majic-ansible-roles Changeset

Changeset - 277c561f3f52

Parent rev.

Child rev.

[Not reviewed]

0 5 4

Branko Majic (branko) - 7 years ago 2017-07-03 17:16:31
branko@majic.rs

MAR-28: Impelmented general and SMTP-related tests for mail_server:

- Increased amount of memory in test instances to 768MB.
- Fixed playbook for runs against client test instances.
- Fixed typos and invalid settings in test playbook.
- Switched to expanded syntax in tasks used for deploying TLS keys and
certificates in order to avoid mangling of TAB characters.
- Fixed missing permissions set-up for Postfix main configuration file.
- Fixed deployment of Postfix master.cf configuration file to take into account
configurable virtual mail user.
- Implemented tests covering SMTP functionality.

9 files changed with 622 insertions and 23 deletions:

roles/mail_server/molecule.yml

roles/mail_server/playbook.yml

roles/mail_server/tasks/main.yml

roles/mail_server/templates/master.cf.j2

roles/mail_server/tests/test_client1.py

roles/mail_server/tests/test_client2.py

136

roles/mail_server/tests/test_default.py

230

roles/mail_server/tests/test_mandatory.py

roles/mail_server/tests/test_optional.py

106

0 comments (0 inline, 0 general)

roles/mail_server/molecule.yml

➞

Show inline comments

@@ @@ -15,7 +15,7 @@ vagrant: @@
     - name: virtualbox
       type: virtualbox
       options:
-        memory: 512
+        memory: 768
         cpus: 1
   instances:

roles/mail_server/playbook.yml

➞

Show inline comments

@@ @@ -21,12 +21,12 @@ @@
         parameters-mandatory: 10.31.127.30
         parameters-optional: 10.31.127.31
-- hosts: client
+- hosts: client1,client2
   tasks:
     - name: Install SWAKS for testing SMTP capability
       apt:
-        name: swak
+        name: swaks
         state: installed
 - hosts: ldap-server
@@ @@ -93,7 +93,7 @@ @@
         - name: postfix
           password: postfixpassword
         - name: dovecot
-          password: dovecotpoassword
+          password: dovecotpassword
           state: present
       ldap_server_domain: "local"
@@ @@ -153,8 +153,7 @@ @@
       imap_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_imap.cert.pem') }}"
       imap_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_imap.key.pem') }}"
       local_mail_aliases:
         root:
           - john.doe@parameters-optional.local
         root: "john.doe@domain1"
       smtp_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_smtp.cert.pem') }}"
       smtp_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_smtp.key.pem') }}"
       imap_folder_separator: "."

roles/mail_server/tasks/main.yml

➞

Show inline comments

@@ @@ -27,26 +27,42 @@ @@
   user: name=dovecot append=yes groups=ssl-cert
 - name: Deploy SMTP TLS private key
   copy: dest="/etc/ssl/private/{{ ansible_fqdn }}_smtp.key" content="{{ smtp_tls_key }}"
         mode=0640 owner=root group=root
   copy:
     dest: "/etc/ssl/private/{{ ansible_fqdn }}_smtp.key"
     content: "{{ smtp_tls_key }}"
     mode: 0640
     owner: root
     group: root
   notify:
     - Restart Postfix
 - name: Deploy SMTP TLS certificate
   copy: dest="/etc/ssl/certs/{{ ansible_fqdn }}_smtp.pem" content="{{ smtp_tls_certificate }}"
         mode=0644 owner=root group=root
   copy:
     dest: "/etc/ssl/certs/{{ ansible_fqdn }}_smtp.pem"
     content: "{{ smtp_tls_certificate }}"
     mode: 0644
     owner: root
     group: root
   notify:
     - Restart Postfix
 - name: Deploy IMAP TLS private key
   copy: dest="/etc/ssl/private/{{ ansible_fqdn }}_imap.key" content="{{ imap_tls_key }}"
         mode=0640 owner=root group=root
   copy:
     dest: "/etc/ssl/private/{{ ansible_fqdn }}_imap.key"
     content: "{{ imap_tls_key }}"
     mode: 0640
     owner: root
     group: root
   notify:
     - Restart Dovecot
 - name: Deploy IMAP TLS certificate
   copy: dest="/etc/ssl/certs/{{ ansible_fqdn }}_imap.pem" content="{{ imap_tls_certificate }}"
         mode=0644 owner=root group=root
   copy:
     dest: "/etc/ssl/certs/{{ ansible_fqdn }}_imap.pem"
     content: "{{ imap_tls_certificate }}"
     mode: 0644
     owner: root
     group: root
   notify:
     - Restart Dovecot
@@ @@ -106,7 +122,12 @@ @@
     - Restart Postfix
 - name: Deploy Postfix main configuration
   template: src="main.cf.j2" dest="/etc/postfix/main.cf"
   template:
     src: "main.cf.j2"
     dest: "/etc/postfix/main.cf"
     owner: root
     group: root
     mode: 0644
   notify:
     - Restart Postfix

