cert_watch 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/MIT-LICENSE +20 -0
- data/README.md +151 -0
- data/Rakefile +16 -0
- data/app/assets/javascripts/cert_watch/application.js +13 -0
- data/app/assets/stylesheets/cert_watch/application.css +15 -0
- data/app/controllers/cert_watch/application_controller.rb +5 -0
- data/app/jobs/cert_watch/install_certificate_job.rb +16 -0
- data/app/jobs/cert_watch/renew_certificate_job.rb +16 -0
- data/app/jobs/cert_watch/renew_expiring_certificates_job.rb +13 -0
- data/app/models/cert_watch/certificate.rb +42 -0
- data/app/views/layouts/cert_watch/application.html.erb +14 -0
- data/config/locales/de.yml +47 -0
- data/config/locales/en.yml +47 -0
- data/config/routes.rb +2 -0
- data/db/migrate/20160711193700_create_certificates.rb +18 -0
- data/lib/cert_watch/CHANGELOG.md +5 -0
- data/lib/cert_watch/certbot_client.rb +32 -0
- data/lib/cert_watch/client.rb +7 -0
- data/lib/cert_watch/configuration.rb +37 -0
- data/lib/cert_watch/domain_owner.rb +23 -0
- data/lib/cert_watch/engine.rb +10 -0
- data/lib/cert_watch/error.rb +4 -0
- data/lib/cert_watch/install_error.rb +4 -0
- data/lib/cert_watch/installer.rb +7 -0
- data/lib/cert_watch/pem_directory_installer.rb +55 -0
- data/lib/cert_watch/renew_error.rb +4 -0
- data/lib/cert_watch/sanitize.rb +13 -0
- data/lib/cert_watch/shell.rb +20 -0
- data/lib/cert_watch/version.rb +3 -0
- data/lib/cert_watch/views/all.rb +3 -0
- data/lib/cert_watch/views/certificate_state.rb +42 -0
- data/lib/cert_watch.rb +32 -0
- data/spec/cert_watch/certbot_client_spec.rb +53 -0
- data/spec/cert_watch/domain_owner_spec.rb +62 -0
- data/spec/cert_watch/pem_directory_installer_spec.rb +75 -0
- data/spec/cert_watch/sanitize_spec.rb +19 -0
- data/spec/cert_watch/shell_spec.rb +19 -0
- data/spec/cert_watch/views/certificate_state_spec.rb +33 -0
- data/spec/examples.txt +40 -0
- data/spec/factories/certificates.rb +6 -0
- data/spec/internal/config/database.yml +3 -0
- data/spec/internal/config/routes.rb +3 -0
- data/spec/internal/db/combustion_test.sqlite +0 -0
- data/spec/internal/db/schema.rb +7 -0
- data/spec/internal/log/jobs/test/cert_watch.log +3793 -0
- data/spec/internal/log/test.log +24187 -0
- data/spec/internal/public/favicon.ico +0 -0
- data/spec/jobs/cert_watch/renew_expiring_certificates_job_spec.rb +43 -0
- data/spec/models/cert_watch/certificate_spec.rb +102 -0
- data/spec/rails_helper.rb +45 -0
- data/spec/spec_helper.rb +98 -0
- data/spec/support/config/cert_watch.rb +7 -0
- data/spec/support/config/factory_girl.rb +11 -0
- data/spec/support/config/resque_logger.rb +16 -0
- data/spec/support/config/timecop.rb +21 -0
- data/spec/support/helpers/doubles.rb +28 -0
- data/spec/support/helpers/fixtures.rb +25 -0
- data/spec/support/helpers/inline_resque.rb +9 -0
- data/spec/support/helpers/view_component_example_group.rb +31 -0
- metadata +298 -0
File without changes
|
@@ -0,0 +1,43 @@
|
|
1
|
+
require 'rails_helper'
|
2
|
+
|
3
|
+
module CertWatch
|
4
|
+
RSpec.describe RenewExpiringCertificatesJob do
|
5
|
+
it 'triggers renewal of installed expiring certificates' do
|
6
|
+
certificate = create(:certificate, state: 'installed', last_renewed_at: 40.days.ago)
|
7
|
+
CertWatch.config.renewal_interval = 1.month
|
8
|
+
|
9
|
+
RenewExpiringCertificatesJob.perform
|
10
|
+
|
11
|
+
expect(certificate.reload.state).to eq('renewing')
|
12
|
+
end
|
13
|
+
|
14
|
+
it 'ignores uninstalled certificates' do
|
