Files
@ d276d914cc27
Branch filter:
Location: majic-ansible-roles/roles/web_server/molecule/default/tests/test_optional.py - annotation
d276d914cc27
2.8 KiB
text/x-python
MAR-218: Updated release notes (just a small rewrite).
a5f4c1ec6853 a5f4c1ec6853 f7c1f4c841f8 83a557f70dfb 351cd42e5f56 351cd42e5f56 351cd42e5f56 d62b3adec462 351cd42e5f56 351cd42e5f56 f7c1f4c841f8 23a5f9ba293c f7c1f4c841f8 23a5f9ba293c 23a5f9ba293c f7c1f4c841f8 23a5f9ba293c f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 83a557f70dfb f7c1f4c841f8 f7c1f4c841f8 351cd42e5f56 f7c1f4c841f8 f7c1f4c841f8 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 fc2c40c98e0c fc2c40c98e0c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 fc2c40c98e0c 4b5ca3dcf102 4b5ca3dcf102 4b5ca3dcf102 4b5ca3dcf102 4b5ca3dcf102 4b5ca3dcf102 4b5ca3dcf102 4b5ca3dcf102 4b5ca3dcf102 4b5ca3dcf102 4b5ca3dcf102 1cc95d998f7c 51a7f4dcf177 1cc95d998f7c 1cc95d998f7c 1cc95d998f7c 1cc95d998f7c 4b5ca3dcf102 1cc95d998f7c | import os
import defusedxml.ElementTree as ElementTree
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')
def test_tls_version_and_ciphers(host):
"""
Tests if the correct TLS version and ciphers have been enabled.
"""
expected_tls_versions = ["TLSv1.1", "TLSv1.2"]
expected_tls_ciphers = [
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
]
# Run the nmap scanner against the LDAP server, and fetch the
# results.
nmap = host.run("nmap -sV --script ssl-enum-ciphers -p 443 localhost -oX /tmp/report.xml")
assert nmap.rc == 0
report_content = host.file('/tmp/report.xml').content_string
report_root = ElementTree.fromstring(report_content)
tls_versions = []
tls_ciphers = set()
for child in report_root.findall("./host/ports/port/script/table"):
tls_versions.append(child.attrib['key'])
for child in report_root.findall(".//table[@key='ciphers']/table/elem[@key='name']"):
tls_ciphers.add(child.text)
tls_versions.sort()
tls_ciphers = sorted(list(tls_ciphers))
assert tls_versions == expected_tls_versions
assert tls_ciphers == expected_tls_ciphers
def test_default_vhost_index_page(host):
"""
Tests content of default vhost index page.
"""
hostname = host.ansible.get_variables()['inventory_hostname']
page = host.run('curl https://%s/', hostname)
assert page.rc == 0
assert "<title>Optional Welcome</title>" in page.stdout
assert "<h1>Optional Welcome</h1>" in page.stdout
assert "<p>Welcome to default virtual host.</p>" in page.stdout
def test_environment_indicator(host):
"""
Tests if environment indicator is applied correctly.
"""
hostname = host.ansible.get_variables()['inventory_hostname']
page = host.run('curl https://%s/' % hostname)
expected_content = """
<details open='true' style='position: fixed; left: 0; width: 100%; line-height: 1.5em; font-weight: bold; color: #00ff00;'>
<summary style='background-color: #ff0000; list-style-type: none; position: fixed; bottom: 5px; z-index: 999999;'>🞀🞂</summary>
<div style='background-color: #ff0000; width: 100%; text-align: center; position: fixed; bottom: 5px; z-index: 999998;'>parameters-optional</div>
</details>
"""
assert page.rc == 0
assert expected_content in page.stdout
|