tests: add e2e tests

2026-03-14 14:35:48 +01:00 · 2026-03-11 15:59:13 +01:00 · 2026-03-11 15:59:13 +01:00 · 864481be98
commit 864481be98
parent 0fe1f47b1d
18 changed files with 272 additions and 22 deletions
--- a/.golangci.yml
+++ b/.golangci.yml
@ -211,7 +211,7 @@ linters:
        text: Logger is a global variable
        linters:
          - gochecknoglobals
-      - path: e2e/(dnschallenge/|eab/)?[\d\w]+_test.go
+      - path: e2e/(dnschallenge/|eab/|configuration/)?[\d\w]+_test.go
        text: load is a global variable
        linters:
          - gochecknoglobals
--- a/e2e/configuration/challenges_test.go
+++ b/e2e/configuration/challenges_test.go
@ -0,0 +1,33 @@
+package configuration
+
+import (
+	"context"
+	"os"
+	"testing"
+
+	"github.com/go-acme/lego/v5/e2e/loader"
+)
+
+const caDirectory = "https://localhost:17000/dir"
+
+var load = loader.EnvLoader{
+	PebbleOptions: &loader.CmdOption{
+		HealthCheckURL: caDirectory,
+		Args:           []string{"-strict", "-config", "fixtures/pebble-config-file.json", "-dnsserver", "localhost:8853"},
+		Env:            []string{"PEBBLE_VA_NOSLEEP=1", "PEBBLE_WFE_NONCEREJECT=20"},
+		Dir:            "../",
+	},
+	LegoOptions: []string{
+		"LEGO_CA_CERTIFICATES=../fixtures/certs/pebble.minica.pem",
+		"EXEC_PATH=../fixtures/update-dns-config-file.sh",
+		"EXEC_SEQUENCE_INTERVAL=5",
+		"LEGO_DEBUG_ACME_HTTP_CLIENT=1",
+	},
+	ChallSrv: &loader.CmdOption{
+		Args: []string{"-dnsserver", ":8853", "-http01", ":5019", "-tlsalpn01", ":5018", "-management", ":8855"},
+	},
+}
+
+func TestMain(m *testing.M) {
+	os.Exit(load.MainTest(context.Background(), m))
+}
--- a/e2e/configuration/dns_challenge_test.go
+++ b/e2e/configuration/dns_challenge_test.go
@ -0,0 +1,32 @@
+package configuration
+
+import (
+	"path/filepath"
+	"testing"
+
+	"github.com/go-acme/lego/v5/e2e/loader"
+)
+
+func TestChallengeDNS_Run_simple(t *testing.T) {
+	loader.CleanLegoFiles(t.Context())
+
+	err := load.RunLego(t.Context(),
+		"--config", filepath.Join("fixtures", "lego_dns-simple.yml"),
+		"--log.level", "debug",
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestChallengeDNS_Run_explicit_challenge(t *testing.T) {
+	loader.CleanLegoFiles(t.Context())
+
+	err := load.RunLego(t.Context(),
+		"--config", filepath.Join("fixtures", "lego_dns-explicit.yml"),
+		"--log.level", "debug",
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
--- a/e2e/configuration/fixtures/lego_dns-explicit.yml
+++ b/e2e/configuration/fixtures/lego_dns-explicit.yml
@ -0,0 +1,20 @@
+challenges:
+  mychallenge:
+    dns:
+      provider: exec
+      propagation:
+        wait: 500ms
+      resolvers:
+        - :8853
+
+certificates:
+  'dns.localhost':
+    challenge: mychallenge
+    domains:
+      - dns.localhost
+      - '*.dns.localhost'
+
+accounts:
+  foo:
+    server: https://localhost:17000/dir
+    acceptsTermsOfService: true
--- a/e2e/configuration/fixtures/lego_dns-simple.yml
+++ b/e2e/configuration/fixtures/lego_dns-simple.yml
@ -0,0 +1,19 @@
+challenges:
+  mychallenge:
+    dns:
+      provider: exec
+      propagation:
+        wait: 500ms
+      resolvers:
+        - :8853
+
+certificates:
+  'dns.localhost':
+    domains:
+      - dns.localhost
+      - '*.dns.localhost'
+
+accounts:
+  foo:
+    server: https://localhost:17000/dir
+    acceptsTermsOfService: true
