cache and certs tests

lando · Jul 23, 2024 · e1b2161 · e1b2161
1 parent 28d7df1
commit e1b2161
Show file tree

Hide file tree

Showing 9 changed files with 215 additions and 117 deletions.
diff --git a/.github/workflows/pr-core-tests.yml b/.github/workflows/pr-core-tests.yml
@@ -19,7 +19,7 @@ jobs:
           - badname
           - build
           - cache
-          # - certs
+          - certs
           - config
           - debug
           - envfile
@@ -28,6 +28,7 @@ jobs:
           # - exec
           - experimental
           - healthcheck
+          # - hostnames
           - info
           - init-github
           - init-remote

diff --git a/examples/certs/.lando.yml b/examples/certs/.lando.yml
@@ -1,46 +1,43 @@
 name: lando-certs
 proxy:
-  nginx:
-    - lando-certs.lndo.site:8080
-    - hostname: lando-certs-2.lndo.site
-      port: 8080
-events:
-  post-start:
-    - nginx: env | grep LANDO | sort
-    - debian: tail -f /dev/null &
-    - web3: tail -f /dev/null &
+  web:
+    - web.lndo.site:8080
+  web2:
+    - web2.lndo.site:8080
+
 services:
-  alpine:
-    api: 4
-    image: alpine:3.20
-    command: sleep infinity
-  debian:
+  web:
+    api: 3
+    type: lando
+    ssl: true
+    sslExpose: true
+    sport: "8443"
+    services:
+      image: bitnami/nginx
+      command: /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh
+      ports:
+        - "8080"
+        - "8443"
+      user: root
+      volumes:
+        - ./default-ssl.conf:/opt/bitnami/nginx/conf/server_blocks/my_server_block.conf
+        - ./:/usr/share/nginx/html
+
+  web2:
     api: 4
     image:
-      imagefile: |
-        FROM debian:bookworm-slim
-        RUN apt update -y && apt install -y procps
-    command: sleep infinity
-  fedora:
-    api: 4
-    image: fedora:40
-    command:
-      - sleep
-      - infinity
-  ol:
-    api: 4
-    image: oraclelinux:9-slim
-    command: sleep infinity
-  nginx:
+      imagefile: nginxinc/nginx-unprivileged:1.26.1
+      context:
+        - ./default-ssl-2.conf:/etc/nginx/conf.d/default.conf
+    user: nginx
+    ports:
+      - 8080/http
+      - 8443/https
+  web3:
     api: 4
-    primary: true
     certs: /certs/cert.crt
-    build:
-      app: |
-        echo "app build"
-        sh -c "env | grep LANDO | sort"
     hostnames:
-      - bobthing
+      - vibes.rising
     image:
       imagefile: nginxinc/nginx-unprivileged:1.26.1
       context:
@@ -49,28 +46,40 @@ services:
     ports:
       - 8080/http
       - 8443/https
-
-  web3:
-    api: 3
-    type: lando
-    ssl: true
-    sslExpose: false
-    services:
-      image: bitnami/nginx
-      command: /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh
-      ports:
-        - "8080"
-      user: root
+  web4:
+    api: 4
+    certs:
+      cert: /frank/cert.crt
+      key: /bob/key.key
+    image:
+      imagefile: nginxinc/nginx-unprivileged:1.26.1
+      context:
+        - ./default-ssl-3.conf:/etc/nginx/conf.d/default.conf
+    user: nginx
+    ports:
+      - 8080/http
+      - 8443/https
+  web5:
+    api: 4
+    certs: false
+    image:
+      imagefile: nginxinc/nginx-unprivileged:1.26.1
+      context:
+        - ./default.conf:/etc/nginx/conf.d/default.conf
+    user: nginx
+    ports:
+      - 8080/http
 
 tooling:
-  env:
-    service: nginx
-  backgrounder:
-    service: debian
-    cmd: tail -f /dev/null &
-  backgrounder2:
-    service: web3
-    cmd: tail -f /dev/null &
+  certinfo:
+    cmd: bash -c "openssl x509 -in "$LANDO_SERVICE_CERT" -noout -text"
+    service: :service
+    options:
+      service:
+        default: web
+        alias:
+          - s
+        describe: Runs on a different service
 
 plugins:
   "@lando/core": "../.."

