Test suite refactoring

As much as possible, output to stdout on error condition only
in order to reduce the need for expected-std-out.txt

test/run.sh

@@ -248,7 +248,7 @@ while true; do
 	shift
 	case "$flag" in
 		## Next line was modified by jrcs/docker-letsencrypt-nginx-proxy-companion
-		--dry-run|-d) dryRun=1 ;;
+		--dry-run|-d) dryRun=1 && export DRY_RUN=1 ;;
 		--help|-h|'-?') usage && exit 0 ;;
 		--test|-t) argTests["$1"]=1 && shift ;;
 		--config|-c) configs+=("$(readlink -f "$1")") && shift ;;

test/tests/acme_accounts/expected-std-out.txt

@@ -1,11 +0,0 @@
-Started letsencrypt container for test acme_accounts
-Started test web server for le1.wtf
-Symlink to le1.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem
-Started letsencrypt container for test acme_accounts_default
-Started test web server for le2.wtf
-Symlink to le2.wtf certificate has been generated.
-The link is pointing to the file ./le2.wtf/fullchain.pem
-Started test web server for le3.wtf
-Symlink to le3.wtf certificate has been generated.
-The link is pointing to the file ./le3.wtf/fullchain.pem

test/tests/acme_accounts/run.sh

@@ -16,7 +16,7 @@ IFS=',' read -r -a domains <<< "$TEST_DOMAINS"
 function cleanup {
   # Remove any remaining Nginx container(s) silently.
   for domain in "${domains[@]}"; do
-    docker rm --force "$domain" > /dev/null 2>&1
+    docker rm --force "$domain" &> /dev/null
   done
   # Cleanup the files created by this run of the test to avoid foiling following test(s).
   docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
@@ -26,12 +26,7 @@ function cleanup {
 trap cleanup EXIT
 
 # Run an nginx container for ${domains[0]}.
-docker run --rm -d \
-  --name "${domains[0]}" \
-  -e "VIRTUAL_HOST=${domains[0]}" \
-  -e "LETSENCRYPT_HOST=${domains[0]}" \
-  --network boulder_bluenet \
-  nginx:alpine > /dev/null && echo "Started test web server for ${domains[0]}"
+run_nginx_container "${domains[0]}"
 
 # Wait for a symlink at /etc/nginx/certs/${domains[0]}.crt
 wait_for_symlink "${domains[0]}" "$le_container_name"
@@ -48,8 +43,8 @@ elif [[ "$(docker exec "$le_container_name" jq .contact "$json_file")" != '[]' ]
 fi
 
 # Stop the nginx and companion containers silently.
-docker stop "${domains[0]}" > /dev/null 2>&1
-docker stop "$le_container_name" > /dev/null 2>&1
+docker stop "${domains[0]}" &> /dev/null
+docker stop "$le_container_name" &> /dev/null
 
 # Run the companion container with the DEFAULT_EMAIL env var set.
 default_email="contact@${domains[1]}"
@@ -57,12 +52,7 @@ le_container_name="${le_container_name}_default"
 run_le_container "${1:?}" "$le_container_name" "--env DEFAULT_EMAIL=${default_email}"
 
 # Run an nginx container for ${domains[1]} without LETSENCRYPT_EMAIL set.
-docker run --rm -d \
-  --name "${domains[1]}" \
-  -e "VIRTUAL_HOST=${domains[1]}" \
-  -e "LETSENCRYPT_HOST=${domains[1]}" \
-  --network boulder_bluenet \
-  nginx:alpine > /dev/null && echo "Started test web server for ${domains[1]}"
+run_nginx_container "${domains[1]}"
 
 # Wait for a symlink at /etc/nginx/certs/${domains[1]}.crt
 wait_for_symlink "${domains[1]}" "$le_container_name"
@@ -80,13 +70,18 @@ fi
 
 # Run an nginx container for ${domains[2]} with LETSENCRYPT_EMAIL set.
 container_email="contact@${domains[2]}"
-docker run --rm -d \
+if ! docker run --rm -d \
   --name "${domains[2]}" \
   -e "VIRTUAL_HOST=${domains[2]}" \
   -e "LETSENCRYPT_HOST=${domains[2]}" \
   -e "LETSENCRYPT_EMAIL=${container_email}" \
   --network boulder_bluenet \
-  nginx:alpine > /dev/null && echo "Started test web server for ${domains[2]}"
+  nginx:alpine > /dev/null ; \
+then
+  echo "Failed to start test web server for ${domains[2]}"
+elif [[ "${DRY_RUN:-}" == 1 ]]; then
+  echo "Started test web server for ${domains[2]}"
+fi
 
 # Wait for a symlink at /etc/nginx/certs/${domains[2]}.crt
 wait_for_symlink "${domains[2]}" "$le_container_name"
@@ -103,5 +98,5 @@ elif [[ "$(docker exec "$le_container_name" jq -r '.contact|.[0]' "$json_file")"
 fi
 
