mirror of
https://github.com/certbot/certbot.git
synced 2026-01-26 07:41:33 +03:00
6f27c32db1
Streamline and reorganize Certbot's CLI output.
This change is a substantial command-line UX overhaul,
based on previous user research. The main goal was to streamline
and clarify output. To see more verbose output, use the -v or -vv flags.
---
* nginx,apache: CLI logging changes
- Add "Successfully deployed ..." message using display_util
- Remove IReporter usage and replace with display_util
- Standardize "... could not find a VirtualHost ..." error
This changes also bumps the version of certbot required by certbot-nginx
and certbot-apache to take use of the new display_util function.
* fix certbot_compatibility_test
since the http plugins now require IDisplay, we need to inject it
* fix dependency version on certbot
* use better asserts
* try fix oldest deps
because certbot 1.10.0 depends on acme>=1.8.0, we need to use
acme==1.8.0 in the -oldest tests
* cli: redesign output of new certificate reporting
Changes the output of run, certonly and certonly --csr. No longer uses
IReporter.
* cli: redesign output of failed authz reporting
* fix problem sorting to be stable between py2 & 3
* add some catch-all error text
* cli: dont use IReporter for EFF donation prompt
* add per-authenticator hints
* pass achalls to auth_hint, write some tests
* exclude static auth hints from coverage
* dont call auth_hint unless derived from .Plugin
* dns fallback hint: dont assume --dns-blah works
--dns-blah won't work for third-party plugins, they need to be specified
using --authenticator dns-blah.
* add code comments about the auth_hint interface
* renew: don't restart the installer for dry-runs
Prevents Certbot from superfluously invoking the installer restart
during dry-run renewals. (This does not affect authenticator restarts).
Additionally removes some CLI output that was reporting the fullchain
path of the renewed certificate.
* update CHANGELOG.md
* cli: redesign output when cert installation failed
- Display a message when certificate installation begins.
- Don't use IReporter, just log errors immediately if restart/rollback
fails.
- Prompt the user with a command to retry the installation process once
they have fixed any underlying problems.
* vary by preconfigured_renewal
and move expiry date to be above the renewal advice
* update code comment
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* update code comment
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* fix lint
* derve cert name from cert_path, if possible
* fix type annotation
* text change in nginx hint
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* print message when restarting server after renewal
* log: print "advice" when exiting with an error
When running in non-quiet mode.
* try fix -oldest lock_test.py
* fix docstring
* s/Restarting/Reloading/ when notifying the user
* fix test name
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* type annotations
* s/using the {} plugin/installer: {}/
* copy: avoid "plugin" where possible
* link to user guide#automated-renewals
when not running with --preconfigured-renewal
* cli: reduce default logging verbosity
* fix lock_test: -vv is needed to see logger.debug
* Change comment in log.py to match the change to default verbosity
* Audit and adjust logging levels in apache module
* Audit and adjust logging levels in nginx module
* Audit, adjust logging levels, and improve logging calls in certbot module
* Fix tests to mock correct methods and classes
* typo in non-preconfigured-renewal message
Co-authored-by: ohemorange <ebportnoy@gmail.com>
* fix test
* revert acme version bump
* catch up to python3 changes
* Revert "revert acme version bump"
This reverts commit fa83d6a51c.
* Change ocsp check error to warning since it's non-fatal
* Update storage_test in parallel with last change
* get rid of leading newline on "Deploying [...]"
