lego/providers/dns/gandi/gandi_test.go

package gandi

import (
	"io"
	"io/ioutil"
	"net/http"
	"net/http/httptest"
	"regexp"
	"strings"
	"testing"

	"github.com/go-acme/lego/v3/platform/tester"
	"github.com/stretchr/testify/require"
)

var envTest = tester.NewEnvTest(EnvAPIKey)

func TestNewDNSProvider(t *testing.T) {
	testCases := []struct {
		desc     string
		envVars  map[string]string
		expected string
	}{
		{
			desc: "success",
			envVars: map[string]string{
				EnvAPIKey: "123",
			},
		},
		{
			desc: "missing api key",
			envVars: map[string]string{
				EnvAPIKey: "",
			},
			expected: "gandi: some credentials information are missing: GANDI_API_KEY",
		},
	}

	for _, test := range testCases {
		t.Run(test.desc, func(t *testing.T) {
			defer envTest.RestoreEnv()
			envTest.ClearEnv()

			envTest.Apply(test.envVars)

			p, err := NewDNSProvider()

			if len(test.expected) == 0 {
				require.NoError(t, err)
				require.NotNil(t, p)
				require.NotNil(t, p.config)
				require.NotNil(t, p.inProgressFQDNs)
				require.NotNil(t, p.inProgressAuthZones)
			} else {
				require.EqualError(t, err, test.expected)
			}
		})
	}
}

func TestNewDNSProviderConfig(t *testing.T) {
	testCases := []struct {
		desc     string
		apiKey   string
		expected string
	}{
		{
			desc:   "success",
			apiKey: "123",
		},
		{
			desc:     "missing credentials",
			expected: "gandi: no API Key given",
		},
	}

	for _, test := range testCases {
		t.Run(test.desc, func(t *testing.T) {
			config := NewDefaultConfig()
			config.APIKey = test.apiKey

			p, err := NewDNSProviderConfig(config)

			if len(test.expected) == 0 {
				require.NoError(t, err)
				require.NotNil(t, p)
				require.NotNil(t, p.config)
				require.NotNil(t, p.inProgressFQDNs)
				require.NotNil(t, p.inProgressAuthZones)
			} else {
				require.EqualError(t, err, test.expected)
			}
		})
	}
}

// TestDNSProvider runs Present and CleanUp against a fake Gandi RPC
// Server, whose responses are predetermined for particular requests.
func TestDNSProvider(t *testing.T) {
	// serverResponses is the XML-RPC Request->Response map used by the
	// fake RPC server. It was generated by recording a real RPC session
	// which resulted in the successful issue of a cert, and then
	// anonymizing the RPC data.
	var serverResponses = map[string]string{
		// Present Request->Response 1 (getZoneID)
		present1RequestMock: present1ResponseMock,
		// Present Request->Response 2 (cloneZone)
		present2RequestMock: present2ResponseMock,
		// Present Request->Response 3 (newZoneVersion)
		present3RequestMock: present3ResponseMock,
		// Present Request->Response 4 (addTXTRecord)
		present4RequestMock: present4ResponseMock,
		// Present Request->Response 5 (setZoneVersion)
		present5RequestMock: present5ResponseMock,
		// Present Request->Response 6 (setZone)
		present6RequestMock: present6ResponseMock,
		// CleanUp Request->Response 1 (setZone)
		cleanup1RequestMock: cleanup1ResponseMock,
		// CleanUp Request->Response 2 (deleteZone)
		cleanup2RequestMock: cleanup2ResponseMock,
	}

	fakeKeyAuth := "XXXX"

	regexpDate := regexp.MustCompile(`\[ACME Challenge [^\]:]*:[^\]]*\]`)

	// start fake RPC server
	fakeServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		require.Equal(t, "text/xml", r.Header.Get("Content-Type"), "invalid content type")

		req, errS := ioutil.ReadAll(r.Body)
		require.NoError(t, errS)

		req = regexpDate.ReplaceAllLiteral(req, []byte(`[ACME Challenge 01 Jan 16 00:00 +0000]`))
		resp, ok := serverResponses[string(req)]
		require.True(t, ok, "Server response for request not found")

		_, errS = io.Copy(w, strings.NewReader(resp))
		require.NoError(t, errS)
	}))
	defer fakeServer.Close()

	// define function to override findZoneByFqdn with
	fakeFindZoneByFqdn := func(fqdn string) (string, error) {
		return "example.com.", nil
	}

	config := NewDefaultConfig()
	config.BaseURL = fakeServer.URL + "/"
	config.APIKey = "123412341234123412341234"

	provider, err := NewDNSProviderConfig(config)
	require.NoError(t, err)

