diff --git a/backend/bdd/features/pki/acme/external-ca.feature b/backend/bdd/features/pki/acme/external-ca.feature index 64b0bee6bd..eac3b9c222 100644 --- a/backend/bdd/features/pki/acme/external-ca.feature +++ b/backend/bdd/features/pki/acme/external-ca.feature @@ -102,7 +102,66 @@ Feature: External CA And I select challenge with type http-01 for domain localhost from order in order as challenge And I serve challenge response for challenge at localhost And I tell ACME server that challenge is ready to be verified - And I poll and finalize the ACME order order as finalized_order + Given I intercept outgoing requests + """ + [ + { + "scope": "https://api.cloudflare.com:443", + "method": "POST", + "path": "/client/v4/zones/MOCK_ZONE_ID/dns_records", + "status": 200, + "response": { + "result": { + "id": "A2A6347F-88B5-442D-9798-95E408BC7701", + "name": "Mock Account", + "type": "standard", + "settings": { + "enforce_twofactor": false, + "api_access_enabled": null, + "access_approval_expiry": null, + "abuse_contact_email": null, + "user_groups_ui_beta": false + }, + "legacy_flags": { + "enterprise_zone_quota": { + "maximum": 0, + "current": 0, + "available": 0 + } + }, + "created_on": "2013-04-18T00:41:02.215243Z" + }, + "success": true, + "errors": [], + "messages": [] + }, + "responseIsBinary": false + }, + { + "scope": "https://api.cloudflare.com:443", + "method": "GET", + "path": { + "regex": "/client/v4/zones/[^/]+/dns_records\\?" + }, + "status": 200, + "response": { + "result": [], + "success": true, + "errors": [], + "messages": [], + "result_info": { + "page": 1, + "per_page": 100, + "count": 0, + "total_count": 0, + "total_pages": 1 + } + }, + "responseIsBinary": false + } + ] + """ + Then I poll and finalize the ACME order order as finalized_order And the value finalized_order.body with jq ".status" should be equal to "valid" And I parse the full-chain certificate from order finalized_order as cert And the value cert with jq ".subject.common_name" should be equal to "localhost" diff --git a/backend/bdd/features/steps/pki_acme.py b/backend/bdd/features/steps/pki_acme.py index 6c6e558520..46b10c13e0 100644 --- a/backend/bdd/features/steps/pki_acme.py +++ b/backend/bdd/features/steps/pki_acme.py @@ -22,6 +22,7 @@ from cryptography import x509 from cryptography.x509.oid import NameOID from cryptography.hazmat.primitives import hashes +from features.steps.utils import define_nock, clean_all_nock, restore_nock from utils import replace_vars, with_nocks from utils import eval_var from utils import prepare_headers @@ -267,6 +268,18 @@ def step_impl(context: Context, profile_var: str): ) +@given("I intercept outgoing requests") +def step_impl(context: Context): + definitions = replace_vars(json.loads(context.text), context.vars) + define_nock(context, definitions) + + +@then("I reset requests interceptions") +def step_impl(context: Context): + clean_all_nock(context) + restore_nock(context) + + @given("I use {token_var} for authentication") def step_impl(context: Context, token_var: str): context.auth_token = eval_var(context, token_var) diff --git a/backend/src/server/routes/v1/bdd-nock-router.ts b/backend/src/server/routes/v1/bdd-nock-router.ts index e8e0b06a16..b5b2aa448e 100644 --- a/backend/src/server/routes/v1/bdd-nock-router.ts +++ b/backend/src/server/routes/v1/bdd-nock-router.ts @@ -32,7 +32,18 @@ export const registerBddNockRouter = async (server: FastifyZodProvider) => { const { body } = req; const { definitions } = body; logger.info(definitions, "Defining nock"); - nock.define(definitions as Definition[]); + const processedDefinitions = definitions.map((definition: unknown) => { + const { path, ...rest } = definition as Definition; + return { + ...rest, + path: + path !== undefined && typeof path === "string" + ? path + : new RegExp((path as unknown as { regex: string }).regex ?? "") + } as Definition; + }); + + nock.define(processedDefinitions as Definition[]); // Ensure we are activating the nocks, because we could have called `nock.restore()` before this call. if (!nock.isActive()) { nock.activate(); diff --git a/backend/src/services/certificate-authority/acme/dns-providers/cloudflare.ts b/backend/src/services/certificate-authority/acme/dns-providers/cloudflare.ts index f4b12e657a..cf7725fddd 100644 --- a/backend/src/services/certificate-authority/acme/dns-providers/cloudflare.ts +++ b/backend/src/services/certificate-authority/acme/dns-providers/cloudflare.ts @@ -68,7 +68,9 @@ export const cloudflareDeleteTxtRecord = async ( }, params: { type: "TXT", - name: domain, + // TODO: this is incorrect. The domain seems need to be fqdn, but we are passing just the record name here. + // as a result, we are not deleting the record correctly. + // name: domain, content: value } }); diff --git a/docker-compose.bdd.yml b/docker-compose.bdd.yml index 7264ddae1a..b736838677 100644 --- a/docker-compose.bdd.yml +++ b/docker-compose.bdd.yml @@ -87,7 +87,10 @@ services: - 14000:14000 # ACME port - 15000:15000 # Management port environment: + # Do not perform validation sleep to make the BDD tests faster - PEBBLE_VA_NOSLEEP=1 + # Skip validation for now to make the BDD tests easier to write + - PEBBLE_VA_ALWAYS_VALID=1 volumes: - ./backend/bdd/pebble/:/var/data/pebble:ro