 # Stop the nginx containers silently.
-docker stop "${domains[1]}" > /dev/null 2>&1
-docker stop "${domains[2]}" > /dev/null 2>&1
+docker stop "${domains[1]}" &> /dev/null
+docker stop "${domains[2]}" &> /dev/null

test/tests/certs_san/expected-std-out.txt

@@ -1,49 +0,0 @@
-Started letsencrypt container for test certs_san
-Started test web server for le1.wtf,le2.wtf,le3.wtf
-Symlink to le1.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem
-le1.wtf is on certificate.
-Connection to le1.wtf using https was successful.
-The correct certificate for le1.wtf was served by Nginx.
-le2.wtf is on certificate.
-Connection to le2.wtf using https was successful.
-The correct certificate for le2.wtf was served by Nginx.
-le3.wtf is on certificate.
-Connection to le3.wtf using https was successful.
-The correct certificate for le3.wtf was served by Nginx.
-Started test web server for le2.wtf, le3.wtf, le1.wtf
-Symlink to le2.wtf certificate has been generated.
-The link is pointing to the file ./le2.wtf/fullchain.pem
-le1.wtf is on certificate.
-Connection to le1.wtf using https was successful.
-The correct certificate for le1.wtf was served by Nginx.
-le2.wtf is on certificate.
-Connection to le2.wtf using https was successful.
-The correct certificate for le2.wtf was served by Nginx.
-le3.wtf is on certificate.
-Connection to le3.wtf using https was successful.
-The correct certificate for le3.wtf was served by Nginx.
-Started test web server for le3.wtf, le1.wtf, le2.wtf,
-Symlink to le3.wtf certificate has been generated.
-The link is pointing to the file ./le3.wtf/fullchain.pem
-le1.wtf is on certificate.
-Connection to le1.wtf using https was successful.
-The correct certificate for le1.wtf was served by Nginx.
-le2.wtf is on certificate.
-Connection to le2.wtf using https was successful.
-The correct certificate for le2.wtf was served by Nginx.
-le3.wtf is on certificate.
-Connection to le3.wtf using https was successful.
-The correct certificate for le3.wtf was served by Nginx.
-Started test web server for le1.wtf.,le3.wtf.,le2.wtf
-Symlink to le1.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem
-le1.wtf is on certificate.
-Connection to le1.wtf using https was successful.
-The correct certificate for le1.wtf was served by Nginx.
-le2.wtf is on certificate.
-Connection to le2.wtf using https was successful.
-The correct certificate for le2.wtf was served by Nginx.
-le3.wtf is on certificate.
-Connection to le3.wtf using https was successful.
-The correct certificate for le3.wtf was served by Nginx.

test/tests/certs_san/run.sh

@@ -17,7 +17,7 @@ function cleanup {
   # Remove any remaining Nginx container(s) silently.
   i=1
   for hosts in "${letsencrypt_hosts[@]}"; do
-    docker rm --force "test$i" > /dev/null 2>&1
+    docker rm --force "test$i" &> /dev/null
     i=$(( i + 1 ))
   done
   # Cleanup the files created by this run of the test to avoid foiling following test(s).
@@ -46,16 +46,11 @@ for hosts in "${letsencrypt_hosts[@]}"; do
   container="test$i"
 
   # Run an Nginx container passing one of the comma separated list as LETSENCRYPT_HOST env var.
-  docker run --rm -d \
-    --name "$container" \
-    -e "VIRTUAL_HOST=${TEST_DOMAINS}" \
-    -e "LETSENCRYPT_HOST=${hosts}" \
-    --network boulder_bluenet \
-    nginx:alpine > /dev/null && echo "Started test web server for $hosts"
+  run_nginx_container "$hosts" "$container"
 
   # Wait for a symlink at /etc/nginx/certs/$base_domain.crt
   # then grab the certificate in text form ...
-  wait_for_symlink "$base_domain" "$le_container_name"
+  wait_for_symlink "$base_domain" "$le_container_name" "./${base_domain}/fullchain.pem"
   created_cert="$(docker exec "$le_container_name" \
     openssl x509 -in "/etc/nginx/certs/${base_domain}/cert.pem" -text -noout)"
   # ... as well as the certificate fingerprint.
@@ -66,10 +61,10 @@ for hosts in "${letsencrypt_hosts[@]}"; do
   ## For all the domains in the $domains array ...
 
     # Check if the domain is on the certificate.
-    if grep -q "$domain" <<< "$created_cert"; then
-      echo "$domain is on certificate."
-    else
+    if ! grep -q "$domain" <<< "$created_cert"; then
       echo "$domain did not appear on certificate."
+    elif [[ "${DRY_RUN:-}" == 1 ]]; then
+      echo "$domain is on certificate."
     fi
 
     # Wait for a connection to https://domain then grab the served certificate in text form.
@@ -88,12 +83,12 @@ for hosts in "${letsencrypt_hosts[@]}"; do
         | openssl x509 -text -noout \
         | sed 's/ = /=/g' )"
       diff -u <(echo "${created_cert// = /=}") <(echo "$served_cert")
-    else
-      echo "The correct certificate for $domain was served by Nginx."
+    elif [[ "${DRY_RUN:-}" == 1 ]]; then
+       echo "The correct certificate for $domain was served by Nginx."
     fi
   done
 
-  docker stop "$container" > /dev/null 2>&1
+  docker stop "$container" &> /dev/null
   docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
   i=$(( i + 1 ))
 

test/tests/certs_single/expected-std-out.txt

@@ -1,19 +0,0 @@
-Started letsencrypt container for test certs_single
-Started test web server for le1.wtf
-Started test web server for le2.wtf
-Started test web server for le3.wtf
-Symlink to le1.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem
-Domain le1.wtf is on certificate.
-Connection to le1.wtf using https was successful.
-The correct certificate for le1.wtf was served by Nginx.
-Symlink to le2.wtf certificate has been generated.
-The link is pointing to the file ./le2.wtf/fullchain.pem
-Domain le2.wtf is on certificate.
-Connection to le2.wtf using https was successful.
-The correct certificate for le2.wtf was served by Nginx.
-Symlink to le3.wtf certificate has been generated.
-The link is pointing to the file ./le3.wtf/fullchain.pem
-Domain le3.wtf is on certificate.
-Connection to le3.wtf using https was successful.
-The correct certificate for le3.wtf was served by Nginx.

