majic-ansible-roles Changeset

Changeset - 04a99d1e5a60

Parent rev.

Child rev.

[Not reviewed]

0 9 0

Branko Majic (branko) - 2 months ago 2025-02-07 00:42:24
branko@majic.rs

MAR-242: Enable HTTP file upload (XEP-0363) for XMPP server deployments.

9 files changed with 84 insertions and 10 deletions:

docs/releasenotes.rst

docs/rolereference.rst

roles/xmpp_server/files/ferm_xmpp.conf

roles/xmpp_server/molecule/default/prepare.yml

roles/xmpp_server/molecule/default/tests/test_client.py

roles/xmpp_server/molecule/default/tests/test_default.py

roles/xmpp_server/molecule/default/tests/test_mandatory.py

roles/xmpp_server/molecule/default/tests/test_optional.py

roles/xmpp_server/templates/prosody.cfg.lua.j2

0 comments (0 inline, 0 general) First comment

docs/releasenotes.rst

➞

Show inline comments

@@ @@ -73,6 +73,10 @@ Upgraded to Ansible 10.4.x. Dropped support for Debian 11 @@
     ciphers), in addition to TLSv1.2, for client-to-server
     communications.
   * `XEP-0363: HTTP File Upload
     <https://xmpp.org/extensions/xep-0363.html>`_ is now enabled for
     each configured domain.
 **Bug fixes:**
 * ``common`` role

docs/rolereference.rst

➞

Show inline comments

@@ @@ -900,6 +900,8 @@ Prosody is configured as follows: @@
   service is set-up, with FQDN set to ``conference.DOMAIN``.
 * For each domain specified, a dedicated file proxy service will be set-up, with
   FQDN set to ``proxy.DOMAIN``.
 * For each domain specified, a dedicated http file share service will be set-up,
   with FQDN set to ``upload.DOMAIN``.
 Prosody expects a specific directory structure in LDAP when doing look-ups:

roles/xmpp_server/files/ferm_xmpp.conf

➞

Show inline comments

@@ @@ -8,6 +8,8 @@ domain (ip ip6) { @@
             proto tcp dport 5000 ACCEPT;
             # XMPP server connections.
             proto tcp dport 5269 ACCEPT;
             # HTTP file upload.
             proto tcp dport 5281 ACCEPT;
+        }
+    }
+}

roles/xmpp_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -29,15 +29,18 @@ @@
             - domain1
             - proxy.domain1
             - conference.domain1
             - upload.domain1
         - name: parameters-optional-bookworm_xmpp
           fqdn:
             - parameters-optional
             - domain2
             - proxy.domain2
             - conference.domain2
             - upload.domain2
             - domain3
             - proxy.domain3
             - conference.domain3
             - upload.domain3
     - name: Set-up link to generated X.509 material
       ansible.builtin.file:
@@ @@ -91,11 +94,11 @@ @@
       with_dict:
 .168.56.11: "ldap-server backup-server"
 .168.56.21: "client-bookworm"
 .168.56.31: "parameters-mandatory domain1 proxy.domain1 conference.domain1"
 .168.56.32: "parameters-optional domain2 proxy.domain2 conference.domain2 domain3 proxy.domain3 conference.domain3"
 .168.56.31: "parameters-mandatory domain1 proxy.domain1 conference.domain1 upload.domain1"
 .168.56.32: "parameters-optional domain2 proxy.domain2 conference.domain2 upload.domain2 domain3 proxy.domain3 conference.domain3 upload.domain3"
         fd00::192:168:56:21: "client-bookworm"
         fd00::192:168:56:31: "parameters-mandatory domain1 proxy.domain1 conference.domain1"
         fd00::192:168:56:32: "parameters-optional domain2 proxy.domain2 conference.domain2 domain3 proxy.domain3 conference.domain3"
         fd00::192:168:56:31: "parameters-mandatory domain1 proxy.domain1 conference.domain1 upload.domain1"
         fd00::192:168:56:32: "parameters-optional domain2 proxy.domain2 conference.domain2 upload.domain2 domain3 proxy.domain3 conference.domain3 upload.domain3"
 - name: Prepare, helpers
   hosts: clients

