrationTest):
* service enable/disable (using Curl) * service enable/disable (using Curl)
* http-01 challenge with Certbot's standalone HTTP server * http-01 challenge with Certbot's standalone HTTP server
* dns-01 challenge with Certbot and FreeIPA DNS via hook scripts
* revocation with Certbot * revocation with Certbot
* http-01 challenge with mod_md * http-01 challenge with mod_md
Tests we should add: Tests we should add:
* dns-01 challenge with Certbot and FreeIPA DNS
(see https://frasertweedale.github.io
/blog-redhat/posts/2020-05-13-ipa-acme-dns.html for details.)
* dns-01 challenge with mod_md (see * dns-01 challenge with mod_md (see
https://httpd.apache.org/docs/current/mod/mod_md.html#mdchallengedns01) https://httpd.apache.org/docs/current/mod/mod_md.html#mdchallengedns01)
@ -169,6 +169,26 @@ class TestACME(IntegrationTest):
) )
assert 'revocation_reason:' in result.stdout_text assert 'revocation_reason:' in result.stdout_text
@pytest.mark.skipif(skip_certbot_tests, reason='certbot not available')
def test_certbot_dns(self):
# Assume previous revoke operation succeeded and cert was deleted.
# We can now request a new certificate.
# Get a cert from ACME service using dns-01 challenge and Certbot's
# standalone HTTP server mode
self.clients[0].run_command([
'certbot',
'--server', self.acme_server,
'certonly',
'--non-interactive',
'--domain', self.clients[0].hostname,
'--preferred-challenges', 'dns',
'--manual',
'--manual-public-ip-logging-ok',
'--manual-auth-hook', CERTBOT_DNS_IPA_SCRIPT,
'--manual-cleanup-hook', CERTBOT_DNS_IPA_SCRIPT,
])
############## ##############
# mod_md tests # mod_md tests
############## ##############