Skip to content

Commit

Permalink
Update container tests to check server info
Browse files Browse the repository at this point in the history
  • Loading branch information
@edewata
edewata committed Jun 21, 2024
1 parent 2e3e4cf commit 1aa259f
Show file tree
Hide file tree
Showing 9 changed files with 146 additions and 77 deletions.
43 changes: 31 additions & 12 deletions .github/workflows/acme-container-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,40 +177,59 @@ jobs:
-U https://acme.example.com:8443 \
acme-info
- name: Verify certbot in client container
- name: Register ACME account
run: |
docker exec client certbot register \
--server http://acme.example.com:8080/acme/directory \
--email [email protected] \
--agree-tos \
--non-interactive
- name: Enroll client cert
run: |
docker exec client certbot certonly \
--server http://acme.example.com:8080/acme/directory \
-d client.example.com \
--key-type rsa \
--standalone \
--non-interactive
docker exec client openssl x509 -text -noout -in /etc/letsencrypt/live/client.example.com/fullchain.pem
- name: Check client cert
run: |
docker exec client openssl x509 \
-text \
-noout \
-in /etc/letsencrypt/live/client.example.com/fullchain.pem
- name: Renew client cert
run: |
docker exec client certbot renew \
--server http://acme.example.com:8080/acme/directory \
--cert-name client.example.com \
--force-renewal \
--no-random-sleep-on-renew \
--non-interactive
#
# By default the pki-acme container uses NSS issuer (instead of
# PKI issuer) which does not support cert revocation, so the
# revocation test is disabled.
#
# docker exec client certbot revoke \
# --server http://acme.example.com:8080/acme/directory \
# --cert-name client.example.com \
# --non-interactive
#
# - name: Revoke client cert
# run: |
# By default the pki-acme container uses NSS issuer (instead of
# PKI issuer) which does not support cert revocation, so the
# revocation test is disabled.
#
# docker exec client certbot revoke \
# --server http://acme.example.com:8080/acme/directory \
# --cert-name client.example.com \
# --non-interactive

