baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Simplify acme e2e tests.

Browse source
This commit is contained in:
Ludovic Fernandez 2018-06-27 15:08:05 +02:00 committed by Traefiker Bot
parent 56fe023a12
commit 9e012a6b54
14 changed files with 259 additions and 396 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

237
integration/acme_test.go
View file

@ -9,7 +9,9 @@ import (
"time"
"github.com/containous/traefik/integration/try"
"github.com/containous/traefik/provider/acme"
"github.com/containous/traefik/testhelpers"
"github.com/containous/traefik/types"
"github.com/go-check/check"
checker "github.com/vdemeester/shakers"
)
@ -22,10 +24,10 @@ type AcmeSuite struct {
// Acme tests configuration
type AcmeTestCase struct {
onDemand bool
configuration acme.Configuration
traefikConfFilePath string
domainToCheck string
algorithm x509.PublicKeyAlgorithm
expectedDomain string
expectedAlgorithm x509.PublicKeyAlgorithm
}
const (
@ -39,6 +41,10 @@ const (
traefikDefaultDomain = "TRAEFIK DEFAULT CERT"
)
func (s *AcmeSuite) getAcmeURL() string {
return fmt.Sprintf("http://%s:4001/directory", s.boulderIP)
}
func (s *AcmeSuite) SetUpSuite(c *check.C) {
s.createComposeProject(c, "boulder")
s.composeProject.Start(c)
@ -46,7 +52,7 @@ func (s *AcmeSuite) SetUpSuite(c *check.C) {
s.boulderIP = s.composeProject.Container(c, "boulder").NetworkSettings.IPAddress
// wait for boulder
err := try.GetRequest("http://"+s.boulderIP+":4001/directory", 120*time.Second, try.StatusCodeIs(http.StatusOK))
err := try.GetRequest(s.getAcmeURL(), 120*time.Second, try.StatusCodeIs(http.StatusOK))
c.Assert(err, checker.IsNil)
}
@ -60,10 +66,18 @@ func (s *AcmeSuite) TearDownSuite(c *check.C) {
// Test ACME provider with certificate at start
func (s *AcmeSuite) TestACMEProviderAtStart(c *check.C) {
testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/provideracme/acme.toml",
onDemand: false,
domainToCheck: acmeDomain,
algorithm: x509.RSA}
traefikConfFilePath: "fixtures/acme/acme-base.toml",
configuration: acme.Configuration{
CAServer: s.getAcmeURL(),
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
Domains: types.Domains{types.Domain{
Main: "traefik.acme.wtf",
}},
},
expectedDomain: acmeDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase)
}
@ -71,10 +85,18 @@ func (s *AcmeSuite) TestACMEProviderAtStart(c *check.C) {
// Test ACME provider with certificate at start
func (s *AcmeSuite) TestACMEProviderAtStartInSAN(c *check.C) {
testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/provideracme/acme_insan.toml",
onDemand: false,
domainToCheck: "acme.wtf",
algorithm: x509.RSA}
traefikConfFilePath: "fixtures/acme/acme-base.toml",
configuration: acme.Configuration{
CAServer: s.getAcmeURL(),
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
Domains: types.Domains{types.Domain{
Main: "acme.wtf",
SANs: []string{"traefik.acme.wtf"},
}},
},
expectedDomain: "acme.wtf",
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase)
}
@ -82,10 +104,15 @@ func (s *AcmeSuite) TestACMEProviderAtStartInSAN(c *check.C) {
// Test ACME provider with certificate at start
func (s *AcmeSuite) TestACMEProviderOnHost(c *check.C) {
testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/provideracme/acme_onhost.toml",
onDemand: false,
domainToCheck: acmeDomain,
algorithm: x509.RSA}
traefikConfFilePath: "fixtures/acme/acme-base.toml",
configuration: acme.Configuration{
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
CAServer: s.getAcmeURL(),
OnHostRule: true,
},
expectedDomain: acmeDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase)
}
@ -93,10 +120,16 @@ func (s *AcmeSuite) TestACMEProviderOnHost(c *check.C) {
// Test ACME provider with certificate at start ECDSA algo
func (s *AcmeSuite) TestACMEProviderOnHostECDSA(c *check.C) {
testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/provideracme/acme_onhost_ecdsa.toml",
onDemand: false,
domainToCheck: acmeDomain,
algorithm: x509.ECDSA}
traefikConfFilePath: "fixtures/acme/acme-base.toml",
configuration: acme.Configuration{
CAServer: s.getAcmeURL(),
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
KeyType: "EC384",
},
expectedDomain: acmeDomain,
expectedAlgorithm: x509.ECDSA,
}
s.retrieveAcmeCertificate(c, testCase)
}
@ -104,10 +137,16 @@ func (s *AcmeSuite) TestACMEProviderOnHostECDSA(c *check.C) {
