majic-ansible-roles Changeset

Changeset - 554a57ceb0c1

Parent rev.

Child rev.

[Not reviewed]

0 5 0

Branko Majic (branko) - 2 months ago 2025-01-22 01:24:42
branko@majic.rs

MAR-233: Add IPv6 connectivity tests for the mail_forwarder role:

- Configure static IPv6 addresses on all test machines.
- Parametrise all connectivity tests to cover both IPv4 and IPv6.
- Be explicit on receiving servers for all swaks invocations that
target localhost.
- Make sure that the helper mail server has the necessary iptables
forwarding rules for IPv6 as well.

5 files changed with 51 insertions and 12 deletions:

roles/mail_forwarder/molecule/default/molecule.yml

roles/mail_forwarder/molecule/default/prepare.yml

roles/mail_forwarder/molecule/default/tests/test_connectivity_from_client.py

roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py

roles/mail_forwarder/molecule/default/tests/test_optional.py

0 comments (0 inline, 0 general) First comment

roles/mail_forwarder/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -27,6 +27,11 @@ platforms: @@
         ip: 192.168.56.11
         network_name: private_network
         type: static
       - auto_config: true
         ip: fd00::192:168:56:11
         network_name: private_network
         netmask: 116
         type: static
   - name: client1
     groups:
@@ @@ -40,6 +45,11 @@ platforms: @@
         ip: 192.168.56.12
         network_name: private_network
         type: static
       - auto_config: true
         ip: fd00::192:168:56:12
         network_name: private_network
         netmask: 116
         type: static
   # Bookworm
@@ @@ -56,6 +66,11 @@ platforms: @@
         ip: 192.168.56.21
         network_name: private_network
         type: static
       - auto_config: true
         ip: fd00::192:168:56:21
         network_name: private_network
         netmask: 116
         type: static
   - name: parameters-optional-bookworm
     groups:
@@ @@ -68,6 +83,11 @@ platforms: @@
         ip: 192.168.56.22
         network_name: private_network
         type: static
       - auto_config: true
         ip: fd00::192:168:56:22
         network_name: private_network
         netmask: 116
         type: static
   - name: parameters-no-incoming-bookworm
     groups:
@@ @@ -80,6 +100,11 @@ platforms: @@
         ip: 192.168.56.23
         network_name: private_network
         type: static
       - auto_config: true
         ip: fd00::192:168:56:23
         network_name: private_network
         netmask: 116
         type: static
 provisioner:
   name: ansible

roles/mail_forwarder/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -62,6 +62,11 @@ @@
 .168.56.21: "parameters-mandatory-bookworm"
 .168.56.22: "parameters-optional-bookworm"
 .168.56.23: "parameters-no-incoming-bookworm"
         fd00::192:168:56:11: "mail-server domain1"
         fd00::192:168:56:12: "client1"
         fd00::192:168:56:21: "parameters-mandatory-bookworm"
         fd00::192:168:56:22: "parameters-optional-bookworm"
         fd00::192:168:56:23: "parameters-no-incoming-bookworm"
     - name: Install tools for testing
       ansible.builtin.apt:
@@ @@ -157,10 +162,14 @@ @@
         name: swaks
         state: present
     - name: Set-up port forwarding
+    - name: Set-up port forwarding for IPv4
       ansible.builtin.command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport 27 -j REDIRECT --to-ports 25"
       changed_when: false
     - name: Set-up port forwarding for IPv4
       ansible.builtin.command: "ip6tables -t nat -A PREROUTING -p tcp -m tcp --dport 27 -j REDIRECT --to-ports 25"
       changed_when: false
   handlers:
     - name: Update CA certificate cache  # noqa no-changed-when

