majic-ansible-roles Changeset

Changeset - 3c51248b600c

Parent rev.

Child rev.

[Not reviewed]

0 4 0

Branko Majic (branko) - 2 months ago 2024-03-03 11:38:32
branko@majic.rs

MAR-192: Switch to using go-sendxmpp where possible for testing XMPP server role:

- The sendxmpp in Debian 12 Bookworm is quite broken at this point,
and go-sendxmpp is somewhat close in terms of interface etc.
- Fix a number of tests related to sending messages.

4 files changed with 58 insertions and 27 deletions:

roles/xmpp_server/molecule/default/molecule.yml

roles/xmpp_server/molecule/default/prepare.yml

roles/xmpp_server/molecule/default/tests/test_backup.py

roles/xmpp_server/molecule/default/tests/test_client.py

0 comments (0 inline, 0 general)

roles/xmpp_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -35,13 +35,17 @@ platforms: @@
   # ================
   - name: client-bullseye
     groups:
       - clients
       - bullseye
     box: debian/bullseye64
     # Use Bookworm client box for testing Bullseye servers to avoid
     # duplication of test code in test_client.py due to missing
     # functional build of go-sendxmpp for the Bullseye release (glibc
     # mismatch in prebuilt package).
     box: debian/bookworm64
     memory: 256
     cpus: 1
     provider_raw_config_args:
       - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
     interfaces:
       - auto_config: true

roles/xmpp_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -180,13 +180,13 @@ @@
       apt:
         name: mcabber
         state: present
     - name: Install console-based XMPP tool (for non-interactive testing)
       apt:
         name: sendxmpp
+        name: go-sendxmpp
         state: present
     - name: Create dedicated group for testing
       group:
         name: user
         state: present
@@ @@ -305,14 +305,16 @@ @@
 - hosts: parameters-mandatory,parameters-optional
   become: true
   tasks:
     - name: Install console-based XMPP tool (for non-interactive testing)
       apt:
-        name: sendxmpp
+        name: "{{ sendxmpp_package }}"
         state: present
       vars:
         sendxmpp_package: "{% if ansible_distribution_release == 'bullseye' %}sendxmpp{% else %}go-sendxmpp{% endif %}"
     - name: Deploy small Lua script for listing the enabled modules in Prosody
       copy:
         src: list_prosody_modules.lua
         dest: "/usr/local/bin/list_prosody_modules.lua"
         owner: root

roles/xmpp_server/molecule/default/tests/test_backup.py

➞

Show inline comments

 def test_backup(host):
     """
     Tests if Prosody data directory is correctly backed-up.
     """
     # Deliver a couple of messages in order to make sure the directory structure
     # is created.
     send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                     "-t -u jane.doe -p janepassword -j domain2:5222 jane.doe@domain2")
     assert send.rc == 0
     send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                     "-t -u mick.doe -p mickpassword -j domain3:5222 mick.doe@domain3")
     assert send.rc == 0
     distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
     # Ugly, but functional for now.
     if distribution_release == "bullseye":
         # Deliver a couple of messages in order to make sure the directory structure
         # is created.
         send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                         "-t -u jane.doe -p janepassword -j domain2:5222 jane.doe@domain2")
         assert send.rc == 0
         send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                         "-t -u mick.doe -p mickpassword -j domain3:5222 mick.doe@domain3")
         assert send.rc == 0
     else:
         send = host.run(f"echo 'Hello' | go-sendxmpp --debug "
                         f"--username jane.doe@domain2 --password janepassword --jserver domain2:5222 "
                         f"jane.doe@domain2")
         assert send.rc == 0
         send = host.run(f"echo 'Hello' | go-sendxmpp --debug "
                         f"--username mick.doe@domain3 --password mickpassword --jserver domain3:5222 "
                         f"mick.doe@domain3")
         assert send.rc == 0
     with host.sudo():
         # Remove restore directory in order to make sure restore has worked
         # correctly.
         host.run("rm -rf /root/restore")

