majic-ansible-roles Files · roles/xmpp_server/molecule/default/tests/test

Files @ 41e53eb08518

Branch filter:

Location: majic-ansible-roles/roles/xmpp_server/molecule/default/tests/test_client.py - annotation

41e53eb08518 3.6 KiB text/x-python Show Source Show as Raw Download as Raw

branko

MAR-240: Tag dropped packet messages in system log (due to rate-limiting):

- Improves visibility of such messages, making it easier to
distinguish them from other firewall-related messages.
- Update documentation to mention that the messages are logged.

2ada86e90026
2ada86e90026
f8f8d51c3fd5
f8f8d51c3fd5
e970d4afbea4
e970d4afbea4
e970d4afbea4
e970d4afbea4
d62b3adec462
e970d4afbea4
e970d4afbea4
9bc79c136d4f
9bc79c136d4f
72c8481f0498
72c8481f0498
e970d4afbea4
e970d4afbea4
e970d4afbea4
e970d4afbea4
e970d4afbea4
e970d4afbea4
72c8481f0498
9bc79c136d4f
9bc79c136d4f
e970d4afbea4
e970d4afbea4
f8f8d51c3fd5
f8f8d51c3fd5
f8f8d51c3fd5
f8f8d51c3fd5
f8f8d51c3fd5
e970d4afbea4
e970d4afbea4
e970d4afbea4
e970d4afbea4
3c51248b600c
3c51248b600c
3c51248b600c
e970d4afbea4
3c51248b600c
e970d4afbea4
3c51248b600c
3c51248b600c
3c51248b600c
e970d4afbea4
3c51248b600c
e970d4afbea4
e970d4afbea4
f8f8d51c3fd5
f8f8d51c3fd5
f8f8d51c3fd5
f8f8d51c3fd5
f8f8d51c3fd5
e970d4afbea4
3c51248b600c
e970d4afbea4
e970d4afbea4
3c51248b600c
3c51248b600c
3c51248b600c
3c51248b600c
3c51248b600c
3c51248b600c
e970d4afbea4
e970d4afbea4
f8f8d51c3fd5
f8f8d51c3fd5
f8f8d51c3fd5
f8f8d51c3fd5
f8f8d51c3fd5
f8f8d51c3fd5
e970d4afbea4
e970d4afbea4
e970d4afbea4
e970d4afbea4
3c51248b600c
3c51248b600c
3c51248b600c
e970d4afbea4
e970d4afbea4
3c51248b600c
3c51248b600c
3c51248b600c
e970d4afbea4
e970d4afbea4
e970d4afbea4
f8f8d51c3fd5
f8f8d51c3fd5
f8f8d51c3fd5
f8f8d51c3fd5
f8f8d51c3fd5
e970d4afbea4
e970d4afbea4
e970d4afbea4
e970d4afbea4
e970d4afbea4
3c51248b600c
3c51248b600c
3c51248b600c
e970d4afbea4
3c51248b600c

import os

import pytest

import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('clients')


@pytest.mark.parametrize('server', ['parameters-mandatory', 'parameters-optional'])
@pytest.mark.parametrize('port', [5222, 5223, 5000, 5269])
@pytest.mark.parametrize('ip_protocol', [4, 6])
def test_connectivity(host, server, port, ip_protocol):
    """
    Tests connectivity to the XMPP server (ports that should be reachable).
    """

    with host.sudo():

        scan = host.run('nmap -%s -p %s -oG - %s', str(ip_protocol), str(port), server)
        assert scan.rc == 0
        assert "Ports: %d/open/tcp//" % port in scan.stdout


@pytest.mark.parametrize("username, password, domain", [
    ["john.doe", "johnpassword", "domain1"],
    ["jane.doe", "janepassword", "domain2"],
])
def test_tls(host, username, password, domain):
    """
    Tests if TLS works as expected.
    """

    send = host.run(f"echo 'Hello' | go-sendxmpp --debug "
                    f"--username {username}@{domain} --password {password} --jserver {domain}:5222 "
                    f"{username}@{domain}")
    assert send.rc == 0
    assert "<body>Hello</body>" in send.stderr

    send = host.run(f"echo 'Hello' | go-sendxmpp --debug --tls "
                    f"--username {username}@{domain} --password {password} --jserver {domain}:5223 "
                    f"{username}@{domain}")
    assert send.rc == 0
    assert "<body>Hello</body>" in send.stderr


@pytest.mark.parametrize("username, password, domain", [
    ["john.doe", "johnpassword", "domain1"],
    ["jane.doe", "janepassword", "domain2"],
])
def test_authentication_requires_tls(host, username, password, domain):
    """
    Tests if STARTTLS is required.
    """

    send = host.run(f"echo 'Hello' | go-sendxmpp --debug "
                    f"--username {username}@{domain} --password {password} --jserver {domain}:5222 "
                    f"{username}@{domain}")

    assert send.rc == 0
    assert "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>" in send.stderr


@pytest.mark.parametrize("username, password, domain", [
    ["john.doe", "johnpassword", "domain1"],
    ["jane.doe", "janepassword", "domain2"],
    ["mick.doe", "mickpassword", "domain3"],
])
def test_authentication(host, username, password, domain):
    """
    Tests if authentication works correctly.
    """

    send = host.run(f"echo 'Hello' | go-sendxmpp --debug "
                    f"--username {username}@{domain} --password {password} --jserver {domain}:5222 "
                    f"{username}@{domain}")
    assert send.rc == 0

    send = host.run(f"echo 'Hello' | go-sendxmpp --debug --tls "
                    f"--username {username}@{domain} --password {password} --jserver {domain}:5223 "
                    f"{username}@{domain}")
    assert send.rc == 0


@pytest.mark.parametrize("target_username, target_domain", [
    ["john.doe", "domain1"],
    ["jane.doe", "domain2"],
])
def test_unauthorized_users_rejected(host, target_username, target_domain):
    """
    Tests if unauthorized users (present in LDAP, but not member of correct
    group) are rejected from accessing the XMPP server.
    """

    send = host.run(f"echo 'Hello' | go-sendxmpp --debug "
                    f"--username noxmpp@{target_domain} --password noxmpppassword --jserver {target_domain}:5222 "
                    f"{target_username}@{target_domain}")
    assert send.rc != 0
    assert "Unable to authorize you with the authentication credentials you've sent" in send.stderr