15
|
+
certificate = create(:certificate, state: 'abandoned', last_renewed_at: 40.days.ago)
|
16
|
+
CertWatch.config.renewal_interval = 1.month
|
17
|
+
|
18
|
+
RenewExpiringCertificatesJob.perform
|
19
|
+
|
20
|
+
expect(certificate.reload.state).to eq('abandoned')
|
21
|
+
end
|
22
|
+
|
23
|
+
it 'ignores not expiring certificates' do
|
24
|
+
certificate = create(:certificate, state: 'installed', last_renewed_at: 10.days.ago)
|
25
|
+
CertWatch.config.renewal_interval = 1.month
|
26
|
+
|
27
|
+
RenewExpiringCertificatesJob.perform
|
28
|
+
|
29
|
+
expect(certificate.reload.state).to eq('installed')
|
30
|
+
end
|
31
|
+
|
32
|
+
it 'limits number of renewed certificates to batch size' do
|
33
|
+
create(:certificate, state: 'installed', last_renewed_at: 40.days.ago)
|
34
|
+
create(:certificate, state: 'installed', last_renewed_at: 50.days.ago)
|
35
|
+
CertWatch.config.renewal_interval = 1.month
|
36
|
+
CertWatch.config.renewal_batch_size = 1
|
37
|
+
|
38
|
+
RenewExpiringCertificatesJob.perform
|
39
|
+
|
40
|
+
expect(Certificate.where(state: 'renewing').count).to eq(1)
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,102 @@
|
|
1
|
+
require 'rails_helper'
|
2
|
+
|
3
|
+
require 'support/helpers/doubles'
|
4
|
+
require 'support/helpers/inline_resque'
|
5
|
+
|
6
|
+
module CertWatch
|
7
|
+
RSpec.describe Certificate, inline_resque: true do
|
8
|
+
describe '#renew' do
|
9
|
+
it 'makes client renew certificate for domain' do
|
10
|
+
certificate = create(:certificate, domain: 'my.example.com')
|
11
|
+
|
12
|
+
certificate.renew!
|
13
|
+
|
14
|
+
expect(CertWatch.client).to have_received(:renew).with('my.example.com')
|
15
|
+
end
|
16
|
+
|
17
|
+
it 'installs certificate' do
|
18
|
+
certificate = create(:certificate, domain: 'my.example.com')
|
19
|
+
|
20
|
+
certificate.renew!
|
21
|
+
|
22
|
+
expect(CertWatch.installer).to have_received(:install).with('my.example.com')
|
23
|
+
end
|
24
|
+
|
25
|
+
it 'sets state to installed' do
|
26
|
+
certificate = create(:certificate, domain: 'my.example.com')
|
27
|
+
|
28
|
+
certificate.renew!
|
29
|
+
|
30
|
+
expect(certificate.reload.state).to eq('installed')
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'updates last_renewed_at attribute' do
|
34
|
+
certificate = create(:certificate,
|
35
|
+
domain: 'my.example.com',
|
36
|
+
last_renewed_at: 1.month.ago)
|
37
|
+
|
38
|
+
certificate.renew!
|
39
|
+
|
40
|
+
expect(certificate.reload.last_renewed_at).to eq(Time.now)
|
41
|
+
end
|
42
|
+
|
43
|
+
it 'updates last_installed_at attribute' do
|
44
|
+
certificate = create(:certificate,
|
45
|
+
domain: 'my.example.com',
|
46
|
+
last_installed_at: 1.month.ago)
|
47
|
+
|
48
|
+
certificate.renew!
|
49
|
+
|
50
|
+
expect(certificate.reload.last_installed_at).to eq(Time.now)
|
51
|
+
end
|
52
|
+
|
53
|
+
context 'when renew results in error' do
|
54
|
+
before do
|
55
|
+
CertWatch.client = Doubles.failing_client
|
56
|
+
end
|
57
|
+
|
58
|
+
it 'sets state to renewing_failed' do
|
59
|
+
certificate = create(:certificate, domain: 'my.example.com')
|
60
|
+
|
61
|
+
certificate.renew!
|
62
|
+
|
63
|
+
expect(certificate.reload.state).to eq('renewing_failed')
|
64
|
+
end
|
65
|
+
|
66
|
+
it 'updates last_renewal_failed_at attribute' do
|
67
|
+
certificate = create(:certificate,
|
68
|
+
domain: 'my.example.com',
|
69
|
+
last_renewal_failed_at: 1.month.ago)
|
70
|
+
|
71
|
+
certificate.renew!
