Files
@ b3080953dcfc
Branch filter:
Location: majic-ansible-roles/roles/php_website/molecule/default/tests/test_default.py - annotation
b3080953dcfc
2.2 KiB
text/x-python
MAR-193: Fix deprecation warnings coming from newer versions of pip-tools:
- In more recent versions of pip-tools, a new option has been
added (--strip-extras) that will become a new default in next major
release. Not using this option causes some warnings on Debian 11
Bullseye when pip-tools is brought up to date.
- Refactor the invocation of pip-compile to make it more modular.
- No test expansion for this since it would make it a bit harder to
target both Debian 10 Buster and Debian 11 Bullseye.
- In more recent versions of pip-tools, a new option has been
added (--strip-extras) that will become a new default in next major
release. Not using this option causes some warnings on Debian 11
Bullseye when pip-tools is brought up to date.
- Refactor the invocation of pip-compile to make it more modular.
- No test expansion for this since it would make it a bit harder to
target both Debian 10 Buster and Debian 11 Bullseye.
14eb78a4f466 14eb78a4f466 5b102c4afcb3 5b102c4afcb3 1b6495e2ba42 1b6495e2ba42 3dd7f39302f8 1b6495e2ba42 d62b3adec462 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 5b102c4afcb3 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 611e6c9cffd9 | import os
import pytest
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
@pytest.mark.parametrize('fqdn', [
'parameters-mandatory',
'parameters-optional.local',
])
def test_https_enforcement(host, fqdn):
"""
Tests if HTTPS is being enforced.
"""
https_enforcement = host.run('curl -I http://%s/', fqdn)
assert https_enforcement.rc == 0
assert 'HTTP/1.1 301 Moved Permanently' in https_enforcement.stdout
assert 'Location: https://%s/' % fqdn in https_enforcement.stdout
https_enforcement = host.run('curl -I https://%s/', fqdn)
assert https_enforcement.rc == 0
assert 'Strict-Transport-Security: max-age=31536000; includeSubDomains' in https_enforcement.stdout
@pytest.mark.parametrize("private_key_path, certificate_path, expected_private_key, expected_certificate", [
('/etc/ssl/private/parameters-mandatory_https.key', '/etc/ssl/certs/parameters-mandatory_https.pem',
'tests/data/x509/server/parameters-mandatory_https.key.pem', 'tests/data/x509/server/parameters-mandatory_https.cert.pem'),
('/etc/ssl/private/parameters-optional.local_https.key', '/etc/ssl/certs/parameters-optional.local_https.pem',
'tests/data/x509/server/parameters-optional_https.key.pem', 'tests/data/x509/server/parameters-optional_https.cert.pem'),
])
def test_nginx_tls_files(host, private_key_path, certificate_path, expected_private_key, expected_certificate):
"""
Tests if TLS private key and certificate have been deployed correctly.
"""
with host.sudo():
tls_file = host.file(private_key_path)
assert tls_file.is_file
assert tls_file.user == 'root'
assert tls_file.group == 'root'
assert tls_file.mode == 0o640
assert tls_file.content_string == open(expected_private_key, "r").read().rstrip()
tls_file = host.file(certificate_path)
assert tls_file.is_file
assert tls_file.user == 'root'
assert tls_file.group == 'root'
assert tls_file.mode == 0o644
assert tls_file.content_string == open(expected_certificate, "r").read().rstrip()
|