test/tests/certs_single/run.sh

@@ -16,7 +16,7 @@ IFS=',' read -r -a domains <<< "$TEST_DOMAINS"
 function cleanup {
   # Remove any remaining Nginx container(s) silently.
   for domain in "${domains[@]}"; do
-    docker rm --force "$domain" > /dev/null 2>&1
+    docker rm --force "$domain" &> /dev/null
   done
   # Cleanup the files created by this run of the test to avoid foiling following test(s).
   docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
@@ -28,19 +28,14 @@ trap cleanup EXIT
 # Run a separate nginx container for each domain in the $domains array.
 # Start all the containers in a row so that docker-gen debounce timers fire only once.
 for domain in "${domains[@]}"; do
-  docker run --rm -d \
-    --name "$domain" \
-    -e "VIRTUAL_HOST=${domain}" \
-    -e "LETSENCRYPT_HOST=${domain}" \
-    --network boulder_bluenet \
-    nginx:alpine > /dev/null && echo "Started test web server for $domain"
+  run_nginx_container "$domain"
 done
 
 for domain in "${domains[@]}"; do
 
   # Wait for a symlink at /etc/nginx/certs/$domain.crt
   # then grab the certificate in text form from the file ...
-  wait_for_symlink "$domain" "$le_container_name"
+  wait_for_symlink "$domain" "$le_container_name" "./${domain}/fullchain.pem"
   created_cert="$(docker exec "$le_container_name" \
     openssl x509 -in "/etc/nginx/certs/${domain}/cert.pem" -text -noout)"
   # ... as well as the certificate fingerprint.
@@ -48,10 +43,10 @@ for domain in "${domains[@]}"; do
     openssl x509 -in "/etc/nginx/certs/${domain}/cert.pem" -fingerprint -noout)"
 
   # Check if the domain is on the certificate.
-  if grep -q "$domain" <<< "$created_cert"; then
-    echo "Domain $domain is on certificate."
-  else
+  if ! grep -q "$domain" <<< "$created_cert"; then
     echo "Domain $domain isn't on certificate."
+  elif [[ "${DRY_RUN:-}" == 1 ]]; then
+    echo "Domain $domain is on certificate."
   fi
 
   # Wait for a connection to https://domain then grab the served certificate fingerprint.
@@ -69,7 +64,7 @@ for domain in "${domains[@]}"; do
       | openssl x509 -text -noout \
       | sed 's/ = /=/g' )"
     diff -u <(echo "${created_cert// = /=}") <(echo "$served_cert")
-  else
+  elif [[ "${DRY_RUN:-}" == 1 ]]; then
     echo "The correct certificate for $domain was served by Nginx."
   fi
 

test/tests/certs_single_domain/expected-std-out.txt

@@ -1,67 +0,0 @@
-Started letsencrypt container for test certs_single_domain
-Started test web server for le1.wtf,le2.wtf,le3.wtf
-Symlink to le1.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem
-le1.wtf is on certificate.
-le2.wtf did not appear on certificate for le1.wtf.
-le3.wtf did not appear on certificate for le1.wtf.
-Connection to le1.wtf using https was successful.
-The correct certificate for le1.wtf was served by Nginx.
-Symlink to le2.wtf certificate has been generated.
-The link is pointing to the file ./le2.wtf/fullchain.pem
-le2.wtf is on certificate.
-le1.wtf did not appear on certificate for le2.wtf.
-le3.wtf did not appear on certificate for le2.wtf.
-Connection to le2.wtf using https was successful.
-The correct certificate for le2.wtf was served by Nginx.
-Symlink to le3.wtf certificate has been generated.
-The link is pointing to the file ./le3.wtf/fullchain.pem
-le3.wtf is on certificate.
-le1.wtf did not appear on certificate for le3.wtf.
-le2.wtf did not appear on certificate for le3.wtf.
-Connection to le3.wtf using https was successful.
-The correct certificate for le3.wtf was served by Nginx.
-Started test web server for le2.wtf, le3.wtf, le1.wtf
-Symlink to le1.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem
-le1.wtf is on certificate.
-le2.wtf did not appear on certificate for le1.wtf.
-le3.wtf did not appear on certificate for le1.wtf.
-Connection to le1.wtf using https was successful.
-The correct certificate for le1.wtf was served by Nginx.
-Symlink to le2.wtf certificate has been generated.
-The link is pointing to the file ./le2.wtf/fullchain.pem
-le2.wtf is on certificate.
-le1.wtf did not appear on certificate for le2.wtf.
-le3.wtf did not appear on certificate for le2.wtf.
-Connection to le2.wtf using https was successful.
-The correct certificate for le2.wtf was served by Nginx.
-Symlink to le3.wtf certificate has been generated.
-The link is pointing to the file ./le3.wtf/fullchain.pem
-le3.wtf is on certificate.
-le1.wtf did not appear on certificate for le3.wtf.
-le2.wtf did not appear on certificate for le3.wtf.
-Connection to le3.wtf using https was successful.
-The correct certificate for le3.wtf was served by Nginx.
-Started test web server for le3.wtf, le1.wtf, le2.wtf,
-Symlink to le1.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem
-le1.wtf is on certificate.
-le2.wtf did not appear on certificate for le1.wtf.
-le3.wtf did not appear on certificate for le1.wtf.
-Connection to le1.wtf using https was successful.
-The correct certificate for le1.wtf was served by Nginx.
-Symlink to le2.wtf certificate has been generated.
-The link is pointing to the file ./le2.wtf/fullchain.pem
-le2.wtf is on certificate.
-le1.wtf did not appear on certificate for le2.wtf.
-le3.wtf did not appear on certificate for le2.wtf.
-Connection to le2.wtf using https was successful.
-The correct certificate for le2.wtf was served by Nginx.
-Symlink to le3.wtf certificate has been generated.
-The link is pointing to the file ./le3.wtf/fullchain.pem
-le3.wtf is on certificate.
-le1.wtf did not appear on certificate for le3.wtf.
-le2.wtf did not appear on certificate for le3.wtf.
-Connection to le3.wtf using https was successful.
-The correct certificate for le3.wtf was served by Nginx.