diff --git a/examples/certs/README.md b/examples/certs/README.md
@@ -2,9 +2,9 @@
 
 This example exists primarily to test the following documentation:
 
-* [Networking](https://docs.devwithlando.io/config/certificates.html)
+* [Lando 3 Certs](https://docs.lando.dev/core/v3/services/lando.html#ssl)
 
-See the [Landofiles](https://docs.devwithlando.io/config/lando.html) in this directory for the exact magicks.
+See the [Landofiles](https://docs.lando.dev/config/lando.html) in this directory for the exact magicks.
 
 # Start up tests
 
@@ -19,66 +19,80 @@ lando start
 Run the following commands to verify things work as expected
 
 ```bash
-# Should have the correct entries in /certs/cert.ext
-cd lamp
-lando ssh -s appserver -c "cat /certs/cert.ext" | grep DNS.1 | grep -w appserver.landolamp.internal
-lando ssh -s appserver -c "cat /certs/cert.ext" | grep DNS.2 | grep -w appserver
-lando ssh -s appserver -c "cat /certs/cert.ext" | grep DNS.3 | grep -w localhost
-lando ssh -s appserver -c "cat /certs/cert.ext" | grep lando-lamp.lndo.site
-cd .. && cd lemp
-lando ssh -s placeholder -c "cat /certs/cert.ext" | grep DNS.1 | grep -w placeholder.landolemp.internal
-lando ssh -s placeholder -c "cat /certs/cert.ext" | grep DNS.2 | grep -w placeholder
-lando ssh -s placeholder -c "cat /certs/cert.ext" | grep DNS.3 | grep -w localhost
-lando ssh -s placeholder -c "cat /certs/cert.ext" | grep placeholder.lando-lemp.lndo.site
-
-# Should have the correct internal hostname info
-cd lamp
-lando info -s appserver | grep hostnames: | grep appserver.landolamp.internal
-cd .. && cd lemp
-lando info -s placeholder | grep hostnames: | grep placeholder.landolemp.internal
-
-# Should be able to self connect from lamp
-cd lamp
-lando ssh -s appserver -c "curl http://localhost"
-lando ssh -s appserver -c "curl https://localhost"
-
-# Should be able to self connect from lemp
-cd lemp
-lando ssh -s placeholder -c "curl http://localhost"
-lando ssh -s placeholder -c "curl https://localhost"
-
-# Should be able to curl lemp from lamp at proxy addresses and internal hostnames
-cd lamp
-lando ssh -s appserver -c "curl http://lando-lemp.lndo.site"
-lando ssh -s appserver -c "curl http://appserver_nginx.landolemp.internal"
-# lando ssh -s appserver -c "curl https://lando-lemp.lndo.site"
-# lando ssh -s appserver -c "curl https://appserver_nginx.landolemp.internal"
-lando ssh -s appserver -c "curl https://placeholder.lando-lemp.lndo.site"
-lando ssh -s appserver -c "curl https://placeholder.landolemp.internal"
-
-# Should be able to curl lamp from lemp at proxy addresses and internal hostname
-cd lemp
-lando ssh -s appserver -c "curl http://lando-lamp.lndo.site"
-lando ssh -s appserver -c "curl http://appserver.landolamp.internal"
-# lando ssh -s appserver -c "curl https://lando-lamp.lndo.site"
-# lando ssh -s appserver -c "curl https://appserver.landolamp.internal"
-lando ssh -s placeholder -c "curl https://lando-lamp.lndo.site"
-lando ssh -s placeholder -c "curl https://appserver.landolamp.internal"
-
-# Should even be able to connect to a database in a different app
-cd lamp
-lando ssh -s database -c "mysql -uroot -h database.landolemp.internal -e 'quit'"
+# Should set the environment variables correctly
+lando exec web -- env | grep LANDO_SERVICE_CERT | grep /lando/certs/web.landocerts.crt
+lando exec web -- env | grep LANDO_SERVICE_KEY | grep /lando/certs/web.landocerts.key
