"pip==20.2.4",

        "setuptools==50.3.2",

        "six==1.15.0",

        "wheel==0.35.1",

    ]),

])

def test_pipreqcheck_virtualenv_packages(host, pip_path, expected_packages):

    """

    Tests if correct packages are installed in virtualenv used for pip

    requirements checks..

    """

    # Normalise package names and order.

    expected_packages = sorted([p.lower() for p in expected_packages])

    actual_packages = sorted(packages.stdout.lower().strip().split("\n"))

    # This is a dummy distro-provided package ignored by the pip-tools.

    if "pkg-resources==0.0.0" in actual_packages:

        actual_packages.remove("pkg-resources==0.0.0")

    assert actual_packages == expected_packages

@pytest.mark.parametrize("server",

                         sorted(

                             set(ansible_runner.get_hosts('all')) -

                             set(ansible_runner.get_hosts('helper'))))

def test_connectivity_from_client(host, server):

    """

    Tests connectivity towards mail forwarder servers from client

    (non-relay). Connectivity should fail for both.

    """

    with host.sudo():

        assert ping.rc != 0

        assert "100% packet loss" in ping.stderr

@pytest.mark.parametrize("server",

                         ansible_runner.get_hosts('parameters-optional'))

def test_connectivity_from_authorised_relay(host, server):

    """

    Tests connectivity towards mail forwarder servers from authorised

    relay.

    """

    with host.sudo():

        assert ping.rc == 0

@pytest.mark.parametrize("server",

                         sorted(

                             set(ansible_runner.get_hosts('parameters-mandatory')) |

                             set(ansible_runner.get_hosts('parameters-no-incoming'))))

def test_connectivity_from_unauthorised_relay(host, server):

    """

    Tests connectivity towards mail forwarder servers from unauthorised

    relay.

    """

    with host.sudo():

        assert ping.rc != 0

        assert "100% packet loss" in ping.stderr

@pytest.mark.parametrize("server",

                         ansible_runner.get_hosts('parameters-optional'))

def test_mail_reception_from_authorised_relay(host, server):

    """

    Tests if mails can be sent from relay to servers configured to use the

    relay.

    """

    assert send.rc == 0

@pytest.mark.parametrize("server",

                         ansible_runner.get_hosts('parameters-optional'))

def test_open_relay(host, server):

    """

    Tests if mail forwarder behaves as open relay.

    """

    no_recipients_accepted_error_code = 24

    assert send.rc == no_recipients_accepted_error_code

    assert "Relay access denied" in send.stdout

def test_connectivity(host):

    """

    Tests connectivity to the web server (ports that should be reachable).

    """

    with host.sudo():

        for server in ["parameters-mandatory",

                       "parameters-optional"]:

            # HTTP, HTTPS.

            for port in [80, 443]:

                assert ping.rc == 0

    """

    Tests if Python virtualenv wrapper script is functioning correctly.

    """

    with host.sudo():

        wrapper = host.file(wrapper_script)

        assert wrapper.is_file

        assert wrapper.user == expected_owner

        assert wrapper.group == expected_group

        assert wrapper.mode == 0o750

        assert command.rc == 0

@pytest.mark.parametrize("admin_user, pip_path, expected_packages",  [

    ('admin-parameters-mandatory', '/var/www/parameters-mandatory/virtualenv/bin/pip', [

        "futures==3.3.0",

        "gunicorn==19.10.0",

    ]),

    ('admin-parameters-optional_local', '/var/www/parameters-optional.local/virtualenv/bin/pip', [

        "Pygments==2.2.0",

        "dnspython==1.15.0",

        "docopt==0.6.2",

        "click==6.7",

        "futures==3.1.1",

        "gunicorn==19.8.1",

        "itsdangerous==0.24",

        "six==1.10.0",

    ]),

])

def test_virtualenv_packages(host, admin_user, pip_path, expected_packages):

    """

    Tests if correct packages are installed in virtualenv.

    """

    # Normalise package names and order.

    expected_packages = sorted([p.lower() for p in expected_packages])

    actual_packages = sorted(packages.stdout.lower().strip().split("\n"))

    assert actual_packages == expected_packages

@pytest.mark.parametrize("config_file, expected_website_name, expected_socket_file_path", [

    ('/etc/systemd/system/parameters-mandatory.socket', 'parameters-mandatory', '/run/wsgi/parameters-mandatory.sock'),

    ('/etc/systemd/system/parameters-optional.local.socket', 'parameters-optional.local', '/run/wsgi/parameters-optional.local.sock'),

    ('/etc/systemd/system/parameters-paste-req.socket', 'parameters-paste-req', '/run/wsgi/parameters-paste-req.sock'),

def test_connectivity(host):

    """

    Tests connectivity to the XMPP server (ports that should be reachable).

    """

    with host.sudo():

        for server in ["parameters-mandatory",

                       "parameters-optional"]:

            # c2s plaintext, c2s TLS, file proxy, s2s.

            for port in [5222, 5223, 5000, 5269]:

                assert ping.rc == 0

def test_tls(host):

    """

    Tests if TLS works as expected.

    """

    send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "

                    "-t -u john.doe -p johnpassword -j domain1:5222 john.doe@domain1")

    assert send.rc == 0