Files
@ 325b9d16a72b
Branch filter:
Location: majic-ansible-roles/roles/php_website/molecule/default/tests/test_default.py - annotation
325b9d16a72b
2.2 KiB
text/x-python
MAR-151: Added support for Debian 10 Buster to common role:
- Updated tests.
- Updated role reference documentation.
- Updated role metadata information.
- Refactored IP plan for the test machines for better separation
between different types of machines and versions.
- Parametrised tests for limited connectivity using the maintenance
mode.
- Don't use MariaDB compat package in tests - name differs between
Debian 9 and Debian 10, and relevant parameter is already getting
tested properly using the remaining packages.
- Updated tests.
- Updated role reference documentation.
- Updated role metadata information.
- Refactored IP plan for the test machines for better separation
between different types of machines and versions.
- Parametrised tests for limited connectivity using the maintenance
mode.
- Don't use MariaDB compat package in tests - name differs between
Debian 9 and Debian 10, and relevant parameter is already getting
tested properly using the remaining packages.
14eb78a4f466 14eb78a4f466 5b102c4afcb3 5b102c4afcb3 1b6495e2ba42 1b6495e2ba42 3dd7f39302f8 1b6495e2ba42 d62b3adec462 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 | import os
import pytest
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
@pytest.mark.parametrize('fqdn', [
'parameters-mandatory',
'parameters-optional.local',
])
def test_https_enforcement(host, fqdn):
"""
Tests if HTTPS is being enforced.
"""
https_enforcement = host.run('curl -I http://%s/', fqdn)
assert https_enforcement.rc == 0
assert 'HTTP/1.1 301 Moved Permanently' in https_enforcement.stdout
assert 'Location: https://%s/' % fqdn in https_enforcement.stdout
https_enforcement = host.run('curl -I https://%s/', fqdn)
assert https_enforcement.rc == 0
assert 'Strict-Transport-Security: max-age=31536000; includeSubDomains' in https_enforcement.stdout
@pytest.mark.parametrize("private_key_path, certificate_path, expected_private_key, expected_certificate", [
('/etc/ssl/private/parameters-mandatory_https.key', '/etc/ssl/certs/parameters-mandatory_https.pem',
'tests/data/x509/server/parameters-mandatory_https.key.pem', 'tests/data/x509/server/parameters-mandatory_https.cert.pem'),
('/etc/ssl/private/parameters-optional.local_https.key', '/etc/ssl/certs/parameters-optional.local_https.pem',
'tests/data/x509/server/parameters-optional_https.key.pem', 'tests/data/x509/server/parameters-optional_https.cert.pem'),
])
def test_nginx_tls_files(host, private_key_path, certificate_path, expected_private_key, expected_certificate):
"""
Tests if TLS private key and certificate have been deployed correctly.
"""
with host.sudo():
tls_file = host.file(private_key_path)
assert tls_file.is_file
assert tls_file.user == 'root'
assert tls_file.group == 'root'
assert tls_file.mode == 0o640
assert tls_file.content_string == open(expected_private_key, "r").read().rstrip()
tls_file = host.file(certificate_path)
assert tls_file.is_file
assert tls_file.user == 'root'
assert tls_file.group == 'root'
assert tls_file.mode == 0o644
assert tls_file.content_string == open(expected_certificate, "r").read().rstrip()
|