Files @ a4669a111e0f
Branch filter:

Location: majic-ansible-roles/roles/php_website/molecule/default/tests/test_default.py - annotation

a4669a111e0f 2.2 KiB text/x-python Show Source Show as Raw Download as Raw
branko
MAR-239: Drop Debian 11 Bullseye from metadata of all roles, fix configuration file headings.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
14eb78a4f466
14eb78a4f466
5b102c4afcb3
5b102c4afcb3
1b6495e2ba42
1b6495e2ba42
3dd7f39302f8
1b6495e2ba42
d62b3adec462
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9

import os

import pytest

import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')


@pytest.mark.parametrize('fqdn', [
    'parameters-mandatory',
    'parameters-optional.local',
])
def test_https_enforcement(host, fqdn):
    """
    Tests if HTTPS is being enforced.
    """

    https_enforcement = host.run('curl -I http://%s/', fqdn)

    assert https_enforcement.rc == 0
    assert 'HTTP/1.1 301 Moved Permanently' in https_enforcement.stdout
    assert 'Location: https://%s/' % fqdn in https_enforcement.stdout

    https_enforcement = host.run('curl -I https://%s/', fqdn)

    assert https_enforcement.rc == 0
    assert 'Strict-Transport-Security: max-age=31536000; includeSubDomains' in https_enforcement.stdout


@pytest.mark.parametrize("private_key_path, certificate_path, expected_private_key, expected_certificate", [
    ('/etc/ssl/private/parameters-mandatory_https.key', '/etc/ssl/certs/parameters-mandatory_https.pem',
     'tests/data/x509/server/parameters-mandatory_https.key.pem', 'tests/data/x509/server/parameters-mandatory_https.cert.pem'),
    ('/etc/ssl/private/parameters-optional.local_https.key', '/etc/ssl/certs/parameters-optional.local_https.pem',
     'tests/data/x509/server/parameters-optional_https.key.pem', 'tests/data/x509/server/parameters-optional_https.cert.pem'),
])
def test_nginx_tls_files(host, private_key_path, certificate_path, expected_private_key, expected_certificate):
    """
    Tests if TLS private key and certificate have been deployed correctly.
    """

    with host.sudo():

        tls_file = host.file(private_key_path)
        assert tls_file.is_file
        assert tls_file.user == 'root'
        assert tls_file.group == 'root'
        assert tls_file.mode == 0o640
        assert tls_file.content_string == open(expected_private_key, "r").read().rstrip()

        tls_file = host.file(certificate_path)
        assert tls_file.is_file
        assert tls_file.user == 'root'
        assert tls_file.group == 'root'
        assert tls_file.mode == 0o644
        assert tls_file.content_string == open(expected_certificate, "r").read().rstrip()
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.