From 372e9ba1763fb9f1190cf20677fe7f235e5fd4be 2020-05-06 00:19:26 From: Branko Majic Date: 2020-05-06 00:19:26 Subject: [PATCH] MAR-152: Refactor tests for mail_forwader relay testing: - Mark the helper machines in the Ansible inventory. - Parametrise the tests to make adding future servers easier (e.g. do not use specific hostnames in tests). - Break-up relay test to be more specific (also to be able to parametrise properly). --- diff --git a/roles/mail_forwarder/molecule/default/molecule.yml b/roles/mail_forwarder/molecule/default/molecule.yml index 04b21eb3ae05ef0e77e5b26660d13318a9e8ce79..67db5205e686a348d31f66d2672b439e5f0e19b2 100644 --- a/roles/mail_forwarder/molecule/default/molecule.yml +++ b/roles/mail_forwarder/molecule/default/molecule.yml @@ -17,6 +17,7 @@ platforms: - name: mail-server groups: - mail-servers + - helper box: debian/contrib-stretch64 memory: 256 cpus: 1 @@ -29,6 +30,7 @@ platforms: - name: client1 groups: - clients + - helper box: debian/contrib-stretch64 memory: 256 cpus: 1 diff --git a/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_client.py b/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_client.py index f76e85986311f8ab98643b6bf81f604e6694511f..d889bfa24a219a3aac944213115e5d44ef03ea0b 100644 --- a/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_client.py +++ b/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_client.py @@ -1,13 +1,21 @@ import os +import pytest import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('client1') +ansible_runner = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']) -def test_connectivity_from_client(host): + +@pytest.mark.parametrize("server", + sorted( + set(ansible_runner.get_hosts('all')) - + set(ansible_runner.get_hosts('helper')))) +def test_connectivity_from_client(host, server): """ Tests connectivity towards mail forwarder servers from client (non-relay). Connectivity should fail for both. @@ -15,14 +23,6 @@ def test_connectivity_from_client(host): with host.sudo(): - ping = host.run('hping3 -S -p 25 -c 1 parameters-mandatory-stretch64') - assert ping.rc != 0 - assert "100% packet loss" in ping.stderr - - ping = host.run('hping3 -S -p 25 -c 1 parameters-optional-stretch64') + ping = host.run('hping3 -S -p 25 -c 1 %s' % server) assert ping.rc != 0 assert "100% packet loss" in ping.stderr - - ping = host.run('hping3 -S -p 25 -c 1 parameters-no-incoming-stretch64') - assert "100% packet loss" in ping.stderr - assert ping.rc != 0 diff --git a/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py b/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py index 04c0cc996cdab4f769718e06b3c6e4a06b1f4667..74a5c426566db57b5ea18cc0c40d78f7b02a6352 100644 --- a/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py +++ b/roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py @@ -1,49 +1,68 @@ import os +import pytest import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('mail-server') +ansible_runner = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']) -def test_connectivity_from_relay(host): + +@pytest.mark.parametrize("server", + ansible_runner.get_hosts('parameters-optional')) +def test_connectivity_from_authorised_relay(host, server): """ - Tests connectivity towards mail forwarder servers from relay. Connection - towards parameters-mandatory should fail. + Tests connectivity towards mail forwarder servers from authorised + relay. """ with host.sudo(): - ping = host.run('hping3 -S -p 25 -c 1 parameters-mandatory-stretch64') - assert ping.rc != 0 - assert "100% packet loss" in ping.stderr - - ping = host.run('hping3 -S -p 25 -c 1 parameters-optional-stretch64') + ping = host.run('hping3 -S -p 25 -c 1 %s' % server) assert ping.rc == 0 - ping = host.run('hping3 -S -p 25 -c 1 parameters-no-incoming-stretch64') - assert "100% packet loss" in ping.stderr + +@pytest.mark.parametrize("server", + sorted( + set(ansible_runner.get_hosts('parameters-mandatory')) | + set(ansible_runner.get_hosts('parameters-no-incoming')))) +def test_connectivity_from_unauthorised_relay(host, server): + """ + Tests connectivity towards mail forwarder servers from unauthorised + relay. + """ + + with host.sudo(): + + ping = host.run('hping3 -S -p 25 -c 1 %s' % server) assert ping.rc != 0 + assert "100% packet loss" in ping.stderr -def test_mail_reception_from_relay(host): +@pytest.mark.parametrize("server", + ansible_runner.get_hosts('parameters-optional')) +def test_mail_reception_from_authorised_relay(host, server): """ Tests if mails can be sent from relay to servers configured to use the relay. """ - send = host.run('swaks --suppress-data --to root@parameters-optional-stretch64 --server parameters-optional-stretch64') + send = host.run('swaks --suppress-data --to root@{server} --server {server}'.format(server=server)) assert send.rc == 0 -def test_open_relay(host): +@pytest.mark.parametrize("server", + ansible_runner.get_hosts('parameters-optional')) +def test_open_relay(host, server): """ Tests if mail forwarder behaves as open relay. """ - no_recipients_accepted = 24 + no_recipients_accepted_error_code = 24 - send = host.run('swaks --suppress-data --to root@client1 --server parameters-optional-stretch64') - assert send.rc == no_recipients_accepted + send = host.run('swaks --suppress-data --to root@client1 --server %s' % server) + assert send.rc == no_recipients_accepted_error_code assert "Relay access denied" in send.stdout