|
72
|
+
|
73
|
+
expect(certificate.reload.last_renewal_failed_at).to eq(Time.now)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
context 'when install results in error' do
|
78
|
+
before do
|
79
|
+
CertWatch.installer = Doubles.failing_installer
|
80
|
+
end
|
81
|
+
|
82
|
+
it 'sets state to installing_failed' do
|
83
|
+
certificate = create(:certificate, domain: 'my.example.com')
|
84
|
+
|
85
|
+
certificate.renew!
|
86
|
+
|
87
|
+
expect(certificate.reload.state).to eq('installing_failed')
|
88
|
+
end
|
89
|
+
|
90
|
+
it 'updates last_install_failed_at attribute' do
|
91
|
+
certificate = create(:certificate,
|
92
|
+
domain: 'my.example.com',
|
93
|
+
last_install_failed_at: 1.month.ago)
|
94
|
+
|
95
|
+
certificate.renew!
|
96
|
+
|
97
|
+
expect(certificate.reload.last_install_failed_at).to eq(Time.now)
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
# This file is copied to spec/ when you run 'rails generate rspec:install'
|
2
|
+
ENV['RAILS_ENV'] ||= 'test'
|
3
|
+
|
4
|
+
require 'combustion'
|
5
|
+
Combustion.initialize! :all
|
6
|
+
|
7
|
+
# Prevent database truncation if the environment is production
|
8
|
+
abort('The Rails environment is running in production mode!') if Rails.env.production?
|
9
|
+
|
10
|
+
require 'spec_helper'
|
11
|
+
require 'rspec/rails'
|
12
|
+
# Add additional requires below this line. Rails is not loaded until this point!
|
13
|
+
|
14
|
+
require 'support/config/factory_girl'
|
15
|
+
require 'support/config/timecop'
|
16
|
+
require 'support/config/resque_logger'
|
17
|
+
require 'support/config/cert_watch'
|
18
|
+
|
19
|
+
# Checks for pending migration and applies them before tests are run.
|
20
|
+
# If you are not using ActiveRecord, you can remove this line.
|
21
|
+
ActiveRecord::Migration.maintain_test_schema!
|
22
|
+
|
23
|
+
RSpec.configure do |config|
|
24
|
+
# If you're not using ActiveRecord, or you'd prefer not to run each of your
|
25
|
+
# examples within a transaction, remove the following line or assign false
|
26
|
+
# instead of true.
|
27
|
+
config.use_transactional_fixtures = true
|
28
|
+
|
29
|
+
# Filter lines from Rails gems in backtraces.
|
30
|
+
config.filter_rails_from_backtrace!
|
31
|
+
# arbitrary gems may also be filtered via:
|
32
|
+
# config.filter_gems_from_backtrace("gem name")
|
33
|
+
|
34
|
+
config.when_first_matching_example_defined(inline_resque: true) do
|
35
|
+
require 'support/helpers/inline_resque'
|
36
|
+
end
|
37
|
+
|
38
|
+
config.when_first_matching_example_defined(fixture_files: true) do
|
39
|
+
require 'support/helpers/fixtures'
|
40
|
+
end
|
41
|
+
|
42
|
+
config.when_first_matching_example_defined(type: :view_component) do
|
43
|
+
require 'support/helpers/view_component_example_group'
|
44
|
+
end
|
45
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,98 @@
|
|
1
|
+
require 'coveralls'
|
2
|
+
Coveralls.wear!