test/tests/certs_single_domain/run.sh

@@ -17,7 +17,7 @@ function cleanup {
   # Remove any remaining Nginx container(s) silently.
   i=1
   for hosts in "${letsencrypt_hosts[@]}"; do
-    docker rm --force "test$i" > /dev/null 2>&1
+    docker rm --force "test$i" &> /dev/null
     i=$(( i + 1 ))
   done
   # Cleanup the files created by this run of the test to avoid foiling following test(s).
@@ -42,17 +42,22 @@ for hosts in "${letsencrypt_hosts[@]}"; do
   container="test$i"
 
   # Run an Nginx container passing one of the comma separated list as LETSENCRYPT_HOST env var.
-  docker run --rm -d \
+  if ! docker run --rm -d \
     --name "$container" \
     -e "VIRTUAL_HOST=${TEST_DOMAINS}" \
     -e "LETSENCRYPT_HOST=${hosts}" \
     -e "LETSENCRYPT_SINGLE_DOMAIN_CERTS=true" \
     --network boulder_bluenet \
-    nginx:alpine > /dev/null && echo "Started test web server for $hosts"
+    nginx:alpine > /dev/null;
+  then
+    echo "Could not start test web server for $hosts"
+  elif [[ "${DRY_RUN:-}" == 1 ]]; then
+    echo "Started test web server for $hosts"
+  fi
 
   for domain in "${domains[@]}"; do
       ## For all the domains in the $domains array ...
-      wait_for_symlink "${domain}" "$le_container_name"
+      wait_for_symlink "${domain}" "$le_container_name" "./${domain}/fullchain.pem"
       created_cert="$(docker exec "$le_container_name" \
         openssl x509 -in "/etc/nginx/certs/${domain}/cert.pem" -text -noout)"
       # ... as well as the certificate fingerprint.
@@ -61,12 +66,14 @@ for hosts in "${letsencrypt_hosts[@]}"; do
 
     # Check if the domain is on the certificate.
     if grep -q "$domain" <<< "$created_cert"; then
-      echo "$domain is on certificate."
+      if [[ "${DRY_RUN:-}" == 1 ]]; then
+        echo "$domain is on certificate."
+      fi
       for otherdomain in "${domains[@]}"; do
         if [ "$domain" != "$otherdomain" ]; then
           if grep -q "$otherdomain" <<< "$created_cert"; then
             echo "$otherdomain is on certificate for $domain, but it must not!"
-          else
+          elif [[ "${DRY_RUN:-}" == 1 ]]; then
             echo "$otherdomain did not appear on certificate for $domain."
           fi
         fi
@@ -91,12 +98,12 @@ for hosts in "${letsencrypt_hosts[@]}"; do
         | openssl x509 -text -noout \
         | sed 's/ = /=/g' )"
       diff -u <(echo "${created_cert// = /=}") <(echo "$served_cert")
-    else
-      echo "The correct certificate for $domain was served by Nginx."
+    elif [[ "${DRY_RUN:-}" == 1 ]]; then
+       echo "The correct certificate for $domain was served by Nginx."
     fi
   done
 
-  docker stop "$container" > /dev/null 2>&1
+  docker stop "$container" &> /dev/null
   docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
   i=$(( i + 1 ))
 

test/tests/certs_standalone/expected-std-out.txt

@@ -1,9 +0,0 @@
-Started test web server for sub.le1.wtf
-Started letsencrypt container for test certs_standalone
-Symlink to le1.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem
-Domain le1.wtf is on certificate.
-Symlink to le2.wtf certificate has been generated.
-The link is pointing to the file ./le2.wtf/fullchain.pem
-Domain le2.wtf is on certificate.
-Domain le3.wtf is on certificate.

test/tests/certs_standalone/run.sh

@@ -15,7 +15,7 @@ subdomain="sub.${domains[0]}"
 # Cleanup function with EXIT trap
 function cleanup {
   # Remove the Nginx container silently.
-  docker rm --force "$subdomain" > /dev/null 2>&1
+  docker rm --force "$subdomain" &> /dev/null
   # Cleanup the files created by this run of the test to avoid foiling following test(s).
   docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
   # Stop the LE container
@@ -31,11 +31,16 @@ EOF
 
 # Run an nginx container with a VIRTUAL_HOST set to a subdomain of ${domains[0]} in order to check for
 # this regression : https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/issues/674
-docker run --rm -d \
+if ! docker run --rm -d \
     --name "$subdomain" \
     -e "VIRTUAL_HOST=$subdomain" \
     --network boulder_bluenet \
-    nginx:alpine > /dev/null && echo "Started test web server for $subdomain"
+    nginx:alpine > /dev/null;
+then
+  echo "Could not start test web server for $subdomain"
+elif [[ "${DRY_RUN:-}" == 1 ]]; then
+  echo "Started test web server for $subdomain"
+fi
 
 run_le_container "${1:?}" "$le_container_name" \
   "--volume ${TRAVIS_BUILD_DIR}/test/tests/certs_standalone/letsencrypt_user_data:/app/letsencrypt_user_data"
@@ -50,10 +55,10 @@ created_cert="$(docker exec "$le_container_name" \
   openssl x509 -in "/etc/nginx/certs/${domains[0]}/cert.pem" -text -noout)"
 