// Test ACME provider with certificate at start invalid algo default RSA
func (s *AcmeSuite) TestACMEProviderOnHostInvalidAlgo(c *check.C) {
testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/provideracme/acme_onhost_invalid_algo.toml",
onDemand: false,
domainToCheck: acmeDomain,
algorithm: x509.RSA}
traefikConfFilePath: "fixtures/acme/acme-base.toml",
configuration: acme.Configuration{
CAServer: s.getAcmeURL(),
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
KeyType: "INVALID",
},
expectedDomain: acmeDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase)
}
@ -115,10 +154,14 @@ func (s *AcmeSuite) TestACMEProviderOnHostInvalidAlgo(c *check.C) {
// Test ACME provider with certificate at start and no ACME challenge
func (s *AcmeSuite) TestACMEProviderOnHostWithNoACMEChallenge(c *check.C) {
testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/no_challenge_acme.toml",
onDemand: false,
domainToCheck: traefikDefaultDomain,
algorithm: x509.RSA}
traefikConfFilePath: "fixtures/acme/acme-base.toml",
configuration: acme.Configuration{
CAServer: s.getAcmeURL(),
OnHostRule: true,
},
expectedDomain: traefikDefaultDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase)
}
@ -126,10 +169,15 @@ func (s *AcmeSuite) TestACMEProviderOnHostWithNoACMEChallenge(c *check.C) {
// Test OnDemand option with none provided certificate and challenge HTTP-01
func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateHTTP01(c *check.C) {
testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_http01.toml",
onDemand: true,
domainToCheck: acmeDomain,
algorithm: x509.RSA}
traefikConfFilePath: "fixtures/acme/acme-base.toml",
configuration: acme.Configuration{
CAServer: s.getAcmeURL(),
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnDemand: true,
},
expectedDomain: acmeDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase)
}
@ -137,10 +185,15 @@ func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateHTTP01(c *check.C) {
// Test OnHostRule option with none provided certificate and challenge HTTP-01
func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateHTTP01(c *check.C) {
testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_http01.toml",
onDemand: false,
domainToCheck: acmeDomain,
algorithm: x509.RSA}
traefikConfFilePath: "fixtures/acme/acme-base.toml",
configuration: acme.Configuration{
CAServer: s.getAcmeURL(),
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
},
expectedDomain: acmeDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase)
}
@ -148,21 +201,33 @@ func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateHTTP01(c *check.C) {
// Test OnHostRule option with none provided certificate and challenge HTTP-01 and web path
func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateHTTP01WithPath(c *check.C) {
testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_http01_web.toml",
onDemand: false,
domainToCheck: acmeDomain,
algorithm: x509.RSA}
traefikConfFilePath: "fixtures/acme/acme_http01_web_path.toml",
configuration: acme.Configuration{
CAServer: s.getAcmeURL(),
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
},
expectedDomain: acmeDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase)
}
// Test OnDemand option with a wildcard provided certificate
func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithWildcard(c *check.C) {
// FIXME flaky
c.Skip("Flaky behavior will be fixed in the next PR")
testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_provided.toml",
onDemand: true,
domainToCheck: wildcardDomain,
algorithm: x509.RSA}
traefikConfFilePath: "fixtures/acme/acme_tls.toml",
configuration: acme.Configuration{
CAServer: s.getAcmeURL(),
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnDemand: true,
},
expectedDomain: wildcardDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase)
}
@ -170,10 +235,15 @@ func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithWildcard(c *check.C)
// Test onHostRule option with a wildcard provided certificate
func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateWithWildcard(c *check.C) {
testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_provided.toml",
onDemand: false,
domainToCheck: wildcardDomain,
algorithm: x509.RSA}
traefikConfFilePath: "fixtures/acme/acme_tls.toml",
configuration: acme.Configuration{
