Files
@ b3e67fd6c0c1
Branch filter:
Location: majic-ansible-roles/roles/ldap_server/molecule/default/tests/test_default_buster.py - annotation
b3e67fd6c0c1
1.7 KiB
text/x-python
MAR-187: Reorder the deprecation tasks for xmpp_server role to make the runs reliable:
- Deprecated apt repository really needs to be removed first in case
it has an unresolvable URL (so the backports repository cache update
would trigger correctly).
- Use the file removal for Prosody repository as well to make sure the
file is dropped.
- Deprecated apt repository really needs to be removed first in case
it has an unresolvable URL (so the backports repository cache update
would trigger correctly).
- Use the file removal for Prosody repository as well to make sure the
file is dropped.
8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 | import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*-buster64')
def test_ldap_server_uses_correct_dh_parameters(host):
"""
Tests if the LDAP server uses the generated Diffie-Hellman
parameter.
"""
# Technically we should be testing here against deployed DH
# parameters file, however... When linked against GnuTLS, slapd
# seems to only take into account the size of pointed-to DH
# parameters, and then picks one of the parameters from the
# RFC-7919 (https://www.ietf.org/rfc/rfc7919.txt)
# instead. Therefore we list here the 2048-bit DH parameter from
# the RFC instead.
expected_dhparam = """-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
-----END DH PARAMETERS-----"""
connection = host.run("gnutls-cli --no-ca-verification --starttls-proto=ldap --port 389 "
"--priority 'NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA384:+DHE-RSA:+SHA384:+AEAD:+AES-256-GCM' --verbose localhost")
output = connection.stdout
begin_marker = "-----BEGIN DH PARAMETERS-----"
end_marker = "-----END DH PARAMETERS-----"
used_dhparam = output[output.find(begin_marker):output.find(end_marker) + len(end_marker)]
assert used_dhparam == expected_dhparam
|