- name: Update ACME account
run: |
docker exec client certbot update_account \
--server http://acme.example.com:8080/acme/directory \
--email [email protected] \
--non-interactive
- name: Remove ACME account
run: |
docker exec client certbot unregister \
--server http://acme.example.com:8080/acme/directory \
--non-interactive
Expand Down
28 changes: 11 additions & 17 deletions .github/workflows/ca-container-existing-certs-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -321,13 +321,19 @@ jobs:
diff expected output
- name: Check basic operations from CA container
- name: Check CA info
run: |
# check PKI server info
docker exec ca pki info
docker exec ca pki-server cert-export \
--cert-file ca_signing.crt \
ca_signing
docker cp ca:ca_signing.crt .
docker exec client pki nss-cert-import \
--cert $SHARED/ca_signing.crt \
--trust CT,C,C \
ca_signing
- name: Check basic operations from client container
run: |
# check PKI server info
docker exec client pki \
-U https://ca.example.com:8443 \
Expand All @@ -347,21 +353,9 @@ jobs:
- name: Initialize CA database
run: |
docker exec ca pki-server ca-db-init -v
- name: Add CA search indexes
run: |
docker exec ca pki-server ca-db-index-add -v
- name: Rebuild CA search indexes
run: |
docker exec ca pki-server ca-db-index-rebuild -v
- name: Add CA VLV indexes
run: |
docker exec ca pki-server ca-db-vlv-add -v
- name: Rebuild CA VLV indexes
run: |
docker exec ca pki-server ca-db-vlv-reindex -v
- name: Import CA signing cert into CA database
Expand Down
32 changes: 20 additions & 12 deletions .github/workflows/ca-container-existing-config-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,26 +71,29 @@ jobs:
--network-alias=client.example.com \
client
- name: Check admin user
- name: Check CA info
run: |
mkdir certs
# install CA signing cert
docker exec pki pki-server cert-export \
--cert-file $SHARED/certs/ca_signing.crt \
--cert-file ca_signing.crt \
ca_signing
docker cp pki:ca_signing.crt .
docker exec client pki nss-cert-import \
--cert $SHARED/certs/ca_signing.crt \
--cert $SHARED/ca_signing.crt \
--trust CT,C,C \
ca_signing
# install admin cert
docker exec pki cp \
/root/.dogtag/pki-tomcat/ca_admin_cert.p12 \
$SHARED/certs/admin.p12
docker exec client pki \
-U https://ca.example.com:8443 \
info
- name: Check CA admin user
run: |
docker cp pki:/root/.dogtag/pki-tomcat/ca_admin_cert.p12 .
docker exec client pki pkcs12-import \
--pkcs12 $SHARED/certs/admin.p12 \
--pkcs12 $SHARED/ca_admin_cert.p12 \
--password Secret.123
docker exec client pki \
Expand All @@ -106,6 +109,8 @@ jobs:
- name: Export certs
run: |
mkdir certs
# export system certs and keys
docker exec pki pki \
-v \
Expand Down Expand Up @@ -144,6 +149,9 @@ jobs:
/var/lib/pki/pki-tomcat/conf/certs/ca_admin.csr \
$SHARED/certs/admin.csr
# export admin cert and key
docker cp pki:/root/.dogtag/pki-tomcat/ca_admin_cert.p12 certs/admin.p12
docker exec pki pki pkcs12-cert-find \
--pkcs12 $SHARED/certs/admin.p12 \
--password Secret.123
Expand Down Expand Up @@ -278,7 +286,7 @@ jobs:
diff expected output
- name: Check admin user again
- name: Check CA admin user again
run: |
docker exec client pki \
-U https://ca.example.com:8443 \
Expand Down
17 changes: 10 additions & 7 deletions .github/workflows/ca-container-migration-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,8 @@ jobs:
--network-alias=client.example.com \
client
- name: Check admin user
- name: Check CA info
run: |
# install CA signing cert
docker exec pki pki-server cert-export \
--cert-file $SHARED/ca_signing.crt \
ca_signing
Expand All @@ -74,12 +73,16 @@ jobs:
--trust CT,C,C \
ca_signing
# install admin cert
docker exec pki cp \
/root/.dogtag/pki-tomcat/ca_admin_cert.p12 \
$SHARED/admin.p12
docker exec client pki \
-U https://pki.example.com:8443 \
info
- name: Check CA admin user
run: |
docker cp pki:/root/.dogtag/pki-tomcat/ca_admin_cert.p12 .
docker exec client pki pkcs12-import \
--pkcs12 $SHARED/admin.p12 \
--pkcs12 $SHARED/ca_admin_cert.p12 \
--password Secret.123
docker exec client pki \
Expand Down
25 changes: 18 additions & 7 deletions .github/workflows/kra-container-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,23 @@ jobs:
-o /dev/null \
https://ca.example.com:8443
- name: Check CA info
run: |
docker exec ca pki-server cert-export \
--cert-file ca_signing.crt \
ca_signing
docker cp ca:ca_signing.crt .
docker exec client pki nss-cert-import \
--cert $SHARED/ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec client pki \
-U https://ca.example.com:8443 \
info
- name: Set up CA DS container
run: |
tests/bin/ds-container-create.sh \
Expand Down Expand Up @@ -426,14 +443,8 @@ jobs:
diff expected output
- name: Check basic operations from KRA container
run: |
# check PKI server info
docker exec kra pki info
- name: Check basic operations from client container
- name: Check KRA info
run: |
# check PKI server info
docker exec client pki \
-U https://kra.example.com:8443 \
info
Expand Down
25 changes: 18 additions & 7 deletions .github/workflows/ocsp-container-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,23 @@ jobs:
-o /dev/null \
https://ca.example.com:8443
- name: Check CA info
run: |
docker exec ca pki-server cert-export \
--cert-file ca_signing.crt \
ca_signing
docker cp ca:ca_signing.crt .
docker exec client pki nss-cert-import \
--cert $SHARED/ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec client pki \
-U https://ca.example.com:8443 \
info
- name: Set up CA DS container
run: |
tests/bin/ds-container-create.sh \
Expand Down Expand Up @@ -406,14 +423,8 @@ jobs:
diff expected output
- name: Check basic operations from OCSP container
run: |
# check PKI server info
docker exec ocsp pki info
- name: Check basic operations from client container
- name: Check OCSP info
run: |
# check PKI server info
docker exec client pki \
-U https://ocsp.example.com:8443 \
info
Expand Down
16 changes: 6 additions & 10 deletions .github/workflows/server-container-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,26 +125,22 @@ jobs:
diff expected output
- name: Check server info locally
run: |
docker exec server pki info
- name: Install CA signing cert
- name: Check server info
run: |
docker exec server pki \
-d /conf/alias \
-f /conf/password.conf \
nss-cert-export \
--output-file /conf/certs/ca_signing.crt \
--output-file ca_signing.crt \
ca_signing
docker cp server:ca_signing.crt .
docker exec client pki nss-cert-import \
--cert $SHARED/conf/certs/ca_signing.crt \
--cert $SHARED/ca_signing.crt \
--trust CT,C,C \
ca_signing
- name: Check server info remotely
run: |
docker exec client pki \
-U https://pki.example.com:8443 \
info
Expand All @@ -164,7 +160,7 @@ jobs:
-o /dev/null \
https://pki.example.com:8443
- name: Check server info remotely again
- name: Check server info again
run: |
docker exec client pki \
-U https://pki.example.com:8443 \
Expand Down
19 changes: 18 additions & 1 deletion .github/workflows/tks-container-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,23 @@ jobs:
-o /dev/null \
https://ca.example.com:8443
- name: Check CA info
run: |
docker exec ca pki-server cert-export \
--cert-file ca_signing.crt \
ca_signing
docker cp ca:ca_signing.crt .
docker exec client pki nss-cert-import \
--cert $SHARED/ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec client pki \
-U https://ca.example.com:8443 \
info
- name: Set up CA DS container
run: |
tests/bin/ds-container-create.sh \
Expand Down Expand Up @@ -388,7 +405,7 @@ jobs:
diff expected output
- name: Check TKS server info
- name: Check TKS info
run: |
docker exec client pki \
-U https://tks.example.com:8443 \
Expand Down
Loading

0 comments on commit 1aa259f

Please sign in to comment.