Files
@ f05151d6f802
Branch filter:
Location: majic-ansible-roles/roles/xmpp_server/molecule/default/tests/test_client.py - annotation
f05151d6f802
3.6 KiB
text/x-python
MAR-132: Added support for Debian 9 (Stretch) to wsgi_website role:
- Set the shell for application system account explicitly (workaround
for Debian bug 865762 in Stretch).
- Updated Molecule tests to cover Debian 9.
- Updated Molecule test preparation playbook to account for a number
of differences between Jessie and Stretch (mainly related to mailing
functionality).
- Renamed a couple of variables in test for sending out mails to make
it clearer what is being looked up as part of regex matching.
- Updated Molecule tests where certain paths depend on what Debian
release they are ran against.
- Split-up Jessie-specific tests into separate file.
- Remove the /bin/ss utility instead of renaming it (testinfra socket
tests do not work with /bin/ss).
- Set the shell for application system account explicitly (workaround
for Debian bug 865762 in Stretch).
- Updated Molecule tests to cover Debian 9.
- Updated Molecule test preparation playbook to account for a number
of differences between Jessie and Stretch (mainly related to mailing
functionality).
- Renamed a couple of variables in test for sending out mails to make
it clearer what is being looked up as part of regex matching.
- Updated Molecule tests where certain paths depend on what Debian
release they are ran against.
- Split-up Jessie-specific tests into separate file.
- Remove the /bin/ss utility instead of renaming it (testinfra socket
tests do not work with /bin/ss).
2ada86e90026 2ada86e90026 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 ceb51ff23ae3 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 ceb51ff23ae3 ceb51ff23ae3 e970d4afbea4 e970d4afbea4 ceb51ff23ae3 ceb51ff23ae3 e970d4afbea4 e970d4afbea4 ceb51ff23ae3 ceb51ff23ae3 e970d4afbea4 e970d4afbea4 ceb51ff23ae3 ceb51ff23ae3 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 ceb51ff23ae3 ceb51ff23ae3 e970d4afbea4 e970d4afbea4 ceb51ff23ae3 ceb51ff23ae3 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 ceb51ff23ae3 ceb51ff23ae3 e970d4afbea4 e970d4afbea4 ceb51ff23ae3 ceb51ff23ae3 e970d4afbea4 e970d4afbea4 ceb51ff23ae3 ceb51ff23ae3 e970d4afbea4 e970d4afbea4 ceb51ff23ae3 ceb51ff23ae3 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 e970d4afbea4 ceb51ff23ae3 ceb51ff23ae3 e970d4afbea4 e970d4afbea4 | import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['clients'])
def test_connectivity(host):
"""
Tests connectivity to the XMPP server (ports that should be reachable).
"""
with host.sudo():
for server in ["parameters-mandatory",
"parameters-optional"]:
# c2s plaintext, c2s TLS, file proxy, s2s.
for port in [5222, 5223, 5000, 5269]:
ping = host.run('hping3 -S -p %d -c 1 %s' % (port, server))
assert ping.rc == 0
def test_tls(host):
"""
Tests if TLS works as expected.
"""
send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
"-t -u john.doe -p johnpassword -j domain1:5222 john.doe@domain1")
assert send.rc == 0
send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
"-e -u john.doe -p johnpassword -j domain1:5223 john.doe@domain1")
assert send.rc == 0
send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
"-t -u jane.doe -p janepassword -j domain2:5222 jane.doe@domain2")
assert send.rc == 0
send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
"-e -u jane.doe -p janepassword -j domain2:5223 jane.doe@domain2")
assert send.rc == 0
def test_authentication_requires_tls(host):
"""
Tests if authentication must be done over TLS.
"""
command = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
"-u bogus -p bogus -j domain1:5222 john.doe@domain1 -d")
assert "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>" in command.stderr
command = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
"-u bogus -p bogus -j domain2:5222 jane.doe@domain2 -d")
assert "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>" in command.stderr
def test_authentication(host):
"""
Tests if authentication works correctly.
"""
send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
"-t -u john.doe -p johnpassword -j domain1:5222 john.doe@domain1")
assert send.rc == 0
send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
"-e -u john.doe -p johnpassword -j domain1:5223 john.doe@domain1")
assert send.rc == 0
send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
"-t -u jane.doe -p janepassword -j domain2:5222 jane.doe@domain2")
assert send.rc == 0
send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
"-e -u mick.doe -p mickpassword -j domain3:5223 mick.doe@domain3")
assert send.rc == 0
def test_unauthorized_users_rejected(host):
"""
Tests if unauthorized users (present in LDAP, but not member of correct
group) are rejected from accessing the XMPP server.
"""
send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
"-t -u noxmpp -p noxmpppassword -j domain1:5222 john.doe@domain1")
assert send.rc != 0
assert "Error 'AuthSend': error: not-authorized[?]" in send.stderr
|