baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Simplify acme e2e tests.

Browse source
This commit is contained in:
Ludovic Fernandez 2018-06-27 15:08:05 +02:00 committed by Traefiker Bot
parent 56fe023a12
commit 9e012a6b54
14 changed files with 259 additions and 396 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

237
integration/acme_test.go
View file

@ -9,7 +9,9 @@ import (
"time" "time"
"github.com/containous/traefik/integration/try" "github.com/containous/traefik/integration/try"
"github.com/containous/traefik/provider/acme"
"github.com/containous/traefik/testhelpers" "github.com/containous/traefik/testhelpers"
"github.com/containous/traefik/types"
"github.com/go-check/check" "github.com/go-check/check"
checker "github.com/vdemeester/shakers" checker "github.com/vdemeester/shakers"
) )
@ -22,10 +24,10 @@ type AcmeSuite struct {
// Acme tests configuration // Acme tests configuration
type AcmeTestCase struct { type AcmeTestCase struct {
onDemand bool configuration acme.Configuration
traefikConfFilePath string traefikConfFilePath string
domainToCheck string expectedDomain string
algorithm x509.PublicKeyAlgorithm expectedAlgorithm x509.PublicKeyAlgorithm
} }
const ( const (
@ -39,6 +41,10 @@ const (
traefikDefaultDomain = "TRAEFIK DEFAULT CERT" traefikDefaultDomain = "TRAEFIK DEFAULT CERT"
) )
func (s *AcmeSuite) getAcmeURL() string {
return fmt.Sprintf("http://%s:4001/directory", s.boulderIP)
}
func (s *AcmeSuite) SetUpSuite(c *check.C) { func (s *AcmeSuite) SetUpSuite(c *check.C) {
s.createComposeProject(c, "boulder") s.createComposeProject(c, "boulder")
s.composeProject.Start(c) s.composeProject.Start(c)
@ -46,7 +52,7 @@ func (s *AcmeSuite) SetUpSuite(c *check.C) {
s.boulderIP = s.composeProject.Container(c, "boulder").NetworkSettings.IPAddress s.boulderIP = s.composeProject.Container(c, "boulder").NetworkSettings.IPAddress
// wait for boulder // wait for boulder
err := try.GetRequest("http://"+s.boulderIP+":4001/directory", 120*time.Second, try.StatusCodeIs(http.StatusOK)) err := try.GetRequest(s.getAcmeURL(), 120*time.Second, try.StatusCodeIs(http.StatusOK))
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
} }
@ -60,10 +66,18 @@ func (s *AcmeSuite) TearDownSuite(c *check.C) {
// Test ACME provider with certificate at start // Test ACME provider with certificate at start
func (s *AcmeSuite) TestACMEProviderAtStart(c *check.C) { func (s *AcmeSuite) TestACMEProviderAtStart(c *check.C) {
testCase := AcmeTestCase{ testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/provideracme/acme.toml", traefikConfFilePath: "fixtures/acme/acme-base.toml",
onDemand: false, configuration: acme.Configuration{
domainToCheck: acmeDomain, CAServer: s.getAcmeURL(),
algorithm: x509.RSA} HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
Domains: types.Domains{types.Domain{
Main: "traefik.acme.wtf",
}},
},
expectedDomain: acmeDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase) s.retrieveAcmeCertificate(c, testCase)
} }
@ -71,10 +85,18 @@ func (s *AcmeSuite) TestACMEProviderAtStart(c *check.C) {
// Test ACME provider with certificate at start // Test ACME provider with certificate at start
func (s *AcmeSuite) TestACMEProviderAtStartInSAN(c *check.C) { func (s *AcmeSuite) TestACMEProviderAtStartInSAN(c *check.C) {
testCase := AcmeTestCase{ testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/provideracme/acme_insan.toml", traefikConfFilePath: "fixtures/acme/acme-base.toml",
onDemand: false, configuration: acme.Configuration{
domainToCheck: "acme.wtf", CAServer: s.getAcmeURL(),
algorithm: x509.RSA} HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
Domains: types.Domains{types.Domain{
Main: "acme.wtf",
SANs: []string{"traefik.acme.wtf"},
}},
},
expectedDomain: "acme.wtf",
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase) s.retrieveAcmeCertificate(c, testCase)
} }
@ -82,10 +104,15 @@ func (s *AcmeSuite) TestACMEProviderAtStartInSAN(c *check.C) {
// Test ACME provider with certificate at start // Test ACME provider with certificate at start
func (s *AcmeSuite) TestACMEProviderOnHost(c *check.C) { func (s *AcmeSuite) TestACMEProviderOnHost(c *check.C) {
testCase := AcmeTestCase{ testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/provideracme/acme_onhost.toml", traefikConfFilePath: "fixtures/acme/acme-base.toml",