--- a/e2e/configuration/fixtures/lego_http-server.yml
+++ b/e2e/configuration/fixtures/lego_http-server.yml
@ -0,0 +1,19 @@
+servers:
+  pebble:
+    url: https://localhost:17000/dir
+
+challenges:
+  mychallenge:
+    http:
+      address: ":5009"
+
+certificates:
+  'example.localhost':
+    challenge: mychallenge
+    domains:
+      - acme.localhost
+
+accounts:
+  foo:
+    server: pebble
+    acceptsTermsOfService: true
--- a/e2e/configuration/fixtures/lego_http-simple.yml
+++ b/e2e/configuration/fixtures/lego_http-simple.yml
@ -0,0 +1,15 @@
+challenges:
+  mychallenge:
+    http:
+      address: ":5009"
+
+certificates:
+  'example.localhost':
+    challenge: mychallenge
+    domains:
+      - acme.localhost
+
+accounts:
+  foo:
+    server: https://localhost:17000/dir
+    acceptsTermsOfService: true
--- a/e2e/configuration/fixtures/lego_tls-simple.yml
+++ b/e2e/configuration/fixtures/lego_tls-simple.yml
@ -0,0 +1,15 @@
+challenges:
+  mychallenge:
+    tls:
+      address: ":5008"
+
+certificates:
+  'example.localhost':
+    challenge: mychallenge
+    domains:
+      - acme.localhost
+
+accounts:
+  foo:
+    server: https://localhost:17000/dir
+    acceptsTermsOfService: true
--- a/e2e/configuration/http_challenge_test.go
+++ b/e2e/configuration/http_challenge_test.go
@ -0,0 +1,32 @@
+package configuration
+
+import (
+	"path/filepath"
+	"testing"
+
+	"github.com/go-acme/lego/v5/e2e/loader"
+)
+
+func TestChallengeHTTP_Run_simple(t *testing.T) {
+	loader.CleanLegoFiles(t.Context())
+
+	err := load.RunLego(t.Context(),
+		"--config", filepath.Join("fixtures", "lego_http-simple.yml"),
+		"--log.level", "debug",
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestChallengeHTTP_Run_file_server(t *testing.T) {
+	loader.CleanLegoFiles(t.Context())
+
+	err := load.RunLego(t.Context(),
+		"--config", filepath.Join("fixtures", "lego_http-server.yml"),
+		"--log.level", "debug",
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
--- a/e2e/configuration/tls_challenge_test.go
+++ b/e2e/configuration/tls_challenge_test.go
@ -0,0 +1,20 @@
+package configuration
+
+import (
+	"path/filepath"
+	"testing"
+
+	"github.com/go-acme/lego/v5/e2e/loader"
+)
+
+func TestChallengeTLS_Run_simple(t *testing.T) {
+	loader.CleanLegoFiles(t.Context())
+
+	err := load.RunLego(t.Context(),
+		"--config", filepath.Join("fixtures", "lego_tls-simple.yml"),
+		"--log.level", "debug",
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
--- a/e2e/dnschallenge/challenges_test.go
+++ b/e2e/dnschallenge/challenges_test.go
@ -14,7 +14,7 @@ const caDirectory = "https://localhost:15000/dir"
 var load = loader.EnvLoader{
 	PebbleOptions: &loader.CmdOption{
 		HealthCheckURL: caDirectory,
-		Args:           []string{"-strict", "-config", "fixtures/pebble-config-dns.json", "-dnsserver", "localhost:8053"},
+		Args:           []string{"-strict", "-config", "fixtures/pebble-config-dns.json", "-dnsserver", "localhost:8553"},
 		Env:            []string{"PEBBLE_VA_NOSLEEP=1", "PEBBLE_WFE_NONCEREJECT=20"},
 		Dir:            "../",
 	},
@ -25,7 +25,7 @@ var load = loader.EnvLoader{
 		"LEGO_DEBUG_ACME_HTTP_CLIENT=1",
 	},
 	ChallSrv: &loader.CmdOption{
-		Args: []string{"-http01", ":5012", "-tlsalpn01", ":5011"},
+		Args: []string{"-dnsserver", ":8553", "-http01", ":5012", "-tlsalpn01", ":5011", "-management", ":8555"},
 	},
 }

