Add Certbot unregister integration test (#20874)

* Add Certbot unregister integration test - Make sure we can unregister ACME accounts through Certbot to provide an additional validation. * Add vault-crypto as a code owner for builtin/logical/pkiext
2025-10-29 17:52:32 +00:00 · 2023-05-30 17:24:28 -04:00
parent 08ee474850
commit 10c16ccbcb
2 changed files with 29 additions and 0 deletions
--- a/1
+++ b/1
@@ -48,6 +48,7 @@

 # Cryptosec
 /builtin/logical/pki/                                @hashicorp/vault-crypto
+/builtin/logical/pkiext/                             @hashicorp/vault-crypto
 /website/content/docs/secrets/pki/                   @hashicorp/vault-crypto
 /website/content/api-docs/secret/pki.mdx             @hashicorp/vault-crypto
 /builtin/credential/cert/                            @hashicorp/vault-crypto
--- a/builtin/logical/pkiext/pkiext_binary/acme_test.go
+++ b/builtin/logical/pkiext/pkiext_binary/acme_test.go
@@ -152,6 +152,34 @@ func SubtestACMECertbot(t *testing.T, cluster *VaultPkiCluster) {

 	require.NoError(t, err, "got error running double revoke command")
 	require.NotEqual(t, 0, retcode, "expected non-zero retcode double revoke command result")
+
+	// Attempt to close out our ACME account
+	certbotUnregisterCmd := []string{
+		"certbot",
+		"unregister",
+		"--no-verify-ssl",
+		"--non-interactive",
+		"--server", directory,
+	}
+
+	stdout, stderr, retcode, err = runner.RunCmdWithOutput(ctx, result.Container.ID, certbotUnregisterCmd)
+	t.Logf("Certbot Unregister Command: %v\nstdout: %v\nstderr: %v\n", certbotUnregisterCmd, string(stdout), string(stderr))
+	if err != nil || retcode != 0 {
+		logsStdout, logsStderr, _, _ := runner.RunCmdWithOutput(ctx, result.Container.ID, logCatCmd)
+		t.Logf("Certbot logs\nstdout: %v\nstderr: %v\n", string(logsStdout), string(logsStderr))
+	}
+	require.NoError(t, err, "got error running unregister command")
+	require.Equal(t, 0, retcode, "expected zero retcode unregister command result")
+
+	// Attempting to close out our ACME account twice should fail
+	stdout, stderr, retcode, err = runner.RunCmdWithOutput(ctx, result.Container.ID, certbotUnregisterCmd)
+	t.Logf("Certbot double Unregister Command: %v\nstdout: %v\nstderr: %v\n", certbotUnregisterCmd, string(stdout), string(stderr))
+	if err != nil || retcode != 0 {
+		logsStdout, logsStderr, _, _ := runner.RunCmdWithOutput(ctx, result.Container.ID, logCatCmd)
+		t.Logf("Certbot double logs\nstdout: %v\nstderr: %v\n", string(logsStdout), string(logsStderr))
+	}
+	require.NoError(t, err, "got error running double unregister command")
+	require.Equal(t, 1, retcode, "expected non-zero retcode double unregister command result")
 }

 func SubtestACMECertbotEab(t *testing.T, cluster *VaultPkiCluster) {