	// override findZoneByFqdn function
	savedFindZoneByFqdn := provider.findZoneByFqdn
	defer func() {
		provider.findZoneByFqdn = savedFindZoneByFqdn
	}()
	provider.findZoneByFqdn = fakeFindZoneByFqdn

	// run Present
	err = provider.Present("abc.def.example.com", "", fakeKeyAuth)
	require.NoError(t, err)

	// run CleanUp
	err = provider.CleanUp("abc.def.example.com", "", fakeKeyAuth)
	require.NoError(t, err)
}
chore: migrate to new org. (#824) 2019-03-11 16:56:48 +00:00			`package gandi`
Add Gandi DNS challenge provider 2016-03-12 16:13:24 +00:00
			`import (`
			`"io"`
			`"io/ioutil"`
			`"net/http"`
			`"net/http/httptest"`
			`"regexp"`
			`"strings"`
			`"testing"`
Review DNS providers. (#565) * refactor: review DNS providers. 2018-06-11 15:32:50 +00:00
chore: migrate to go module (v3.0.0) - chore: update dependencies: use version with go modules. - chore: remove dep. - chore: update backoff imports. - chore: init go module. - chore: update CI. - chore: mod v3 - chore: update docker image. 2019-07-30 19:19:32 +00:00			`"github.com/go-acme/lego/v3/platform/tester"`
Review DNS providers. (#565) * refactor: review DNS providers. 2018-06-11 15:32:50 +00:00			`"github.com/stretchr/testify/require"`
Add Gandi DNS challenge provider 2016-03-12 16:13:24 +00:00			`)`

Standardization of the definition of env vars. (#1082) 2020-03-11 22:51:10 +00:00			`var envTest = tester.NewEnvTest(EnvAPIKey)`
Homogenization of the DNS provider tests (#671) * refactor: min TTL * refactor: sandbox. * refactor: tests homogenization. * refactor: missing require. 2018-10-12 17:29:18 +00:00
			`func TestNewDNSProvider(t *testing.T) {`
			`testCases := []struct {`
			`desc string`
			`envVars map[string]string`
			`expected string`
			`}{`
			`{`
			`desc: "success",`
			`envVars: map[string]string{`
Standardization of the definition of env vars. (#1082) 2020-03-11 22:51:10 +00:00			`EnvAPIKey: "123",`
Homogenization of the DNS provider tests (#671) * refactor: min TTL * refactor: sandbox. * refactor: tests homogenization. * refactor: missing require. 2018-10-12 17:29:18 +00:00			`},`
			`},`
			`{`
			`desc: "missing api key",`
			`envVars: map[string]string{`
Standardization of the definition of env vars. (#1082) 2020-03-11 22:51:10 +00:00			`EnvAPIKey: "",`
Homogenization of the DNS provider tests (#671) * refactor: min TTL * refactor: sandbox. * refactor: tests homogenization. * refactor: missing require. 2018-10-12 17:29:18 +00:00			`},`
			`expected: "gandi: some credentials information are missing: GANDI_API_KEY",`
			`},`
			`}`

			`for _, test := range testCases {`
			`t.Run(test.desc, func(t *testing.T) {`
Add a test helper to manage env vars. (#675) 2018-10-16 15:52:57 +00:00			`defer envTest.RestoreEnv()`
			`envTest.ClearEnv()`

			`envTest.Apply(test.envVars)`
Homogenization of the DNS provider tests (#671) * refactor: min TTL * refactor: sandbox. * refactor: tests homogenization. * refactor: missing require. 2018-10-12 17:29:18 +00:00
			`p, err := NewDNSProvider()`

			`if len(test.expected) == 0 {`
			`require.NoError(t, err)`
			`require.NotNil(t, p)`
			`require.NotNil(t, p.config)`
			`require.NotNil(t, p.inProgressFQDNs)`
			`require.NotNil(t, p.inProgressAuthZones)`
			`} else {`
			`require.EqualError(t, err, test.expected)`
			`}`
			`})`
			`}`
			`}`

			`func TestNewDNSProviderConfig(t *testing.T) {`
			`testCases := []struct {`
			`desc string`
			`apiKey string`
			`expected string`
			`}{`
			`{`
			`desc: "success",`
			`apiKey: "123",`
			`},`
			`{`
			`desc: "missing credentials",`
			`expected: "gandi: no API Key given",`
			`},`
			`}`