roles/mail_server/templates/master.cf.j2

➞

Show inline comments

@@ @@ -76,7 +76,7 @@ scache unix - - - - 1 scache @@
 # Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
 maildrop  unix  -       n       n       -       -       pipe
-  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+  flags=DRhu user={{ mail_user }} argv=/usr/bin/maildrop -d ${recipient}
+#
 # ====================================================================
+#
@@ @@ -124,7 +124,7 @@ mailman unix - n n - - pipe @@
 # Delivery via Dovecot.
 dovecot   unix  -       n       n       -       -       pipe
-  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}
+  flags=DRhu user={{ mail_user }}:{{ mail_user }} argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}
 # Submission port with hardened TLS configuration.
 submission inet n       -       -       -       -       smtpd

roles/mail_server/tests/test_client1.py

➞

Show inline comments

@@ new file 100644 @@
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('client1')
 def test_open_relay(Command):
     """
     Tests if mail server behaves as open relay.
     """
     no_recipients_accepted = 24
     send = Command('swaks --suppress-data --to root@client1 --server parameters-mandatory')
     assert send.rc == no_recipients_accepted
     assert "Relay access denied" in send.stdout
 def test_allowed_relay(Command):
     """
     Tests if mail server allows relaying from configured IPs/networks.
     """
     send = Command('swaks --suppress-data --to root@client1 --server parameters-optional')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout

roles/mail_server/tests/test_client2.py

➞

Show inline comments

@@ new file 100644 @@
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('client2')
 def test_open_relay(Command):
     """
     Tests if mail server behaves as open relay.
     """
     no_recipients_accepted = 24
     send = Command('swaks --suppress-data --to root@client1 --server parameters-mandatory')
     assert send.rc == no_recipients_accepted
     assert "Relay access denied" in send.stdout
     send = Command('swaks --suppress-data --to root@client1 --server parameters-optional')
     assert send.rc == no_recipients_accepted
     assert "Relay access denied" in send.stdout
 def test_mail_delivery(Command):
     """
     Tests if mails can be delivered to valid accounts. Has to be run on client
     with no unauthenticated relay permissions.
     """
     no_recipients_accepted = 24
     # Valid accounts.
     send = Command('swaks --suppress-data --to john.doe@domain1 --server parameters-mandatory')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
     send = Command('swaks --suppress-data --to john.doe@domain1 --server parameters-optional')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
     send = Command('swaks --suppress-data --to jane.doe@domain2 --server parameters-mandatory')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
     send = Command('swaks --suppress-data --to jane.doe@domain2 --server parameters-optional')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
     # Invalid accounts.
     send = Command('swaks --suppress-data --to john.doe@domain2 --server parameters-mandatory')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
     send = Command('swaks --suppress-data --to john.doe@domain2 --server parameters-optional')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
     send = Command('swaks --suppress-data --to jane.doe@domain1 --server parameters-mandatory')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
     send = Command('swaks --suppress-data --to jane.doe@domain1 --server parameters-optional')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
     # Valid aliases.
     send = Command('swaks --suppress-data --to postmaster@domain1 --server parameters-mandatory')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
     send = Command('swaks --suppress-data --to postmaster@domain1 --server parameters-optional')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
     send = Command('swaks --suppress-data --to webmaster@domain2 --server parameters-mandatory')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
     send = Command('swaks --suppress-data --to webmaster@domain2 --server parameters-optional')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
     # Invalid aliases.
     send = Command('swaks --suppress-data --to postmaster@domain2 --server parameters-mandatory')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
     send = Command('swaks --suppress-data --to postmaster@domain2 --server parameters-optional')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
     send = Command('swaks --suppress-data --to webmaster@domain1 --server parameters-mandatory')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
     send = Command('swaks --suppress-data --to webmaster@domain1 --server parameters-optional')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
 def test_smtp_authentication(Command):
     """
     Tests if SMTP authentication works via TLS and allows sending mails to
     anywhere.
     """
     send = Command('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
 def test_smtp_authentication_requires_tls(Command):
     """
     Tests if SMTP authentication requires TLS.
     """
     auth_error = 28
     send = Command('swaks --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
     assert send.rc == auth_error
     assert "Host did not advertise authentication" in send.stdout
 def test_smtp_authentication_requires_submission_port(Command):
     """
     Tests if SMTP authentication cannot be done on regular SMTP port.
     """
     auth_error = 28
     send = Command('swaks --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
     assert send.rc == auth_error
     assert "Host did not advertise authentication" in send.stdout
     send = Command('swaks -tls --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
     assert send.rc == auth_error
     assert "Host did not advertise authentication" in send.stdout

