mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2025-08-03 17:44:49 +02:00
tests(refactor): Improve consistency and documentation for test helpers (#3012)
This commit is contained in:
parent
fb82082cf1
commit
e3c4ef76c6
32 changed files with 936 additions and 656 deletions
|
@ -27,7 +27,7 @@ function setup_file() {
|
|||
# Only interferes (potential test failure) with `assert_output` not `assert_success`?
|
||||
docker pull drwetter/testssl.sh:3.1dev
|
||||
|
||||
# Only used in `should_support_expected_cipherlists()` to set a storage location for `testssl.sh` JSON output:
|
||||
# Only used in `_should_support_expected_cipherlists()` to set a storage location for `testssl.sh` JSON output:
|
||||
# `${BATS_TMPDIR}` maps to `/tmp`: https://bats-core.readthedocs.io/en/v1.8.2/writing-tests.html#special-variables
|
||||
export TLS_RESULTS_DIR="${BATS_TMPDIR}/results"
|
||||
}
|
||||
|
@ -39,38 +39,38 @@ function teardown_file() {
|
|||
function teardown() { _default_teardown ; }
|
||||
|
||||
@test "'TLS_LEVEL=intermediate' + RSA" {
|
||||
configure_and_run_dms_container 'intermediate' 'rsa'
|
||||
should_support_expected_cipherlists
|
||||
_configure_and_run_dms_container 'intermediate' 'rsa'
|
||||
_should_support_expected_cipherlists
|
||||
}
|
||||
|
||||
@test "'TLS_LEVEL=intermediate' + ECDSA" {
|
||||
configure_and_run_dms_container 'intermediate' 'ecdsa'
|
||||
should_support_expected_cipherlists
|
||||
_configure_and_run_dms_container 'intermediate' 'ecdsa'
|
||||
_should_support_expected_cipherlists
|
||||
}
|
||||
|
||||
# Only ECDSA with an RSA fallback is tested.
|
||||
# There isn't a situation where RSA with an ECDSA fallback would make sense.
|
||||
@test "'TLS_LEVEL=intermediate' + ECDSA with RSA fallback" {
|
||||
configure_and_run_dms_container 'intermediate' 'ecdsa' 'rsa'
|
||||
should_support_expected_cipherlists
|
||||
_configure_and_run_dms_container 'intermediate' 'ecdsa' 'rsa'
|
||||
_should_support_expected_cipherlists
|
||||
}
|
||||
|
||||
@test "'TLS_LEVEL=modern' + RSA" {
|
||||
configure_and_run_dms_container 'modern' 'rsa'
|
||||
should_support_expected_cipherlists
|
||||
_configure_and_run_dms_container 'modern' 'rsa'
|
||||
_should_support_expected_cipherlists
|
||||
}
|
||||
|
||||
@test "'TLS_LEVEL=modern' + ECDSA" {
|
||||
configure_and_run_dms_container 'modern' 'ecdsa'
|
||||
should_support_expected_cipherlists
|
||||
_configure_and_run_dms_container 'modern' 'ecdsa'
|
||||
_should_support_expected_cipherlists
|
||||
}
|
||||
|
||||
@test "'TLS_LEVEL=modern' + ECDSA with RSA fallback" {
|
||||
configure_and_run_dms_container 'modern' 'ecdsa' 'rsa'
|
||||
should_support_expected_cipherlists
|
||||
_configure_and_run_dms_container 'modern' 'ecdsa' 'rsa'
|
||||
_should_support_expected_cipherlists
|
||||
}
|
||||
|
||||
function configure_and_run_dms_container() {
|
||||
function _configure_and_run_dms_container() {
|
||||
local TLS_LEVEL=$1
|
||||
local KEY_TYPE=$2
|
||||
local ALT_KEY_TYPE=$3 # Optional parameter
|
||||
|
@ -106,23 +106,23 @@ function configure_and_run_dms_container() {
|
|||
)
|
||||
fi
|
||||
|
||||
init_with_defaults
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
wait_for_smtp_port_in_container "${CONTAINER_NAME}"