CAServer: s.getAcmeURL(),
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
},
expectedDomain: wildcardDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase)
}
@ -181,10 +251,15 @@ func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateWithWildcard(c *check.C
// Test OnDemand option with a wildcard provided certificate
func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithDynamicWildcard(c *check.C) {
testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_provided_dynamic.toml",
onDemand: true,
domainToCheck: wildcardDomain,
algorithm: x509.RSA}
traefikConfFilePath: "fixtures/acme/acme_tls_dynamic.toml",
configuration: acme.Configuration{
CAServer: s.getAcmeURL(),
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnDemand: true,
},
expectedDomain: wildcardDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase)
}
@ -192,17 +267,29 @@ func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithDynamicWildcard(c *ch
// Test onHostRule option with a wildcard provided certificate
func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateWithDynamicWildcard(c *check.C) {
testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_provided_dynamic.toml",
onDemand: false,
domainToCheck: wildcardDomain,
algorithm: x509.RSA}
traefikConfFilePath: "fixtures/acme/acme_tls_dynamic.toml",
configuration: acme.Configuration{
CAServer: s.getAcmeURL(),
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
},
expectedDomain: wildcardDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase)
}
// Test Let's encrypt down
func (s *AcmeSuite) TestNoValidLetsEncryptServer(c *check.C) {
cmd, display := s.traefikCmd(withConfigFile("fixtures/acme/wrong_acme.toml"))
file := s.adaptFile(c, "fixtures/acme/acme-base.toml", acme.Configuration{
CAServer: "http://wrongurl:4001/directory",
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
})
defer os.Remove(file)
cmd, display := s.traefikCmd(withConfigFile(file))
defer display(c)
err := cmd.Start()
c.Assert(err, checker.IsNil)
@ -215,15 +302,7 @@ func (s *AcmeSuite) TestNoValidLetsEncryptServer(c *check.C) {
// Doing an HTTPS request and test the response certificate
func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
file := s.adaptFile(c, testCase.traefikConfFilePath, struct {
BoulderHost string
OnDemand bool
OnHostRule bool
}{
BoulderHost: s.boulderIP,
OnDemand: testCase.onDemand,
OnHostRule: !testCase.onDemand,
})
file := s.adaptFile(c, testCase.traefikConfFilePath, testCase.configuration)
defer os.Remove(file)
cmd, display := s.traefikCmd(withConfigFile(file))
@ -237,10 +316,11 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
backend := startTestServer("9010", http.StatusOK)
defer backend.Close()
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
},
}
client := &http.Client{Transport: tr}
// wait for traefik (generating acme account take some seconds)
err = try.Do(90*time.Second, func() error {
@ -249,13 +329,14 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
})
c.Assert(err, checker.IsNil)
tr = &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
ServerName: acmeDomain,
client = &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
ServerName: acmeDomain,
},
},
}
client = &http.Client{Transport: tr}
req := testhelpers.MustNewRequest(http.MethodGet, "https://127.0.0.1:5001/", nil)
req.Host = acmeDomain
@ -276,8 +357,8 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
}
cn := resp.TLS.PeerCertificates[0].Subject.CommonName
if cn != testCase.domainToCheck {
return fmt.Errorf("domain %s found instead of %s", cn, testCase.domainToCheck)
if cn != testCase.expectedDomain {
return fmt.Errorf("domain %s found instead of %s", cn, testCase.expectedDomain)
}
return nil
@ -286,6 +367,6 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
c.Assert(err, checker.IsNil)
c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
// Check Domain into response certificate
c.Assert(resp.TLS.PeerCertificates[0].Subject.CommonName, checker.Equals, testCase.domainToCheck)
c.Assert(resp.TLS.PeerCertificates[0].PublicKeyAlgorithm, checker.Equals, testCase.algorithm)
c.Assert(resp.TLS.PeerCertificates[0].Subject.CommonName, checker.Equals, testCase.expectedDomain)
c.Assert(resp.TLS.PeerCertificates[0].PublicKeyAlgorithm, checker.Equals, testCase.expectedAlgorithm)
}