* shrink renewal and installation success messages
* print logfile rather than logdir in exit handler
* Decrease logging level to info for idempotent operation where enhancement is already set
* Display cert not yet due for renewal message when renewing and no other action will be taken, and change cert to certificate
* also write to logger so it goes in the log file
* Don't double write to log file; fix main test
* cli: remove trailing newline on new cert reporting
* ignore type error
* revert accidental changes to dependencies
* Pass tests in any timezone by using utcfromtimestamp
* Add changelog entry
* fix nits
* Improve wording of try again message
* minor wording change to changelog
* hooks: send hook stdout to CLI stdout
includes both --manual and --{pre,post,renew} hooks
* update docstrings and remove TODO
* add a pending deprecation on execute_command
* add test coverage for both
* update deprecation text
Co-authored-by: ohemorange <ebportnoy@gmail.com>
Co-authored-by: Alex Zorin <alex@zorin.id.au>
Co-authored-by: alexzorin <alex@zor.io>
228 lines
9.9 KiB
Python
228 lines
9.9 KiB
Python
"""Test for certbot_apache._internal.configurator for CentOS 6 overrides"""
|
|
import unittest
|
|
from unittest import mock
|
|
|
|
from certbot.compat import os
|
|
from certbot.errors import MisconfigurationError
|
|
from certbot_apache._internal import obj
|
|
from certbot_apache._internal import override_centos
|
|
from certbot_apache._internal import parser
|
|
import util
|
|
|
|
|
|
def get_vh_truth(temp_dir, config_name):
|
|
"""Return the ground truth for the specified directory."""
|
|
prefix = os.path.join(
|
|
temp_dir, config_name, "httpd/conf.d")
|
|
|
|
aug_pre = "/files" + prefix
|
|
vh_truth = [
|
|
obj.VirtualHost(
|
|
os.path.join(prefix, "test.example.com.conf"),
|
|
os.path.join(aug_pre, "test.example.com.conf/VirtualHost"),
|
|
{obj.Addr.fromstring("*:80")},
|
|
False, True, "test.example.com"),
|
|
obj.VirtualHost(
|
|
os.path.join(prefix, "ssl.conf"),
|
|
os.path.join(aug_pre, "ssl.conf/VirtualHost"),
|
|
{obj.Addr.fromstring("_default_:443")},
|
|
True, True, None)
|
|
]
|
|
return vh_truth
|
|
|
|
class CentOS6Tests(util.ApacheTest):
|
|
"""Tests for CentOS 6"""
|
|
|
|
def setUp(self): # pylint: disable=arguments-differ
|
|
test_dir = "centos6_apache/apache"
|
|
config_root = "centos6_apache/apache/httpd"
|
|
vhost_root = "centos6_apache/apache/httpd/conf.d"
|
|
super().setUp(test_dir=test_dir,
|
|
config_root=config_root,
|
|
vhost_root=vhost_root)
|
|
|
|
self.config = util.get_apache_configurator(
|
|
self.config_path, self.vhost_path, self.config_dir, self.work_dir,
|
|
version=(2, 2, 15), os_info="centos")
|
|
self.vh_truth = get_vh_truth(
|
|
self.temp_dir, "centos6_apache/apache")
|
|
|
|
def test_get_parser(self):
|
|
self.assertTrue(isinstance(self.config.parser,
|
|
override_centos.CentOSParser))
|
|
|
|
def test_get_virtual_hosts(self):
|
|
"""Make sure all vhosts are being properly found."""
|
|
vhs = self.config.get_virtual_hosts()
|
|
self.assertEqual(len(vhs), 2)
|
|
found = 0
|
|
|
|
for vhost in vhs:
|
|
for centos_truth in self.vh_truth:
|
|
if vhost == centos_truth:
|
|
found += 1
|
|
break
|
|
else:
|
|
raise Exception("Missed: %s" % vhost) # pragma: no cover
|
|
self.assertEqual(found, 2)
|
|
|
|
@mock.patch("certbot_apache._internal.configurator.display_util.notify")
|
|
def test_loadmod_default(self, unused_mock_notify):
|
|
ssl_loadmods = self.config.parser.find_dir(
|
|
"LoadModule", "ssl_module", exclude=False)
|
|
self.assertEqual(len(ssl_loadmods), 1)
|
|
# Make sure the LoadModule ssl_module is in ssl.conf (default)
|
|
self.assertTrue("ssl.conf" in ssl_loadmods[0])
|
|
# ...and that it's not inside of <IfModule>
|
|
self.assertFalse("IfModule" in ssl_loadmods[0])
|
|
|
|
# Get the example vhost
|
|
self.config.assoc["test.example.com"] = self.vh_truth[0]
|
|
self.config.deploy_cert(
|
|
"random.demo", "example/cert.pem", "example/key.pem",
|
|
"example/cert_chain.pem", "example/fullchain.pem")
|
|
self.config.save()
|
|
|
|
post_loadmods = self.config.parser.find_dir(
|
|
"LoadModule", "ssl_module", exclude=False)
|
|
|
|
# We should now have LoadModule ssl_module in root conf and ssl.conf
|
|
self.assertEqual(len(post_loadmods), 2)
|
|
for lm in post_loadmods:
|
|
# lm[:-7] removes "/arg[#]" from the path
|
|
arguments = self.config.parser.get_all_args(lm[:-7])
|
|
self.assertEqual(arguments, ["ssl_module", "modules/mod_ssl.so"])
