From 9f9ca7cede684d595ccea12c5de83077dff0fc00 Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Wed, 31 May 2023 09:16:25 -0400 Subject: [PATCH] backport of commit 10c16ccbcb13fbb0dab56fd7b11b4fdb41609436 (#20875) Co-authored-by: Steven Clark --- CODEOWNERS | 1 + .../logical/pkiext/pkiext_binary/acme_test.go | 28 +++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/CODEOWNERS b/CODEOWNERS index 90ac1fc92..e13a6b539 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -48,6 +48,7 @@ # Cryptosec /builtin/logical/pki/ @hashicorp/vault-crypto +/builtin/logical/pkiext/ @hashicorp/vault-crypto /website/content/docs/secrets/pki/ @hashicorp/vault-crypto /website/content/api-docs/secret/pki.mdx @hashicorp/vault-crypto /builtin/credential/cert/ @hashicorp/vault-crypto diff --git a/builtin/logical/pkiext/pkiext_binary/acme_test.go b/builtin/logical/pkiext/pkiext_binary/acme_test.go index 4e43852cf..f66a602a1 100644 --- a/builtin/logical/pkiext/pkiext_binary/acme_test.go +++ b/builtin/logical/pkiext/pkiext_binary/acme_test.go @@ -152,6 +152,34 @@ func SubtestACMECertbot(t *testing.T, cluster *VaultPkiCluster) { require.NoError(t, err, "got error running double revoke command") require.NotEqual(t, 0, retcode, "expected non-zero retcode double revoke command result") + + // Attempt to close out our ACME account + certbotUnregisterCmd := []string{ + "certbot", + "unregister", + "--no-verify-ssl", + "--non-interactive", + "--server", directory, + } + + stdout, stderr, retcode, err = runner.RunCmdWithOutput(ctx, result.Container.ID, certbotUnregisterCmd) + t.Logf("Certbot Unregister Command: %v\nstdout: %v\nstderr: %v\n", certbotUnregisterCmd, string(stdout), string(stderr)) + if err != nil || retcode != 0 { + logsStdout, logsStderr, _, _ := runner.RunCmdWithOutput(ctx, result.Container.ID, logCatCmd) + t.Logf("Certbot logs\nstdout: %v\nstderr: %v\n", string(logsStdout), string(logsStderr)) + } + require.NoError(t, err, "got error running unregister command") + require.Equal(t, 0, retcode, "expected zero retcode unregister command result") + + // Attempting to close out our ACME account twice should fail + stdout, stderr, retcode, err = runner.RunCmdWithOutput(ctx, result.Container.ID, certbotUnregisterCmd) + t.Logf("Certbot double Unregister Command: %v\nstdout: %v\nstderr: %v\n", certbotUnregisterCmd, string(stdout), string(stderr)) + if err != nil || retcode != 0 { + logsStdout, logsStderr, _, _ := runner.RunCmdWithOutput(ctx, result.Container.ID, logCatCmd) + t.Logf("Certbot double logs\nstdout: %v\nstderr: %v\n", string(logsStdout), string(logsStderr)) + } + require.NoError(t, err, "got error running double unregister command") + require.Equal(t, 1, retcode, "expected non-zero retcode double unregister command result") } func SubtestACMECertbotEab(t *testing.T, cluster *VaultPkiCluster) {