26
integration/fixtures/provideracme/acme.toml → integration/fixtures/acme/acme-base.toml
View file

@ -9,20 +9,28 @@ defaultEntryPoints = ["http", "https"]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = {{.OnDemand}}
onHostRule = {{.OnHostRule}}
caServer = "http://{{.BoulderHost}}:4001/directory"
[acme.httpChallenge]
entryPoint="http"
[[acme.domains]]
main = "traefik.acme.wtf"
onDemand = {{ .OnDemand }}
onHostRule = {{ .OnHostRule }}
keyType = "{{ .KeyType }}"
caServer = "{{ .CAServer }}"
{{if .HTTPChallenge }}
[acme.httpChallenge]
entryPoint = "{{ .HTTPChallenge.EntryPoint }}"
{{end}}
{{range .Domains}}
[[acme.domains]]
main = "{{ .Main }}"
sans = [{{range .SANs }}
"{{.}}",
{{end}}]
{{end}}
[api]
@ -38,4 +46,4 @@ defaultEntryPoints = ["http", "https"]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"
rule = "Host:traefik.acme.wtf"

37
integration/fixtures/acme/acme_http01.toml
View file

@ -1,37 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":5002"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = {{.OnDemand}}
onHostRule = {{.OnHostRule}}
caServer = "http://{{.BoulderHost}}:4001/directory"
[acme.httpchallenge]
entrypoint="http"
[file]
[backends]
[backends.backend]
[backends.backend.servers.server1]
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"

38
integration/fixtures/acme/acme_http01_web.toml
View file

@ -1,38 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":5002"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = {{.OnDemand}}
onHostRule = {{.OnHostRule}}
caServer = "http://{{.BoulderHost}}:4001/directory"
[acme.httpchallenge]
entrypoint="http"
[web]
path="/traefik"
[file]
[backends]
[backends.backend]
[backends.backend.servers.server1]
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"

28
integration/fixtures/provideracme/acme_insan.toml → integration/fixtures/acme/acme_http01_web_path.toml
View file

@ -9,23 +9,31 @@ defaultEntryPoints = ["http", "https"]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = false
onHostRule = false
caServer = "http://{{.BoulderHost}}:4001/directory"
onDemand = {{ .OnDemand }}
onHostRule = {{ .OnHostRule }}
keyType = "{{ .KeyType }}"
caServer = "{{ .CAServer }}"
{{if .HTTPChallenge }}
[acme.httpChallenge]
entryPoint="http"
entryPoint = "{{ .HTTPChallenge.EntryPoint }}"
{{end}}
{{range .Domains}}
[[acme.domains]]
main = "acme.wtf"
sans = [ "traefik.acme.wtf" ]
main = "{{ .Main }}"
sans = [{{range .SANs }}
"{{.}}",
{{end}}]
{{end}}
[api]
[web]
path="/traefik"
[file]
@ -39,4 +47,4 @@ defaultEntryPoints = ["http", "https"]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"
rule = "Host:traefik.acme.wtf"

26
integration/fixtures/acme/acme_provided_dynamic.toml
View file

@ -1,26 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":5002"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = {{.OnDemand}}
onHostRule = {{.OnHostRule}}
caServer = "http://{{.BoulderHost}}:4001/directory"
[acme.httpChallenge]
entryPoint="http"
[file]
filename = "fixtures/acme/certificates.toml"
watch = true

33
integration/fixtures/acme/acme_provided.toml → integration/fixtures/acme/acme_tls.toml
View file

