Clean up some tests, scripts, move to pebble completely

This cleans/removes a bunch of old tests and HashiCorp-specific CI
scripting. Tests have been modified to use pebble wholesale, and some
ones that have been made redundant by the process (the temporary
pebble-specific test, the explicit DNS provider config test, and the
explicit recursive nameserver test) have been removed.

Additionally, tests that are not supported by pebble (OCSP must-staple),
or are not tested automatically and are hard to maintain (multiple DNS
provider configurations), have been removed.

The objective here is to ensure that all tests can be done from a local
machine with no dependency on external resources. The latter two tests
may return at a later date, but users that depend on such features are
encouraged to do their own testing within their Terraform pipelines.

GNUmakefile

@@ -1,26 +1,31 @@
-TEST?=$$(go list ./... |grep -v 'vendor')
-GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor)
-WEBSITE_REPO=github.com/hashicorp/terraform-website
-PKG_NAME=acme
-PEBBLE_VERSION=2.3.0
-
-export ACME_SERVER_URL ?= https://acme-staging-v02.api.letsencrypt.org/directory
+# Test all packages by default
+TEST ?= ./...
 
+.PHONY: default
 default: build
 
+.PHONY: tools
 tools:
-	cd $(shell go env GOROOT) && go get -u github.com/hashicorp/go-bindata/go-bindata
+	cd $(shell go env GOROOT) && go get -u github.com/hashicorp/go-bindata/go-bindata gotest.tools/gotestsum
+
+.PHONY: pebble-start-install
+pebble-start-install: pebble-stop
+	build-support/scripts/pebble-start.sh --install
 
+.PHONY: pebble-start
 pebble-start: pebble-stop
 	build-support/scripts/pebble-start.sh
 
+.PHONY: pebble-stop
 pebble-stop:
 	build-support/scripts/pebble-stop.sh
 
+.PHONY: template-generate
 template-generate:
 	@echo "==> Re-generating templates..."
 	@go generate ./build-support/generate-dns-providers
 
+.PHONY: provider-generate
 provider-generate:
 	@echo "==> Re-generating Go DNS provider factory in ./acme..."
 	@go generate ./acme
@@ -30,58 +35,10 @@ provider-generate:
 	@find website/docs/dns_providers -type f -not -name index.html.markdown | xargs rm
 	@go run ./build-support/generate-dns-providers doc website/
 
-build: fmtcheck
+.PHONY: build
+build:
 	go install
 
-test: fmtcheck
-	go test -i $(TEST) || exit 1
-	echo $(TEST) | \
-		xargs -t -n4 go test $(TESTARGS) -timeout=30s -parallel=4
-
-testacc: fmtcheck
-	TF_ACC=1 go test $(TEST) -v $(TESTARGS) -timeout 240m
-
-debugacc: fmtcheck
-	TF_ACC=1 dlv test $(TEST) -- -test.v $(TESTARGS)
-
-vet:
-	@echo "go vet ."
-	@go vet $$(go list ./... | grep -v vendor/) ; if [ $$? -eq 1 ]; then \
-		echo ""; \
-		echo "Vet found suspicious constructs. Please check the reported constructs"; \
-		echo "and fix them if necessary before submitting the code for review."; \
-		exit 1; \
-	fi
-
-fmt:
-	gofmt -w $(GOFMT_FILES)
-
-fmtcheck:
-	@sh -c "'$(CURDIR)/scripts/gofmtcheck.sh'"
-
-errcheck:
-	@sh -c "'$(CURDIR)/scripts/errcheck.sh'"
-
-test-compile:
-	@if [ "$(TEST)" = "./..." ]; then \
-		echo "ERROR: Set TEST to a specific package. For example,"; \
-		echo "  make test-compile TEST=./$(PKG_NAME)"; \
-		exit 1; \
-	fi
-	go test -c $(TEST) $(TESTARGS)
-
-website:
-ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO)))
-	echo "$(WEBSITE_REPO) not found in your GOPATH (necessary for layouts and assets), get-ting..."
-	git clone https://$(WEBSITE_REPO) $(GOPATH)/src/$(WEBSITE_REPO)
-endif
-	@$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME)
-
-website-test:
-ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO)))
-	echo "$(WEBSITE_REPO) not found in your GOPATH (necessary for layouts and assets), get-ting..."
-	git clone https://$(WEBSITE_REPO) $(GOPATH)/src/$(WEBSITE_REPO)
-endif
-	@$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider-test PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME)
-
-.PHONY: build test testacc vet fmt fmtcheck errcheck test-compile website website-test tools provider-generate template-generate
+.PHONY: test
+test:
+	TF_ACC=1 gotestsum --format=short-verbose $(TEST) $(TESTARGS)

acme/provider_test.go

@@ -1,7 +1,9 @@
 package acme
 
 import (
+	"go/build"
 	"os"
+	"path/filepath"
 	"testing"
 
 	"github.com/hashicorp/terraform/helper/schema"
@@ -12,10 +14,31 @@ import (
 var testAccProvider *schema.Provider
 var testAccProviders map[string]terraform.ResourceProvider
 
+// Path to the pebble CA cert list, from GOPATH
+const pebbleCACerts = "src/github.com/letsencrypt/pebble/test/certs/pebble.minica.pem"
+
+// Domain for certificates
+const pebbleCertDomain = "example.test"
+
+// URL for the non-EAB pebble directory
+const pebbleDirBasic = "https://localhost:14000/dir"
+
+// URL for the EAB pebble directory
+const pebbleDirEAB = "https://localhost:14001/dir"
+
+// Address for the challenge/test recursive nameserver
+const pebbleChallTestDNSSrv = "localhost:5553"
+
+// Relative path to the external challenge/test script
+const pebbleChallTestDNSScriptPath = "../build-support/scripts/pebble-challtest-dns.sh"
+
 func init() {
 	// Set TF_SCHEMA_PANIC_ON_ERROR as a sanity check on tests.
 	os.Setenv("TF_SCHEMA_PANIC_ON_ERROR", "true")
 
+	// Set lego's CA certs to pebble's CA for testing w/pebble
+	os.Setenv("LEGO_CA_CERTIFICATES", filepath.Join(build.Default.GOPATH, pebbleCACerts))
+
 	testAccProvider = Provider().(*schema.Provider)
 	testAccProviders = map[string]terraform.ResourceProvider{
 		"acme": testAccProvider,
@@ -32,9 +55,3 @@ func TestProvider(t *testing.T) {
 func TestProvider_impl(t *testing.T) {
 	var _ terraform.ResourceProvider = Provider()
 }
-
-func testAccPreCheck(t *testing.T) {
-	if v := os.Getenv("ACME_SERVER_URL"); v == "" {
-		t.Fatal("ACME_SERVER_URL must be set for acceptance tests")
-	}
-}

acme/resource_acme_certificate.go

@@ -464,6 +464,10 @@ func resourceACMECertificateUpdate(d *schema.ResourceData, meta interface{}) err
 		opts = append(opts, dns01.AddRecursiveNameservers(s))
 	}
 
+	if d.Get("disable_complete_propagation").(bool) {
+		opts = append(opts, dns01.DisableCompletePropagationRequirement())
+	}
+
 	if err := client.Challenge.SetDNS01Provider(provider, opts...); err != nil {
 		return err
 	}