|
||||
_init_with_defaults
|
||||
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
_wait_for_smtp_port_in_container
|
||||
}
|
||||
|
||||
function should_support_expected_cipherlists() {
|
||||
function _should_support_expected_cipherlists() {
|
||||
# Make a directory with test user ownership. Avoids Docker creating this with root ownership.
|
||||
# TODO: Can switch to filename prefix for JSON output when this is resolved: https://github.com/drwetter/testssl.sh/issues/1845
|
||||
local RESULTS_PATH="${TLS_RESULTS_DIR}/${TEST_VARIANT}"
|
||||
mkdir -p "${RESULTS_PATH}"
|
||||
|
||||
collect_cipherlists
|
||||
verify_cipherlists
|
||||
_collect_cipherlists
|
||||
_verify_cipherlists
|
||||
}
|
||||
|
||||
# Verify that the collected results match our expected cipherlists:
|
||||
function verify_cipherlists() {
|
||||
function _verify_cipherlists() {
|
||||
# SMTP: Opportunistic STARTTLS Explicit(25)
|
||||
# Needs to test against cipher lists specific to Port 25 ('_p25' parameter)
|
||||
check_cipherlists "${RESULTS_PATH}/port_25.json" '_p25'
|
||||
|
@ -141,7 +141,7 @@ function verify_cipherlists() {
|
|||
}
|
||||
|
||||
# Using `testssl.sh` we can test each port to collect a list of supported cipher suites (ordered):
|
||||
function collect_cipherlists() {
|
||||
function _collect_cipherlists() {
|
||||
# NOTE: An rDNS query for the container IP will resolve to `<container name>.<network name>.`
|
||||
|
||||
# For non-CI test runs, instead of removing prior test files after this test suite completes,
|
||||
|
|
|
@ -14,7 +14,7 @@ function teardown() { _default_teardown ; }
|
|||
# Similar to BATS `setup()` method, but invoked manually after
|
||||
# CONTAINER_NAME has been adjusted for the running testcase.
|
||||
function _initial_setup() {
|
||||
init_with_defaults
|
||||
_init_with_defaults
|
||||
|
||||
# Prepare certificates in the letsencrypt supported file structure:
|
||||
# NOTE: Certbot uses `privkey.pem`.
|
||||
|
@ -41,7 +41,7 @@ function _initial_setup() {
|
|||
--env PERMIT_DOCKER='container'
|
||||
--env SSL_TYPE='letsencrypt'
|
||||
)
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
|
||||
# Test that certificate files exist for the configured `hostname`:
|
||||
_should_have_valid_config "${TARGET_DOMAIN}" 'privkey.pem' 'fullchain.pem'
|
||||
|
@ -61,7 +61,7 @@ function _initial_setup() {
|
|||
--env PERMIT_DOCKER='container'
|
||||
--env SSL_TYPE='letsencrypt'
|
||||
)
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
|
||||
#test domain has certificate files
|
||||
_should_have_valid_config "${TARGET_DOMAIN}" 'privkey.pem' 'fullchain.pem'
|
||||
|
@ -102,8 +102,8 @@ function _initial_setup() {
|
|||
--env SSL_DOMAIN='*.example.test'
|
||||
--env SSL_TYPE='letsencrypt'
|
||||
)
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
wait_for_service "${CONTAINER_NAME}" 'changedetector'
|
||||
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
_wait_for_service 'changedetector'
|
||||
}
|
||||
|
||||
# Test `acme.json` extraction works at container startup:
|
||||
|
@ -180,7 +180,7 @@ function _should_have_valid_config() {
|
|||
|
||||
# CMD ${1} run in container with output checked to match value of ${2}:
|
||||
function _has_matching_line() {
|
||||
_run_in_container bash -c "${1} | grep '${2}'"
|
||||
_run_in_container_bash "${1} | grep '${2}'"
|
||||
assert_output "${2}"
|
||||
}
|
||||
|
||||
|
@ -207,7 +207,7 @@ function _should_extract_on_changes() {
|
|||
local ACME_JSON=${2}
|
||||
|
||||
cp "${ACME_JSON}" "${TEST_TMP_CONFIG}/letsencrypt/acme.json"
|
||||
wait_until_change_detection_event_completes "${CONTAINER_NAME}"
|
||||
_wait_until_change_detection_event_completes
|
||||
|
||||
# Expected log lines from the changedetector service:
|
||||
run _get_logs_since_last_change_detection "${CONTAINER_NAME}"
|
||||
|
|
|
@ -30,10 +30,10 @@ function setup_file() {
|
|||
--env SSL_ALT_CERT_PATH="${SSL_ALT_CERT_PATH}"
|
||||
)
|
||||
|
||||
init_with_defaults
|
||||
# Override the default set in `common_container_setup`:
|
||||
_init_with_defaults
|
||||
# Override the default set in `_common_container_setup`:
|
||||
export TEST_FQDN="mail.${TEST_DOMAIN}"
|
||||
common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
_common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
|
||||
}
|
||||
|
||||
function teardown_file() { _default_teardown ; }
|
||||
|
@ -90,7 +90,7 @@ function teardown_file() { _default_teardown ; }
|
|||
}
|
||||
|
||||
@test "manual cert works correctly" {
|
||||
wait_for_tcp_port_in_container 587 "${CONTAINER_NAME}"
|
||||
_wait_for_tcp_port_in_container 587
|
||||
|
||||
local TEST_COMMAND=(timeout 1 openssl s_client -connect mail.example.test:587 -starttls smtp)
|
||||
local RESULT
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue