test(docs-infra): check TLS certificates as part of preview server's health check (#36837)
In order to ease local development, self-signed SSL/TLS certificates are created when building the preview server Docker image. These certificates are valid for 365 days. Thus, it is possible for an old certificate to be re-used past its expiration date due to Docker's caching intermediate layers. Previously, this would lead to hard-to-debug failures in the `aio-health-check` and `aio-verify-setup` checks. Even after finding out that the failures were caused by an expired certificate, it was not obvious why that would be the case. This commit adds an additional check to the `aio-health-check` command that checks the certificates' expiration dates. This helps surface such errors. It also prints a more helpful message, prompting the user to build the Docker image with the `--no-cache` option to fix the problem with self-signed certificates. PR Close #36837
This commit is contained in:
George Kalpakas
Alex Rickabaugh
parent
e73daa3736
commit
53805f07ba
|
|
@ -8,10 +8,32 @@ exitCode=0
|
|||
|
||||
|
||||
# Helpers
|
||||
function checkCert {
|
||||
local certPath=$1
|
||||
|
||||
if [[ ! -f "$certPath" ]]; then
|
||||
echo "Certificate '$certPath' does not exist. Skipping expiration check..."
|
||||
return
|
||||
fi
|
||||
|
||||
openssl x509 -checkend 0 -in "$certPath" -noout > /dev/null
|
||||
reportStatus "Certificate '$certPath'"
|
||||
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo " [WARN]"
|
||||
echo " If you did not provide the certificate explicitly, try running the"
|
||||
echo " 'docker build' command again with the '--no-cache' option to generate"
|
||||
echo " a new self-signed certificate."
|
||||
fi
|
||||
}
|
||||
|
||||
function reportStatus {
|
||||
local lastExitCode=$?
|
||||
|
||||
echo "$1: $([[ $lastExitCode -eq 0 ]] && echo OK || echo NOT OK)"
|
||||
[[ $lastExitCode -eq 0 ]] || exitCode=1
|
||||
|
||||
return $lastExitCode
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -28,6 +50,16 @@ for s in ${services[@]}; do
|
|||
done
|
||||
|
||||
|
||||
# Check SSL/TLS certificates expiration
|
||||
certs=(
|
||||
"$AIO_LOCALCERTS_DIR/$AIO_DOMAIN_NAME.crt"
|
||||
"$TEST_AIO_LOCALCERTS_DIR/$TEST_AIO_DOMAIN_NAME.crt"
|
||||
)
|
||||
for c in ${certs[@]}; do
|
||||
checkCert $c
|
||||
done
|
||||
|
||||
|
||||
# Check servers
|
||||
origins=(
|
||||
http://$AIO_PREVIEW_SERVER_HOSTNAME:$AIO_PREVIEW_SERVER_PORT
|
||||
|
|
|
|||
Loading…
Reference in New Issue