			`for _, test := range testCases {`
			`t.Run(test.desc, func(t *testing.T) {`
			`config := NewDefaultConfig()`
			`config.APIKey = test.apiKey`

			`p, err := NewDNSProviderConfig(config)`

			`if len(test.expected) == 0 {`
			`require.NoError(t, err)`
			`require.NotNil(t, p)`
			`require.NotNil(t, p.config)`
			`require.NotNil(t, p.inProgressFQDNs)`
			`require.NotNil(t, p.inProgressAuthZones)`
			`} else {`
			`require.EqualError(t, err, test.expected)`
			`}`
			`})`
			`}`
			`}`

Add Gandi DNS challenge provider 2016-03-12 16:13:24 +00:00			`// TestDNSProvider runs Present and CleanUp against a fake Gandi RPC`
			`// Server, whose responses are predetermined for particular requests.`
			`func TestDNSProvider(t *testing.T) {`
Refactor the core of the lib (#700) - Packages - Isolate code used by the CLI into the package `cmd` - (experimental) Add e2e tests for HTTP01, TLS-ALPN-01 and DNS-01, use [Pebble](https://github.com/letsencrypt/pebble) and [challtestsrv](https://github.com/letsencrypt/boulder/tree/master/test/challtestsrv) - Support non-ascii domain name (punnycode) - Check all challenges in a predictable order - No more global exported variables - Archive revoked certificates - Fixes revocation for subdomains and non-ascii domains - Disable pending authorizations - use pointer for RemoteError/ProblemDetails - Poll authz URL instead of challenge URL - The ability for a DNS provider to solve the challenge sequentially - Check all nameservers in a predictable order - Option to disable the complete propagation Requirement - CLI, support for renew with CSR - CLI, add SAN on renew - Add command to list certificates. - Logs every iteration of waiting for the propagation - update DNSimple client - update github.com/miekg/dns 2018-12-06 21:50:17 +00:00			`// serverResponses is the XML-RPC Request->Response map used by the`
			`// fake RPC server. It was generated by recording a real RPC session`
			`// which resulted in the successful issue of a cert, and then`
			`// anonymizing the RPC data.`
			`var serverResponses = map[string]string{`
			`// Present Request->Response 1 (getZoneID)`
			`present1RequestMock: present1ResponseMock,`
			`// Present Request->Response 2 (cloneZone)`
			`present2RequestMock: present2ResponseMock,`
			`// Present Request->Response 3 (newZoneVersion)`
			`present3RequestMock: present3ResponseMock,`
			`// Present Request->Response 4 (addTXTRecord)`
			`present4RequestMock: present4ResponseMock,`
			`// Present Request->Response 5 (setZoneVersion)`
			`present5RequestMock: present5ResponseMock,`
			`// Present Request->Response 6 (setZone)`
			`present6RequestMock: present6ResponseMock,`
			`// CleanUp Request->Response 1 (setZone)`
			`cleanup1RequestMock: cleanup1ResponseMock,`
			`// CleanUp Request->Response 2 (deleteZone)`
			`cleanup2RequestMock: cleanup2ResponseMock,`
			`}`

Add Gandi DNS challenge provider 2016-03-12 16:13:24 +00:00			`fakeKeyAuth := "XXXX"`
Review DNS providers. (#565) * refactor: review DNS providers. 2018-06-11 15:32:50 +00:00
Refactor the core of the lib (#700) - Packages - Isolate code used by the CLI into the package `cmd` - (experimental) Add e2e tests for HTTP01, TLS-ALPN-01 and DNS-01, use [Pebble](https://github.com/letsencrypt/pebble) and [challtestsrv](https://github.com/letsencrypt/boulder/tree/master/test/challtestsrv) - Support non-ascii domain name (punnycode) - Check all challenges in a predictable order - No more global exported variables - Archive revoked certificates - Fixes revocation for subdomains and non-ascii domains - Disable pending authorizations - use pointer for RemoteError/ProblemDetails - Poll authz URL instead of challenge URL - The ability for a DNS provider to solve the challenge sequentially - Check all nameservers in a predictable order - Option to disable the complete propagation Requirement - CLI, support for renew with CSR - CLI, add SAN on renew - Add command to list certificates. - Logs every iteration of waiting for the propagation - update DNSimple client - update github.com/miekg/dns 2018-12-06 21:50:17 +00:00			regexpDate := regexp.MustCompile(`\[ACME Challenge [^\]:]:[^\]]\]`)
Review DNS providers. (#565) * refactor: review DNS providers. 2018-06-11 15:32:50 +00:00
Add Gandi DNS challenge provider 2016-03-12 16:13:24 +00:00			`// start fake RPC server`
			`fakeServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Review DNS providers. (#565) * refactor: review DNS providers. 2018-06-11 15:32:50 +00:00			`require.Equal(t, "text/xml", r.Header.Get("Content-Type"), "invalid content type")`

