Files
@ 814be5def61d
Branch filter:
Location: majic-ansible-roles/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py - annotation
814be5def61d
2.0 KiB
text/x-python
MAR-189: Added support for Debian 11 Bullseye to xmpp_server role:
- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.
- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.
13982172ed2e 13982172ed2e 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 d62b3adec462 fb5e4e372902 372e9ba1763f 372e9ba1763f fb5e4e372902 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f fb5e4e372902 372e9ba1763f 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 36d96a3fc472 fb5e4e372902 fb5e4e372902 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 36d96a3fc472 fb5e4e372902 372e9ba1763f fb5e4e372902 fb5e4e372902 372e9ba1763f 372e9ba1763f 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 372e9ba1763f 372e9ba1763f 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 372e9ba1763f fb5e4e372902 36d96a3fc472 372e9ba1763f fb5e4e372902 | import os
import pytest
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('mail-server')
ansible_runner = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE'])
@pytest.mark.parametrize("server",
ansible_runner.get_hosts('parameters-optional'))
def test_connectivity_from_authorised_relay(host, server):
"""
Tests connectivity towards mail forwarder servers from authorised
relay.
"""
with host.sudo():
ping = host.run('hping3 -S -p 25 -c 1 %s', server)
assert ping.rc == 0
@pytest.mark.parametrize("server",
sorted(
set(ansible_runner.get_hosts('parameters-mandatory')) |
set(ansible_runner.get_hosts('parameters-no-incoming'))))
def test_connectivity_from_unauthorised_relay(host, server):
"""
Tests connectivity towards mail forwarder servers from unauthorised
relay.
"""
with host.sudo():
ping = host.run('hping3 -S -p 25 -c 1 %s', server)
assert ping.rc != 0
assert "100% packet loss" in ping.stderr
@pytest.mark.parametrize("server",
ansible_runner.get_hosts('parameters-optional'))
def test_mail_reception_from_authorised_relay(host, server):
"""
Tests if mails can be sent from relay to servers configured to use the
relay.
"""
send = host.run('swaks --suppress-data --to root@{server} --server {server}'.format(server=server))
assert send.rc == 0
@pytest.mark.parametrize("server",
ansible_runner.get_hosts('parameters-optional'))
def test_open_relay(host, server):
"""
Tests if mail forwarder behaves as open relay.
"""
no_recipients_accepted_error_code = 24
send = host.run('swaks --suppress-data --to root@client1 --server %s', server)
assert send.rc == no_recipients_accepted_error_code
assert "Relay access denied" in send.stdout
|