onDemand: false, configuration: acme.Configuration{
domainToCheck: acmeDomain, HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
algorithm: x509.RSA} CAServer: s.getAcmeURL(),
OnHostRule: true,
},
expectedDomain: acmeDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase) s.retrieveAcmeCertificate(c, testCase)
} }
@ -93,10 +120,16 @@ func (s *AcmeSuite) TestACMEProviderOnHost(c *check.C) {
// Test ACME provider with certificate at start ECDSA algo // Test ACME provider with certificate at start ECDSA algo
func (s *AcmeSuite) TestACMEProviderOnHostECDSA(c *check.C) { func (s *AcmeSuite) TestACMEProviderOnHostECDSA(c *check.C) {
testCase := AcmeTestCase{ testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/provideracme/acme_onhost_ecdsa.toml", traefikConfFilePath: "fixtures/acme/acme-base.toml",
onDemand: false, configuration: acme.Configuration{
domainToCheck: acmeDomain, CAServer: s.getAcmeURL(),
algorithm: x509.ECDSA} HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
KeyType: "EC384",
},
expectedDomain: acmeDomain,
expectedAlgorithm: x509.ECDSA,
}
s.retrieveAcmeCertificate(c, testCase) s.retrieveAcmeCertificate(c, testCase)
} }
@ -104,10 +137,16 @@ func (s *AcmeSuite) TestACMEProviderOnHostECDSA(c *check.C) {
// Test ACME provider with certificate at start invalid algo default RSA // Test ACME provider with certificate at start invalid algo default RSA
func (s *AcmeSuite) TestACMEProviderOnHostInvalidAlgo(c *check.C) { func (s *AcmeSuite) TestACMEProviderOnHostInvalidAlgo(c *check.C) {
testCase := AcmeTestCase{ testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/provideracme/acme_onhost_invalid_algo.toml", traefikConfFilePath: "fixtures/acme/acme-base.toml",
onDemand: false, configuration: acme.Configuration{
domainToCheck: acmeDomain, CAServer: s.getAcmeURL(),
algorithm: x509.RSA} HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
KeyType: "INVALID",
},
expectedDomain: acmeDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase) s.retrieveAcmeCertificate(c, testCase)
} }
@ -115,10 +154,14 @@ func (s *AcmeSuite) TestACMEProviderOnHostInvalidAlgo(c *check.C) {
// Test ACME provider with certificate at start and no ACME challenge // Test ACME provider with certificate at start and no ACME challenge
func (s *AcmeSuite) TestACMEProviderOnHostWithNoACMEChallenge(c *check.C) { func (s *AcmeSuite) TestACMEProviderOnHostWithNoACMEChallenge(c *check.C) {
testCase := AcmeTestCase{ testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/no_challenge_acme.toml", traefikConfFilePath: "fixtures/acme/acme-base.toml",
onDemand: false, configuration: acme.Configuration{
domainToCheck: traefikDefaultDomain, CAServer: s.getAcmeURL(),
algorithm: x509.RSA} OnHostRule: true,
},
expectedDomain: traefikDefaultDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase) s.retrieveAcmeCertificate(c, testCase)
} }
@ -126,10 +169,15 @@ func (s *AcmeSuite) TestACMEProviderOnHostWithNoACMEChallenge(c *check.C) {
// Test OnDemand option with none provided certificate and challenge HTTP-01 // Test OnDemand option with none provided certificate and challenge HTTP-01
func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateHTTP01(c *check.C) { func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateHTTP01(c *check.C) {
testCase := AcmeTestCase{ testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_http01.toml", traefikConfFilePath: "fixtures/acme/acme-base.toml",
onDemand: true, configuration: acme.Configuration{
domainToCheck: acmeDomain, CAServer: s.getAcmeURL(),
algorithm: x509.RSA} HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnDemand: true,
},
expectedDomain: acmeDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase) s.retrieveAcmeCertificate(c, testCase)
} }
@ -137,10 +185,15 @@ func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateHTTP01(c *check.C) {
// Test OnHostRule option with none provided certificate and challenge HTTP-01 // Test OnHostRule option with none provided certificate and challenge HTTP-01
func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateHTTP01(c *check.C) { func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateHTTP01(c *check.C) {