roles/xmpp_server/molecule/default/tests/test_client.py

➞

Show inline comments

 import os
 import uuid
 import pytest
 @pytest.mark.parametrize('server', ['parameters-mandatory', 'parameters-optional'])
 @pytest.mark.parametrize('port', [5222, 5223, 5000, 5269])
+@pytest.mark.parametrize('port', [5222, 5223, 5000, 5269, 5281])
 @pytest.mark.parametrize('ip_protocol', [4, 6])
 def test_connectivity(host, server, port, ip_protocol):
     """
                     f"{target_username}@{target_domain}")
     assert send.rc != 0
     assert "Unable to authorize you with the authentication credentials you've sent" in send.stderr
 @pytest.mark.parametrize("username, password, domain, server", [
     ["john.doe", "johnpassword", "domain1", "parameters-mandatory"],
     ["jane.doe", "janepassword", "domain2", "parameters-optional"],
     ["mick.doe", "mickpassword", "domain3", "parameters-optional"],
 ])
 def test_http_file_upload(host, username, password, domain, server):
     """
     Tests if http file upload works correctly.
     """
     # Prepare file for transfer.
     expected_content = str(uuid.uuid4())
     create_sample_file = host.run("echo -n %s > /tmp/http_file_upload_sample.txt", expected_content)
     assert create_sample_file.rc == 0
     # Path where uploaded file will end-up.
     upload_directory_path = f"/var/lib/prosody/upload%2e{domain}/http_file_share"
     # Find the host that serves the domain. Used for validating uploaded content.
     ansible_facts = host.ansible("setup")["ansible_facts"]
     ansible_distribution_release = ansible_facts['ansible_distribution_release']
     ansible_runner = testinfra.utils.ansible_runner.AnsibleRunner(os.environ['MOLECULE_INVENTORY_FILE'])
     server_host = ansible_runner.get_host(ansible_runner.get_hosts(f'{server}-{ansible_distribution_release}')[0])
     # Clean up leftovers from previous run.
     with server_host.sudo():
         server_host.run("rm -rf %s/*", upload_directory_path)
     # Upload the file.
     send = host.run(f"go-sendxmpp --debug --username {username}@{domain} --password {password} --jserver {domain}:5222 "
                     f"--http-upload /tmp/http_file_upload_sample.txt "
                     f"{username}@{domain}")
     assert send.rc == 0
     assert "No http upload component found." not in send.stderr
     # Verify content on server.
     with server_host.sudo():
         upload_directory = server_host.file(upload_directory_path)
         assert upload_directory.is_directory
         assert upload_directory.user == "prosody"
         assert upload_directory.group == "prosody"
         assert upload_directory.mode == 0o750
         assert len(upload_directory.listdir()) == 1
         uploaded_file_name = upload_directory.listdir()[0]
         uploaded_file = server_host.file(os.path.join(upload_directory_path, uploaded_file_name))
         assert uploaded_file.is_file
         assert uploaded_file.user == "prosody"
         assert uploaded_file.group == "prosody"
         assert uploaded_file.mode == 0o640
         assert uploaded_file.content_string == expected_content

roles/xmpp_server/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -281,6 +281,7 @@ def test_ldap_client_configuration(host): @@
 # @TODO: Tests which were not implemented due to lack of out-of-box tools:
+#
 # - Proxy capability.
 # - MUC.
 # - Proxy component.
 # - MUC component.
 # - HTTP file share access control.
 # - Server administration through XMPP.

roles/xmpp_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

@@ @@ -36,7 +36,9 @@ def test_prosody_configuration_file_content(host): @@
 Component "conference.domain1" "muc"
   restrict_room_creation = "local"
 Component "proxy.domain1" "proxy65"
   proxy65_acl = { "domain1" }""" in config.content_string
   proxy65_acl = { "domain1" }
 Component "upload.domain1" "http_file_share"
   http_file_share_access = { "domain1" }""" in config.content_string
 def test_xmpp_server_uses_correct_dh_parameters(host):

roles/xmpp_server/molecule/default/tests/test_optional.py

➞

Show inline comments

@@ @@ -36,13 +36,17 @@ def test_prosody_configuration_file_content(host): @@
 Component "conference.domain2" "muc"
   restrict_room_creation = "local"
 Component "proxy.domain2" "proxy65"
   proxy65_acl = { "domain2" }""" in config.content_string
   proxy65_acl = { "domain2" }
 Component "upload.domain2" "http_file_share"
   http_file_share_access = { "domain2" }""" in config.content_string
         assert """VirtualHost "domain3"
 Component "conference.domain3" "muc"
   restrict_room_creation = "local"
 Component "proxy.domain3" "proxy65"
   proxy65_acl = { "domain3" }""" in config.content_string
   proxy65_acl = { "domain3" }
 Component "upload.domain3" "http_file_share"
   http_file_share_access = { "domain3" }""" in config.content_string
 @pytest.mark.parametrize("port", [

roles/xmpp_server/templates/prosody.cfg.lua.j2

➞

Show inline comments

@@ @@ -110,4 +110,6 @@ Component "conference.{{ domain }}" "muc" @@
   restrict_room_creation = "local"
 Component "proxy.{{ domain }}" "proxy65"
   proxy65_acl = { "{{ domain }}" }
 Component "upload.{{ domain }}" "http_file_share"
   http_file_share_access = { "{{ domain }}" }
 {% endfor -%}

0 comments (0 inline, 0 general) First comment