From fc2c40c98e0c356fd68229c280ba83ed5c2885ef 2023-12-01 15:44:45 From: Branko Majic Date: 2023-12-01 15:44:45 Subject: [PATCH] MAR-189: Refactored web_server tests to be less hostname-dependent: - Use the inventory name (alongisde distribution version) in places where it's possible and makes sense to do so. - Rearrange the IP allocation a bit to make more sense. - Drop architecture information from the hostnames. - Make the connectivity test operate over a matrix of input parameters. - Replace singular use of wget for testing with curl. --- diff --git a/roles/web_server/molecule/default/group_vars/parameters-optional.yml b/roles/web_server/molecule/default/group_vars/parameters-optional.yml index ff2c5e0f3891f2503fd3f34a5e82ff59f0af7778..693ad456ae8dc6bd597fbee56e33073f40fab540 100644 --- a/roles/web_server/molecule/default/group_vars/parameters-optional.yml +++ b/roles/web_server/molecule/default/group_vars/parameters-optional.yml @@ -3,7 +3,7 @@ default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_https.cert.pem') }}" default_https_tls_key: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_https.key.pem') }}" web_default_title: "Optional Welcome" -web_default_message: "Welcome to parameters-optional, default virtual host." +web_default_message: "Welcome to default virtual host." web_server_tls_protocols: - TLSv1.1 - TLSv1.2 diff --git a/roles/web_server/molecule/default/molecule.yml b/roles/web_server/molecule/default/molecule.yml index 984a67f960c2070d18f906ce03cea58132605b08..0cc90f362a4ef73a5b5be21990b3240ab9e5bfc8 100644 --- a/roles/web_server/molecule/default/molecule.yml +++ b/roles/web_server/molecule/default/molecule.yml @@ -14,20 +14,17 @@ lint: platforms: - - name: client1-buster - groups: - - client - - buster + - name: client box: debian/contrib-buster64 memory: 256 cpus: 1 interfaces: - auto_config: true - ip: 192.168.56.20 + ip: 192.168.56.11 network_name: private_network type: static - - name: parameters-mandatory-buster64 + - name: parameters-mandatory-buster groups: - parameters-mandatory - buster @@ -36,11 +33,11 @@ platforms: cpus: 1 interfaces: - auto_config: true - ip: 192.168.56.30 + ip: 192.168.56.21 network_name: private_network type: static - - name: parameters-optional-buster64 + - name: parameters-optional-buster groups: - parameters-optional - buster @@ -49,7 +46,7 @@ platforms: cpus: 1 interfaces: - auto_config: true - ip: 192.168.56.31 + ip: 192.168.56.22 network_name: private_network type: static diff --git a/roles/web_server/molecule/default/prepare.yml b/roles/web_server/molecule/default/prepare.yml index f8a0537cb0faf9575ee831015a9bbda42e5e42e0..06a9a42ee679932cba5cc5b04044988b41246474 100644 --- a/roles/web_server/molecule/default/prepare.yml +++ b/roles/web_server/molecule/default/prepare.yml @@ -23,10 +23,10 @@ - "{{ item.name }}" - "{{ item.fqdn }}" with_items: - - name: parameters-mandatory-buster64_https - fqdn: parameters-mandatory - - name: parameters-optional-buster64_https - fqdn: parameters-optional + - name: parameters-mandatory-buster_https + fqdn: parameters-mandatory-buster + - name: parameters-optional-buster_https + fqdn: parameters-optional-buster - name: Set-up link to generated X.509 material file: @@ -59,7 +59,7 @@ - nmap state: present -- hosts: buster +- hosts: all become: true tasks: @@ -73,9 +73,9 @@ mode: 0644 state: present with_dict: - 192.168.56.20: "client1" - 192.168.56.30: "parameters-mandatory" - 192.168.56.31: "parameters-optional" + 192.168.56.11: "client" + 192.168.56.21: "parameters-mandatory-buster" + 192.168.56.22: "parameters-optional-buster" - name: Install curl for testing redirects and webpage content apt: diff --git a/roles/web_server/molecule/default/tests/test_client.py b/roles/web_server/molecule/default/tests/test_client.py index 0c91ec29f381f327bbd7d06d02b1c9cb5b98dad0..0c2689b65b04e69e5610363963645b815625617f 100644 --- a/roles/web_server/molecule/default/tests/test_client.py +++ b/roles/web_server/molecule/default/tests/test_client.py @@ -1,5 +1,7 @@ import os +import pytest + import testinfra.utils.ansible_runner @@ -7,17 +9,16 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('client') -def test_connectivity(host): +@pytest.mark.parametrize('server', testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*') +) +@pytest.mark.parametrize('port', [80, 443]) +def test_connectivity(host, server, port): """ Tests connectivity to the web server (ports that should be reachable). """ with host.sudo(): - for server in ["parameters-mandatory", - "parameters-optional"]: - # HTTP, HTTPS. - for port in [80, 443]: - - ping = host.run('hping3 -S -p %s -c 1 %s', str(port), server) - assert ping.rc == 0 + ping = host.run('hping3 -S -p %s -c 1 %s', str(port), server) + assert ping.rc == 0 diff --git a/roles/web_server/molecule/default/tests/test_default.py b/roles/web_server/molecule/default/tests/test_default.py index 1bf6d170799c24aeaf6d247b17af3fec84c31820..583410dbe3229c18e9ce652df5b5e0cf2f2de2e6 100644 --- a/roles/web_server/molecule/default/tests/test_default.py +++ b/roles/web_server/molecule/default/tests/test_default.py @@ -343,10 +343,9 @@ def test_tls_enabled(host): Tests if TLS has been enabled. """ - hostname = host.run('hostname').stdout.strip() - fqdn = hostname[:hostname.rfind('-')] + hostname = host.ansible.get_variables()['inventory_hostname'] - tls = host.run('wget -q -O - https://%s/', fqdn) + tls = host.run('curl https://%s/', hostname) assert tls.rc == 0 @@ -355,16 +354,15 @@ def test_https_enforcement(host): Tests if HTTPS is being enforced. """ - hostname = host.run('hostname').stdout.strip() - fqdn = hostname[:hostname.rfind('-')] + hostname = host.ansible.get_variables()['inventory_hostname'] - https_enforcement = host.run('curl -I http://%s/', fqdn) + https_enforcement = host.run('curl -I http://%s/', hostname) assert https_enforcement.rc == 0 assert 'HTTP/1.1 301 Moved Permanently' in https_enforcement.stdout - assert 'Location: https://%s/' % fqdn in https_enforcement.stdout + assert 'Location: https://%s/' % hostname in https_enforcement.stdout - https_enforcement = host.run('curl -I https://%s/', fqdn) + https_enforcement = host.run('curl -I https://%s/', hostname) assert https_enforcement.rc == 0 assert 'Strict-Transport-Security: max-age=31536000; includeSubDomains' in https_enforcement.stdout diff --git a/roles/web_server/molecule/default/tests/test_mandatory.py b/roles/web_server/molecule/default/tests/test_mandatory.py index 0d53df3ee72a7823d9992fd16a61c9eb04db566d..b02071ed8d9586fa8b6bb886a4a0ee82575f0e7d 100644 --- a/roles/web_server/molecule/default/tests/test_mandatory.py +++ b/roles/web_server/molecule/default/tests/test_mandatory.py @@ -53,7 +53,8 @@ def test_default_vhost_index_page(host): Tests content of default vhost index page. """ - page = host.run('curl https://parameters-mandatory/') + hostname = host.ansible.get_variables()['inventory_hostname'] + page = host.run('curl https://%s/', hostname) assert page.rc == 0 assert "Welcome" in page.stdout diff --git a/roles/web_server/molecule/default/tests/test_optional.py b/roles/web_server/molecule/default/tests/test_optional.py index d2bfd77e5b73c878f15b04a9a2c707dbfb19e9e6..b42753d69e20dae5add70933b08222f126bcb945 100644 --- a/roles/web_server/molecule/default/tests/test_optional.py +++ b/roles/web_server/molecule/default/tests/test_optional.py @@ -56,9 +56,10 @@ def test_default_vhost_index_page(host): Tests content of default vhost index page. """ - page = host.run('curl https://parameters-optional/') + hostname = host.ansible.get_variables()['inventory_hostname'] + page = host.run('curl https://%s/', hostname) assert page.rc == 0 assert "Optional Welcome" in page.stdout assert "

Optional Welcome

" in page.stdout - assert "

Welcome to parameters-optional, default virtual host.

" in page.stdout + assert "

Welcome to default virtual host.

" in page.stdout