cert_watch 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/MIT-LICENSE +20 -0
- data/README.md +151 -0
- data/Rakefile +16 -0
- data/app/assets/javascripts/cert_watch/application.js +13 -0
- data/app/assets/stylesheets/cert_watch/application.css +15 -0
- data/app/controllers/cert_watch/application_controller.rb +5 -0
- data/app/jobs/cert_watch/install_certificate_job.rb +16 -0
- data/app/jobs/cert_watch/renew_certificate_job.rb +16 -0
- data/app/jobs/cert_watch/renew_expiring_certificates_job.rb +13 -0
- data/app/models/cert_watch/certificate.rb +42 -0
- data/app/views/layouts/cert_watch/application.html.erb +14 -0
- data/config/locales/de.yml +47 -0
- data/config/locales/en.yml +47 -0
- data/config/routes.rb +2 -0
- data/db/migrate/20160711193700_create_certificates.rb +18 -0
- data/lib/cert_watch/CHANGELOG.md +5 -0
- data/lib/cert_watch/certbot_client.rb +32 -0
- data/lib/cert_watch/client.rb +7 -0
- data/lib/cert_watch/configuration.rb +37 -0
- data/lib/cert_watch/domain_owner.rb +23 -0
- data/lib/cert_watch/engine.rb +10 -0
- data/lib/cert_watch/error.rb +4 -0
- data/lib/cert_watch/install_error.rb +4 -0
- data/lib/cert_watch/installer.rb +7 -0
- data/lib/cert_watch/pem_directory_installer.rb +55 -0
- data/lib/cert_watch/renew_error.rb +4 -0
- data/lib/cert_watch/sanitize.rb +13 -0
- data/lib/cert_watch/shell.rb +20 -0
- data/lib/cert_watch/version.rb +3 -0
- data/lib/cert_watch/views/all.rb +3 -0
- data/lib/cert_watch/views/certificate_state.rb +42 -0
- data/lib/cert_watch.rb +32 -0
- data/spec/cert_watch/certbot_client_spec.rb +53 -0
- data/spec/cert_watch/domain_owner_spec.rb +62 -0
- data/spec/cert_watch/pem_directory_installer_spec.rb +75 -0
- data/spec/cert_watch/sanitize_spec.rb +19 -0
- data/spec/cert_watch/shell_spec.rb +19 -0
- data/spec/cert_watch/views/certificate_state_spec.rb +33 -0
- data/spec/examples.txt +40 -0
- data/spec/factories/certificates.rb +6 -0
- data/spec/internal/config/database.yml +3 -0
- data/spec/internal/config/routes.rb +3 -0
- data/spec/internal/db/combustion_test.sqlite +0 -0
- data/spec/internal/db/schema.rb +7 -0
- data/spec/internal/log/jobs/test/cert_watch.log +3793 -0
- data/spec/internal/log/test.log +24187 -0
- data/spec/internal/public/favicon.ico +0 -0
- data/spec/jobs/cert_watch/renew_expiring_certificates_job_spec.rb +43 -0
- data/spec/models/cert_watch/certificate_spec.rb +102 -0
- data/spec/rails_helper.rb +45 -0
- data/spec/spec_helper.rb +98 -0
- data/spec/support/config/cert_watch.rb +7 -0
- data/spec/support/config/factory_girl.rb +11 -0
- data/spec/support/config/resque_logger.rb +16 -0
- data/spec/support/config/timecop.rb +21 -0
- data/spec/support/helpers/doubles.rb +28 -0
- data/spec/support/helpers/fixtures.rb +25 -0
- data/spec/support/helpers/inline_resque.rb +9 -0
- data/spec/support/helpers/view_component_example_group.rb +31 -0
- metadata +298 -0
File without changes
|
@@ -0,0 +1,43 @@
|
|
1
|
+
require 'rails_helper'
|
2
|
+
|
3
|
+
module CertWatch
|
4
|
+
RSpec.describe RenewExpiringCertificatesJob do
|
5
|
+
it 'triggers renewal of installed expiring certificates' do
|
6
|
+
certificate = create(:certificate, state: 'installed', last_renewed_at: 40.days.ago)
|
7
|
+
CertWatch.config.renewal_interval = 1.month
|
8
|
+
|
9
|
+
RenewExpiringCertificatesJob.perform
|
10
|
+
|
11
|
+
expect(certificate.reload.state).to eq('renewing')
|
12
|
+
end
|
13
|
+
|
14
|
+
it 'ignores uninstalled certificates' do
|
