Files
@ e970d4afbea4
Branch filter:
Location: majic-ansible-roles/roles/web_server/molecule/default/tests/test_mandatory.py - annotation
e970d4afbea4
3.2 KiB
text/x-python
MAR-128: Upgraded tests for xmpp_server role:
- Switch to new Molecule configuration.
- Updated set-up playbook to use become: yes.
- Moved some preparatory steps outside of the main playbook (eases
idempotence tests).
- Updated tests to reference the yml inventory file.
- Updated tests to use new fixture (host instead of individual ones).
- Switched to extracting hostname instead of hard-coding it in a
couple of tests.
- Renamed hosts to include the Debian version.
- Updated names for some of the test data to cater to change in host
names.
- Switched to using more robust task for populating /etc/hosts.
- Switch to new Molecule configuration.
- Updated set-up playbook to use become: yes.
- Moved some preparatory steps outside of the main playbook (eases
idempotence tests).
- Updated tests to reference the yml inventory file.
- Updated tests to use new fixture (host instead of individual ones).
- Switched to extracting hostname instead of hard-coding it in a
couple of tests.
- Renamed hosts to include the Debian version.
- Updated names for some of the test data to cater to change in host
names.
- Switched to using more robust task for populating /etc/hosts.
351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 eee778bc2d7c eee778bc2d7c eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c eee778bc2d7c eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 eee778bc2d7c 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 351cd42e5f56 | import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
'.molecule/ansible_inventory.yml').get_hosts('parameters-mandatory')
def test_nginx_tls_files(host):
"""
Tests if TLS private key and certificate have been deployed correctly.
"""
hostname = host.run('hostname').stdout
with host.sudo():
tls_file = host.file('/etc/ssl/private/%s_https.key' % hostname)
assert tls_file.is_file
assert tls_file.user == 'root'
assert tls_file.group == 'root'
assert tls_file.mode == 0o640
assert tls_file.content == open("tests/data/x509/%s_https.key" % hostname, "r").read().rstrip()
tls_file = host.file('/etc/ssl/certs/%s_https.pem' % hostname)
assert tls_file.is_file
assert tls_file.user == 'root'
assert tls_file.group == 'root'
assert tls_file.mode == 0o644
assert tls_file.content == open("tests/data/x509/%s_https.pem" % hostname, "r").read().rstrip()
def test_certificate_validity_check_configuration(host):
"""
Tests if certificate validity check configuration file has been deployed
correctly.
"""
hostname = host.run('hostname').stdout
config = host.file('/etc/check_certificate/%s_https.conf' % hostname)
assert config.is_file
assert config.user == 'root'
assert config.group == 'root'
assert config.mode == 0o644
assert config.content == "/etc/ssl/certs/%s_https.pem" % hostname
def test_tls_configuration(host):
"""
Tests if the TLS has been configured correctly and works.
"""
tls = host.run('wget -q -O - https://parameters-mandatory/')
assert tls.rc == 0
old_tls_versions_disabled = host.run("echo 'Q' | openssl s_client -no_tls1_2 -connect parameters-mandatory:443")
assert old_tls_versions_disabled.rc != 0
assert "CONNECTED" in old_tls_versions_disabled.stdout
cipher = host.run("echo 'Q' | openssl s_client -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-mandatory:443")
assert cipher.rc == 0
assert "ECDHE-RSA-AES128-SHA256" in cipher.stdout
cipher = host.run("echo 'Q' | openssl s_client -cipher ECDHE-RSA-AES128-SHA -connect parameters-mandatory:443")
assert cipher.rc != 0
assert "ECDHE-RSA-AES128-SHA" not in cipher.stdout
def test_https_enforcement(host):
"""
Tests if HTTPS is being enforced.
"""
https_enforcement = host.run('curl -I http://parameters-mandatory/')
assert https_enforcement.rc == 0
assert 'HTTP/1.1 301 Moved Permanently' in https_enforcement.stdout
assert 'Location: https://parameters-mandatory/' in https_enforcement.stdout
https_enforcement = host.run('curl -I https://parameters-mandatory/')
assert https_enforcement.rc == 0
assert 'Strict-Transport-Security: max-age=31536000; includeSubDomains' in https_enforcement.stdout
def test_default_vhost_index_page(host):
"""
Tests content of default vhost index page.
"""
page = host.run('curl https://parameters-mandatory/')
assert page.rc == 0
assert "<title>Welcome</title>" in page.stdout
assert "<h1>Welcome</h1>" in page.stdout
assert "<p>You are attempting to access the web server using a wrong name or an IP address. Please check your URL.</p>" in page.stdout
|