roles/mail_server/tests/test_default.py

➞

Show inline comments

 import re
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('all')
     '.molecule/ansible_inventory').get_hosts(['parameters-mandatory', 'parameters-optiona'])
 def test_installed_packages(Package):
     """
     Tests if the necessary packages have been installed.
     """
     assert Package('rsync').is_installed
     assert Package('dovecot-imapd').is_installed
     assert Package('dovecot-ldap').is_installed
     assert Package('dovecot-sieve').is_installed
     assert Package('dovecot-managesieved').is_installed
     assert Package('postfix').is_installed
     assert Package('postfix-ldap').is_installed
     assert Package('swaks').is_installed
     assert Package('clamav-milter').is_installed
 def test_removed_packages(Package):
     """
     Tests if certain packages have been removed from the system.
     """
     assert not Package('exim4').is_installed
 def test_postfix_user(User):
     """
     Tests if Postfix user has been added to correct group for traversing the TLS
     private key directory.
     """
     assert "ssl-cert" in User('postfix').groups
 def test_dovecot_user(User):
     """
     Tests if Dovecot user has been added to correct group for traversing the TLS
     private key directory.
     """
     assert "ssl-cert" in User('dovecot').groups
 def test_clamav_milter_configuration(File):
     """
     Tests if ClamAV Milter configuration has been deployed correctly.
     """
     config = File('/etc/clamav/clamav-milter.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
 def test_clamav_milter(Command):
     """
     Tests if ClamAV milter is blocking viruses.
     """
     server_did_not_accept_mail = 26
     eicar = 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'
     send_mail = Command("swaks --to john.doe@domain1 --server localhost --attach '%s'" % eicar)
     assert send_mail.rc == server_did_not_accept_mail
     assert 'Your message has been rejected due to a possible virus' in send_mail.stdout
 def test_postfix_chroot_directories(File):
     """
     Tests if Postfix chroot directories have been set-up with correct
     permissions.
     """
     directory = File('/var/spool/postfix/var')
     assert directory.is_directory
     assert directory.user == 'root'
     assert directory.group == 'root'
     assert directory.mode == 0o755
     directory = File('/var/spool/postfix/var/run')
     assert directory.is_directory
     assert directory.user == 'root'
     assert directory.group == 'root'
     assert directory.mode == 0o755
     directory = File('/var/spool/postfix/var/run/clamav')
     assert directory.is_directory
     assert directory.user == 'clamav'
     assert directory.group == 'clamav'
     assert directory.mode == 0o755
 def test_ldap_tls_truststore_file(File):
     """
     Tests if the LDAP TLS truststore file has been deployed correctly.
     """
     tls_file = File('/etc/ssl/certs/mail_ldap_tls_truststore.pem')
     assert tls_file.is_file
     assert tls_file.user == 'root'
     assert tls_file.group == 'root'
     assert tls_file.mode == 0o644
     assert tls_file.content == open("tests/data/x509/ca.cert.pem", "r").read().rstrip()
     tls_file = File('/var/spool/postfix/etc/ssl/certs/mail_ldap_tls_truststore.pem')
     assert tls_file.is_file
     assert tls_file.user == 'root'
     assert tls_file.group == 'root'
     assert tls_file.mode == 0o644
     assert tls_file.content == open("tests/data/x509/ca.cert.pem", "r").read().rstrip()
 def test_mailname_file(File):
     """
     Tests the system mail name file permissions.
     """
     mailname = File('/etc/mailname')
     assert mailname.is_file
     assert mailname.user == 'root'
     assert mailname.group == 'root'
     assert mailname.mode == 0o644
 def test_postfix_ldap_configuration_files(File):
     """
