Files
@ 065740010e44
Branch filter:
Location: majic-ansible-roles/roles/web_server/molecule/default/tests/test_mandatory.py - annotation
065740010e44
1.9 KiB
text/x-python
MAR-181: Drop deprecated directory for storing the LDAP auth module for Prosody.
a5f4c1ec6853 a5f4c1ec6853 f7c1f4c841f8 36cc127035aa 351cd42e5f56 351cd42e5f56 351cd42e5f56 d62b3adec462 351cd42e5f56 351cd42e5f56 f7c1f4c841f8 23a5f9ba293c f7c1f4c841f8 23a5f9ba293c 23a5f9ba293c f7c1f4c841f8 36cc127035aa f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 36cc127035aa f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 36cc127035aa f7c1f4c841f8 36cc127035aa f7c1f4c841f8 f7c1f4c841f8 36cc127035aa f7c1f4c841f8 f7c1f4c841f8 36cc127035aa f7c1f4c841f8 f7c1f4c841f8 351cd42e5f56 f7c1f4c841f8 f7c1f4c841f8 351cd42e5f56 f7c1f4c841f8 f7c1f4c841f8 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 | import os
import defusedxml.ElementTree as ElementTree
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-mandatory')
def test_tls_version_and_ciphers(host):
"""
Tests if the correct TLS version and ciphers have been enabled.
"""
expected_tls_versions = ["TLSv1.2"]
expected_tls_ciphers = [
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
]
# Run the nmap scanner against the LDAP server, and fetch the
# results.
nmap = host.run("nmap -sV --script ssl-enum-ciphers -p 443 localhost -oX /tmp/report.xml")
assert nmap.rc == 0
report_content = host.file('/tmp/report.xml').content_string
report_root = ElementTree.fromstring(report_content)
tls_versions = []
tls_ciphers = set()
for child in report_root.findall("./host/ports/port/script/table"):
tls_versions.append(child.attrib['key'])
for child in report_root.findall(".//table[@key='ciphers']/table/elem[@key='name']"):
tls_ciphers.add(child.text)
tls_versions.sort()
tls_ciphers = sorted(list(tls_ciphers))
assert tls_versions == expected_tls_versions
assert tls_ciphers == expected_tls_ciphers
def test_default_vhost_index_page(host):
"""
Tests content of default vhost index page.
"""
page = host.run('curl https://parameters-mandatory/')
assert page.rc == 0
assert "<title>Welcome</title>" in page.stdout
assert "<h1>Welcome</h1>" in page.stdout
assert "<p>You are attempting to access the web server using a wrong name or an IP address. Please check your URL.</p>" in page.stdout
|