Migrate to golangci-lint (#644) * refactor: linting. - errcheck - govet - golint - goconst - spellcheck - ... * refactor: migrate from gometalinter to golangci-lint. 2018-09-24 19:07:20 +00:00			`req, errS := ioutil.ReadAll(r.Body)`
			`require.NoError(t, errS)`
Review DNS providers. (#565) * refactor: review DNS providers. 2018-06-11 15:32:50 +00:00
			req = regexpDate.ReplaceAllLiteral(req, []byte(`[ACME Challenge 01 Jan 16 00:00 +0000]`))
Add Gandi DNS challenge provider 2016-03-12 16:13:24 +00:00			`resp, ok := serverResponses[string(req)]`
Review DNS providers. (#565) * refactor: review DNS providers. 2018-06-11 15:32:50 +00:00			`require.True(t, ok, "Server response for request not found")`

Migrate to golangci-lint (#644) * refactor: linting. - errcheck - govet - golint - goconst - spellcheck - ... * refactor: migrate from gometalinter to golangci-lint. 2018-09-24 19:07:20 +00:00			`_, errS = io.Copy(w, strings.NewReader(resp))`
			`require.NoError(t, errS)`
Add Gandi DNS challenge provider 2016-03-12 16:13:24 +00:00			`}))`
			`defer fakeServer.Close()`
Review DNS providers. (#565) * refactor: review DNS providers. 2018-06-11 15:32:50 +00:00
Gandi DNS: use acme.FindZoneByFqdn function 2016-03-24 17:13:18 +00:00			`// define function to override findZoneByFqdn with`
Refactor the core of the lib (#700) - Packages - Isolate code used by the CLI into the package `cmd` - (experimental) Add e2e tests for HTTP01, TLS-ALPN-01 and DNS-01, use [Pebble](https://github.com/letsencrypt/pebble) and [challtestsrv](https://github.com/letsencrypt/boulder/tree/master/test/challtestsrv) - Support non-ascii domain name (punnycode) - Check all challenges in a predictable order - No more global exported variables - Archive revoked certificates - Fixes revocation for subdomains and non-ascii domains - Disable pending authorizations - use pointer for RemoteError/ProblemDetails - Poll authz URL instead of challenge URL - The ability for a DNS provider to solve the challenge sequentially - Check all nameservers in a predictable order - Option to disable the complete propagation Requirement - CLI, support for renew with CSR - CLI, add SAN on renew - Add command to list certificates. - Logs every iteration of waiting for the propagation - update DNSimple client - update github.com/miekg/dns 2018-12-06 21:50:17 +00:00			`fakeFindZoneByFqdn := func(fqdn string) (string, error) {`
Gandi DNS: use acme.FindZoneByFqdn function 2016-03-24 17:13:18 +00:00			`return "example.com.", nil`
			`}`
Review DNS providers. (#565) * refactor: review DNS providers. 2018-06-11 15:32:50 +00:00
Allow to configure TTL, interval and timeout (#634) * feat: add GetOrDefaultXXX methods. * refactor: configuration (alidns). * refactor: configuration (azure). * refactor: configuration (auroradns). * refactor: configuration (bluecat). * refactor: configuration (cloudflare). * refactor: configuration (digitalocean). * refactor: configuration (dnsimple). * refactor: configuration (dnmadeeasy). * refactor: configuration (dnspod). * refactor: configuration (duckdns). * refactor: configuration (dyn). * refactor: configuration (exoscale). * refactor: configuration (fastdns). * refactor: configuration (gandi). * refactor: configuration (gandiv5). * refactor: configuration (gcloud). * refactor: configuration (glesys). * refactor: configuration (godaddy). * refactor: configuration (iij). * refactor: configuration (lightsail). * refactor: configuration (linode). * refactor: configuration (namecheap). * refactor: configuration (namedotcom). * refactor: configuration (netcup). * refactor: configuration (nifcloud). * refactor: configuration (ns1). * refactor: configuration (otc). * refactor: configuration (ovh). * refactor: configuration (pdns). * refactor: configuration (rackspace). * refactor: configuration (rfc2136). * refactor: configuration (route53). * refactor: configuration (sakuracloud). * refactor: configuration (vegadns). * refactor: configuration (vultr). 2018-09-15 17:07:24 +00:00			`config := NewDefaultConfig()`
			`config.BaseURL = fakeServer.URL + "/"`
			`config.APIKey = "123412341234123412341234"`