testCase := AcmeTestCase{ testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_http01.toml", traefikConfFilePath: "fixtures/acme/acme-base.toml",
onDemand: false, configuration: acme.Configuration{
domainToCheck: acmeDomain, CAServer: s.getAcmeURL(),
algorithm: x509.RSA} HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
},
expectedDomain: acmeDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase) s.retrieveAcmeCertificate(c, testCase)
} }
@ -148,21 +201,33 @@ func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateHTTP01(c *check.C) {
// Test OnHostRule option with none provided certificate and challenge HTTP-01 and web path // Test OnHostRule option with none provided certificate and challenge HTTP-01 and web path
func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateHTTP01WithPath(c *check.C) { func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateHTTP01WithPath(c *check.C) {
testCase := AcmeTestCase{ testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_http01_web.toml", traefikConfFilePath: "fixtures/acme/acme_http01_web_path.toml",
onDemand: false, configuration: acme.Configuration{
domainToCheck: acmeDomain, CAServer: s.getAcmeURL(),
algorithm: x509.RSA} HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
},
expectedDomain: acmeDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase) s.retrieveAcmeCertificate(c, testCase)
} }
// Test OnDemand option with a wildcard provided certificate // Test OnDemand option with a wildcard provided certificate
func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithWildcard(c *check.C) { func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithWildcard(c *check.C) {
// FIXME flaky
c.Skip("Flaky behavior will be fixed in the next PR")
testCase := AcmeTestCase{ testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_provided.toml", traefikConfFilePath: "fixtures/acme/acme_tls.toml",
onDemand: true, configuration: acme.Configuration{
domainToCheck: wildcardDomain, CAServer: s.getAcmeURL(),
algorithm: x509.RSA} HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnDemand: true,
},
expectedDomain: wildcardDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase) s.retrieveAcmeCertificate(c, testCase)
} }
@ -170,10 +235,15 @@ func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithWildcard(c *check.C)
// Test onHostRule option with a wildcard provided certificate // Test onHostRule option with a wildcard provided certificate
func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateWithWildcard(c *check.C) { func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateWithWildcard(c *check.C) {
testCase := AcmeTestCase{ testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_provided.toml", traefikConfFilePath: "fixtures/acme/acme_tls.toml",
onDemand: false, configuration: acme.Configuration{
domainToCheck: wildcardDomain, CAServer: s.getAcmeURL(),
algorithm: x509.RSA} HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
},
expectedDomain: wildcardDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase) s.retrieveAcmeCertificate(c, testCase)
} }
@ -181,10 +251,15 @@ func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateWithWildcard(c *check.C
// Test OnDemand option with a wildcard provided certificate // Test OnDemand option with a wildcard provided certificate
func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithDynamicWildcard(c *check.C) { func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithDynamicWildcard(c *check.C) {
testCase := AcmeTestCase{ testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_provided_dynamic.toml", traefikConfFilePath: "fixtures/acme/acme_tls_dynamic.toml",
onDemand: true, configuration: acme.Configuration{
domainToCheck: wildcardDomain, CAServer: s.getAcmeURL(),
algorithm: x509.RSA} HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnDemand: true,
},
expectedDomain: wildcardDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase) s.retrieveAcmeCertificate(c, testCase)
} }
@ -192,17 +267,29 @@ func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithDynamicWildcard(c *ch
// Test onHostRule option with a wildcard provided certificate // Test onHostRule option with a wildcard provided certificate
func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateWithDynamicWildcard(c *check.C) { func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateWithDynamicWildcard(c *check.C) {
