Files
@ 3dd7f39302f8
Branch filter:
Location: majic-ansible-roles/roles/xmpp_server/tests/test_client.py - annotation
3dd7f39302f8
2.7 KiB
text/x-python
MAR-29: Implemented tests for php_website role:
- Install some additional tools for testing everything.
- Updated test playbook to change allowed extensions for running PHP scripts on
parameters-optional.
- Updated error page to use correct extension for parameters-optional test
instance.
- Expanded rewrite configuration slightly for parameters-optional.
- Install libmariadb-client-lgpl-dev-compat to test mysql_config symlink
creation.
- Deploy a number of PHP pages used for testing if pages are served correctly.
- Set file permissions on deployed PHP FPM pool configuraiton files.
- Use expanded syntax when deploying TLS keys/certificates in order to avoid
issues with TAB mangling.
- Fixed set-up of Strict-Transport-Security header when HTTPS enforcement is
disabled.
- Added a number of PHP and static test pages.
- Wrote tests covering full functionality of the role.
- Install some additional tools for testing everything.
- Updated test playbook to change allowed extensions for running PHP scripts on
parameters-optional.
- Updated error page to use correct extension for parameters-optional test
instance.
- Expanded rewrite configuration slightly for parameters-optional.
- Install libmariadb-client-lgpl-dev-compat to test mysql_config symlink
creation.
- Deploy a number of PHP pages used for testing if pages are served correctly.
- Set file permissions on deployed PHP FPM pool configuraiton files.
- Use expanded syntax when deploying TLS keys/certificates in order to avoid
issues with TAB mangling.
- Fixed set-up of Strict-Transport-Security header when HTTPS enforcement is
disabled.
- Added a number of PHP and static test pages.
- Wrote tests covering full functionality of the role.
da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 da031f975c67 | import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
'.molecule/ansible_inventory').get_hosts('client1')
def test_connectivity(Command, Sudo):
"""
Tests connectivity to the XMPP server (ports that should be reachable).
"""
with Sudo():
for server in ["parameters-mandatory",
"parameters-optional"]:
# c2s plaintext, c2s TLS, file proxy, s2s.
for port in [5222, 5223, 5000, 5269]:
ping = Command('hping3 -S -p %d -c 1 %s' % (port, server))
assert ping.rc == 0
def test_tls(Command):
"""
Tests if TLS works as expected.
"""
send = Command("echo 'Hello' | sendxmpp -t -u john.doe -p johnpassword -j domain1:5222 john.doe@domain1")
assert send.rc == 0
send = Command("echo 'Hello' | sendxmpp -e -u john.doe -p johnpassword -j domain1:5223 john.doe@domain1")
assert send.rc == 0
send = Command("echo 'Hello' | sendxmpp -t -u jane.doe -p janepassword -j domain2:5222 jane.doe@domain2")
assert send.rc == 0
send = Command("echo 'Hello' | sendxmpp -e -u jane.doe -p janepassword -j domain2:5223 jane.doe@domain2")
assert send.rc == 0
def test_authentication_requires_tls(Command):
"""
Tests if authentication must be done over TLS.
"""
command = Command("echo 'Hello' | sendxmpp -u bogus -p bogus -j domain1:5222 john.doe@domain1 -d")
assert "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>" in command.stderr
command = Command("echo 'Hello' | sendxmpp -u bogus -p bogus -j domain2:5222 jane.doe@domain2 -d")
assert "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>" in command.stderr
def test_authentication(Command):
"""
Tests if authentication works correctly.
"""
send = Command("echo 'Hello' | sendxmpp -t -u john.doe -p johnpassword -j domain1:5222 john.doe@domain1")
assert send.rc == 0
send = Command("echo 'Hello' | sendxmpp -e -u john.doe -p johnpassword -j domain1:5223 john.doe@domain1")
assert send.rc == 0
send = Command("echo 'Hello' | sendxmpp -t -u jane.doe -p janepassword -j domain2:5222 jane.doe@domain2")
assert send.rc == 0
send = Command("echo 'Hello' | sendxmpp -e -u mick.doe -p mickpassword -j domain3:5223 mick.doe@domain3")
assert send.rc == 0
def test_unauthorized_users_rejected(Command):
"""
Tests if unauthorized users (present in LDAP, but not member of correct
group) are rejected from accessing the XMPP server.
"""
send = Command("echo 'Hello' | sendxmpp -t -u noxmpp -p noxmpppassword -j domain1:5222 john.doe@domain1")
assert send.rc != 0
assert "Error 'AuthSend': error: not-authorized[?]" in send.stderr
|