|
3
|
+
|
4
|
+
# This file was generated by the `rails generate rspec:install` command. Conventionally, all
|
5
|
+
# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
|
6
|
+
# The generated `.rspec` file contains `--require spec_helper` which will cause
|
7
|
+
# this file to always be loaded, without a need to explicitly require it in any
|
8
|
+
# files.
|
9
|
+
#
|
10
|
+
# Given that it is always loaded, you are encouraged to keep this file as
|
11
|
+
# light-weight as possible. Requiring heavyweight dependencies from this file
|
12
|
+
# will add to the boot time of your test suite on EVERY test run, even for an
|
13
|
+
# individual file that may not need all of that loaded. Instead, consider making
|
14
|
+
# a separate helper file that requires the additional dependencies and performs
|
15
|
+
# the additional setup, and require it from the spec files that actually need
|
16
|
+
# it.
|
17
|
+
#
|
18
|
+
# The `.rspec` file also contains a few flags that are not defaults but that
|
19
|
+
# users commonly want.
|
20
|
+
#
|
21
|
+
# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
|
22
|
+
RSpec.configure do |config|
|
23
|
+
# rspec-expectations config goes here. You can use an alternate
|
24
|
+
# assertion/expectation library such as wrong or the stdlib/minitest
|
25
|
+
# assertions if you prefer.
|
26
|
+
config.expect_with :rspec do |expectations|
|
27
|
+
# This option will default to `true` in RSpec 4. It makes the `description`
|
28
|
+
# and `failure_message` of custom matchers include text for helper methods
|
29
|
+
# defined using `chain`, e.g.:
|
30
|
+
# be_bigger_than(2).and_smaller_than(4).description
|
31
|
+
# # => "be bigger than 2 and smaller than 4"
|
32
|
+
# ...rather than:
|
33
|
+
# # => "be bigger than 2"
|
34
|
+
expectations.include_chain_clauses_in_custom_matcher_descriptions = true
|
35
|
+
end
|
36
|
+
|
37
|
+
# rspec-mocks config goes here. You can use an alternate test double
|
38
|
+
# library (such as bogus or mocha) by changing the `mock_with` option here.
|
39
|
+
config.mock_with :rspec do |mocks|
|
40
|
+
# Prevents you from mocking or stubbing a method that does not exist on
|
41
|
+
# a real object. This is generally recommended, and will default to
|
42
|
+
# `true` in RSpec 4.
|
43
|
+
mocks.verify_partial_doubles = true
|
44
|
+
end
|
45
|
+
|
46
|
+
# This option will default to `:apply_to_host_groups` in RSpec 4 (and will
|
47
|
+
# have no way to turn it off -- the option exists only for backwards
|
48
|
+
# compatibility in RSpec 3). It causes shared context metadata to be
|
49
|
+
# inherited by the metadata hash of host groups and examples, rather than
|
50
|
+
# triggering implicit auto-inclusion in groups with matching metadata.
|
51
|
+
config.shared_context_metadata_behavior = :apply_to_host_groups
|
52
|
+
|
53
|
+
# This allows you to limit a spec run to individual examples or groups
|
54
|
+
# you care about by tagging them with `:focus` metadata. When nothing
|
55
|
+
# is tagged with `:focus`, all examples get run. RSpec also provides
|
56
|
+
# aliases for `it`, `describe`, and `context` that include `:focus`
|
57
|
+
# metadata: `fit`, `fdescribe` and `fcontext`, respectively.
|
58
|
+
config.filter_run_when_matching :focus
|
59
|
+
|
60
|
+
# Allows RSpec to persist some state between runs in order to support
|
61
|
+
# the `--only-failures` and `--next-failure` CLI options. We recommend
|
62
|
+
# you configure your source control system to ignore this file.
|
63
|
+
config.example_status_persistence_file_path = 'spec/examples.txt'
|
64
|
+
|
65
|
+
# Limits the available syntax to the non-monkey patched syntax that is
|
66
|
+
# recommended. For more details, see:
|
67
|
+
# - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
|
68
|
+
# - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
|
69
|
+
# - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
|
70
|
+
config.disable_monkey_patching!
|
71
|
+
|
72
|
+
# Many RSpec users commonly either run the entire suite or an individual
|
73
|
+
# file, and it's useful to allow more verbose output when running an
|
74
|
+
# individual spec file.
|
75
|
+
if config.files_to_run.one?
|
76
|
+
# Use the documentation formatter for detailed output,
|
77
|
+
# unless a formatter has already been configured
|
78
|
+
# (e.g. via a command-line flag).
|
79
|
+
config.default_formatter = 'doc'
