Files @ 5fc2143a00eb
Branch filter:

Location: majic-ansible-roles/roles/web_server/molecule/default/tests/test_optional.py - annotation

5fc2143a00eb 2.8 KiB text/x-python Show Source Show as Raw Download as Raw
branko
MAR-243: Drop inventory hostname usage from ldap_server tests:

- Most other roles seem to rely on invoking the hostname command.
- Might be worth it switching to something more technicall correct in
the future, like invoking hostname -f for FQDN.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
a5f4c1ec6853
a5f4c1ec6853
f7c1f4c841f8
83a557f70dfb
351cd42e5f56
351cd42e5f56
351cd42e5f56
d62b3adec462
351cd42e5f56
351cd42e5f56
f7c1f4c841f8
23a5f9ba293c
f7c1f4c841f8
23a5f9ba293c
23a5f9ba293c
7e21feb6e4ee
23a5f9ba293c
f7c1f4c841f8
f7c1f4c841f8
f7c1f4c841f8
f7c1f4c841f8
f7c1f4c841f8
f7c1f4c841f8
f7c1f4c841f8
f7c1f4c841f8
f7c1f4c841f8
f7c1f4c841f8
f7c1f4c841f8
83a557f70dfb
f7c1f4c841f8
f7c1f4c841f8
f7c1f4c841f8
f7c1f4c841f8
f7c1f4c841f8
83a557f70dfb
f7c1f4c841f8
83a557f70dfb
f7c1f4c841f8
f7c1f4c841f8
83a557f70dfb
f7c1f4c841f8
f7c1f4c841f8
83a557f70dfb
f7c1f4c841f8
f7c1f4c841f8
83a557f70dfb
f7c1f4c841f8
f7c1f4c841f8
351cd42e5f56
f7c1f4c841f8
f7c1f4c841f8
351cd42e5f56
351cd42e5f56
eee778bc2d7c
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
fc2c40c98e0c
fc2c40c98e0c
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
fc2c40c98e0c
4b5ca3dcf102
4b5ca3dcf102
4b5ca3dcf102
4b5ca3dcf102
4b5ca3dcf102
4b5ca3dcf102
4b5ca3dcf102
4b5ca3dcf102
4b5ca3dcf102
4b5ca3dcf102
4b5ca3dcf102
1cc95d998f7c
51a7f4dcf177
1cc95d998f7c
1cc95d998f7c
1cc95d998f7c
1cc95d998f7c
4b5ca3dcf102
1cc95d998f7c

import os

import defusedxml.ElementTree as ElementTree

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')


def test_tls_version_and_ciphers(host):
    """
    Tests if the correct TLS version and ciphers have been enabled.
    """

    expected_tls_versions = ["TLSv1.2"]

    expected_tls_ciphers = [
        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
        "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
        "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
    ]

    # Run the nmap scanner against the LDAP server, and fetch the
    # results.
    nmap = host.run("nmap -sV --script ssl-enum-ciphers -p 443 localhost -oX /tmp/report.xml")
    assert nmap.rc == 0
    report_content = host.file('/tmp/report.xml').content_string

    report_root = ElementTree.fromstring(report_content)

    tls_versions = []
    tls_ciphers = set()

    for child in report_root.findall("./host/ports/port/script/table"):
        tls_versions.append(child.attrib['key'])

    for child in report_root.findall(".//table[@key='ciphers']/table/elem[@key='name']"):
        tls_ciphers.add(child.text)

    tls_versions.sort()
    tls_ciphers = sorted(list(tls_ciphers))

    assert tls_versions == expected_tls_versions
    assert tls_ciphers == expected_tls_ciphers


def test_default_vhost_index_page(host):
    """
    Tests content of default vhost index page.
    """

    hostname = host.ansible.get_variables()['inventory_hostname']
    page = host.run('curl https://%s/', hostname)

    assert page.rc == 0
    assert "<title>Optional Welcome</title>" in page.stdout
    assert "<h1>Optional Welcome</h1>" in page.stdout
    assert "<p>Welcome to default virtual host.</p>" in page.stdout


def test_environment_indicator(host):
    """
    Tests if environment indicator is applied correctly.
    """

    hostname = host.ansible.get_variables()['inventory_hostname']

    page = host.run('curl https://%s/' % hostname)

    expected_content = """
    <details open='true' style='position: fixed; left: 0; width: 100%; line-height: 1.5em; font-weight: bold; color: #00ff00;'>
        <summary style='background-color: #ff0000; list-style-type: none; position: fixed; bottom: 5px; z-index: 999999;'>&#128896;&#128898;</summary>
        <div style='background-color: #ff0000; width: 100%; text-align: center; position: fixed; bottom: 5px; z-index: 999998;'>parameters-optional</div>
    </details>
"""
    assert page.rc == 0
    assert expected_content in page.stdout
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.