			`provider, err := NewDNSProviderConfig(config)`
			`require.NoError(t, err)`

			`// override findZoneByFqdn function`
Refactor the core of the lib (#700) - Packages - Isolate code used by the CLI into the package `cmd` - (experimental) Add e2e tests for HTTP01, TLS-ALPN-01 and DNS-01, use [Pebble](https://github.com/letsencrypt/pebble) and [challtestsrv](https://github.com/letsencrypt/boulder/tree/master/test/challtestsrv) - Support non-ascii domain name (punnycode) - Check all challenges in a predictable order - No more global exported variables - Archive revoked certificates - Fixes revocation for subdomains and non-ascii domains - Disable pending authorizations - use pointer for RemoteError/ProblemDetails - Poll authz URL instead of challenge URL - The ability for a DNS provider to solve the challenge sequentially - Check all nameservers in a predictable order - Option to disable the complete propagation Requirement - CLI, support for renew with CSR - CLI, add SAN on renew - Add command to list certificates. - Logs every iteration of waiting for the propagation - update DNSimple client - update github.com/miekg/dns 2018-12-06 21:50:17 +00:00			`savedFindZoneByFqdn := provider.findZoneByFqdn`
Add Gandi DNS challenge provider 2016-03-12 16:13:24 +00:00			`defer func() {`
Refactor the core of the lib (#700) - Packages - Isolate code used by the CLI into the package `cmd` - (experimental) Add e2e tests for HTTP01, TLS-ALPN-01 and DNS-01, use [Pebble](https://github.com/letsencrypt/pebble) and [challtestsrv](https://github.com/letsencrypt/boulder/tree/master/test/challtestsrv) - Support non-ascii domain name (punnycode) - Check all challenges in a predictable order - No more global exported variables - Archive revoked certificates - Fixes revocation for subdomains and non-ascii domains - Disable pending authorizations - use pointer for RemoteError/ProblemDetails - Poll authz URL instead of challenge URL - The ability for a DNS provider to solve the challenge sequentially - Check all nameservers in a predictable order - Option to disable the complete propagation Requirement - CLI, support for renew with CSR - CLI, add SAN on renew - Add command to list certificates. - Logs every iteration of waiting for the propagation - update DNSimple client - update github.com/miekg/dns 2018-12-06 21:50:17 +00:00			`provider.findZoneByFqdn = savedFindZoneByFqdn`
Add Gandi DNS challenge provider 2016-03-12 16:13:24 +00:00			`}()`
Refactor the core of the lib (#700) - Packages - Isolate code used by the CLI into the package `cmd` - (experimental) Add e2e tests for HTTP01, TLS-ALPN-01 and DNS-01, use [Pebble](https://github.com/letsencrypt/pebble) and [challtestsrv](https://github.com/letsencrypt/boulder/tree/master/test/challtestsrv) - Support non-ascii domain name (punnycode) - Check all challenges in a predictable order - No more global exported variables - Archive revoked certificates - Fixes revocation for subdomains and non-ascii domains - Disable pending authorizations - use pointer for RemoteError/ProblemDetails - Poll authz URL instead of challenge URL - The ability for a DNS provider to solve the challenge sequentially - Check all nameservers in a predictable order - Option to disable the complete propagation Requirement - CLI, support for renew with CSR - CLI, add SAN on renew - Add command to list certificates. - Logs every iteration of waiting for the propagation - update DNSimple client - update github.com/miekg/dns 2018-12-06 21:50:17 +00:00			`provider.findZoneByFqdn = fakeFindZoneByFqdn`
Review DNS providers. (#565) * refactor: review DNS providers. 2018-06-11 15:32:50 +00:00
Add Gandi DNS challenge provider 2016-03-12 16:13:24 +00:00			`// run Present`
			`err = provider.Present("abc.def.example.com", "", fakeKeyAuth)`
Review DNS providers. (#565) * refactor: review DNS providers. 2018-06-11 15:32:50 +00:00			`require.NoError(t, err)`

Add Gandi DNS challenge provider 2016-03-12 16:13:24 +00:00			`// run CleanUp`
			`err = provider.CleanUp("abc.def.example.com", "", fakeKeyAuth)`
Review DNS providers. (#565) * refactor: review DNS providers. 2018-06-11 15:32:50 +00:00			`require.NoError(t, err)`
Add Gandi DNS challenge provider 2016-03-12 16:13:24 +00:00			`}`