15
|
+
certificate = create(:certificate, state: 'abandoned', last_renewed_at: 40.days.ago)
|
16
|
+
CertWatch.config.renewal_interval = 1.month
|
17
|
+
|
18
|
+
RenewExpiringCertificatesJob.perform
|
19
|
+
|
20
|
+
expect(certificate.reload.state).to eq('abandoned')
|
21
|
+
end
|
22
|
+
|
23
|
+
it 'ignores not expiring certificates' do
|
24
|
+
certificate = create(:certificate, state: 'installed', last_renewed_at: 10.days.ago)
|
25
|
+
CertWatch.config.renewal_interval = 1.month
|
26
|
+
|
27
|
+
RenewExpiringCertificatesJob.perform
|
28
|
+
|
29
|
+
expect(certificate.reload.state).to eq('installed')
|
30
|
+
end
|
31
|
+
|
32
|
+
it 'limits number of renewed certificates to batch size' do
|
33
|
+
create(:certificate, state: 'installed', last_renewed_at: 40.days.ago)
|
34
|
+
create(:certificate, state: 'installed', last_renewed_at: 50.days.ago)
|
35
|
+
CertWatch.config.renewal_interval = 1.month
|
36
|
+
CertWatch.config.renewal_batch_size = 1
|
37
|
+
|
38
|
+
RenewExpiringCertificatesJob.perform
|
39
|
+
|
40
|
+
expect(Certificate.where(state: 'renewing').count).to eq(1)
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,102 @@
|
|
1
|
+
require 'rails_helper'
|
2
|
+
|
3
|
+
require 'support/helpers/doubles'
|
4
|
+
require 'support/helpers/inline_resque'
|
5
|
+
|
6
|
+
module CertWatch
|
7
|
+
RSpec.describe Certificate, inline_resque: true do
|
8
|
+
describe '#renew' do
|
9
|
+
it 'makes client renew certificate for domain' do
|
10
|
+
certificate = create(:certificate, domain: 'my.example.com')
|
11
|
+
|
12
|
+
certificate.renew!
|
13
|
+
|
14
|
+
expect(CertWatch.client).to have_received(:renew).with('my.example.com')
|
15
|
+
end
|
16
|
+
|
17
|
+
it 'installs certificate' do
|
18
|
+
certificate = create(:certificate, domain: 'my.example.com')
|
19
|
+
|
20
|
+
certificate.renew!
|
21
|
+
|
22
|
+
expect(CertWatch.installer).to have_received(:install).with('my.example.com')
|
23
|
+
end
|
24
|
+
|
25
|
+
it 'sets state to installed' do
|
26
|
+
certificate = create(:certificate, domain: 'my.example.com')
|
27
|
+
|
28
|
+
certificate.renew!
|
29
|
+
|
30
|
+
expect(certificate.reload.state).to eq('installed')
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'updates last_renewed_at attribute' do
|
34
|
+
certificate = create(:certificate,
|
35
|
+
domain: 'my.example.com',
|
36
|
+
last_renewed_at: 1.month.ago)
|
37
|
+
|
38
|
+
certificate.renew!
|
39
|
+
|
40
|
+
expect(certificate.reload.last_renewed_at).to eq(Time.now)
|
41
|
+
end
|
42
|
+
|
43
|
+
it 'updates last_installed_at attribute' do
|
44
|
+
certificate = create(:certificate,
|
45
|
+
domain: 'my.example.com',
|
46
|
+
last_installed_at: 1.month.ago)
|
47
|
+
|
48
|
+
certificate.renew!
|
49
|
+
|
50
|
+
expect(certificate.reload.last_installed_at).to eq(Time.now)
|
51
|
+
end
|
52
|
+
|
53
|
+
context 'when renew results in error' do
|
54
|
+
before do
|
55
|
+
CertWatch.client = Doubles.failing_client
|
56
|
+
end
|
57
|
+
|
58
|
+
it 'sets state to renewing_failed' do
|
59
|
+
certificate = create(:certificate, domain: 'my.example.com')
|
60
|
+
|
61
|
+
certificate.renew!
|
62
|
+
|
63
|
+
expect(certificate.reload.state).to eq('renewing_failed')
|
64
|
+
end
|
65
|
+
|
66
|
+
it 'updates last_renewal_failed_at attribute' do
|
67
|
+
certificate = create(:certificate,
|
68
|
+
domain: 'my.example.com',
|
69
|
+
last_renewal_failed_at: 1.month.ago)
|
70
|
+
|
71
|
+
certificate.renew!
