Files
@ 3d7effd414c9
Branch filter:
Location: majic-ansible-roles/roles/web_server/molecule/default/tests/test_optional.py - annotation
3d7effd414c9
2.0 KiB
text/x-python
MAR-189: Dropped deprecation-related tasks and tests for xmpp_server role:
- Migration from Prosody project repositories should have been done
already as part of the 7.0.1 release.
- Simplifies the code a bit.
- Drop leftover deprecated library plugin path.
- Migration from Prosody project repositories should have been done
already as part of the 7.0.1 release.
- Simplifies the code a bit.
- Drop leftover deprecated library plugin path.
a5f4c1ec6853 a5f4c1ec6853 f7c1f4c841f8 83a557f70dfb 351cd42e5f56 351cd42e5f56 351cd42e5f56 d62b3adec462 351cd42e5f56 351cd42e5f56 f7c1f4c841f8 23a5f9ba293c f7c1f4c841f8 23a5f9ba293c 23a5f9ba293c f7c1f4c841f8 23a5f9ba293c f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 351cd42e5f56 f7c1f4c841f8 f7c1f4c841f8 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 fc2c40c98e0c fc2c40c98e0c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 fc2c40c98e0c | import os
import defusedxml.ElementTree as ElementTree
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')
def test_tls_version_and_ciphers(host):
"""
Tests if the correct TLS version and ciphers have been enabled.
"""
expected_tls_versions = ["TLSv1.1", "TLSv1.2"]
expected_tls_ciphers = [
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
]
# Run the nmap scanner against the LDAP server, and fetch the
# results.
nmap = host.run("nmap -sV --script ssl-enum-ciphers -p 443 localhost -oX /tmp/report.xml")
assert nmap.rc == 0
report_content = host.file('/tmp/report.xml').content_string
report_root = ElementTree.fromstring(report_content)
tls_versions = []
tls_ciphers = set()
for child in report_root.findall("./host/ports/port/script/table"):
tls_versions.append(child.attrib['key'])
for child in report_root.findall(".//table[@key='ciphers']/table/elem[@key='name']"):
tls_ciphers.add(child.text)
tls_versions.sort()
tls_ciphers = sorted(list(tls_ciphers))
assert tls_versions == expected_tls_versions
assert tls_ciphers == expected_tls_ciphers
def test_default_vhost_index_page(host):
"""
Tests content of default vhost index page.
"""
hostname = host.ansible.get_variables()['inventory_hostname']
page = host.run('curl https://%s/', hostname)
assert page.rc == 0
assert "<title>Optional Welcome</title>" in page.stdout
assert "<h1>Optional Welcome</h1>" in page.stdout
assert "<p>Welcome to default virtual host.</p>" in page.stdout
|