Previously the expiration times were right on the cusp of being included or not
included in the query. Adjusted the times to be solidly in the right range.
In a future PR, we should refactor the code to generate absolute expiration
times and have findExpiringCertificates take a time param, so the test isn't
dependent on time.Now().
This makes the test terminate after the assertion failure. Especially in the
case of AssertNotError, this can avoid triggering an immediate nil dereference
panic that obscures the error message.
This removes TestMode from the boulder-va command, from ca.Config
(it was only used in the VA) and gets the integration config to specify
the ports it should use explicitly.
(It also removes a DBDriver field from ca.Config that was left over from
letsencrypt/boulder#624.)
Fixes#627.
Changes this to use just communicate(), not the subprocess.PIPE stuff (which
apparently can do Weird Things)
Also rename the install variable to cmd in the install function
This eases the CPU and thread requirements of our tests (by forking
less, not doing everything at once). It should also speed up the tests
by avoiding certain repetitive work.
Updates https://github.com/letsencrypt/letsencrypt/issues/712
Avoids silently allowing bad things to happen (like mismatched data
types, strings being truncated, etc.).
Ensures that MySQL/MariaDB warnings are treated as errors. This avoids a
number of nasty edge conditions we could wander into. Common things this
discovers includes places where data being sent had a different type
than what is in the schema, strings being truncated, writes of null to a
NOT NULL column, and so on. See
<https://dev.mysql.com/doc/refman/5.0/en/sql-mode.html#sql-mode-strict>.
MySQL is very funny.
Fixes#623
Managing the single row needed in serialNumber is a bit of hassle in a
world where we delete all of the rows in all tables in our tests. Plus,
if someone does that on their development database, they have to drop
all the way to the start of the migrations and run them again. It's a
bummer.
Instead, use the MySQL id generation design as [described and used by
Flickr](https://code.flickr.net/2010/02/08/ticket-servers-distributed-unique-primary-keys-on-the-cheap/). That design
doesn't need a row at its first insert to work correctly.
(That post mentions maybe using `ON DUPLICATE KEY UPDATE`, but it has
subtle bugs that even using `LAST_INCREMENT_ID(id)` doesn't fix. This is
because `UPDATE` doesn't run on the first `INSERT` but the `INSERT` will
return 1. Then, id 1 will be returned again on the
second `INSERT` attempt because the `LAST_INCREMENT_ID(id)` will be 0
because no increment was done! All subsequent `INSERT` attempts will be off by
one.)
Fixes#649.
This has required some substantive changes to the tests. Where
previously the foreign key constraints did not exist in the tests, now
that we use the actual production schema, they do. This has mostly led
to having to create real Registrations in the sa, ca, and ra tests. Long
term, it would be nice to fake this out better instead of needing a real
sa in the ca and ra tests.
The "goose" being referred to is <https://bitbucket.org/liamstask/goose>.
Database migrations are stored in a _db directory inside the relevant
owner service (namely, ca/_db, and sa/_db, today).
An example of migrating up with goose:
goose -path ./sa/_db -env test up
An example of creating a new migration with goose:
goose -path ./sa/_db -env test create NameOfNewMigration sql
Notice the "sql" at the end. It would be easier for us to manage sql
migrations. I would like us to stick to only them. In case we do use Go
migrations in the future, the underscore at the beginning of "_db" will
at least prevent build errors when using "..." with goose-created Go
files. Goose-created Go migrations do not compile with the go tool but
only with goose.
Fixes#111
Unblocks #623
If two OCSP responses were generated in the same second, the earlier would
previously take priority sometimes, leading to a "good" response for revoked
certificates and causing the OCSP integration test to be flaky.
Previously the VA test had race conditions where the various test servers would
not shut down before the next test started its own server, and the necessary port
wouldn't be available.
Go's httptest makes shutdown simpler, and also chooses a random port, which
further helps avoid collisions.
This change required refactoring the VA to specify the ports for various
challenges as fields. This should allow us to fully remove the TestMode bool in
a subsequent change.
Credit to jmhodges for the first version of this patch.
Jacob Hoffman-Andrews