|
72
|
+
|
73
|
+
expect(certificate.reload.last_renewal_failed_at).to eq(Time.now)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
context 'when install results in error' do
|
78
|
+
before do
|
79
|
+
CertWatch.installer = Doubles.failing_installer
|
80
|
+
end
|
81
|
+
|
82
|
+
it 'sets state to installing_failed' do
|
83
|
+
certificate = create(:certificate, domain: 'my.example.com')
|
84
|
+
|
85
|
+
certificate.renew!
|
86
|
+
|
87
|
+
expect(certificate.reload.state).to eq('installing_failed')
|
88
|
+
end
|
89
|
+
|
90
|
+
it 'updates last_install_failed_at attribute' do
|
91
|
+
certificate = create(:certificate,
|
92
|
+
domain: 'my.example.com',
|
93
|
+
last_install_failed_at: 1.month.ago)
|
94
|
+
|
95
|
+
certificate.renew!
|
96
|
+
|
97
|
+
expect(certificate.reload.last_install_failed_at).to eq(Time.now)
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
# This file is copied to spec/ when you run 'rails generate rspec:install'
|
2
|
+
ENV['RAILS_ENV'] ||= 'test'
|
3
|
+
|
4
|
+
require 'combustion'
|
5
|
+
Combustion.initialize! :all
|
6
|
+
|
7
|
+
# Prevent database truncation if the environment is production
|
8
|
+
abort('The Rails environment is running in production mode!') if Rails.env.production?
|
9
|
+
|
10
|
+
require 'spec_helper'
|
11
|
+
require 'rspec/rails'
|
12
|
+
# Add additional requires below this line. Rails is not loaded until this point!
|
13
|
+
|
14
|
+
require 'support/config/factory_girl'
|
15
|
+
require 'support/config/timecop'
|
16
|
+
require 'support/config/resque_logger'
|
17
|
+
require 'support/config/cert_watch'
|
18
|
+
|
19
|
+
# Checks for pending migration and applies them before tests are run.
|
20
|
+
# If you are not using ActiveRecord, you can remove this line.
|
21
|
+
ActiveRecord::Migration.maintain_test_schema!
|
22
|
+
|
23
|
+
RSpec.configure do |config|
|
24
|
+
# If you're not using ActiveRecord, or you'd prefer not to run each of your
|
25
|
+
# examples within a transaction, remove the following line or assign false
|
26
|
+
# instead of true.
|
27
|
+
config.use_transactional_fixtures = true
|
28
|
+
|
29
|
+
# Filter lines from Rails gems in backtraces.
|
30
|
+
config.filter_rails_from_backtrace!
|
31
|
+
# arbitrary gems may also be filtered via:
|
32
|
+
# config.filter_gems_from_backtrace("gem name")
|
33
|
+
|
34
|
+
config.when_first_matching_example_defined(inline_resque: true) do
|
35
|
+
require 'support/helpers/inline_resque'
|
36
|
+
end
|
37
|
+
|
38
|
+
config.when_first_matching_example_defined(fixture_files: true) do
|
39
|
+
require 'support/helpers/fixtures'
|
40
|
+
end
|
41
|
+
|
42
|
+
config.when_first_matching_example_defined(type: :view_component) do
|
43
|
+
require 'support/helpers/view_component_example_group'
|
44
|
+
end
|
45
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,98 @@
|
|
1
|
+
require 'coveralls'
|
2
|
+
Coveralls.wear!
