Fix broken tests

2026-01-08 23:18:05 -05:00 · 2025-12-01 21:38:05 -08:00
parent a688389599
commit 91b916c9ad
2 changed files with 42 additions and 47 deletions
--- a/backend/bdd/features/pki/acme/challenge.feature
+++ b/backend/bdd/features/pki/acme/challenge.feature
@@ -85,13 +85,12 @@ Feature: Challenge
    When I create certificate signing request as csr
    Then I add names to certificate signing request csr
      """
-      {
-        "COMMON_NAME": "localhost"
-      }
+      {}
      """
    And I add subject alternative name to certificate signing request csr
      """
      [
+        "localhost",
        "infisical.com"
      ]
      """
@@ -104,56 +103,19 @@ Feature: Challenge

    # the localhost auth should be valid
    And I memorize order with jq ".authorizations | map(select(.body.identifier.value == "localhost")) | first | .uri" as localhost_auth
-    And I peak and memorize the next nonce as nonce
-    When I send a raw ACME request to "{localhost_auth}"
-      """
-      {
-        "protected": {
-          "alg": "RS256",
-          "nonce": "{nonce}",
-          "url": "{localhost_auth}",
-          "kid": "{acme_account.uri}"
-        }
-      }
-      """
-    Then the value response.status_code should be equal to 200
-    And the value response with jq ".status" should be equal to "valid"
+    And I wait until the status of authorization localhost_auth becomes valid

    # the infisical.com auth should still be pending
    And I memorize order with jq ".authorizations | map(select(.body.identifier.value == "infisical.com")) | first | .uri" as infisical_auth
-    And I memorize response.headers with jq ".["replay-nonce"]" as nonce
-    When I send a raw ACME request to "{infisical_auth}"
-      """
-      {
-        "protected": {
-          "alg": "RS256",
-          "nonce": "{nonce}",
-          "url": "{infisical_auth}",
-          "kid": "{acme_account.uri}"
-        }
-      }
-      """
-    Then the value response.status_code should be equal to 200
-    And the value response with jq ".status" should be equal to "pending"
+    And I post-as-get {infisical_auth} as infisical_auth_resp
+    And the value infisical_auth_resp with jq ".status" should be equal to "pending"

    # the order should be pending as well
-    And I memorize response.headers with jq ".["replay-nonce"]" as nonce
-    When I send a raw ACME request to "{order.uri}"
-      """
-      {
-        "protected": {
-          "alg": "RS256",
-          "nonce": "{nonce}",
-          "url": "{order.uri}",
-          "kid": "{acme_account.uri}"
-        }
-      }
-      """
-    Then the value response.status_code should be equal to 200
-    And the value response with jq ".status" should be equal to "pending"
+    And I post-as-get {order.uri} as order_resp
+    And the value order_resp with jq ".status" should be equal to "pending"

    # finalize should not be allowed when all auths are not valid yet
-    And I memorize response.headers with jq ".["replay-nonce"]" as nonce
+    And I get a new-nonce as nonce
    When I send a raw ACME request to "{order.body.finalize}"
      """
      {
--- a/backend/bdd/features/steps/pki_acme.py
+++ b/backend/bdd/features/steps/pki_acme.py
@@ -726,6 +726,15 @@ def step_impl(context: Context, var_path: str, jq_query, var_name: str):
    context.vars[var_name] = value


+@then("I get a new-nonce as {var_name}")
+def step_impl(context: Context, var_name: str):
+    acme_client = context.acme_client
+    nonce = acme_client.net._get_nonce(
+        url=None, new_nonce_url=acme_client.directory.newNonce
+    )
+    context.vars[var_name] = json_util.encode_b64jose(nonce)
+
+
@then("I peak and memorize the next nonce as {var_name}")
 def step_impl(context: Context, var_name: str):
    acme_client = context.acme_client
@@ -951,11 +960,35 @@ def step_impl(context: Context, order_var: str, status: str):
        order = messages.Order.from_json(response.json())
        if order.status.name == status:
            return
-        acme_client -= 1
+        attempt_count -= 1
        time.sleep(10)
    raise TimeoutError(f"The status of order doesn't become {status} before timeout")


+@then("I wait until the status of authorization {auth_var} becomes {status}")
+def step_impl(context: Context, auth_var: str, status: str):
+    acme_client = context.acme_client
+    attempt_count = 6
+    while attempt_count:
+        auth = eval_var(context, auth_var, as_json=False)
+        response = acme_client._post_as_get(
+            auth.uri if isinstance(auth, messages.Authorization) else auth
+        )
+        auth = messages.Authorization.from_json(response.json())
+        if auth.status.name == status:
+            return
+        attempt_count -= 1
+        time.sleep(10)
+    raise TimeoutError(f"The status of auth doesn't become {status} before timeout")
+
+
+@then("I post-as-get {uri} as {resp_var}")
+def step_impl(context: Context, uri: str, resp_var: str):
+    acme_client = context.acme_client
+    response = acme_client._post_as_get(replace_vars(uri, vars=context.vars))
+    context.vars[resp_var] = response.json()
+
+
@then("I poll and finalize the ACME order {var_path} as {finalized_var}")
 def step_impl(context: Context, var_path: str, finalized_var: str):
    order = eval_var(context, var_path, as_json=False)