From 92869884955863740fe266f41ba3279965813d94 Mon Sep 17 00:00:00 2001 From: Jeff Hodges Date: Fri, 31 Jul 2015 15:13:50 -0700 Subject: [PATCH 1/8] re-enable the letsencrypt client integration tests Dependent on letsencrypt/letsencrypt#641 merging to master. --- test.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/test.sh b/test.sh index bfa987142..d9b27c525 100755 --- a/test.sh +++ b/test.sh @@ -239,6 +239,7 @@ case $? in 1) # Python client failed, but Node client didn't, which does # not constitute failure update_status --state success --description "Python integration failed." + FAILURE=1 ;; 2) # Node client failed update_status --state failure --description "NodeJS integration failed." From eba0f8f4e26e0b55c721fb5aef5a31bde300b38a Mon Sep 17 00:00:00 2001 From: Roland Shoemaker Date: Thu, 6 Aug 2015 17:00:04 -0700 Subject: [PATCH 2/8] Remove dangling monolith config section --- test/boulder-config.json | 4 ---- 1 file changed, 4 deletions(-) diff --git a/test/boulder-config.json b/test/boulder-config.json index b1c89de98..7efa8d329 100644 --- a/test/boulder-config.json +++ b/test/boulder-config.json @@ -109,10 +109,6 @@ } }, - "monolith": { - "debugAddr": "localhost:8008" - }, - "ra": { "debugAddr": "localhost:8002" }, From d9b1f3d45305284c2c235f71fbbddec6ed8d82fe Mon Sep 17 00:00:00 2001 From: Jeremy Gillula Date: Fri, 7 Aug 2015 14:04:12 -0700 Subject: [PATCH 3/8] Added enforcement of AMQPS. If the insecure flag is true, then we also require the URL to be AMQPS and the TLS config info to be set, otherwise we fail out. If insecure is true, then we don't check for anything else. --- cmd/shell.go | 1 + rpc/amqp-rpc.go | 14 +++++++++----- test/boulder-config.json | 1 + 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/cmd/shell.go b/cmd/shell.go index 370b3f009..29bac6930 100644 --- a/cmd/shell.go +++ b/cmd/shell.go @@ -55,6 +55,7 @@ type Config struct { // General AMQP struct { Server string + Insecure bool RA Queue VA Queue SA Queue diff --git a/rpc/amqp-rpc.go b/rpc/amqp-rpc.go index 88c06dc79..02d30b0c1 100644 --- a/rpc/amqp-rpc.go +++ b/rpc/amqp-rpc.go @@ -268,16 +268,20 @@ func AmqpChannel(conf cmd.Config) (*amqp.Channel, error) { log := blog.GetAuditLogger() - if conf.AMQP.TLS == nil { - // Configuration did not specify TLS options, but Dial will - // use TLS anyway if the URL scheme is "amqps" + if conf.AMQP.Insecure == true { + // If the Insecure flag is true, then just go ahead and connected conn, err = amqp.Dial(conf.AMQP.Server) } else { - // They provided TLS options, so let's load them. + // The insecure flag is false, so we need to load up the options log.Info("AMQPS: Loading TLS Options.") if strings.HasPrefix(conf.AMQP.Server, "amqps") == false { - err = fmt.Errorf("AMQPS: TLS configuration provided, but not using an AMQPS URL") + err = fmt.Errorf("AMQPS: Not using an AMQPS URL even though insecure=false") + return nil, err + } + + if conf.AMQP.TLS == nil { + err = fmt.Errorf("AMQPS: No TLS configuration provided even though insecure=false") return nil, err } diff --git a/test/boulder-config.json b/test/boulder-config.json index 7efa8d329..55afb3ef9 100644 --- a/test/boulder-config.json +++ b/test/boulder-config.json @@ -7,6 +7,7 @@ "amqp": { "server": "amqp://guest:guest@localhost:5672", + "insecure": true, "-uncomment_for_AMQPS-tls": { "cacertfile": "/etc/boulder/rabbitmq-cacert.pem", "certfile": "/etc/boulder/rabbitmq-cert.pem", From 00120e21066dd71f72252e970e56f6385b751c36 Mon Sep 17 00:00:00 2001 From: Jeremy Gillula Date: Fri, 7 Aug 2015 14:06:51 -0700 Subject: [PATCH 4/8] Clarifying a comment: if the insecure flag is not set we default to assuming secure (and requiring AMQPS in the URL and the TLS config info to be set) --- rpc/amqp-rpc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpc/amqp-rpc.go b/rpc/amqp-rpc.go index 02d30b0c1..e33042dc5 