Files
@ b68d19ad38a3
Branch filter:
Location: majic-ansible-roles/roles/web_server/tests/test_mandatory.py - annotation
b68d19ad38a3
3.2 KiB
text/x-python
MAR-33: Added initial scaffolding for wsgi_website tests:
- Added Molecule configuration file.
- Implemented test playbook that sets-up three separate instances of WSGI
website in order to test all variations of parameters.
- Added name for the set_fact task.
- Fixed linting errors related to mode that lacks leading zero.
- Added skip_ansible_lint tag for command that creates the Python virtual
environment.
- Added missing become keyword wherever become_user is specified.
- Fixed invalid parameter name for specifying if HTTPS should be enforced or
not.
- Added small initial sample WSGI apps that get deployed.
- Added static/media sample files.
- Added TLS material.
- Added initial dummy test file.
- Added Molecule configuration file.
- Implemented test playbook that sets-up three separate instances of WSGI
website in order to test all variations of parameters.
- Added name for the set_fact task.
- Fixed linting errors related to mode that lacks leading zero.
- Added skip_ansible_lint tag for command that creates the Python virtual
environment.
- Added missing become keyword wherever become_user is specified.
- Fixed invalid parameter name for specifying if HTTPS should be enforced or
not.
- Added small initial sample WSGI apps that get deployed.
- Added static/media sample files.
- Added TLS material.
- Added initial dummy test file.
351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 | import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
'.molecule/ansible_inventory').get_hosts('parameters-mandatory')
def test_nginx_tls_files(File, Sudo):
"""
Tests if TLS private key and certificate have been deployed correctly.
"""
with Sudo():
tls_file = File('/etc/ssl/private/parameters-mandatory_https.key')
assert tls_file.is_file
assert tls_file.user == 'root'
assert tls_file.group == 'root'
assert tls_file.mode == 0o640
assert tls_file.content == open("tests/data/x509/parameters-mandatory_https.key", "r").read().rstrip()
tls_file = File('/etc/ssl/certs/parameters-mandatory_https.pem')
assert tls_file.is_file
assert tls_file.user == 'root'
assert tls_file.group == 'root'
assert tls_file.mode == 0o644
assert tls_file.content == open("tests/data/x509/parameters-mandatory_https.pem", "r").read().rstrip()
def test_certificate_validity_check_configuration(File):
"""
Tests if certificate validity check configuration file has been deployed
correctly.
"""
config = File('/etc/check_certificate/parameters-mandatory_https.conf')
assert config.is_file
assert config.user == 'root'
assert config.group == 'root'
assert config.mode == 0o644
assert config.content == "/etc/ssl/certs/parameters-mandatory_https.pem"
def test_tls_configuration(Command):
"""
Tests if the TLS has been configured correctly and works.
"""
tls = Command('wget -q -O - https://parameters-mandatory/')
assert tls.rc == 0
old_tls_versions_disabled = Command("echo 'Q' | openssl s_client -no_tls1_2 -connect parameters-mandatory:443")
assert old_tls_versions_disabled.rc != 0
assert "CONNECTED" in old_tls_versions_disabled.stdout
cipher = Command("echo 'Q' | openssl s_client -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-mandatory:443")
assert cipher.rc == 0
assert "ECDHE-RSA-AES128-SHA256" in cipher.stdout
cipher = Command("echo 'Q' | openssl s_client -cipher ECDHE-RSA-AES128-SHA -connect parameters-mandatory:443")
assert cipher.rc != 0
assert "ECDHE-RSA-AES128-SHA" not in cipher.stdout
def test_https_enforcement(Command):
"""
Tests if HTTPS is being enforced.
"""
https_enforcement = Command('curl -I http://parameters-mandatory/')
assert https_enforcement.rc == 0
assert 'HTTP/1.1 301 Moved Permanently' in https_enforcement.stdout
assert 'Location: https://parameters-mandatory/' in https_enforcement.stdout
https_enforcement = Command('curl -I https://parameters-mandatory/')
assert https_enforcement.rc == 0
assert 'Strict-Transport-Security: max-age=31536000; includeSubDomains' in https_enforcement.stdout
def test_default_vhost_index_page(Command):
"""
Tests content of default vhost index page.
"""
page = Command('curl https://parameters-mandatory/')
assert page.rc == 0
assert "<title>Welcome</title>" in page.stdout
assert "<h1>Welcome</h1>" in page.stdout
assert "<p>You are attempting to access the web server using a wrong name or an IP address. Please check your URL.</p>" in page.stdout
|