* automatically select among default vhosts if we have a port preference
* ports should be strings in the nginx plugin
* clarify port vs preferred_port behavior by adding allow_port_mismatch flag
* update all instances of default_vhosts to all_default_vhosts
* require port
* port should never be None in _get_default_vhost
* Reuse ACMEv1 accounts for ACMEv2
* Correct behavior
* add unit tests
* add _find_all_inner to comply with interface
* acme-staging-v01 --> acme-staging
* only create symlink to previous account if there is one there
* recurse on server path
* update tests and change internal use of load to use server_path
* fail gracefully on corrupted account file by returning [] when rmdir fails
* only reuse accounts in staging for now
* Remove unneeded sys import.
Once upon a time we needed this in some of these setup.py files because we were
using sys in the file, but we aren't anymore so let's remove the import.
* use setuptools instead of distutils
The new challenge is described in https://github.com/rolandshoemaker/acme-tls-alpn.
* TLS-ALPN tests
* Implement TLS-ALPN challenge
* Skip TLS-ALPN tests on old pyopenssl
* make _selection methods private.
* Initial work on new version of --reuse-key
* Test for reuse_key
* Make lint happier
* Also test a non-dry-run reuse_key renewal
* Test --reuse-key in boulder integration test
* Better reuse-key integration testing
* Log fact that key was reused
* Test that the certificates themselves are different
* Change "oldkeypath" to "old_keypath"
* Simply appearance of new-key generation logic
* Reorganize new-key logic
* Move awk logic into TotalAndDistinctLines function
* After refactor, there's now explicit None rather than missing param
* Indicate for MyPy that key can be None
* Actually import the Optional type
* magic_typing is too magical for pylint
* Remove --no-reuse-key option
* Correct pylint test disable
When Certbot is run with --dry-run, skip running GenericUpdater and RenewDeployer interface methods.
This PR also makes the parameter order of updater.run_generic_updaters and updater.run_renewal_deployer consistent.
Fixes#5927
* Do not call updaters and deployers when run with --dry-run
* Use ConfigTestCase instead of mocking config objects manually
In order to give more flexibility for plugins using interfaces.GenericUpdater interface, lineage needs to be passed to the updater method instead of individual domains. All of the (present and potential) installers do not work on per domain basis, while the lineage does contain a list of them for installers which do.
This also means that we don't unnecessarily run the updater method multiple times, potentially invoking expensive tooling up to $max_san_amount times.
* Make GenericUpdater use lineage as parameter and get invoked only once per lineage
The value for FAKE_DNS is now always the same because Boulder's
docker-compose hardcodes it, so skip some sed.
Set a time limit on how long we'll wait for boulder to come up.
This change will allow registering/updating account with multi emails.
Detail is enclosed in #4242
* support multi emails register
* add more test cases
* update test to unregister before register
* update create path to support multi emaill
* refactor payload updating
* fix typo
* move command line doc to another place
* revert the change for updating account registration info, added unit test
* rearrange text for consistency
* switch signature verification to use pure cryptography
On systems that prevent write/execute pages this prevents a segfault
that is caused by pyopenssl creating a dynamic callback in the
verification helper.
* switch to using a verifier for older cryptography releases
also add ec support, test vectors, and a test
When importing a module, Python first searches the current directory. See
https://docs.python.org/3/tutorial/modules.html#the-module-search-path. This
means that running something like `import certbot` from the root of the Certbot
repo will use the local Certbot files regardless of the version installed on
the system or virtual environment.
Normally this behavior is fine because the local files are what we want to
test, however, during our "oldest" tests, we test against older versions of our
packages to make sure we're keeping compatibility. To make sure our tests use
the correct versions, this commit has our tests cd to an empty temporary
directory before running tests.
We also had to change the package names given to pytest to be the names used in
Python to import the package rather than the name of the files locally to
accommodate this.
* If --dry-run is used and there exists no staging account, create account with no email
* added unit testing of dry-run to ensure certbot does not ask the user to create an email, and that certbot creates an account with no email
* Fixes#5570.
The issue is calls to atexit aren't mocked out. During the tests there are many
repeated calls registering functions to be called when the process exits so
when the tests finishes, it prints a ton of output from running those
registered functions. This suppresses that by mocking out atexit.
* Mock at a lower level.
This ensures we don't mess with any other mocks in this test class by mocking
at the lowest level we can. Other tests shouldn't be mocking out specific
internals of functions in other modules, so this should work just fine.
* Fix crash when email submission endpoint unavailable
Handle KeyError and ValueError so that if the email submission endpoint
goes down, Certbot can still run.
Add tests to eff_test.py:
- simulate non-JSON response as described in issue #5858
- simulate JSON response without 'status' element
Non-JSON response throws an uncaught ValueError when attempting to
decode as JSON. A JSON response missing the 'status' element throws an
uncaught KeyError when checking whether status is True or False.
Teach _check_response to handle ValueError and KeyError and report an
issue to the user.
Rewrite if statement as assertion with try-except block to make error
handling consistent within the function. Update test_not_ok to make
mocked raise_for_status function raise a requests.exceptions.HTTPError.
Resolves#5858
* Update PR with requested changes
- Use `if` instead of `assert` to check `status` element of response JSON
- Handle KeyError and ValueError in the same way
- Import requests at the beginning of eff_test.py
- Clear JSON in test case in a more idiomatic way
* fixed issue #5974 for certbot-dns-route53
* fixed issue #5967 for certbot-dns-digitalocean
* update to use acme.magic_typing and DefaultDict class
* added no-name-in-module identifier, for issue #5974
* added unused-import identifier to disable option, for issue #5974
* resolved mypy untyped defs in parser.py
* resolved mypy untyped defs in obj.py
* removed unused imports
* resolved mypy untyped defs in http_01.py
* resolved mypy untyped defs in tls_sni_01.py
* resolved mypy untyped defs in configurator.py
* address mypy too-many-arguments error in override_centos.py
* resolved mypy untyped defs in http_01_test.py
* removed unused 'conf' argument that was causing mypy method assignment error
* address mypy error where same variable reassigned to different type
* address pylint and coverage issues
* one character space change for formatting
* fix required acme version for certbot-apache
* Adds type checking for certbot-nginx
* First pass at type annotation in certbot-nginx
* Ensure linting is disabled for timing imports
* Makes container types specific per PR comments
* Removes unnecessary lint option
Include a line break before "(None)" to maintain consistency with output
for lists that are not empty.
Previous result as expected for non-empty lists:
>>> _format_list('+', ['one', 'two', 'three'])
'\n+ one\n+ two\n+ three'
Previous unexpected result for empty lists:
>>> _format_list('+', [])
'\n+ '
New result as expected (unchanged) for non-empty lists:
>>> _format_list('+', ['one', 'two', 'three'])
'\n+ one\n+ two\n+ three'
New behavior more explicit for empty lists:
>>> _format_list('+', [])
'\n(None)'
Resolves#5886
