|
branko
|
e081fd2bc85c
|
15 months ago
|
|
MAR-181: Drop support for Debian 9 Stretch from ldap_server role:
- Switch to using IPs from VirtualBox default allowed host-only network subnets. - Drop the workaround for unsupported TLS ciphers on Debian Stretch.
|
|
branko
|
8d272d91d3d2
|
4 years ago
|
|
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP version it ships with. - This should allow use of DHE ciphers with LDAP server. - Generated DH parameters only help pick one of the parameters from RFC-7919 (based on the size of generated ones). - Make the cipher test lists distro-specific due to differences between supported algorithms in respective GnuTLS versions.
|
|
branko
|
75bfe558bba9
|
4 years ago
|
|
MAR-158: Refactor ldap_server TLS-related tests to use nmap:
- Updated requirements to include defusedxml for safe parsing of XML reports from nmap. - Install nmap as part of preparation step. - Refactored tests for TLS to use nmap ssl-enum-ciphers script for listing available TLS versions and ciphers.
|
|
branko
|
2e3af1a245a5
|
4 years ago
|
|
MAR-158: Update default TLS ciphers configuration in the ldap_server role:
- Updated the default value for parameter ldap_tls_ciphers. - Updated tests, making them explicitly test for enabled and disabled ciphers - Updated role reference documentation.
|
|
branko
|
eb03c3b4f367
|
4 years ago
|
|
MAR-162: Deduplicate TLS private key/certificate tests for LDAP server role:
- Rename the key/certificate files to match the Ansible inventory name. - Move the tests into test_default.py. - Change the key/certificate extensions to be more descriptie.
|
|
branko
|
d77f12671189
|
4 years ago
|
|
|
|
branko
|
d752715bb533
|
4 years ago
|
|
MAR-149: Switch to using File.content_string instead of File.content in tests for all roles:
- The .content variant returns contents as bytes, while the content_string returns a string (which is what is wanted in practically all cases).
|
|
branko
|
bc7eef6554a9
|
5 years ago
|
|
|
|
branko
|
d62b3adec462
|
5 years ago
|
|
|
|
branko
|
65ad7f138939
|
6 years ago
|
|
MAR-132: Parametrise tests in ldap_server role:
- Dynamically obtain inventory hostnames (don't hard-code them). - Parametrise connectivity test, switching to using inventory hostnames along the way (instead of hard-coded IPs in tests. - Populate /etc/hosts with inventory hostnames in client machine (used for connectivity tests).
|
|
branko
|
c082a26b62ff
|
6 years ago
|
|
MAR-129: Updated ldap_server role for new Molecule and Ansible:
- Fixed syntax warnings. - Moved test playbook variables into group_vars. - Optimised the invocation of test playbook. - Remove the 'ss' utility from test machines in order to properly test the unix sockets. - Fixed how the hosts are being referenced in tests.
|
|
branko
|
ec4e3e91c4d3
|
7 years ago
|
|
MAR-128: Upgraded tests for ldap_server role:
- Switch to new Molecule configuration. - Updated set-up playbook to use become: yes. - Moved some preparatory steps outside of the main playbook (eases idempotence tests). - Updated tests to reference the yml inventory file. - Updated tests to use new fixture (host instead of individual ones). - Fixed some linting issues. - Use localhost as backup client server name. This should make it simpler in future to cover more platforms. - Set-up the /etc/hosts for tests with correct entries (primarily aliases towards localhost to make it less important what the hostname is). - Renamed private key/certificate files for parameters-mandatory server since server got renamed as well. - Updated IP addresses used for testing to make it easier to test new platforms in the future. - Use inventory_hostname-based parameterisation of tests where appropriate. Currently hard-coded value for this because host.ansible.get_variables() produces errors.
|