Integration testing for fake domains


#1

I want to run integration tests for Let’s Encrypt that include obtaining a certificate for a fake domain. One option might be to spin up a fake DNS provider container that returned the correct response and a Boulder container and point the fake_dns env var to it. That seems excessive and I’m hoping for a simpler solution. Thanks!


#2

Hi @katejefferson,

The Boulder Docker container already contains a fake DNS provider (dns-test-srv) that always returns a certain IP address for any A query. By default that IP address is 127.0.0.1, but you can change that by changing the FAKE_DNS environment variable to the IP address you want to return.

If you’re running a client on the host, you most likely want to set FAKE_DNS to 172.17.0.1 (depending on what IP the docker0 interface has).


#3

Thanks @jsha! Can I provision TXT records with the dns-test-srv? I need to be able to pass challenges.


#4

Yep, we have a hacked-up little local JSON API that we use for our own integration tests:

func (ts *testSrv) setTXT(w http.ResponseWriter, r *http.Request) {
	if r.URL.Path != "/set-txt" {
		http.NotFound(w, r)
		return
	} else if r.Method != "POST" {
		w.WriteHeader(405)
		return
	}
	msg, err := ioutil.ReadAll(r.Body)
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}
	var sr setRequest
	err = json.Unmarshal(msg, &sr)
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}
	if sr.Host == "" {
		w.WriteHeader(http.StatusBadRequest)
		return
	}
	ts.mu.Lock()
	defer ts.mu.Unlock()
	ts.txtRecords[strings.ToLower(sr.Host)] = sr.Value
	fmt.Printf("dns-srv: added TXT record for %s containing \"%s\"\n", sr.Host, sr.Value)
	w.WriteHeader(http.StatusOK)
}

That said, we don’t guarantee stability of that API, so it’s entirely possible we’ll break your tests with a future change. If you want a test harness you have more control over, you will probably want to run your own copy of dns-test-srv and point your Boulder instance at it. That’s a little complicated because you have to maintain a forked copy of the va.json config.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.