|
|
# ...and both of them should be wrapped in <IfModule !mod_ssl.c>
|
|
# lm[:-17] strips off /directive/arg[1] from the path.
|
|
ifmod_args = self.config.parser.get_all_args(lm[:-17])
|
|
self.assertTrue("!mod_ssl.c" in ifmod_args)
|
|
|
|
@mock.patch("certbot_apache._internal.configurator.display_util.notify")
|
|
def test_loadmod_multiple(self, unused_mock_notify):
|
|
sslmod_args = ["ssl_module", "modules/mod_ssl.so"]
|
|
# Adds another LoadModule to main httpd.conf in addtition to ssl.conf
|
|
self.config.parser.add_dir(self.config.parser.loc["default"], "LoadModule",
|
|
sslmod_args)
|
|
self.config.save()
|
|
pre_loadmods = self.config.parser.find_dir(
|
|
"LoadModule", "ssl_module", exclude=False)
|
|
# LoadModules are not within IfModule blocks
|
|
self.assertFalse(any("ifmodule" in m.lower() for m in pre_loadmods))
|
|
self.config.assoc["test.example.com"] = self.vh_truth[0]
|
|
self.config.deploy_cert(
|
|
"random.demo", "example/cert.pem", "example/key.pem",
|
|
"example/cert_chain.pem", "example/fullchain.pem")
|
|
post_loadmods = self.config.parser.find_dir(
|
|
"LoadModule", "ssl_module", exclude=False)
|
|
|
|
for mod in post_loadmods:
|
|
self.assertTrue(self.config.parser.not_modssl_ifmodule(mod)) #pylint: disable=no-member
|
|
|
|
@mock.patch("certbot_apache._internal.configurator.display_util.notify")
|
|
def test_loadmod_rootconf_exists(self, unused_mock_notify):
|
|
sslmod_args = ["ssl_module", "modules/mod_ssl.so"]
|
|
rootconf_ifmod = self.config.parser.get_ifmod(
|
|
parser.get_aug_path(self.config.parser.loc["default"]),
|
|
"!mod_ssl.c", beginning=True)
|
|
self.config.parser.add_dir(rootconf_ifmod[:-1], "LoadModule", sslmod_args)
|
|
self.config.save()
|
|
# Get the example vhost
|
|
self.config.assoc["test.example.com"] = self.vh_truth[0]
|
|
self.config.deploy_cert(
|
|
"random.demo", "example/cert.pem", "example/key.pem",
|
|
"example/cert_chain.pem", "example/fullchain.pem")
|
|
self.config.save()
|
|
|
|
root_loadmods = self.config.parser.find_dir(
|
|
"LoadModule", "ssl_module",
|
|
start=parser.get_aug_path(self.config.parser.loc["default"]),
|
|
exclude=False)
|
|
|
|
mods = [lm for lm in root_loadmods if self.config.parser.loc["default"] in lm]
|
|
|
|
self.assertEqual(len(mods), 1)
|
|
# [:-7] removes "/arg[#]" from the path
|
|
self.assertEqual(
|
|
self.config.parser.get_all_args(mods[0][:-7]),
|
|
sslmod_args)
|
|
|
|
@mock.patch("certbot_apache._internal.configurator.display_util.notify")
|
|
def test_neg_loadmod_already_on_path(self, unused_mock_notify):
|
|
loadmod_args = ["ssl_module", "modules/mod_ssl.so"]
|
|
ifmod = self.config.parser.get_ifmod(
|
|
self.vh_truth[1].path, "!mod_ssl.c", beginning=True)
|
|
self.config.parser.add_dir(ifmod[:-1], "LoadModule", loadmod_args)
|
|
self.config.parser.add_dir(self.vh_truth[1].path, "LoadModule", loadmod_args)
|
|