|
80
|
+
end
|
81
|
+
|
82
|
+
# Print the 10 slowest examples and example groups at the
|
83
|
+
# end of the spec run, to help surface which specs are running
|
84
|
+
# particularly slow.
|
85
|
+
config.profile_examples = 10
|
86
|
+
|
87
|
+
# Run specs in random order to surface order dependencies. If you find an
|
88
|
+
# order dependency and want to debug it, you can fix the order by providing
|
89
|
+
# the seed, which is printed after each run.
|
90
|
+
# --seed 1234
|
91
|
+
config.order = :random
|
92
|
+
|
93
|
+
# Seed global randomization in this process using the `--seed` CLI option.
|
94
|
+
# Setting this allows you to use `--seed` to deterministically reproduce
|
95
|
+
# test failures related to randomization by passing the same `--seed` value
|
96
|
+
# as the one that triggered the failure.
|
97
|
+
Kernel.srand config.seed
|
98
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
require 'factory_girl_rails'
|
2
|
+
|
3
|
+
RSpec.configure do |config|
|
4
|
+
# Allow to use build and create methods without FactoryGirl prefix.
|
5
|
+
config.include FactoryGirl::Syntax::Methods
|
6
|
+
|
7
|
+
# Make sure factories are up to date when using spring
|
8
|
+
config.before(:all) do
|
9
|
+
FactoryGirl.reload
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require 'fileutils'
|
2
|
+
log_dir = Rails.root.join('log', 'jobs', Rails.env)
|
3
|
+
|
4
|
+
RSpec.configure do |config|
|
5
|
+
config.before(:all) do
|
6
|
+
FileUtils.mkdir_p(log_dir)
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
Resque.logger_config = {
|
11
|
+
folder: log_dir,
|
12
|
+
class_name: Logger,
|
13
|
+
class_args: ['daily', 1.kilobyte],
|
14
|
+
level: Logger::INFO,
|
15
|
+
formatter: Logger::Formatter.new
|
16
|
+
}
|
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'timecop'
|
2
|
+
|
3
|
+
RSpec.configure do |config|
|
4
|
+
config.before(:each) do
|
5
|
+
Timecop.freeze(Time.local(2013))
|
6
|
+
end
|
7
|
+
|
8
|
+
config.before(:each, capybara_feature: true) do
|
9
|
+
# Do not freeze time in capybara tests to enable waiting for elements
|
10
|
+
Timecop.travel(Time.local(2013))
|
11
|
+
end
|
12
|
+
|
13
|
+
config.before(:each, integration: true) do
|
14
|
+
# Do not freeze time in integration tests
|
15
|
+
Timecop.return
|
16
|
+
end
|
17
|
+
|
18
|
+
config.after(:each) do
|
19
|
+
Timecop.return
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module Doubles
|
2
|
+
extend RSpec::Mocks::ExampleMethods
|
3
|
+
extend self
|
4
|
+
|
5
|
+
def client
|
6
|
+
instance_double('CertWatch::Client').tap do |double|
|
7
|
+
allow(double).to receive(:renew).and_return(:ok)
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
def failing_client
|
12
|
+
instance_double('CertWatch::Client').tap do |double|
|
13
|
+
allow(double).to receive(:renew).and_raise(CertWatch::RenewError)
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
def installer
|
18
|
+
instance_double('CertWatch::Installer').tap do |double|
|
19
|
+
allow(double).to receive(:install).and_return(:ok)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
def failing_installer
|
24
|
+
instance_double('CertWatch::Installer').tap do |double|
|
25
|
+
allow(double).to receive(:install).and_raise(CertWatch::InstallError)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'fileutils'
|
2
|
+
|
3
|
+
module Fixtures
|
4
|
+
extend self
|
5
|
+
|
6
|
+
def directory(path)
|
7
|
+
FileUtils.mkdir_p(path)
|
8
|
+
end
|
9
|
+
|
10
|
+
def file(path, contents = '')
|
11
|
+
FileUtils.mkdir_p(File.dirname(path))
|
12
|
+
File.write(path, contents)
|
13
|
+
Pathname.new(path)
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
RSpec.configure do |config|
|
18
|
+
config.around(:example, fixture_files: true) do |example|
|
19
|
+
Dir.mktmpdir('cert_watch_spec') do |dir|
|
20
|
+
Dir.chdir(dir) do
|
21
|
+
example.call
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module ViewComponentExampleGroup
|
2
|
+
extend ActiveSupport::Concern
|
3
|
+
include RSpec::Rails::RailsExampleGroup
|
4
|
+
include ActionView::TestCase::Behavior
|
5
|
+
include Capybara::RSpecMatchers
|
6
|
+
|
7
|
+
included do
|
8
|
+
attr_reader :rendered
|
9
|
+
end
|
10
|
+
|
11
|
+
def arbre(&block)
|
12
|
+
Arbre::Context.new({}, _view, &block)
|
13
|
+
end
|
14
|
+
|
15
|
+
def helper
|
16
|
+
_view
|
17
|
+
end
|
18
|
+
|
19
|
+
def render(builder_method, *args, &block)
|
20
|
+
@rendered =
|
21
|
+
if block_given?
|
22
|
+
arbre(&block).to_s
|
23
|
+
else
|
24
|
+
arbre.send(builder_method, *args, &block)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
RSpec.configure do |config|
|
30
|
+
config.include(ViewComponentExampleGroup, type: :view_component)
|
31
|
+
end
|