--- a/e2e/dnschallenge/dns_challenge_test.go
+++ b/e2e/dnschallenge/dns_challenge_test.go
@ -29,7 +29,7 @@ func TestChallengeDNS_Run(t *testing.T) {
 		"run",
 		"--accept-tos",
 		"--dns", "exec",
-		"--dns.resolvers", ":8053",
+		"--dns.resolvers", ":8553",
 		"--dns.propagation.wait", "0",
 		"-s", caDirectory,
 		"-d", testDomain2,
@ -164,5 +164,5 @@ func mockDefault(t *testing.T) {
 		dns01.SetDefaultClient(backup)
 	})

-	dns01.SetDefaultClient(dns01.NewClient(&dns01.Options{RecursiveNameservers: []string{":8053"}}))
+	dns01.SetDefaultClient(dns01.NewClient(&dns01.Options{RecursiveNameservers: []string{":8553"}}))
 }
--- a/e2e/dnschallenge/dns_persist_challenge_test.go
+++ b/e2e/dnschallenge/dns_persist_challenge_test.go
@ -49,7 +49,7 @@ func TestChallengeDNSPersist_Client_Obtain(t *testing.T) {

 	user := &internal.FakeUser{PrivateKey: privateKey}
 	config := lego.NewConfig(user)
-	config.CADirURL = "https://localhost:15000/dir"
+	config.CADirURL = caDirectory

 	client, err := lego.NewClient(config)
 	require.NoError(t, err)
@ -105,10 +105,10 @@ func TestChallengeDNSPersist_Run(t *testing.T) {
 		"--email", testPersistCLIEmail,
 		"--accept-tos",
 		"--dns-persist",
-		"--dns-persist.resolvers", ":8053",
+		"--dns-persist.resolvers", ":8553",
 		"--dns-persist.propagation.disable-ans",
 		"--dns-persist.issuer-domain-name", testPersistIssuer,
-		"--server", "https://localhost:15000/dir",
+		"--server", caDirectory,
 		"--domains", testPersistCLIWildcardDomain,
 		"--domains", testPersistCLIDomain,
 	)
@ -120,7 +120,7 @@ func TestChallengeDNSPersist_Run_NewAccount(t *testing.T) {

 	t.Setenv("LEGO_CA_CERTIFICATES", "../fixtures/certs/pebble.minica.pem")

-	client := internal.NewChallTestSrvClient()
+	client := internal.NewChallTestSrvClient("8555")

 	defer func() {
 		err := client.ClearPersistRecord(testPersistCLIDomain)
@ -174,10 +174,10 @@ func TestChallengeDNSPersist_Run_NewAccount(t *testing.T) {
 		"--email", testPersistCLIFreshEmail,
 		"--accept-tos",
 		"--dns-persist",
-		"--dns-persist.resolvers", ":8053",
+		"--dns-persist.resolvers", ":8553",
 		"--dns-persist.propagation.disable-ans",
 		"--dns-persist.issuer-domain-name", testPersistIssuer,
-		"--server", "https://localhost:15000/dir",
+		"--server", caDirectory,
 		"--domains", testPersistCLIWildcardDomain,
 		"--domains", testPersistCLIDomain,
 	)
@ -201,10 +201,10 @@ func TestChallengeDNSPersist_Renew(t *testing.T) {
 		"--email", testPersistCLIRenewEmail,
 		"--accept-tos",
 		"--dns-persist",
-		"--dns-persist.resolvers", ":8053",
+		"--dns-persist.resolvers", ":8553",
 		"--dns-persist.propagation.disable-ans",
 		"--dns-persist.issuer-domain-name", testPersistIssuer,
-		"--server", "https://localhost:15000/dir",
+		"--server", caDirectory,
 		"--domains", testPersistCLIWildcardDomain,
 		"--domains", testPersistCLIDomain,
 	)
@ -215,10 +215,10 @@ func TestChallengeDNSPersist_Renew(t *testing.T) {
 		"renew",
 		"--email", testPersistCLIRenewEmail,
 		"--dns-persist",
-		"--dns-persist.resolvers", ":8053",
+		"--dns-persist.resolvers", ":8553",
 		"--dns-persist.propagation.disable-ans",
 		"--dns-persist.issuer-domain-name", testPersistIssuer,
-		"--server", "https://localhost:15000/dir",
+		"--server", caDirectory,
 		"--domains", testPersistCLIWildcardDomain,
 		"--domains", testPersistCLIDomain,
 		"--renew-force",
@ -239,7 +239,7 @@ func createCLIAccountState(t *testing.T, email string) string {
 	}

 	config := lego.NewConfig(user)
-	config.CADirURL = "https://localhost:15000/dir"
+	config.CADirURL = caDirectory

 	client, err := lego.NewClient(config)
 	require.NoError(t, err)
@ -327,7 +327,7 @@ func mockDefaultPersist(t *testing.T) {
 		dnspersist01.SetDefaultClient(backup)
 	})

