Files
@ 3e0c2160c487
Branch filter:
Location: majic-ansible-roles/roles/web_server/molecule/default/tests/test_optional.py - annotation
3e0c2160c487
2.0 KiB
text/x-python
MAR-151: Added support for Debian 10 Buster to backup_server role:
- Updated role reference documentation.
- Updated role meta information.
- Updated tests.
- Do not use distribution version-specific SSH configuration file for
backup server SSH daemon.
- Updated role reference documentation.
- Updated role meta information.
- Updated tests.
- Do not use distribution version-specific SSH configuration file for
backup server SSH daemon.
a5f4c1ec6853 a5f4c1ec6853 f7c1f4c841f8 83a557f70dfb 351cd42e5f56 351cd42e5f56 351cd42e5f56 d62b3adec462 351cd42e5f56 351cd42e5f56 f7c1f4c841f8 23a5f9ba293c f7c1f4c841f8 23a5f9ba293c 23a5f9ba293c f7c1f4c841f8 23a5f9ba293c f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 351cd42e5f56 f7c1f4c841f8 f7c1f4c841f8 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 | import os
import defusedxml.ElementTree as ElementTree
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')
def test_tls_version_and_ciphers(host):
"""
Tests if the correct TLS version and ciphers have been enabled.
"""
expected_tls_versions = ["TLSv1.1", "TLSv1.2"]
expected_tls_ciphers = [
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
]
# Run the nmap scanner against the LDAP server, and fetch the
# results.
nmap = host.run("nmap -sV --script ssl-enum-ciphers -p 443 localhost -oX /tmp/report.xml")
assert nmap.rc == 0
report_content = host.file('/tmp/report.xml').content_string
report_root = ElementTree.fromstring(report_content)
tls_versions = []
tls_ciphers = set()
for child in report_root.findall("./host/ports/port/script/table"):
tls_versions.append(child.attrib['key'])
for child in report_root.findall(".//table[@key='ciphers']/table/elem[@key='name']"):
tls_ciphers.add(child.text)
tls_versions.sort()
tls_ciphers = sorted(list(tls_ciphers))
assert tls_versions == expected_tls_versions
assert tls_ciphers == expected_tls_ciphers
def test_default_vhost_index_page(host):
"""
Tests content of default vhost index page.
"""
page = host.run('curl https://parameters-optional/')
assert page.rc == 0
assert "<title>Optional Welcome</title>" in page.stdout
assert "<h1>Optional Welcome</h1>" in page.stdout
assert "<p>Welcome to parameters-optional, default virtual host.</p>" in page.stdout
|