@ -13,15 +13,29 @@ defaultEntryPoints = ["http", "https"]
keyFile = "fixtures/acme/ssl/wildcard.key"
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = {{.OnDemand}}
onHostRule = {{.OnHostRule}}
caServer = "http://{{.BoulderHost}}:4001/directory"
[acme.httpChallenge]
entryPoint="http"
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = {{ .OnDemand }}
onHostRule = {{ .OnHostRule }}
keyType = "{{ .KeyType }}"
caServer = "{{ .CAServer }}"
{{if .HTTPChallenge }}
[acme.httpChallenge]
entryPoint = "{{ .HTTPChallenge.EntryPoint }}"
{{end}}
{{range .Domains}}
[[acme.domains]]
main = "{{ .Main }}"
sans = [{{range .SANs }}
"{{.}}",
{{end}}]
{{end}}
[api]
[file]
@ -31,7 +45,6 @@ entryPoint="http"
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"

40
integration/fixtures/acme/acme_tls_dynamic.toml Normal file
View file

@ -0,0 +1,40 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":5002"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = {{ .OnDemand }}
onHostRule = {{ .OnHostRule }}
keyType = "{{ .KeyType }}"
caServer = "{{ .CAServer }}"
{{if .HTTPChallenge }}
[acme.httpChallenge]
entryPoint = "{{ .HTTPChallenge.EntryPoint }}"
{{end}}
{{range .Domains}}
[[acme.domains]]
main = "{{ .Main }}"
sans = [{{range .SANs }}
"{{.}}",
{{end}}]
{{end}}
[api]
[file]
filename = "fixtures/acme/certificates.toml"
watch = true

37
integration/fixtures/acme/no_challenge_acme.toml
View file

@ -1,37 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[api]
[entryPoints]
[entryPoints.http]
address = ":8081"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
onHostRule = true
acmeLogging = true
caServer = "http://{{.BoulderHost}}:4001/directory"
# No challenge defined
[file]
[backends]
[backends.backend]
[backends.backend.servers.server1]
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"

36
integration/fixtures/acme/wrong_acme.toml
View file

@ -1,36 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[api]
[entryPoints]
[entryPoints.http]
address = ":8081"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onHostRule = true
caServer = "http://wrongurl:4001/directory"
[file]
[backends]
[backends.backend]
[backends.backend.servers.server1]
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"

38
integration/fixtures/provideracme/acme_onhost.toml
View file

@ -1,38 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":5002"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = {{.OnDemand}}
onHostRule = {{.OnHostRule}}
caServer = "http://{{.BoulderHost}}:4001/directory"
[acme.httpChallenge]
entryPoint="http"
[api]
[file]
[backends]
[backends.backend]
[backends.backend.servers.server1]
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"

38
integration/fixtures/provideracme/acme_onhost_ecdsa.toml
View file

@ -1,38 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":5002"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
onDemand = {{.OnDemand}}
onHostRule = {{.OnHostRule}}
caServer = "http://{{.BoulderHost}}:4001/directory"
keyType = "EC384"
[acme.httpChallenge]
entryPoint="http"
[api]
[file]
[backends]
[backends.backend]
[backends.backend.servers.server1]
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"

38
integration/fixtures/provideracme/acme_onhost_invalid_algo.toml
View file

@ -1,38 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":5002"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
onDemand = {{.OnDemand}}
onHostRule = {{.OnHostRule}}
caServer = "http://{{.BoulderHost}}:4001/directory"
keyType = "INVALID"
[acme.httpChallenge]
entryPoint="http"
[api]
[file]
[backends]
[backends.backend]
[backends.backend.servers.server1]
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"

3
integration/integration_test.go
View file

@ -22,6 +22,7 @@ import (
var integration = flag.Bool("integration", false, "run integration tests")
var container = flag.Bool("container", false, "run container integration tests")
var host = flag.Bool("host", false, "run host integration tests")
var showLog = flag.Bool("tlog", false, "always show Traefik logs")
func Test(t *testing.T) {
check.TestingT(t)
@ -114,7 +115,7 @@ func (s *BaseSuite) cmdTraefik(args ...string) (*exec.Cmd, *bytes.Buffer) {
func (s *BaseSuite) traefikCmd(args ...string) (*exec.Cmd, func(*check.C)) {
cmd, out := s.cmdTraefik(args...)
return cmd, func(c *check.C) {
if c.Failed() {
if c.Failed() || *showLog {
s.displayTraefikLog(c, out)
}
}