-	dnspersist01.SetDefaultClient(dnspersist01.NewClient(&dnspersist01.Options{RecursiveNameservers: []string{":8053"}}))
+	dnspersist01.SetDefaultClient(dnspersist01.NewClient(&dnspersist01.Options{RecursiveNameservers: []string{":8553"}}))
 }

 func updateDNS(t *testing.T, accountURI, issuerDomainName string) {
@ -343,7 +343,7 @@ func updateDNS(t *testing.T, accountURI, issuerDomainName string) {
 	info, err := dnspersist01.GetChallengeInfo(authz, testPersistIssuer, accountURI, time.Time{})
 	require.NoError(t, err)

-	client := internal.NewChallTestSrvClient()
+	client := internal.NewChallTestSrvClient("8555")

 	err = client.SetPersistRecord(issuerDomainName, info.Value)
 	require.NoError(t, err)
--- a/e2e/fixtures/pebble-config-dns.json
+++ b/e2e/fixtures/pebble-config-dns.json
@ -1,6 +1,7 @@
 {
  "pebble": {
    "listenAddress": "0.0.0.0:15000",
+    "IGNOREmanagementListenAddress": "0.0.0.0:15500",
    "certificate": "fixtures/certs/localhost/cert.pem",
    "privateKey": "fixtures/certs/localhost/key.pem",
    "httpPort": 5004,
--- a/e2e/fixtures/pebble-config-file.json
+++ b/e2e/fixtures/pebble-config-file.json
@ -0,0 +1,20 @@
+{
+  "pebble": {
+    "listenAddress": "0.0.0.0:17000",
+    "IGNOREmanagementListenAddress": "0.0.0.0:17500",
+    "certificate": "fixtures/certs/localhost/cert.pem",
+    "privateKey": "fixtures/certs/localhost/key.pem",
+    "httpPort": 5009,
+    "tlsPort": 5008,
+    "profiles": {
+      "default": {
+        "description": "The profile you know and love",
+        "validityPeriod": 7776000
+      },
+      "shortlived": {
+        "description": "A short-lived cert profile, without actual enforcement",
+        "validityPeriod": 518400
+      }
+    }
+  }
+}
--- a/e2e/fixtures/update-dns-config-file.sh
+++ b/e2e/fixtures/update-dns-config-file.sh
@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# Simple DNS challenge exec solver.
+# Use challtestsrv https://github.com/letsencrypt/pebble/tree/main/cmd/pebble-challtestsrv#dns-01
+
+set -e
+
+case "$1" in
+  "present")
+    echo  "Present"
+    payload="{\"host\":\"$2\", \"value\":\"$3\"}"
+    echo "payload=${payload}"
+    curl -s -X POST -d "${payload}" localhost:8855/set-txt
+    ;;
+  "cleanup")
+    echo  "cleanup"
+    payload="{\"host\":\"$2\"}"
+    echo "payload=${payload}"
+    curl -s -X POST -d "${payload}" localhost:8855/clear-txt
+    ;;
+  *)
+    echo "OOPS"
+    ;;
+esac
--- a/e2e/fixtures/update-dns.sh
+++ b/e2e/fixtures/update-dns.sh
@ -10,13 +10,13 @@ case "$1" in
    echo  "Present"
    payload="{\"host\":\"$2\", \"value\":\"$3\"}"
    echo "payload=${payload}"
-    curl -s -X POST -d "${payload}" localhost:8055/set-txt
+    curl -s -X POST -d "${payload}" localhost:8555/set-txt
    ;;
  "cleanup")
    echo  "cleanup"
    payload="{\"host\":\"$2\"}"
    echo "payload=${payload}"
-    curl -s -X POST -d "${payload}" localhost:8055/clear-txt
+    curl -s -X POST -d "${payload}" localhost:8555/clear-txt
    ;;
  *)
    echo "OOPS"
--- a/e2e/internal/challtestsrv.go
+++ b/e2e/internal/challtestsrv.go
@ -17,8 +17,8 @@ type ChallTestSrvClient struct {
 	httpClient *http.Client
 }

-func NewChallTestSrvClient() *ChallTestSrvClient {
-	baseURL, _ := url.Parse("http://localhost:8055")
+func NewChallTestSrvClient(port string) *ChallTestSrvClient {
+	baseURL, _ := url.Parse("http://localhost:" + port)

 	return &ChallTestSrvClient{
 		baseURL:    baseURL,