 # Check if the domain is on the certificate.
-if grep -q "${domains[0]}" <<< "$created_cert"; then
-  echo "Domain ${domains[0]} is on certificate."
-else
+if ! grep -q "${domains[0]}" <<< "$created_cert"; then
   echo "Domain ${domains[0]} did not appear on certificate."
+elif [[ "${DRY_RUN:-}" == 1 ]]; then
+  echo "Domain ${domains[0]} is on certificate."
 fi
 
 docker exec "$le_container_name" bash -c "[[ -f /etc/nginx/conf.d/standalone-cert-${domains[0]}.conf ]]" \
@@ -82,10 +87,10 @@ created_cert="$(docker exec "$le_container_name" \
 
 for domain in "${domains[1]}" "${domains[2]}"; do
   # Check if the domain is on the certificate.
-  if grep -q "$domain" <<< "$created_cert"; then
-    echo "Domain $domain is on certificate."
-  else
+  if ! grep -q "$domain" <<< "$created_cert"; then
     echo "Domain $domain did not appear on certificate."
+  elif [[ "${DRY_RUN:-}" == 1 ]]; then
+    echo "Domain $domain is on certificate."
   fi
 done
 

test/tests/container_restart/expected-std-out.txt

@@ -1,7 +1,3 @@
-Started letsencrypt container for test container_restart
-Started test web server for le1.wtf
-Started test web server for le2.wtf
-Started test web server for le3.wtf
 Container le1.wtf restarted
 Container le2.wtf restarted
 Container le3.wtf restarted

test/tests/container_restart/run.sh

@@ -26,7 +26,7 @@ function cleanup {
   rm -f "${TRAVIS_BUILD_DIR}/test/tests/container_restart/docker_event_out.txt"
   # Remove any remaining Nginx container(s) silently.
   for domain in "${domains[@]}"; do
-    docker rm --force "$domain" > /dev/null 2>&1
+    docker rm --force "$domain" &> /dev/null
   done
   # Cleanup the files created by this run of the test to avoid foiling following test(s).
   docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
@@ -38,13 +38,18 @@ trap cleanup EXIT
 # Run a separate nginx container for each domain in the $domains array.
 # Start all the containers in a row so that docker-gen debounce timers fire only once.
 for domain in "${domains[@]}"; do
-  docker run --rm -d \
+  if docker run --rm -d \
     --name "$domain" \
     -e "VIRTUAL_HOST=${domain}" \
     -e "LETSENCRYPT_HOST=${domain}" \
     -e "LETSENCRYPT_RESTART_CONTAINER=true" \
     --network boulder_bluenet \
-    nginx:alpine > /dev/null && echo "Started test web server for $domain"
+    nginx:alpine > /dev/null; \
+  then
+    [[ "${DRY_RUN:-}" == 1 ]] && echo "Started test web server for $domain"
+  else
+    echo "Could not start test web server for $domain"
+  fi
 done
 
 for domain in "${domains[@]}"; do

test/tests/default_cert/expected-std-out.txt

@@ -1,7 +0,0 @@
-Started letsencrypt container for test default_cert
-Connection to le1.wtf using https was successful.
-Connection to le2.wtf using https was successful.
-Connection to le3.wtf using https was successful.
-Connection to le1.wtf using https was successful.
-Connection to le2.wtf using https was successful.
-Connection to le3.wtf using https was successful.

test/tests/default_cert/run.sh

@@ -77,7 +77,7 @@ docker exec "$le_container_name" openssl req -x509 \
   -newkey rsa:4096 -sha256 -nodes -days 60 \
   -subj "/CN=letsencrypt-nginx-proxy-companion" \
   -keyout /etc/nginx/certs/default.key \
-  -out /etc/nginx/certs/default.crt > /dev/null 2>&1
+  -out /etc/nginx/certs/default.crt &> /dev/null
 old_default_cert_fingerprint="$(default_cert_fingerprint)"
 docker restart "$le_container_name" > /dev/null && sleep 5
 timeout="$(date +%s)"
@@ -96,7 +96,7 @@ docker exec "$le_container_name" openssl req -x509 \
   -newkey rsa:4096 -sha256 -nodes -days 60 \
   -subj "/CN=$user_cn" \
   -keyout /etc/nginx/certs/default.key \
-  -out /etc/nginx/certs/default.crt > /dev/null 2>&1
+  -out /etc/nginx/certs/default.crt &> /dev/null
 docker restart "$le_container_name" > /dev/null
 
 # Connection test to unconfigured domains

test/tests/docker_api/run.sh

@@ -20,7 +20,7 @@ case $SETUP in
       "$nginx_vol" \
       "$nginx_env" \
       "$nginx_lbl" \
-      > /dev/null 2>&1
+      &> /dev/null
   }
   trap cleanup EXIT
 
@@ -100,7 +100,7 @@ EOF
       "$nginx_lbl" \
       "$docker_gen" \
       "$docker_gen_lbl" \
-      > /dev/null 2>&1
+      &> /dev/null
   }
   trap cleanup EXIT
 

test/tests/force_renew/expected-std-out.txt

@@ -1,5 +0,0 @@
-Started letsencrypt container for test force_renew
-Started test web server for le1.wtf
-Symlink to le1.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem
-Certificate for le1.wtf was correctly renewed.