     Tests if Postfix LDAP configuration files have been deployed correctly.
     """
     for config_file_path in ['/etc/postfix/ldap-virtual-alias-maps.cf',
                              '/etc/postfix/ldap-virtual-mailbox-domains.cf',
                              '/etc/postfix/ldap-virtual-mailbox-maps.cf']:
         config = File(config_file_path)
         assert config.is_file
         assert config.user == 'root'
         assert config.group == 'postfix'
         assert config.mode == 0o640
 def test_postfix_ldap_configuration(Command, Sudo):
     """
     Tests if LDAP configuration can be used to fetch correct query results.
     """
     with Sudo():
         # Test for valid domains.
         command = Command("postmap -q domain1 ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf")
         assert command.rc == 0
         assert command.stdout == "domain1"
         command = Command("postmap -q domain2 ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf")
         assert command.rc == 0
         assert command.stdout == "domain2"
         # Test for invalid domains.
         command = Command("postmap -q domain3 ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf")
         assert command.rc == 1
         assert command.stdout == ""
         # Test for valid mail addresses.
         command = Command("postmap -q 'john.doe@domain1' ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf")
         assert command.rc == 0
         assert command.stdout == 'john.doe@domain1'
         command = Command("postmap -q 'jane.doe@domain2' ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf")
         assert command.rc == 0
         assert command.stdout == 'jane.doe@domain2'
         # Test for invalid mail addresses.
         command = Command("postmap -q 'jane.doe@domain1' ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf")
         assert command.rc == 1
         assert command.stdout == ''
         command = Command("postmap -q 'john.doe@domain2' ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf")
         assert command.rc == 1
         assert command.stdout == ''
         # Test for valid mail aliases.
         command = Command("postmap -q postmaster@domain1 ldap:/etc/postfix/ldap-virtual-alias-maps.cf")
         assert command.rc == 0
         assert command.stdout == "john.doe@domain1"
         command = Command("postmap -q webmaster@domain2 ldap:/etc/postfix/ldap-virtual-alias-maps.cf")
         assert command.rc == 0
         assert command.stdout == "jane.doe@domain2"
         # Test for invalid mail aliases.
         command = Command("postmap -q postmaster@domain2 ldap:/etc/postfix/ldap-virtual-alias-maps.cf")
         assert command.rc == 1
         assert command.stdout == ""
         command = Command("postmap -q webmaster@domain1 ldap:/etc/postfix/ldap-virtual-alias-maps.cf")
         assert command.rc == 1
         assert command.stdout == ""
 def test_postfix_main_cf_file(File):
     """
     Tests Postfix main configuration file permissions.
     """
     config = File('/etc/postfix/main.cf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
 def test_postfix_delivery_to_dovecot(Command, File, Sudo):
     """
     Tests if mail received by Postfix is properly delivered to Dovecot.
     """
 def test_hosts_file(File):
     f = File('/etc/hosts')
     # Virtual account.
     send = Command('swaks --suppress-data --to john.doe@domain1 --server parameters-mandatory')
     assert send.rc == 0
     message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
     assert f.exists
     assert f.user == 'root'
     assert f.group == 'root'
     with Sudo():
         mail_log = File('/var/log/mail.log')
         pattern = "dovecot: lda\(john.doe@domain1\): msgid=<[^.]*.%s@[^>]*>: saved mail to INBOX" % message_id
         assert re.search(pattern, mail_log.content) is not None