testCase := AcmeTestCase{ testCase := AcmeTestCase{
traefikConfFilePath: "fixtures/acme/acme_provided_dynamic.toml", traefikConfFilePath: "fixtures/acme/acme_tls_dynamic.toml",
onDemand: false, configuration: acme.Configuration{
domainToCheck: wildcardDomain, CAServer: s.getAcmeURL(),
algorithm: x509.RSA} HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
},
expectedDomain: wildcardDomain,
expectedAlgorithm: x509.RSA,
}
s.retrieveAcmeCertificate(c, testCase) s.retrieveAcmeCertificate(c, testCase)
} }
// Test Let's encrypt down // Test Let's encrypt down
func (s *AcmeSuite) TestNoValidLetsEncryptServer(c *check.C) { func (s *AcmeSuite) TestNoValidLetsEncryptServer(c *check.C) {
cmd, display := s.traefikCmd(withConfigFile("fixtures/acme/wrong_acme.toml")) file := s.adaptFile(c, "fixtures/acme/acme-base.toml", acme.Configuration{
CAServer: "http://wrongurl:4001/directory",
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
OnHostRule: true,
})
defer os.Remove(file)
cmd, display := s.traefikCmd(withConfigFile(file))
defer display(c) defer display(c)
err := cmd.Start() err := cmd.Start()
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
@ -215,15 +302,7 @@ func (s *AcmeSuite) TestNoValidLetsEncryptServer(c *check.C) {
// Doing an HTTPS request and test the response certificate // Doing an HTTPS request and test the response certificate
func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) { func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
file := s.adaptFile(c, testCase.traefikConfFilePath, struct { file := s.adaptFile(c, testCase.traefikConfFilePath, testCase.configuration)
BoulderHost string
OnDemand bool
OnHostRule bool
}{
BoulderHost: s.boulderIP,
OnDemand: testCase.onDemand,
OnHostRule: !testCase.onDemand,
})
defer os.Remove(file) defer os.Remove(file)
cmd, display := s.traefikCmd(withConfigFile(file)) cmd, display := s.traefikCmd(withConfigFile(file))
@ -237,10 +316,11 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
backend := startTestServer("9010", http.StatusOK) backend := startTestServer("9010", http.StatusOK)
defer backend.Close() defer backend.Close()
tr := &http.Transport{ client := &http.Client{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
},
} }
client := &http.Client{Transport: tr}
// wait for traefik (generating acme account take some seconds) // wait for traefik (generating acme account take some seconds)
err = try.Do(90*time.Second, func() error { err = try.Do(90*time.Second, func() error {
@ -249,13 +329,14 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
}) })
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
tr = &http.Transport{ client = &http.Client{
TLSClientConfig: &tls.Config{ Transport: &http.Transport{
InsecureSkipVerify: true, TLSClientConfig: &tls.Config{
ServerName: acmeDomain, InsecureSkipVerify: true,
ServerName: acmeDomain,
},
}, },
} }
client = &http.Client{Transport: tr}
req := testhelpers.MustNewRequest(http.MethodGet, "https://127.0.0.1:5001/", nil) req := testhelpers.MustNewRequest(http.MethodGet, "https://127.0.0.1:5001/", nil)
req.Host = acmeDomain req.Host = acmeDomain
@ -276,8 +357,8 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
} }
cn := resp.TLS.PeerCertificates[0].Subject.CommonName cn := resp.TLS.PeerCertificates[0].Subject.CommonName
if cn != testCase.domainToCheck { if cn != testCase.expectedDomain {
return fmt.Errorf("domain %s found instead of %s", cn, testCase.domainToCheck) return fmt.Errorf("domain %s found instead of %s", cn, testCase.expectedDomain)
} }
return nil return nil
@ -286,6 +367,6 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
c.Assert(resp.StatusCode, checker.Equals, http.StatusOK) c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
// Check Domain into response certificate // Check Domain into response certificate
c.Assert(resp.TLS.PeerCertificates[0].Subject.CommonName, checker.Equals, testCase.domainToCheck) c.Assert(resp.TLS.PeerCertificates[0].Subject.CommonName, checker.Equals, testCase.expectedDomain)
c.Assert(resp.TLS.PeerCertificates[0].PublicKeyAlgorithm, checker.Equals, testCase.algorithm) c.Assert(resp.TLS.PeerCertificates[0].PublicKeyAlgorithm, checker.Equals, testCase.expectedAlgorithm)
} }