|
3
|
+
|
4
|
+
# This file was generated by the `rails generate rspec:install` command. Conventionally, all
|
5
|
+
# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
|
6
|
+
# The generated `.rspec` file contains `--require spec_helper` which will cause
|
7
|
+
# this file to always be loaded, without a need to explicitly require it in any
|
8
|
+
# files.
|
9
|
+
#
|
10
|
+
# Given that it is always loaded, you are encouraged to keep this file as
|
11
|
+
# light-weight as possible. Requiring heavyweight dependencies from this file
|
12
|
+
# will add to the boot time of your test suite on EVERY test run, even for an
|
13
|
+
# individual file that may not need all of that loaded. Instead, consider making
|
14
|
+
# a separate helper file that requires the additional dependencies and performs
|
15
|
+
# the additional setup, and require it from the spec files that actually need
|
16
|
+
# it.
|
17
|
+
#
|
18
|
+
# The `.rspec` file also contains a few flags that are not defaults but that
|
19
|
+
# users commonly want.
|
20
|
+
#
|
21
|
+
# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
|
22
|
+
RSpec.configure do |config|
|
23
|
+
# rspec-expectations config goes here. You can use an alternate
|
24
|
+
# assertion/expectation library such as wrong or the stdlib/minitest
|
25
|
+
# assertions if you prefer.
|
26
|
+
config.expect_with :rspec do |expectations|
|
27
|
+
# This option will default to `true` in RSpec 4. It makes the `description`
|
28
|
+
# and `failure_message` of custom matchers include text for helper methods
|
29
|
+
# defined using `chain`, e.g.:
|
30
|
+
# be_bigger_than(2).and_smaller_than(4).description
|
31
|
+
# # => "be bigger than 2 and smaller than 4"
|
32
|
+
# ...rather than:
|
33
|
+
# # => "be bigger than 2"
|
34
|
+
expectations.include_chain_clauses_in_custom_matcher_descriptions = true
|
35
|
+
end
|
36
|
+
|
37
|
+
# rspec-mocks config goes here. You can use an alternate test double
|
38
|
+
# library (such as bogus or mocha) by changing the `mock_with` option here.
|
39
|
+
config.mock_with :rspec do |mocks|
|
40
|
+
# Prevents you from mocking or stubbing a method that does not exist on
|
41
|
+
# a real object. This is generally recommended, and will default to
|
42
|
+
# `true` in RSpec 4.
|
43
|
+
mocks.verify_partial_doubles = true
|
44
|
+
end
|
45
|
+
|
46
|
+
# This option will default to `:apply_to_host_groups` in RSpec 4 (and will
|
47
|
+
# have no way to turn it off -- the option exists only for backwards
|
48
|
+
# compatibility in RSpec 3). It causes shared context metadata to be
|
49
|
+
# inherited by the metadata hash of host groups and examples, rather than
|
50
|
+
# triggering implicit auto-inclusion in groups with matching metadata.
|
51
|
+
config.shared_context_metadata_behavior = :apply_to_host_groups
|
52
|
+
|
53
|
+
# This allows you to limit a spec run to individual examples or groups
|
54
|
+
# you care about by tagging them with `:focus` metadata. When nothing
|
55
|
+
# is tagged with `:focus`, all examples get run. RSpec also provides
|
56
|
+
# aliases for `it`, `describe`, and `context` that include `:focus`
|
57
|
+
# metadata: `fit`, `fdescribe` and `fcontext`, respectively.
|
58
|
+
config.filter_run_when_matching :focus
|
59
|
+
|
60
|
+
# Allows RSpec to persist some state between runs in order to support
|
61
|
+
# the `--only-failures` and `--next-failure` CLI options. We recommend
|
62
|
+
# you configure your source control system to ignore this file.
|
63
|
+
config.example_status_persistence_file_path = 'spec/examples.txt'
|
64
|
+
|
65
|
+
# Limits the available syntax to the non-monkey patched syntax that is
|
66
|
+
# recommended. For more details, see:
|
67
|
+
# - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
|
68
|
+
# - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
|
69
|
+
# - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
|
70
|
+
config.disable_monkey_patching!
|
71
|
+
|
72
|
+
# Many RSpec users commonly either run the entire suite or an individual
|
73
|
+
# file, and it's useful to allow more verbose output when running an
|
74
|
+
# individual spec file.
|
75
|
+
if config.files_to_run.one?
|
76
|
+
# Use the documentation formatter for detailed output,
|
77
|
+
# unless a formatter has already been configured
|
78
|
+
# (e.g. via a command-line flag).
|
79
|
+
config.default_formatter = 'doc'
