Files @ d47bd45e61b3
Branch filter:

Location: majic-ansible-roles/roles/php_website/molecule/default/tests/test_default.py - annotation

d47bd45e61b3 2.2 KiB text/x-python Show Source Show as Raw Download as Raw
branko
MAR-163: Deduplicate tests for the preseed directory in preseed role:

- Run a single test on all three servers.
- Explicitly specify the preseed directory path (instead of using
constant).
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
14eb78a4f466
14eb78a4f466
5b102c4afcb3
5b102c4afcb3
1b6495e2ba42
1b6495e2ba42
3dd7f39302f8
1b6495e2ba42
d62b3adec462
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
5b102c4afcb3
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9
611e6c9cffd9

import os

import pytest

import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')


@pytest.mark.parametrize('fqdn', [
    'parameters-mandatory',
    'parameters-optional.local',
])
def test_https_enforcement(host, fqdn):
    """
    Tests if HTTPS is being enforced.
    """

    https_enforcement = host.run('curl -I http://%s/', fqdn)

    assert https_enforcement.rc == 0
    assert 'HTTP/1.1 301 Moved Permanently' in https_enforcement.stdout
    assert 'Location: https://%s/' % fqdn in https_enforcement.stdout

    https_enforcement = host.run('curl -I https://%s/', fqdn)

    assert https_enforcement.rc == 0
    assert 'Strict-Transport-Security: max-age=31536000; includeSubDomains' in https_enforcement.stdout


@pytest.mark.parametrize("private_key_path, certificate_path, expected_private_key, expected_certificate", [
    ('/etc/ssl/private/parameters-mandatory_https.key', '/etc/ssl/certs/parameters-mandatory_https.pem',
     'tests/data/x509/server/parameters-mandatory_https.key.pem', 'tests/data/x509/server/parameters-mandatory_https.cert.pem'),
    ('/etc/ssl/private/parameters-optional.local_https.key', '/etc/ssl/certs/parameters-optional.local_https.pem',
     'tests/data/x509/server/parameters-optional_https.key.pem', 'tests/data/x509/server/parameters-optional_https.cert.pem'),
])
def test_nginx_tls_files(host, private_key_path, certificate_path, expected_private_key, expected_certificate):
    """
    Tests if TLS private key and certificate have been deployed correctly.
    """

    with host.sudo():

        tls_file = host.file(private_key_path)
        assert tls_file.is_file
        assert tls_file.user == 'root'
        assert tls_file.group == 'root'
        assert tls_file.mode == 0o640
        assert tls_file.content_string == open(expected_private_key, "r").read().rstrip()

        tls_file = host.file(certificate_path)
        assert tls_file.is_file
        assert tls_file.user == 'root'
        assert tls_file.group == 'root'
        assert tls_file.mode == 0o644
        assert tls_file.content_string == open(expected_certificate, "r").read().rstrip()
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.