self.config.save()
|
|
pre_loadmods = self.config.parser.find_dir(
|
|
"LoadModule", "ssl_module", start=self.vh_truth[1].path, exclude=False)
|
|
self.assertEqual(len(pre_loadmods), 2)
|
|
# The ssl.conf now has two LoadModule directives, one inside of
|
|
# !mod_ssl.c IfModule
|
|
self.config.assoc["test.example.com"] = self.vh_truth[0]
|
|
self.config.deploy_cert(
|
|
"random.demo", "example/cert.pem", "example/key.pem",
|
|
"example/cert_chain.pem", "example/fullchain.pem")
|
|
self.config.save()
|
|
# Ensure that the additional LoadModule wasn't written into the IfModule
|
|
post_loadmods = self.config.parser.find_dir(
|
|
"LoadModule", "ssl_module", start=self.vh_truth[1].path, exclude=False)
|
|
self.assertEqual(len(post_loadmods), 1)
|
|
|
|
def test_loadmod_non_duplicate(self):
|
|
# the modules/mod_ssl.so exists in ssl.conf
|
|
sslmod_args = ["ssl_module", "modules/mod_somethingelse.so"]
|
|
rootconf_ifmod = self.config.parser.get_ifmod(
|
|
parser.get_aug_path(self.config.parser.loc["default"]),
|
|
"!mod_ssl.c", beginning=True)
|
|
self.config.parser.add_dir(rootconf_ifmod[:-1], "LoadModule", sslmod_args)
|
|
self.config.save()
|
|
self.config.assoc["test.example.com"] = self.vh_truth[0]
|
|
pre_matches = self.config.parser.find_dir("LoadModule",
|
|
"ssl_module", exclude=False)
|
|
|
|
self.assertRaises(MisconfigurationError, self.config.deploy_cert,
|
|
"random.demo", "example/cert.pem", "example/key.pem",
|
|
"example/cert_chain.pem", "example/fullchain.pem")
|
|
|
|
post_matches = self.config.parser.find_dir("LoadModule",
|
|
"ssl_module", exclude=False)
|
|
# Make sure that none was changed
|
|
self.assertEqual(pre_matches, post_matches)
|
|
|
|
@mock.patch("certbot_apache._internal.configurator.display_util.notify")
|
|
def test_loadmod_not_found(self, unused_mock_notify):
|
|
# Remove all existing LoadModule ssl_module... directives
|
|
orig_loadmods = self.config.parser.find_dir("LoadModule",
|
|
"ssl_module",
|
|
exclude=False)
|
|
for mod in orig_loadmods:
|
|
noarg_path = mod.rpartition("/")[0]
|
|
self.config.parser.aug.remove(noarg_path)
|
|
self.config.save()
|
|
self.config.deploy_cert(
|
|
"random.demo", "example/cert.pem", "example/key.pem",
|
|
"example/cert_chain.pem", "example/fullchain.pem")
|
|
|
|
post_loadmods = self.config.parser.find_dir("LoadModule",
|
|
"ssl_module",
|
|
exclude=False)
|
|
self.assertFalse(post_loadmods)
|
|
|
|
def test_no_ifmod_search_false(self):
|
|
#pylint: disable=no-member
|
|
|
|
self.assertFalse(self.config.parser.not_modssl_ifmodule(
|
|
"/path/does/not/include/ifmod"
|
|
))
|
|
self.assertFalse(self.config.parser.not_modssl_ifmodule(
|
|
""
|
|
))
|
|
self.assertFalse(self.config.parser.not_modssl_ifmodule(
|
|
"/path/includes/IfModule/but/no/arguments"
|
|
))
|
|
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main() # pragma: no cover
|