|
80
|
+
end
|
81
|
+
|
82
|
+
# Print the 10 slowest examples and example groups at the
|
83
|
+
# end of the spec run, to help surface which specs are running
|
84
|
+
# particularly slow.
|
85
|
+
config.profile_examples = 10
|
86
|
+
|
87
|
+
# Run specs in random order to surface order dependencies. If you find an
|
88
|
+
# order dependency and want to debug it, you can fix the order by providing
|
89
|
+
# the seed, which is printed after each run.
|
90
|
+
# --seed 1234
|
91
|
+
config.order = :random
|
92
|
+
|
93
|
+
# Seed global randomization in this process using the `--seed` CLI option.
|
94
|
+
# Setting this allows you to use `--seed` to deterministically reproduce
|
95
|
+
# test failures related to randomization by passing the same `--seed` value
|
96
|
+
# as the one that triggered the failure.
|
97
|
+
Kernel.srand config.seed
|
98
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
require 'factory_girl_rails'
|
2
|
+
|
3
|
+
RSpec.configure do |config|
|
4
|
+
# Allow to use build and create methods without FactoryGirl prefix.
|
5
|
+
config.include FactoryGirl::Syntax::Methods
|
6
|
+
|
7
|
+
# Make sure factories are up to date when using spring
|
8
|
+
config.before(:all) do
|
9
|
+
FactoryGirl.reload
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require 'fileutils'
|
2
|
+
log_dir = Rails.root.join('log', 'jobs', Rails.env)
|
3
|
+
|
4
|
+
RSpec.configure do |config|
|
5
|
+
config.before(:all) do
|
6
|
+
FileUtils.mkdir_p(log_dir)
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
Resque.logger_config = {
|
11
|
+
folder: log_dir,
|
12
|
+
class_name: Logger,
|
13
|
+
class_args: ['daily', 1.kilobyte],
|
14
|
+
level: Logger::INFO,
|
15
|
+
formatter: Logger::Formatter.new
|
16
|
+
}
|
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'timecop'
|
2
|
+
|
3
|
+
RSpec.configure do |config|
|
4
|
+
config.before(:each) do
|
5
|
+
Timecop.freeze(Time.local(2013))
|
6
|
+
end
|
7
|
+
|
8
|
+
config.before(:each, capybara_feature: true) do
|
9
|
+
# Do not freeze time in capybara tests to enable waiting for elements
|
10
|
+
Timecop.travel(Time.local(2013))
|
11
|
+
end
|
12
|
+
|
13
|
+
config.before(:each, integration: true) do
|
14
|
+
# Do not freeze time in integration tests
|
15
|
+
Timecop.return
|
16
|
+
end
|
17
|
+
|
18
|
+
config.after(:each) do
|
19
|
+
Timecop.return
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module Doubles
|
2
|
+
extend RSpec::Mocks::ExampleMethods
|
3
|
+
extend self
|
4
|
+
|
5
|
+
def client
|
6
|
+
instance_double('CertWatch::Client').tap do |double|
|
7
|
+
allow(double).to receive(:renew).and_return(:ok)
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
def failing_client
|
12
|
+
instance_double('CertWatch::Client').tap do |double|
|
13
|
+
allow(double).to receive(:renew).and_raise(CertWatch::RenewError)
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
def installer
|
18
|
+
instance_double('CertWatch::Installer').tap do |double|
|
19
|
+
allow(double).to receive(:install).and_return(:ok)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
def failing_installer
|
24
|
+
instance_double('CertWatch::Installer').tap do |double|
|
25
|
+
allow(double).to receive(:install).and_raise(CertWatch::InstallError)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'fileutils'
|
2
|
+
|
3
|
+
module Fixtures
|
4
|
+
extend self
|
5
|
+
|
6
|
+
def directory(path)
|
7
|
+
FileUtils.mkdir_p(path)
|
8
|
+
end
|
9
|
+
|
10
|
+
def file(path, contents = '')
|
11
|
+
FileUtils.mkdir_p(File.dirname(path))
|
12
|
+
File.write(path, contents)
|
13
|
+
Pathname.new(path)
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
RSpec.configure do |config|
|
18
|
+
config.around(:example, fixture_files: true) do |example|
|
19
|
+
Dir.mktmpdir('cert_watch_spec') do |dir|
|
20
|
+
Dir.chdir(dir) do
|
21
|
+
example.call
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module ViewComponentExampleGroup
|
2
|
+
extend ActiveSupport::Concern
|
3
|
+
include RSpec::Rails::RailsExampleGroup
|
4
|
+
include ActionView::TestCase::Behavior
|
5
|
+
include Capybara::RSpecMatchers
|
6
|
+
|
7
|
+
included do
|
8
|
+
attr_reader :rendered
|
9
|
+
end
|
10
|
+
|
11
|
+
def arbre(&block)
|
12
|
+
Arbre::Context.new({}, _view, &block)
|
13
|
+
end
|
14
|
+
|
15
|
+
def helper
|
16
|
+
_view
|
17
|
+
end
|
18
|
+
|
19
|
+
def render(builder_method, *args, &block)
|
20
|
+
@rendered =
|
21
|
+
if block_given?
|
22
|
+
arbre(&block).to_s
|
23
|
+
else
|
24
|
+
arbre.send(builder_method, *args, &block)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
RSpec.configure do |config|
|
30
|
+
config.include(ViewComponentExampleGroup, type: :view_component)
|
31
|
+
end
|