test/tests/force_renew/run.sh

@@ -15,7 +15,7 @@ IFS=',' read -r -a domains <<< "$TEST_DOMAINS"
 # Cleanup function with EXIT trap
 function cleanup {
   # Remove the Nginx container silently.
-  docker rm --force "${domains[0]}" > /dev/null 2>&1
+  docker rm --force "${domains[0]}" &> /dev/null
   # Cleanup the files created by this run of the test to avoid foiling following test(s).
   docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
   # Stop the LE container
@@ -24,12 +24,7 @@ function cleanup {
 trap cleanup EXIT
 
 # Run a nginx container for ${domains[0]}.
-docker run --rm -d \
-  --name "${domains[0]}" \
-  -e "VIRTUAL_HOST=${domains[0]}" \
-  -e "LETSENCRYPT_HOST=${domains[0]}" \
-  --network boulder_bluenet \
-  nginx:alpine > /dev/null && echo "Started test web server for ${domains[0]}"
+run_nginx_container "${domains[0]}"
 
 # Wait for a symlink at /etc/nginx/certs/${domains[0]}.crt
 # Grab the expiration time of the certificate
@@ -41,13 +36,13 @@ sleep 5
 
 # Issue a forced renewal
 # Grab the expiration time of the renewed certificate
-docker exec "$le_container_name" /app/force_renew > /dev/null 2>&1
+docker exec "$le_container_name" /app/force_renew &> /dev/null
 second_cert_expire="$(get_cert_expiration_epoch "${domains[0]}" "$le_container_name")"
 
-if [[ $second_cert_expire -gt $first_cert_expire ]]; then
-  echo "Certificate for ${domains[0]} was correctly renewed."
-else
+if ! [[ $second_cert_expire -gt $first_cert_expire ]]; then
   echo "Certificate for ${domains[0]} was not correctly renewed."
   echo "First certificate expiration epoch : $first_cert_expire."
   echo "Second certificate expiration epoch : $second_cert_expire."
+elif [[ "${DRY_RUN:-}" == 1 ]]; then
+  echo "Certificate for ${domains[0]} was correctly renewed."
 fi

test/tests/location_config/expected-std-out.txt

@@ -1,4 +1,3 @@
-Started letsencrypt container for test location_config
 *.bar.baz.example.com
 *.baz.example.com
 *.example.com

test/tests/permissions_custom/expected-std-out.txt

@@ -1,4 +0,0 @@
-Started letsencrypt container for test permissions_custom
-Started test web server for le1.wtf
-Symlink to le1.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem

test/tests/permissions_custom/run.sh

@@ -21,7 +21,7 @@ IFS=',' read -r -a domains <<< "$TEST_DOMAINS"
 # Cleanup function with EXIT trap
 function cleanup {
   # Remove the ${domains[0]} Nginx container silently.
-  docker rm --force "${domains[0]}" > /dev/null 2>&1
+  docker rm --force "${domains[0]}" &> /dev/null
   # Cleanup the files created by this run of the test to avoid foiling following test(s).
   docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
   # Stop the LE container
@@ -30,11 +30,7 @@ function cleanup {
 trap cleanup EXIT
 
 # Run an nginx container for ${domains[0]}.
-docker run --rm -d \
-  --name "${domains[0]}" \
-  -e "VIRTUAL_HOST=${domains[0]}" \
-  -e "LETSENCRYPT_HOST=${domains[0]}" \
-  nginx:alpine > /dev/null && echo "Started test web server for ${domains[0]}"
+run_nginx_container "${domains[0]}"
 
 # Wait for the cert symlink.
 wait_for_symlink "${domains[0]}" "$le_container_name"

test/tests/permissions_default/expected-std-out.txt

@@ -1,4 +0,0 @@
-Started letsencrypt container for test permissions_default
-Started test web server for le1.wtf
-Symlink to le1.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem

test/tests/permissions_default/run.sh

@@ -15,7 +15,7 @@ IFS=',' read -r -a domains <<< "$TEST_DOMAINS"
 # Cleanup function with EXIT trap
 function cleanup {
   # Remove the ${domains[0]} Nginx container silently.
-  docker rm --force "${domains[0]}" > /dev/null 2>&1
+  docker rm --force "${domains[0]}" &> /dev/null
   # Cleanup the files created by this run of the test to avoid foiling following test(s).
   docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
   # Stop the LE container
@@ -24,11 +24,7 @@ function cleanup {
 trap cleanup EXIT
 
 # Run an nginx container for ${domains[0]}.
-docker run --rm -d \
-  --name "${domains[0]}" \
-  -e "VIRTUAL_HOST=${domains[0]}" \
-  -e "LETSENCRYPT_HOST=${domains[0]}" \
-  nginx:alpine > /dev/null && echo "Started test web server for ${domains[0]}"
+run_nginx_container "${domains[0]}"
 
 # Wait for the cert symlink.
 wait_for_symlink "${domains[0]}" "$le_container_name"

test/tests/symlinks/expected-std-out.txt

@@ -1,29 +1 @@
-Started letsencrypt container for test symlinks
-Started test web server for le1.wtf,le2.wtf
-Started test web server for le3.wtf
-Symlink to le1.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem
-Symlink to le2.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem
-Symlink to le3.wtf certificate has been generated.
-The link is pointing to the file ./le3.wtf/fullchain.pem
-Symlink to le1.wtf certificate has been removed.
-Symlink to le2.wtf certificate has been removed.
-Symlink to le3.wtf certificate has been removed.
-Restarted test web server for le3.wtf
-Symlink to le3.wtf certificate has been generated.
-The link is pointing to the file ./le3.wtf/fullchain.pem
-Symlink to le3.wtf certificate has been removed.
-Started test web server for le1.wtf,le2.wtf,le3.wtf
-Symlink to le3.wtf certificate has been generated.
-The link is pointing to the file ./le1.wtf/fullchain.pem
-Symlink to le1.wtf certificate has been removed.
-Symlink to le2.wtf certificate has been removed.
-Symlink to le3.wtf certificate has been removed.
-Started test web server for le2.wtf
-Symlink to le2.wtf certificate has been generated.
-The link is pointing to the file ./le2.wtf/fullchain.pem
-Started test web server for lim.it,le2.wtf
 Symlink for lim.it certificate was not generated under one minute, timing out.
-Symlink to le2.wtf certificate has been generated.
-The link is pointing to the file ./le2.wtf/fullchain.pem

