qbit/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

acme: fix test after fc35704bc8

Browse Source
This commit is contained in:
r-vdp 2024-08-12 14:04:09 +02:00
parent 2d8b5bc8b3
commit f09a62f122
No known key found for this signature in database
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
nixos/tests/acme.nix
View File

@ -124,7 +124,7 @@
};
# Test that server reloads when an alias is removed (and subsequently test removal works in acme)
"${server}-remove-alias".configuration = { nodes, config, ... }: baseConfig {
"${server}_remove_alias".configuration = { nodes, config, ... }: baseConfig {
inherit nodes config;
specialConfig = {
# Remove an alias, but create a standalone vhost in its place for testing.
@ -140,7 +140,7 @@
};
# Test that the server reloads when only the acme configuration is changed.
"${server}-change-acme-conf".configuration = { nodes, config, ... }: baseConfig {
"${server}_change_acme_conf".configuration = { nodes, config, ... }: baseConfig {
inherit nodes config;
specialConfig = {
security.acme.certs."${server}-http.example.test" = {
@ -251,7 +251,7 @@ in {
];
# Test OCSP Stapling
ocsp-stapling.configuration = { ... }: lib.mkMerge [
ocsp_stapling.configuration = { ... }: lib.mkMerge [
webserverBasicConfig
{
security.acme.certs."a.example.test".ocspMustStaple = true;
@ -266,7 +266,7 @@ in {
# Validate service relationships by adding a slow start service to nginx' wants.
# Reproducer for https://github.com/NixOS/nixpkgs/issues/81842
slow-startup.configuration = { ... }: lib.mkMerge [
slow_startup.configuration = { ... }: lib.mkMerge [
webserverBasicConfig
{
systemd.services.my-slow-service = {
@ -284,7 +284,7 @@ in {
}
];
concurrency-limit.configuration = {pkgs, ...}: lib.mkMerge [
concurrency_limit.configuration = {pkgs, ...}: lib.mkMerge [
webserverBasicConfig {
security.acme.maxConcurrentRenewals = 1;
@ -317,7 +317,7 @@ in {
# Test lego internal server (listenHTTP option)
# Also tests useRoot option
lego-server.configuration = { ... }: {
lego_server.configuration = { ... }: {
security.acme.useRoot = true;
security.acme.certs."lego.example.test" = {
listenHTTP = ":80";
@ -358,7 +358,7 @@ in {
caddy.configuration = baseCaddyConfig;
# Test that the server reloads when only the acme configuration is changed.
"caddy-change-acme-conf".configuration = { nodes, config, ... }: lib.mkMerge [
"caddy_change_acme_conf".configuration = { nodes, config, ... }: lib.mkMerge [
(baseCaddyConfig {
inherit nodes config;
})
@ -629,12 +629,12 @@ in {
webserver.succeed("systemctl start nginx-config-reload.service")
with subtest("Correctly implements OCSP stapling"):
switch_to(webserver, "ocsp-stapling")
switch_to(webserver, "ocsp_stapling")
webserver.wait_for_unit("acme-finished-a.example.test.target")
check_stapling(client, "a.example.test")
with subtest("Can request certificate with HTTP-01 using lego's internal web server"):
switch_to(webserver, "lego-server")
switch_to(webserver, "lego_server")
webserver.wait_for_unit("acme-finished-lego.example.test.target")
webserver.wait_for_unit("nginx.service")
webserver.succeed("echo HENLO && systemctl cat nginx.service")
@ -644,14 +644,14 @@ in {
with subtest("Can request certificate with HTTP-01 when nginx startup is delayed"):
webserver.execute("systemctl stop nginx")
switch_to(webserver, "slow-startup")
switch_to(webserver, "slow_startup")
webserver.wait_for_unit("acme-finished-slow.example.test.target")
check_issuer(webserver, "slow.example.test", "pebble")
webserver.wait_for_unit("nginx.service")
check_connection(client, "slow.example.test")
with subtest("Can limit concurrency of running renewals"):
switch_to(webserver, "concurrency-limit")
switch_to(webserver, "concurrency_limit")
webserver.wait_for_unit("acme-finished-f.example.test.target")
webserver.wait_for_unit("acme-finished-g.example.test.target")
webserver.wait_for_unit("acme-finished-h.example.test.target")
@ -669,7 +669,7 @@ in {
check_connection(client, "a.example.test")
with subtest("security.acme changes reflect on caddy"):
switch_to(webserver, "caddy-change-acme-conf")
switch_to(webserver, "caddy_change_acme_conf")
webserver.wait_for_unit("acme-finished-example.test.target")
webserver.wait_for_unit("caddy.service")
# FIXME reloading caddy is not sufficient to load new certs.
@ -721,7 +721,7 @@ in {
with subtest("Can remove an alias from a domain + cert is updated"):
test_alias = f"{server}-{domains[0]}-alias.example.test"
switch_to(webserver, f"{server}-remove-alias")
switch_to(webserver, f"{server}_remove_alias")
webserver.wait_for_unit(f"acme-finished-{test_domain}.target")
wait_for_server()
check_connection(client, test_domain)
@ -736,7 +736,7 @@ in {
# Switch back to normal server config first, reset everything.
switch_to(webserver, server)
wait_for_server()
switch_to(webserver, f"{server}-change-acme-conf")
switch_to(webserver, f"{server}_change_acme_conf")
webserver.wait_for_unit(f"acme-finished-{test_domain}.target")
wait_for_server()
check_connection_key_bits(client, test_domain, "384")