+lando exec web2 -- env | grep LANDO_SERVICE_CERT | grep /etc/lando/certs/cert.crt
+lando exec web2 -- env | grep LANDO_SERVICE_KEY | grep /etc/lando/certs/cert.key
+lando exec web3 -- env | grep LANDO_SERVICE_CERT | grep /certs/cert.crt
+lando exec web3 -- env | grep LANDO_SERVICE_KEY | grep /certs/cert.key
+lando exec web4 -- env | grep LANDO_SERVICE_CERT | grep /frank/cert.crt
+lando exec web4 -- env | grep LANDO_SERVICE_KEY | grep /bob/key.key
+lando exec web5 -- env | grep LANDO_SERVICE_CERT || echo $? | grep 1
+lando exec web5 -- env | grep LANDO_SERVICE_KEY || echo $? | grep 1
+
+# Should have certs and ancillary files in the correct places
+lando exec web -- bash -c "cat \"\$LANDO_SERVICE_CERT\""
+lando exec web -- bash -c "cat \"\$LANDO_SERVICE_KEY\""
+lando exec web -- cat /certs/cert.crt
+lando exec web -- cat /certs/cert.key
+lando exec web -- cat /certs/cert.pem
+lando exec web -- cat /certs/server.crt
+lando exec web -- cat /certs/server.key
+lando exec web2 -- cat "\$LANDO_SERVICE_CERT"
+lando exec web2 -- cat "\$LANDO_SERVICE_KEY"
+lando exec web3 -- cat "\$LANDO_SERVICE_CERT"
+lando exec web3 -- cat "\$LANDO_SERVICE_KEY"
+lando exec web4 -- cat "\$LANDO_SERVICE_KEY"
+lando exec web4 -- cat "\$LANDO_SERVICE_CERT"
+
+# Should also have certs in the default locations
+lando exec web -- cat /certs/cert.crt
+lando exec web -- cat /certs/cert.key
+lando exec web -- cat /certs/cert.pem
+lando exec web -- cat /certs/server.crt
+lando exec web -- cat /certs/server.key
+lando exec web2 -- cat /etc/lando/certs/cert.crt
+lando exec web2 -- cat /etc/lando/certs/cert.key
+lando exec web3 -- cat /etc/lando/certs/cert.crt
+lando exec web3 -- cat /etc/lando/certs/cert.key
+lando exec web4 -- cat /etc/lando/certs/cert.crt
+lando exec web4 -- cat /etc/lando/certs/cert.key
+
+# Should not generate certs if certs is disable-y
+lando exec web5 -- ls -lsa /etc/lando/certs || echo $? | grep 1
+
+# Should have the correct cert issuer
+lando certinfo | grep Issuer | grep "Lando Development CA"
+lando certinfo --service web2 | grep Issuer | grep "Lando Development CA"
+lando certinfo --service web3 | grep Issuer | grep "Lando Development CA"
+lando certinfo --service web4 | grep Issuer | grep "Lando Development CA"
+
+# Should have the correct cert SANS
+lando certinfo | grep DNS | grep -w localhost
+lando certinfo | grep DNS | grep -w web.landocerts.internal
+lando certinfo | grep DNS | grep -w web
+lando certinfo | grep "IP Address" | grep 127.0.0.1
+lando certinfo --service web2 | grep DNS | grep -w localhost
+lando certinfo --service web2 | grep DNS | grep -w web2.lndo.site
+lando certinfo --service web2 | grep DNS | grep -w web2.landocerts.internal
+lando certinfo --service web2 | grep DNS | grep -w web2
+lando certinfo --service web2 | grep "IP Address" | grep 127.0.0.1
+lando certinfo --service web3 | grep DNS | grep -w vibes.rising
+lando certinfo --service web3 | grep DNS | grep -w localhost
+lando certinfo --service web3 | grep DNS | grep -w web3.landocerts.internal
+lando certinfo --service web3 | grep DNS | grep -w web3
+lando certinfo --service web3 | grep "IP Address" | grep 127.0.0.1
+lando certinfo --service web4 | grep DNS | grep -w localhost
+lando certinfo --service web4 | grep DNS | grep -w web4.landocerts.internal
+lando certinfo --service web4 | grep DNS | grep -w web4
+lando certinfo --service web4 | grep "IP Address" | grep 127.0.0.1
 ```
 