test/tests/symlinks/run.sh

@@ -21,7 +21,7 @@ function cleanup {
     symlink-le2 \
     symlink-le3 \
     symlink-lim-le2 \
-    > /dev/null 2>&1
+    &> /dev/null
   # Cleanup the files created by this run of the test to avoid foiling following test(s).
   docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
   docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/lim.it* && rm -rf /etc/acme.sh/default/lim.it*'
@@ -31,25 +31,15 @@ function cleanup {
 trap cleanup EXIT
 
 # Run a nginx container for the firs two domain in the $domains array ...
-docker run --rm -d \
-  --name "symlink-le1-le2" \
-  -e "VIRTUAL_HOST=${domains[0]},${domains[1]}" \
-  -e "LETSENCRYPT_HOST=${domains[0]},${domains[1]}" \
-  --network boulder_bluenet \
-  nginx:alpine > /dev/null && echo "Started test web server for ${domains[0]},${domains[1]}"
+run_nginx_container "${domains[0]},${domains[1]}" "symlink-le1-le2"
 
 # ... plus another nginx container for the third domain.
-docker run --rm -d \
-  --name "symlink-le3" \
-  -e "VIRTUAL_HOST=${domains[2]}" \
-  -e "LETSENCRYPT_HOST=${domains[2]}" \
-  --network boulder_bluenet \
-  nginx:alpine > /dev/null && echo "Started test web server for ${domains[2]}"
+run_nginx_container "${domains[2]}" "symlink-le3"
 
 # Wait for a file at /etc/nginx/certs/$domain/cert.pem
-for domain in "${domains[@]}"; do
-  wait_for_symlink "$domain" "$le_container_name"
-done
+wait_for_symlink "${domains[0]}" "$le_container_name" "./${domains[0]}/fullchain.pem"
+wait_for_symlink "${domains[1]}" "$le_container_name" "./${domains[0]}/fullchain.pem"
+wait_for_symlink "${domains[2]}" "$le_container_name" "./${domains[2]}/fullchain.pem"
 
 # Create a fake le4.wtf custom certificate and key
 docker exec "$le_container_name" mkdir -p /etc/nginx/certs/le4.wtf
@@ -76,28 +66,18 @@ wait_for_symlink_rm "${domains[2]}" "$le_container_name"
 
 # Start the nginx containers for ${domains[2]} again,
 # and check if the corresponding symlink is re-created.
-docker run --rm -d \
-  --name "symlink-le3" \
-  -e "VIRTUAL_HOST=${domains[2]}" \
-  -e "LETSENCRYPT_HOST=${domains[2]}" \
-  --network boulder_bluenet \
-  nginx:alpine > /dev/null && echo "Restarted test web server for ${domains[2]}"
-wait_for_symlink "${domains[2]}" "$le_container_name"
+run_nginx_container "${domains[2]}" "symlink-le3"
+wait_for_symlink "${domains[2]}" "$le_container_name" "./${domains[2]}/fullchain.pem"
 
 # Stop the nginx containers for ${domains[2]} silently and wait for symlink removal.
 docker stop "symlink-le3" > /dev/null
 wait_for_symlink_rm "${domains[2]}" "$le_container_name"
 
 # Move ${domains[2]} to a san certificate with ${domains[0]} and ${domains[1]}
-docker run --rm -d \
-  --name "symlink-le1-le2-le3" \
-  -e "VIRTUAL_HOST=${domains[0]},${domains[1]},${domains[2]}" \
-  -e "LETSENCRYPT_HOST=${domains[0]},${domains[1]},${domains[2]}" \
-  --network boulder_bluenet \
-  nginx:alpine > /dev/null && echo "Started test web server for ${domains[0]},${domains[1]},${domains[2]}"
+run_nginx_container "${domains[0]},${domains[1]},${domains[2]}" "symlink-le1-le2-le3"
 
 # Check where the symlink points (should be ./le1.wtf/fullchain.pem)
-wait_for_symlink "${domains[2]}" "$le_container_name"
+wait_for_symlink "${domains[2]}" "$le_container_name" "./${domains[0]}/fullchain.pem"
 
 # Stop the nginx container silently.
 docker stop "symlink-le1-le2-le3" > /dev/null
@@ -108,12 +88,7 @@ for domain in "${domains[@]}"; do
 done
 
 # Move ${domains[1]} to a new single domain certificate
-docker run --rm -d \
-  --name "symlink-le2" \
-  -e "VIRTUAL_HOST=${domains[1]}" \
-  -e "LETSENCRYPT_HOST=${domains[1]}" \
-  --network boulder_bluenet \
-  nginx:alpine > /dev/null && echo "Started test web server for ${domains[1]}"
+run_nginx_container "${domains[1]}" "symlink-le2"
 
