From 10c16ccbcb13fbb0dab56fd7b11b4fdb41609436 Mon Sep 17 00:00:00 2001 From: Steven Clark Date: Tue, 30 May 2023 17:24:28 -0400 Subject: [PATCH] Add Certbot unregister integration test (#20874) * Add Certbot unregister integration test - Make sure we can unregister ACME accounts through Certbot to provide an additional validation. * Add vault-crypto as a code owner for builtin/logical/pkiext --- CODEOWNERS | 1 + .../logical/pkiext/pkiext_binary/acme_test.go | 28 +++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/CODEOWNERS b/CODEOWNERS index 90ac1fc928..e13a6b5398 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -48,6 +48,7 @@ # Cryptosec /builtin/logical/pki/ @hashicorp/vault-crypto +/builtin/logical/pkiext/ @hashicorp/vault-crypto /website/content/docs/secrets/pki/ @hashicorp/vault-crypto /website/content/api-docs/secret/pki.mdx @hashicorp/vault-crypto /builtin/credential/cert/ @hashicorp/vault-crypto diff --git a/builtin/logical/pkiext/pkiext_binary/acme_test.go b/builtin/logical/pkiext/pkiext_binary/acme_test.go index 4e43852cf6..f66a602a19 100644 --- a/builtin/logical/pkiext/pkiext_binary/acme_test.go +++ b/builtin/logical/pkiext/pkiext_binary/acme_test.go @@ -152,6 +152,34 @@ func SubtestACMECertbot(t *testing.T, cluster *VaultPkiCluster) { require.NoError(t, err, "got error running double revoke command") require.NotEqual(t, 0, retcode, "expected non-zero retcode double revoke command result") + + // Attempt to close out our ACME account + certbotUnregisterCmd := []string{ + "certbot", + "unregister", + "--no-verify-ssl", + "--non-interactive", + "--server", directory, + } + + stdout, stderr, retcode, err = runner.RunCmdWithOutput(ctx, result.Container.ID, certbotUnregisterCmd) + t.Logf("Certbot Unregister Command: %v\nstdout: %v\nstderr: %v\n", certbotUnregisterCmd, string(stdout), string(stderr)) + if err != nil || retcode != 0 { + logsStdout, logsStderr, _, _ := runner.RunCmdWithOutput(ctx, result.Container.ID, logCatCmd) + t.Logf("Certbot logs\nstdout: %v\nstderr: %v\n", string(logsStdout), string(logsStderr)) + } + require.NoError(t, err, "got error running unregister command") + require.Equal(t, 0, retcode, "expected zero retcode unregister command result") + + // Attempting to close out our ACME account twice should fail + stdout, stderr, retcode, err = runner.RunCmdWithOutput(ctx, result.Container.ID, certbotUnregisterCmd) + t.Logf("Certbot double Unregister Command: %v\nstdout: %v\nstderr: %v\n", certbotUnregisterCmd, string(stdout), string(stderr)) + if err != nil || retcode != 0 { + logsStdout, logsStderr, _, _ := runner.RunCmdWithOutput(ctx, result.Container.ID, logCatCmd) + t.Logf("Certbot double logs\nstdout: %v\nstderr: %v\n", string(logsStdout), string(logsStderr)) + } + require.NoError(t, err, "got error running double unregister command") + require.Equal(t, 1, retcode, "expected non-zero retcode double unregister command result") } func SubtestACMECertbotEab(t *testing.T, cluster *VaultPkiCluster) {