 ## Destroy tests
 
 ```bash
-# Should destroy lamp successfully
-cd lamp && lando destroy -y
-
-# Should destroy lemp successfully
-cd lemp && lando destroy -y
-
-# Should poweroff
+# Should destroy and poweroff
+lando destroy -y
 lando poweroff
 ```
diff --git a/examples/certs/default-ssl-2.conf b/examples/certs/default-ssl-2.conf
@@ -0,0 +1,28 @@
+server {
+  listen       0.0.0.0:8443 ssl;
+  listen       0.0.0.0:8080;
+  server_name  localhost;
+
+  ssl_certificate      /etc/lando/certs/cert.crt;
+  ssl_certificate_key  /etc/lando/certs/cert.key;
+
+  ssl_session_cache    shared:SSL:1m;
+  ssl_session_timeout  5m;
+
+  ssl_ciphers  HIGH:!aNULL:!MD5;
+  ssl_prefer_server_ciphers  on;
+
+  location / {
+    root   /usr/share/nginx/html;
+    index  index.html index.htm;
+  }
+
+  #error_page  404              /404.html;
+
+  # redirect server error pages to the static page /50x.html
+  #
+  error_page   500 502 503 504  /50x.html;
+  location = /50x.html {
+    root   /usr/share/nginx/html;
+  }
+}
diff --git a/examples/certs/default-ssl-3.conf b/examples/certs/default-ssl-3.conf
@@ -0,0 +1,28 @@
+server {
+  listen       0.0.0.0:8443 ssl;
+  listen       0.0.0.0:8080;
+  server_name  localhost;
+
+  ssl_certificate      /frank/cert.crt;
+  ssl_certificate_key  /bob/key.key;
+
+  ssl_session_cache    shared:SSL:1m;
+  ssl_session_timeout  5m;
+
+  ssl_ciphers  HIGH:!aNULL:!MD5;
+  ssl_prefer_server_ciphers  on;
+
+  location / {
+    root   /usr/share/nginx/html;
+    index  index.html index.htm;
+  }
+
+  #error_page  404              /404.html;
+
+  # redirect server error pages to the static page /50x.html
+  #
+  error_page   500 502 503 504  /50x.html;
+  location = /50x.html {
+    root   /usr/share/nginx/html;
+  }
+}
diff --git a/examples/certs/default-ssl.conf b/examples/certs/default-ssl.conf
@@ -1,6 +1,6 @@
 server {
-  listen       8443 ssl;
-  listen       8080;
+  listen       0.0.0.0:8443 ssl;
+  listen       0.0.0.0:8080;
   server_name  localhost;
 
   ssl_certificate      /certs/cert.crt;

diff --git a/examples/certs/default.conf b/examples/certs/default.conf
@@ -0,0 +1,18 @@
+server {
+  listen       0.0.0.0:8080;
+  server_name  localhost;
+
+  location / {
+    root   /usr/share/nginx/html;
+    index  index.html index.htm;
+  }
+
+  #error_page  404              /404.html;
+
+  # redirect server error pages to the static page /50x.html
+  #
+  error_page   500 502 503 504  /50x.html;
+  location = /50x.html {
+    root   /usr/share/nginx/html;
+  }
+}
diff --git a/examples/certs/index.html b/examples/certs/index.html
@@ -0,0 +1 @@
+HELLO THERE
diff --git a/examples/certs/index.php b/examples/certs/index.php