Files
@ 8d272d91d3d2
Branch filter:
Location: majic-ansible-roles/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py - annotation
8d272d91d3d2
2.0 KiB
text/x-python
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
13982172ed2e 13982172ed2e 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 d62b3adec462 fb5e4e372902 372e9ba1763f 372e9ba1763f fb5e4e372902 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f fb5e4e372902 372e9ba1763f 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 36d96a3fc472 fb5e4e372902 fb5e4e372902 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 372e9ba1763f 36d96a3fc472 fb5e4e372902 372e9ba1763f fb5e4e372902 fb5e4e372902 372e9ba1763f 372e9ba1763f 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 372e9ba1763f 372e9ba1763f 372e9ba1763f fb5e4e372902 fb5e4e372902 fb5e4e372902 fb5e4e372902 372e9ba1763f fb5e4e372902 36d96a3fc472 372e9ba1763f fb5e4e372902 | import os
import pytest
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('mail-server')
ansible_runner = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE'])
@pytest.mark.parametrize("server",
ansible_runner.get_hosts('parameters-optional'))
def test_connectivity_from_authorised_relay(host, server):
"""
Tests connectivity towards mail forwarder servers from authorised
relay.
"""
with host.sudo():
ping = host.run('hping3 -S -p 25 -c 1 %s', server)
assert ping.rc == 0
@pytest.mark.parametrize("server",
sorted(
set(ansible_runner.get_hosts('parameters-mandatory')) |
set(ansible_runner.get_hosts('parameters-no-incoming'))))
def test_connectivity_from_unauthorised_relay(host, server):
"""
Tests connectivity towards mail forwarder servers from unauthorised
relay.
"""
with host.sudo():
ping = host.run('hping3 -S -p 25 -c 1 %s', server)
assert ping.rc != 0
assert "100% packet loss" in ping.stderr
@pytest.mark.parametrize("server",
ansible_runner.get_hosts('parameters-optional'))
def test_mail_reception_from_authorised_relay(host, server):
"""
Tests if mails can be sent from relay to servers configured to use the
relay.
"""
send = host.run('swaks --suppress-data --to root@{server} --server {server}'.format(server=server))
assert send.rc == 0
@pytest.mark.parametrize("server",
ansible_runner.get_hosts('parameters-optional'))
def test_open_relay(host, server):
"""
Tests if mail forwarder behaves as open relay.
"""
no_recipients_accepted_error_code = 24
send = host.run('swaks --suppress-data --to root@client1 --server %s', server)
assert send.rc == no_recipients_accepted_error_code
assert "Relay access denied" in send.stdout
|