100644 --- a/rpc/amqp-rpc.go +++ b/rpc/amqp-rpc.go @@ -272,7 +272,7 @@ func AmqpChannel(conf cmd.Config) (*amqp.Channel, error) { // If the Insecure flag is true, then just go ahead and connected conn, err = amqp.Dial(conf.AMQP.Server) } else { - // The insecure flag is false, so we need to load up the options + // The insecure flag is false or not set, so we need to load up the options log.Info("AMQPS: Loading TLS Options.") if strings.HasPrefix(conf.AMQP.Server, "amqps") == false { From e64b5554963174faa28ddfc3f3778bedb28c0973 Mon Sep 17 00:00:00 2001 From: Jeremy Gillula Date: Fri, 7 Aug 2015 14:09:27 -0700 Subject: [PATCH 5/8] Now with more clear error messages! --- rpc/amqp-rpc.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rpc/amqp-rpc.go b/rpc/amqp-rpc.go index e33042dc5..927ee33a2 100644 --- a/rpc/amqp-rpc.go +++ b/rpc/amqp-rpc.go @@ -269,19 +269,19 @@ func AmqpChannel(conf cmd.Config) (*amqp.Channel, error) { log := blog.GetAuditLogger() if conf.AMQP.Insecure == true { - // If the Insecure flag is true, then just go ahead and connected + // If the Insecure flag is true, then just go ahead and connect conn, err = amqp.Dial(conf.AMQP.Server) } else { // The insecure flag is false or not set, so we need to load up the options log.Info("AMQPS: Loading TLS Options.") if strings.HasPrefix(conf.AMQP.Server, "amqps") == false { - err = fmt.Errorf("AMQPS: Not using an AMQPS URL even though insecure=false") + err = fmt.Errorf("AMQPS: Not using an AMQPS URL. To use AMQP instead of AMQPS, set insecure=true.") return nil, err } if conf.AMQP.TLS == nil { - err = fmt.Errorf("AMQPS: No TLS configuration provided even though insecure=false") + err = fmt.Errorf("AMQPS: No TLS configuration provided. To use AMQP instead of AMQPS, set insecure=true.") return nil, err } From 553b72ed3ba93d444bdc37d27849a3841946f8d1 Mon Sep 17 00:00:00 2001 From: Jeremy Gillula Date: Fri, 7 Aug 2015 14:15:48 -0700 Subject: [PATCH 6/8] gofmt loves to change my whitespace --- cmd/shell.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/cmd/shell.go b/cmd/shell.go index 29bac6930..03aeb117c 100644 --- a/cmd/shell.go +++ b/cmd/shell.go @@ -54,14 +54,14 @@ type Config struct { // General AMQP struct { - Server string + Server string Insecure bool - RA Queue - VA Queue - SA Queue - CA Queue - OCSP Queue - TLS *TLSConfig + RA Queue + VA Queue + SA Queue + CA Queue + OCSP Queue + TLS *TLSConfig } WFE struct { From bcfb935472806ca6a906407c6486f17836ccf4f6 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Fri, 7 Aug 2015 17:55:43 -0700 Subject: [PATCH 7/8] Fail startservers.py when compile fails. --- test/startservers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/startservers.py b/test/startservers.py index 38d53412f..5a4909127 100644 --- a/test/startservers.py +++ b/test/startservers.py @@ -38,7 +38,7 @@ def run(path, race_detection): install = """GORACE="halt_on_error=1" go install -race""" binary = os.path.basename(path) - cmd = """%s ./%s; exec %s --config %s""" % (install, path, binary, config) + cmd = """%s ./%s && exec %s --config %s""" % (install, path, binary, config) p = subprocess.Popen(cmd, shell=True) p.cmd = cmd print('started %s with pid %d' % (p.cmd, p.pid)) From cb2156817db83c50183cd1c65b18fc79d26aaa85 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Mon, 10 Aug 2015 10:31:21 -0700 Subject: [PATCH 8/8] Update test.sh comment re: Python client failure. --- test.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test.sh b/test.sh index d9b27c525..b5ef2c704 100755 --- a/test.sh +++ b/test.sh @@ -236,8 +236,7 @@ case $? in 0) # Success update_status --state success ;; - 1) # Python client failed, but Node client didn't, which does - # not constitute failure + 1) # Python client failed update_status --state success --description "Python integration failed." FAILURE=1 ;;