roles/mail_forwarder/molecule/default/tests/test_connectivity_from_client.py

➞

Show inline comments

                          sorted(
                              set(ansible_runner.get_hosts('all')) -
                              set(ansible_runner.get_hosts('helper'))))
 def test_connectivity_from_client(host, server):
 @pytest.mark.parametrize('ip_protocol', [4, 6])
 def test_connectivity_from_client(host, server, ip_protocol):
     """
     Tests connectivity towards mail forwarder servers from client
     (non-relay). Connectivity should fail for both.
@@ @@ -23,6 +24,6 @@ def test_connectivity_from_client(host, server): @@
     with host.sudo():
-        scan = host.run('nmap -4 -p 25 -oG - %s', server)
+        scan = host.run('nmap -%s -p 25 -oG - %s', str(ip_protocol), server)
         assert scan.rc == 0
         assert "Ports: 25/filtered/tcp//smtp/" in scan.stdout

roles/mail_forwarder/molecule/default/tests/test_connectivity_from_relay.py

➞

Show inline comments

 @pytest.mark.parametrize("server",
                          ansible_runner.get_hosts('parameters-optional'))
 def test_connectivity_from_authorised_relay(host, server):
 @pytest.mark.parametrize('ip_protocol', [4, 6])
 def test_connectivity_from_authorised_relay(host, server, ip_protocol):
     """
     Tests connectivity towards mail forwarder servers from authorised
     relay.
@@ @@ -21,7 +22,7 @@ def test_connectivity_from_authorised_relay(host, server): @@
     with host.sudo():
         scan = host.run('nmap -p 25 -oG - %s', server)
+        scan = host.run('nmap -%s -p 25 -oG - %s', str(ip_protocol), server)
         assert scan.rc == 0
         assert "Ports: 25/open/tcp//smtp/" in scan.stdout
@@ @@ -30,7 +31,8 @@ def test_connectivity_from_authorised_relay(host, server): @@
                          sorted(
                              set(ansible_runner.get_hosts('parameters-mandatory')) |
                              set(ansible_runner.get_hosts('parameters-no-incoming'))))
 def test_connectivity_from_unauthorised_relay(host, server):
 @pytest.mark.parametrize('ip_protocol', [4, 6])
 def test_connectivity_from_unauthorised_relay(host, server, ip_protocol):
     """
     Tests connectivity towards mail forwarder servers from unauthorised
     relay.
     with host.sudo():
         scan = host.run('nmap -p 25 -oG - %s', server)
+        scan = host.run('nmap -%s -p 25 -oG - %s', str(ip_protocol), server)
         assert scan.rc == 0
         assert "Ports: 25/filtered/tcp//smtp/" in scan.stdout
 @pytest.mark.parametrize("server",
                          ansible_runner.get_hosts('parameters-optional'))
 def test_mail_reception_from_authorised_relay(host, server):
 @pytest.mark.parametrize('ip_protocol', [4, 6])
 def test_mail_reception_from_authorised_relay(host, server, ip_protocol):
     """
     Tests if mails can be sent from relay to servers configured to use the
     relay.
     """
-    send = host.run('swaks --suppress-data --to root@{server} --server {server}'.format(server=server))
+    send = host.run('swaks -%s --suppress-data --to root@%s --server %s', str(ip_protocol), server, server)
     assert send.rc == 0
 @pytest.mark.parametrize("server",
                          ansible_runner.get_hosts('parameters-optional'))
 def test_open_relay(host, server):
 @pytest.mark.parametrize('ip_protocol', [4, 6])
 def test_open_relay(host, server, ip_protocol):
     """
     Tests if mail forwarder behaves as open relay.
     """
     no_recipients_accepted_error_code = 24
     send = host.run('swaks --suppress-data --to root@client1 --server %s', server)
+    send = host.run('swaks -%s --suppress-data --to root@client1 --server %s', str(ip_protocol), server)
     assert send.rc == no_recipients_accepted_error_code
     assert "Relay access denied" in send.stdout

roles/mail_forwarder/molecule/default/tests/test_optional.py

➞

Show inline comments

@@ @@ -45,7 +45,7 @@ def test_local_aliases(host): @@
     """
     hostname = host.run('hostname').stdout.strip()
     send = host.run('swaks --suppress-data --to root@localhost')
+    send = host.run('swaks --suppress-data --to root@localhost --server localhost')
     assert send.rc == 0
     message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)

0 comments (0 inline, 0 general) First comment