roles/xmpp_server/molecule/default/tests/test_client.py

➞

Show inline comments

@@ @@ -31,51 +31,60 @@ def test_connectivity(host): @@
 ])
 def test_tls(host, username, password, domain):
     """
     Tests if TLS works as expected.
     """
     send = host.run(f"echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                     f"-t -u {username} -p {password} -j {domain}:5222 {username}@{domain}")
     send = host.run(f"echo 'Hello' | go-sendxmpp --debug "
                     f"--username {username}@{domain} --password {password} --jserver {domain}:5222 "
                     f"{username}@{domain}")
     assert send.rc == 0
     assert "<body>Hello</body>" in send.stderr
     send = host.run(f"echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                     f"-e -u {username} -p {password} -j {domain}:5223 {username}@{domain}")
     send = host.run(f"echo 'Hello' | go-sendxmpp --debug --tls "
                     f"--username {username}@{domain} --password {password} --jserver {domain}:5223 "
                     f"{username}@{domain}")
     assert send.rc == 0
     assert "<body>Hello</body>" in send.stderr
 @pytest.mark.parametrize("username, password, domain", [
     ["john.doe", "johnpassword", "domain1"],
     ["jane.doe", "janepassword", "domain2"],
 ])
 def test_authentication_requires_tls(host, username, password, domain):
     """
-    Tests if authentication must be done over TLS.
+    Tests if STARTTLS is required.
     """
     command = host.run(f"echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                        f"-u {username} -p {password} -j {domain}:5222 {username}@{domain} -d")
     assert "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>" in command.stderr
     send = host.run(f"echo 'Hello' | go-sendxmpp --debug "
                     f"--username {username}@{domain} --password {password} --jserver {domain}:5222 "
                     f"{username}@{domain}")
     assert send.rc == 0
     assert "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>" in send.stderr
 @pytest.mark.parametrize("username, password, domain", [
     ["john.doe", "johnpassword", "domain1"],
     ["jane.doe", "janepassword", "domain2"],
     ["mick.doe", "mickpassword", "domain3"],
 ])
 def test_authentication(host, username, password, domain):
     """
     Tests if authentication works correctly.
     """
     send = host.run(f"echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                     f"-t -u {username} -p {password} -j {domain}:5222 {username}@{domain}")
     send = host.run(f"echo 'Hello' | go-sendxmpp --debug "
                     f"--username {username}@{domain} --password {password} --jserver {domain}:5222 "
                     f"{username}@{domain}")
     assert send.rc == 0
     send = host.run(f"echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                     f"-e -u {username} -p {password} -j {domain}:5223 {username}@{domain}")
     send = host.run(f"echo 'Hello' | go-sendxmpp --debug --tls "
                     f"--username {username}@{domain} --password {password} --jserver {domain}:5223 "
                     f"{username}@{domain}")
     assert send.rc == 0
 @pytest.mark.parametrize("target_username, target_domain", [
     ["john.doe", "domain1"],
     ["jane.doe", "domain2"],
@@ @@ -83,10 +92,11 @@ def test_authentication(host, username, password, domain): @@
 def test_unauthorized_users_rejected(host, target_username, target_domain):
     """
     Tests if unauthorized users (present in LDAP, but not member of correct
     group) are rejected from accessing the XMPP server.
     """
     send = host.run(f"echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                     f"-t -u noxmpp -p noxmpppassword -j {target_domain}:5222 {target_username}@{target_domain}")
     send = host.run(f"echo 'Hello' | go-sendxmpp --debug "
                     f"--username noxmpp@{target_domain} --password noxmpppassword --jserver {target_domain}:5222 "
                     f"{target_username}@{target_domain}")
     assert send.rc != 0
-    assert "Error 'AuthSend': error: not-authorized[?]" in send.stderr
+    assert "Unable to authorize you with the authentication credentials you've sent" in send.stderr

0 comments (0 inline, 0 general)