26
integration/fixtures/provideracme/acme.toml → integration/fixtures/acme/acme-base.toml
View file

@ -9,20 +9,28 @@ defaultEntryPoints = ["http", "https"]
address = ":5001" address = ":5001"
[entryPoints.https.tls] [entryPoints.https.tls]
[acme] [acme]
email = "test@traefik.io" email = "test@traefik.io"
storage = "/tmp/acme.json" storage = "/tmp/acme.json"
entryPoint = "https" entryPoint = "https"
acmeLogging = true acmeLogging = true
onDemand = {{.OnDemand}} onDemand = {{ .OnDemand }}
onHostRule = {{.OnHostRule}} onHostRule = {{ .OnHostRule }}
caServer = "http://{{.BoulderHost}}:4001/directory" keyType = "{{ .KeyType }}"
[acme.httpChallenge] caServer = "{{ .CAServer }}"
entryPoint="http"
[[acme.domains]]
main = "traefik.acme.wtf"
{{if .HTTPChallenge }}
[acme.httpChallenge]
entryPoint = "{{ .HTTPChallenge.EntryPoint }}"
{{end}}
{{range .Domains}}
[[acme.domains]]
main = "{{ .Main }}"
sans = [{{range .SANs }}
"{{.}}",
{{end}}]
{{end}}
[api] [api]
@ -38,4 +46,4 @@ defaultEntryPoints = ["http", "https"]
[frontends.frontend] [frontends.frontend]
backend = "backend" backend = "backend"
[frontends.frontend.routes.test] [frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf" rule = "Host:traefik.acme.wtf"

37
integration/fixtures/acme/acme_http01.toml
View file

@ -1,37 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":5002"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = {{.OnDemand}}
onHostRule = {{.OnHostRule}}
caServer = "http://{{.BoulderHost}}:4001/directory"
[acme.httpchallenge]
entrypoint="http"
[file]
[backends]
[backends.backend]
[backends.backend.servers.server1]
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"

38
integration/fixtures/acme/acme_http01_web.toml
View file

@ -1,38 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":5002"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = {{.OnDemand}}
onHostRule = {{.OnHostRule}}
caServer = "http://{{.BoulderHost}}:4001/directory"
[acme.httpchallenge]
entrypoint="http"
[web]
path="/traefik"
[file]
[backends]
[backends.backend]
[backends.backend.servers.server1]
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"

28
integration/fixtures/provideracme/acme_insan.toml → integration/fixtures/acme/acme_http01_web_path.toml
View file

