Skip to content

Commit

Permalink
test(docs-infra): check TLS certificates as part of preview server's …
Browse files Browse the repository at this point in the history 
…health check (angular#36837)

In order to ease local development, self-signed SSL/TLS certificates are
created when building the preview server Docker image. These
certificates are valid for 365 days. Thus, it is possible for an old
certificate to be re-used past its expiration date due to Docker's
caching intermediate layers.

Previously, this would lead to hard-to-debug failures in the
`aio-health-check` and `aio-verify-setup` checks. Even after finding out
that the failures were caused by an expired certificate, it was not
obvious why that would be the case.

This commit adds an additional check to the `aio-health-check` command
that checks the certificates' expiration dates. This helps surface such
errors. It also prints a more helpful message, prompting the user to
build the Docker image with the `--no-cache` option to fix the problem
with self-signed certificates.

PR Close angular#36837
  • Loading branch information
@gkalpak @profanis
gkalpak authored and profanis committed Sep 5, 2020
1 parent 1a5e325 commit e6ebf6a
Showing 1 changed file with 32 additions and 0 deletions.
32 changes: 32 additions & 0 deletions aio/aio-builds-setup/dockerbuild/scripts-sh/health-check.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,32 @@ exitCode=0


# Helpers
function checkCert {
local certPath=$1

if [[ ! -f "$certPath" ]]; then
echo "Certificate '$certPath' does not exist. Skipping expiration check..."
return
fi

openssl x509 -checkend 0 -in "$certPath" -noout > /dev/null
reportStatus "Certificate '$certPath'"

if [[ $? -ne 0 ]]; then
echo " [WARN]"
echo " If you did not provide the certificate explicitly, try running the"
echo " 'docker build' command again with the '--no-cache' option to generate"
echo " a new self-signed certificate."
fi
}

function reportStatus {
local lastExitCode=$?

echo "$1: $([[ $lastExitCode -eq 0 ]] && echo OK || echo NOT OK)"
[[ $lastExitCode -eq 0 ]] || exitCode=1

return $lastExitCode
}


Expand All @@ -28,6 +50,16 @@ for s in ${services[@]}; do
done


# Check SSL/TLS certificates expiration
certs=(
"$AIO_LOCALCERTS_DIR/$AIO_DOMAIN_NAME.crt"
"$TEST_AIO_LOCALCERTS_DIR/$TEST_AIO_DOMAIN_NAME.crt"
)
for c in ${certs[@]}; do
checkCert $c
done


# Check servers
origins=(
http://$AIO_PREVIEW_SERVER_HOSTNAME:$AIO_PREVIEW_SERVER_PORT
Expand Down

0 comments on commit e6ebf6a

Please sign in to comment.