roles/mail_server/tests/test_mandatory.py

➞

Show inline comments

@@ new file 100644 @@
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('parameters-mandatory')
 def test_smtp_tls_files(File, Sudo):
     """
     Tests if SMTP TLS private key has been deployed correctly.
     """
     with Sudo():
         tls_file = File('/etc/ssl/private/parameters-mandatory_smtp.key')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o640
         assert tls_file.content == open("tests/data/x509/parameters-mandatory_smtp.key", "r").read().rstrip()
         tls_file = File('/etc/ssl/certs/parameters-mandatory_smtp.pem')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
         assert tls_file.content == open("tests/data/x509/parameters-mandatory_smtp.pem", "r").read().rstrip()
         tls_file = File('/etc/ssl/private/parameters-mandatory_imap.key')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o640
         assert tls_file.content == open("tests/data/x509/parameters-mandatory_imap.key", "r").read().rstrip()
         tls_file = File('/etc/ssl/certs/parameters-mandatory_imap.pem')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
         assert tls_file.content == open("tests/data/x509/parameters-mandatory_imap.pem", "r").read().rstrip()
 def test_certificate_validity_check_configuration(File):
     """
     Tests if certificate validity check configuration file has been deployed
     correctly.
     """
     config = File('/etc/check_certificate/parameters-mandatory_smtp.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert config.content == "/etc/ssl/certs/parameters-mandatory_smtp.pem"
     config = File('/etc/check_certificate/parameters-mandatory_imap.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert config.content == "/etc/ssl/certs/parameters-mandatory_imap.pem"
 def test_mailname_file_content(File):
     """
     Tests the system mail name file content.
     """
     mailname = File('/etc/mailname')
     assert mailname.content == "parameters-mandatory"
 def test_postfix_main_cf_file_content(File):
     """
     Tests if the Postfix main configuration file content is correct.
     """
     config = File('/etc/postfix/main.cf')
     config_lines = config.content.split("\n")
     assert "myhostname = parameters-mandatory" in config_lines
     assert "mydestination = parameters-mandatory, parameters-mandatory, localhost.localdomain, localhost" in config_lines
     assert "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128" in config_lines
     assert "smtpd_tls_cert_file = /etc/ssl/certs/parameters-mandatory_smtp.pem" in config_lines
     assert "smtpd_tls_key_file = /etc/ssl/private/parameters-mandatory_smtp.key" in config_lines
     assert "reject_rbl" not in config_lines

roles/mail_server/tests/test_optional.py

➞

Show inline comments

@@ new file 100644 @@
 import re
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('parameters-optional')
 def test_smtp_tls_files(File, Sudo):
     """
     Tests if SMTP TLS private key has been deployed correctly.
     """
     with Sudo():
         tls_file = File('/etc/ssl/private/parameters-optional_smtp.key')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o640
         assert tls_file.content == open("tests/data/x509/parameters-optional_smtp.key.pem", "r").read().rstrip()
         tls_file = File('/etc/ssl/certs/parameters-optional_smtp.pem')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
         assert tls_file.content == open("tests/data/x509/parameters-optional_smtp.cert.pem", "r").read().rstrip()
         tls_file = File('/etc/ssl/private/parameters-optional_imap.key')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o640
         assert tls_file.content == open("tests/data/x509/parameters-optional_imap.key.pem", "r").read().rstrip()
         tls_file = File('/etc/ssl/certs/parameters-optional_imap.pem')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
         assert tls_file.content == open("tests/data/x509/parameters-optional_imap.cert.pem", "r").read().rstrip()
 def test_certificate_validity_check_configuration(File):
     """
     Tests if certificate validity check configuration file has been deployed
     correctly.
     """
     config = File('/etc/check_certificate/parameters-optional_smtp.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert config.content == "/etc/ssl/certs/parameters-optional_smtp.pem"
     config = File('/etc/check_certificate/parameters-optional_imap.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert config.content == "/etc/ssl/certs/parameters-optional_imap.pem"
 def test_mailname_file_content(File):
     """
     Tests the system mail name file content.
     """
     mailname = File('/etc/mailname')
     assert mailname.content == "parameters-optional"
 def test_postfix_main_cf_file_content(File):
     """
     Tests if the Postfix main configuration file content is correct.
     """
     config = File('/etc/postfix/main.cf')
     config_lines = config.content.split("\n")
     assert "myhostname = parameters-optional" in config_lines
     assert "mydestination = parameters-optional, parameters-optional, localhost.localdomain, localhost" in config_lines
     assert "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.31.127.20" in config_lines
     assert "smtpd_tls_cert_file = /etc/ssl/certs/parameters-optional_smtp.pem" in config_lines
     assert "smtpd_tls_key_file = /etc/ssl/private/parameters-optional_smtp.key" in config_lines
     assert "  reject_rbl bl.spamcop.net" in config_lines
     assert "  reject_rbl zen.spamhaus.org" in config_lines
 def test_local_aliases(Command, File, Sudo):
     """
     Tests if local aliases are configured correctly.
     """
     send = Command('swaks --suppress-data --to root@localhost')
     assert send.rc == 0
     message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
     with Sudo():
         mail_log = File('/var/log/mail.log')
         pattern = "dovecot: lda\(john.doe@domain1\): msgid=<[^.]*.%s@[^>]*>: saved mail to INBOX" % message_id
         assert re.search(pattern, mail_log.content) is not None

0 comments (0 inline, 0 general)