@ -9,23 +9,31 @@ defaultEntryPoints = ["http", "https"]
address = ":5001" address = ":5001"
[entryPoints.https.tls] [entryPoints.https.tls]
[acme] [acme]
email = "test@traefik.io" email = "test@traefik.io"
storage = "/tmp/acme.json" storage = "/tmp/acme.json"
entryPoint = "https" entryPoint = "https"
acmeLogging = true acmeLogging = true
onDemand = false onDemand = {{ .OnDemand }}
onHostRule = false onHostRule = {{ .OnHostRule }}
caServer = "http://{{.BoulderHost}}:4001/directory" keyType = "{{ .KeyType }}"
caServer = "{{ .CAServer }}"
{{if .HTTPChallenge }}
[acme.httpChallenge] [acme.httpChallenge]
entryPoint="http" entryPoint = "{{ .HTTPChallenge.EntryPoint }}"
{{end}}
{{range .Domains}}
[[acme.domains]] [[acme.domains]]
main = "acme.wtf" main = "{{ .Main }}"
sans = [ "traefik.acme.wtf" ] sans = [{{range .SANs }}
"{{.}}",
{{end}}]
{{end}}
[web]
[api] path="/traefik"
[file] [file]
@ -39,4 +47,4 @@ defaultEntryPoints = ["http", "https"]
[frontends.frontend] [frontends.frontend]
backend = "backend" backend = "backend"
[frontends.frontend.routes.test] [frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf" rule = "Host:traefik.acme.wtf"

26
integration/fixtures/acme/acme_provided_dynamic.toml
View file

@ -1,26 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":5002"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = {{.OnDemand}}
onHostRule = {{.OnHostRule}}
caServer = "http://{{.BoulderHost}}:4001/directory"
[acme.httpChallenge]
entryPoint="http"
[file]
filename = "fixtures/acme/certificates.toml"
watch = true

33
integration/fixtures/acme/acme_provided.toml → integration/fixtures/acme/acme_tls.toml
View file

@ -13,15 +13,29 @@ defaultEntryPoints = ["http", "https"]
keyFile = "fixtures/acme/ssl/wildcard.key" keyFile = "fixtures/acme/ssl/wildcard.key"
[acme] [acme]
email = "test@traefik.io" email = "test@traefik.io"
storage = "/tmp/acme.json" storage = "/tmp/acme.json"
entryPoint = "https" entryPoint = "https"
acmeLogging = true acmeLogging = true
onDemand = {{.OnDemand}} onDemand = {{ .OnDemand }}
onHostRule = {{.OnHostRule}} onHostRule = {{ .OnHostRule }}
caServer = "http://{{.BoulderHost}}:4001/directory" keyType = "{{ .KeyType }}"
[acme.httpChallenge] caServer = "{{ .CAServer }}"
entryPoint="http"
{{if .HTTPChallenge }}
[acme.httpChallenge]
entryPoint = "{{ .HTTPChallenge.EntryPoint }}"
{{end}}
{{range .Domains}}
[[acme.domains]]
main = "{{ .Main }}"
sans = [{{range .SANs }}
"{{.}}",
{{end}}]
{{end}}
[api]
[file] [file]
@ -31,7 +45,6 @@ entryPoint="http"
url = "http://127.0.0.1:9010" url = "http://127.0.0.1:9010"
weight = 1 weight = 1
[frontends] [frontends]
[frontends.frontend] [frontends.frontend]
backend = "backend" backend = "backend"

40
integration/fixtures/acme/acme_tls_dynamic.toml Normal file
View file

@ -0,0 +1,40 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":5002"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = {{ .OnDemand }}
onHostRule = {{ .OnHostRule }}
keyType = "{{ .KeyType }}"
caServer = "{{ .CAServer }}"
{{if .HTTPChallenge }}
[acme.httpChallenge]
entryPoint = "{{ .HTTPChallenge.EntryPoint }}"
{{end}}
{{range .Domains}}
[[acme.domains]]
main = "{{ .Main }}"
sans = [{{range .SANs }}
"{{.}}",
{{end}}]
{{end}}
[api]
[file]
filename = "fixtures/acme/certificates.toml"
watch = true