 # Check where the symlink points (should be ./le2.wtf/fullchain.pem)
 wait_for_symlink "${domains[1]}" "$le_container_name"
@@ -121,17 +96,12 @@ wait_for_symlink "${domains[1]}" "$le_container_name"
 # Stop the nginx container silently and try to put ${domains[1]} on a
 # san certificate whose authorization will fail.
 docker stop "symlink-le2" > /dev/null
-docker run --rm -d \
-  --name "symlink-lim-le2" \
-  -e "VIRTUAL_HOST=lim.it,${domains[1]}" \
-  -e "LETSENCRYPT_HOST=lim.it,${domains[1]}" \
-  --network boulder_bluenet \
-  nginx:alpine > /dev/null && echo "Started test web server for lim.it,${domains[1]}"
+run_nginx_container "lim.it,${domains[1]}" "symlink-lim-le2"
 
 # The symlink creation for lim.it should time out, and the ${domains[1]}
 # symlink should still point to ./le2.wtf/fullchain.pem
 wait_for_symlink "lim.it" "$le_container_name"
-wait_for_symlink "${domains[1]}" "$le_container_name"
+wait_for_symlink "${domains[1]}" "$le_container_name" "./${domains[1]}/fullchain.pem"
 
 # Aaaaaand stop the container.
 docker stop "symlink-lim-le2" > /dev/null

test/tests/test-functions.sh

@@ -17,7 +17,7 @@ function run_le_container {
   if [[ "$SETUP" == '3containers' ]]; then
     cli_args+=" --env NGINX_DOCKER_GEN_CONTAINER=$DOCKER_GEN_CONTAINER_NAME"
   fi
-  docker run -d \
+  if docker run -d \
     --name "$name" \
     --volumes-from "$NGINX_CONTAINER_NAME" \
     --volume /var/run/docker.sock:/var/run/docker.sock:ro \
@@ -27,10 +27,39 @@ function run_le_container {
     --env "ACME_CA_URI=http://boulder:4001/directory" \
     --label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \
     --network boulder_bluenet \
-    "$image" > /dev/null && echo "Started letsencrypt container for test ${name%%_2*}"
+    "$image" > /dev/null; \
+  then
+    [[ "${DRY_RUN:-}" == 1 ]] && echo "Started letsencrypt container for test ${name%%_2*}"
+  else
+    echo "Could not start letsencrypt container for test ${name%%_2*}"
+    return 1
+  fi
+  return 0
 }
 export -f run_le_container
 
+# Run an nginx container
+function run_nginx_container {
+  local le_host="${1:?}"
+  local virtual_host="${le_host// /}"; virtual_host="${virtual_host//.,/,}"; virtual_host="${virtual_host%,}"
+  local container_name="${2:-$virtual_host}"
+  [[ "${DRY_RUN:-}" == 1 ]] && echo "Starting $container_name nginx container, with environment variables VIRTUAL_HOST=$virtual_host and LETSENCRYPT_HOST=$le_host"
+  if docker run --rm -d \
+    --name "$container_name" \
+    -e "VIRTUAL_HOST=$virtual_host" \
+    -e "LETSENCRYPT_HOST=$le_host" \
+    --network boulder_bluenet \
+    nginx:alpine > /dev/null ; \
+  then
+    [[ "${DRY_RUN:-}" == 1 ]] && echo "Started $container_name nginx container."
+  else
+    echo "Failed to start test web server for $le_host"
+    return 1
+  fi
+  return 0
+}
+export -f run_nginx_container
+
 
 # Wait for the /etc/nginx/conf.d/standalone-cert-$1.conf file to exist inside container $2
 function wait_for_standalone_conf {
@@ -55,6 +84,7 @@ export -f wait_for_standalone_conf
 function wait_for_symlink {
   local domain="${1:?}"
   local name="${2:?}"
+  local expected_target="${3:-}"
   local timeout
   timeout="$(date +%s)"
   timeout="$((timeout + 60))"
@@ -66,9 +96,17 @@ function wait_for_symlink {
     fi
     sleep 0.1
   done
-  target="$(docker exec "$name" readlink "/etc/nginx/certs/$domain.crt")"
-  echo "Symlink to $domain certificate has been generated."
-  echo "The link is pointing to the file $target"
+  [[ "${DRY_RUN:-}" == 1 ]] && echo "Symlink to $domain certificate has been generated."
+  if [[ -n "$expected_target" ]]; then
+    target="$(docker exec "$name" readlink "/etc/nginx/certs/$domain.crt")"
+    if [[ "$target" != "$expected_target" ]]; then
+      echo "The symlink to the $domain certificate is expected to point to $expected_target but point to $target instead."
+      return 1
+    elif [[ "${DRY_RUN:-}" == 1 ]]; then
+      echo "The symlink is pointing to the file $target"
+    fi
+  fi
+  return 0
 }
 export -f wait_for_symlink
 
@@ -87,7 +125,8 @@ function wait_for_symlink_rm {
     fi
     sleep 0.1
   done
-  echo "Symlink to $domain certificate has been removed."
+  [[ "${DRY_RUN:-}" == 1 ]] && echo "Symlink to $domain certificate has been removed."
+  return 0
 }
 export -f wait_for_symlink_rm
 
@@ -129,7 +168,7 @@ function check_cert_subj {
     esac
   done
 
-  if curl -k https://"$domain" > /dev/null 2>&1; then
+  if curl -k https://"$domain" &> /dev/null; then
     local cert_subject
     cert_subject="$(echo \
       | openssl s_client -showcerts -servername "$domain" -connect "$domain:443" 2>/dev/null \
@@ -197,7 +236,8 @@ function wait_for_conn {
     fi
     sleep 0.1
   done
-  echo "Connection to $domain using https was successful."
+  [[ "${DRY_RUN:-}" == 1 ]] && echo "Connection to $domain using https was successful."
+  return 0
 }
 export -f wait_for_conn