37
integration/fixtures/acme/no_challenge_acme.toml
View file

@ -1,37 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[api]
[entryPoints]
[entryPoints.http]
address = ":8081"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
onHostRule = true
acmeLogging = true
caServer = "http://{{.BoulderHost}}:4001/directory"
# No challenge defined
[file]
[backends]
[backends.backend]
[backends.backend.servers.server1]
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"

36
integration/fixtures/acme/wrong_acme.toml
View file

@ -1,36 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[api]
[entryPoints]
[entryPoints.http]
address = ":8081"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onHostRule = true
caServer = "http://wrongurl:4001/directory"
[file]
[backends]
[backends.backend]
[backends.backend.servers.server1]
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"

38
integration/fixtures/provideracme/acme_onhost.toml
View file

@ -1,38 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":5002"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = {{.OnDemand}}
onHostRule = {{.OnHostRule}}
caServer = "http://{{.BoulderHost}}:4001/directory"
[acme.httpChallenge]
entryPoint="http"
[api]
[file]
[backends]
[backends.backend]
[backends.backend.servers.server1]
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"

38
integration/fixtures/provideracme/acme_onhost_ecdsa.toml
View file

@ -1,38 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":5002"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
onDemand = {{.OnDemand}}
onHostRule = {{.OnHostRule}}
caServer = "http://{{.BoulderHost}}:4001/directory"
keyType = "EC384"
[acme.httpChallenge]
entryPoint="http"
[api]
[file]
[backends]
[backends.backend]
[backends.backend.servers.server1]
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"

38
integration/fixtures/provideracme/acme_onhost_invalid_algo.toml
View file

@ -1,38 +0,0 @@
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":5002"
[entryPoints.https]
address = ":5001"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "/tmp/acme.json"
entryPoint = "https"
onDemand = {{.OnDemand}}
onHostRule = {{.OnHostRule}}
caServer = "http://{{.BoulderHost}}:4001/directory"
keyType = "INVALID"
[acme.httpChallenge]
entryPoint="http"
[api]
[file]
[backends]
[backends.backend]
[backends.backend.servers.server1]
url = "http://127.0.0.1:9010"
weight = 1
[frontends]
[frontends.frontend]
backend = "backend"
[frontends.frontend.routes.test]
rule = "Host:traefik.acme.wtf"

3
integration/integration_test.go
View file

@ -22,6 +22,7 @@ import (
var integration = flag.Bool("integration", false, "run integration tests") var integration = flag.Bool("integration", false, "run integration tests")
var container = flag.Bool("container", false, "run container integration tests") var container = flag.Bool("container", false, "run container integration tests")
var host = flag.Bool("host", false, "run host integration tests") var host = flag.Bool("host", false, "run host integration tests")
var showLog = flag.Bool("tlog", false, "always show Traefik logs")
func Test(t *testing.T) { func Test(t *testing.T) {
check.TestingT(t) check.TestingT(t)
@ -114,7 +115,7 @@ func (s *BaseSuite) cmdTraefik(args ...string) (*exec.Cmd, *bytes.Buffer) {
func (s *BaseSuite) traefikCmd(args ...string) (*exec.Cmd, func(*check.C)) { func (s *BaseSuite) traefikCmd(args ...string) (*exec.Cmd, func(*check.C)) {
cmd, out := s.cmdTraefik(args...) cmd, out := s.cmdTraefik(args...)
return cmd, func(c *check.C) { return cmd, func(c *check.C) {
if c.Failed() { if c.Failed() || *showLog {
s.displayTraefikLog(c, out) s.displayTraefikLog(c, out)
} }
} }