Changeset - 806f31aaaea2
Parent rev.
Child rev.
[Not reviewed]
4 4 4
Branko Majic (branko) - 4 years ago 2020-07-26 21:31:09
branko@majic.rs
MAR-162: Deduplicate mail_server tests for TLS material.
8 files changed with 43 insertions and 80 deletions:
roles/mail_server/molecule/default/group_vars/parameters-optional.yml
4
4
roles/mail_server/molecule/default/tests/data/x509/parameters-optional-stretch64_imap.cert.pem
rename
roles/mail_server/molecule/default/tests/data/x509/parameters-optional-stretch64_imap.key.pem
rename
roles/mail_server/molecule/default/tests/data/x509/parameters-optional-stretch64_smtp.cert.pem
rename
roles/mail_server/molecule/default/tests/data/x509/parameters-optional-stretch64_smtp.key.pem
rename
roles/mail_server/molecule/default/tests/test_default.py
39
roles/mail_server/molecule/default/tests/test_mandatory.py
38
roles/mail_server/molecule/default/tests/test_optional.py
38
0 comments (0 inline, 0 general)
roles/mail_server/molecule/default/group_vars/parameters-optional.yml
Show inline comments
 
@@ -15,12 +15,12 @@ mail_user: virtmail
 
mail_user_uid: 5000
 
mail_user_gid: 5000
 
imap_max_user_connections_per_ip: 2
 
imap_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_imap.cert.pem') }}"
 
imap_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_imap.key.pem') }}"
 
imap_tls_certificate: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_imap.cert.pem') }}"
 
imap_tls_key: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_imap.key.pem') }}"
 
local_mail_aliases:
 
  root: "john.doe@domain1"
 
smtp_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_smtp.cert.pem') }}"
 
smtp_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_smtp.key.pem') }}"
 
smtp_tls_certificate: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_smtp.cert.pem') }}"
 
smtp_tls_key: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_smtp.key.pem') }}"
 
imap_folder_separator: "."
 
smtp_rbl:
 
  - bl.spamcop.net
roles/mail_server/molecule/default/tests/data/x509/parameters-optional-stretch64_imap.cert.pem
Show inline comments
 
file renamed from roles/mail_server/molecule/default/tests/data/x509/parameters-optional_imap.cert.pem to roles/mail_server/molecule/default/tests/data/x509/parameters-optional-stretch64_imap.cert.pem
roles/mail_server/molecule/default/tests/data/x509/parameters-optional-stretch64_imap.key.pem
Show inline comments
 
file renamed from roles/mail_server/molecule/default/tests/data/x509/parameters-optional_imap.key.pem to roles/mail_server/molecule/default/tests/data/x509/parameters-optional-stretch64_imap.key.pem
roles/mail_server/molecule/default/tests/data/x509/parameters-optional-stretch64_smtp.cert.pem
Show inline comments
 
file renamed from roles/mail_server/molecule/default/tests/data/x509/parameters-optional_smtp.cert.pem to roles/mail_server/molecule/default/tests/data/x509/parameters-optional-stretch64_smtp.cert.pem
roles/mail_server/molecule/default/tests/data/x509/parameters-optional-stretch64_smtp.key.pem
Show inline comments
 
file renamed from roles/mail_server/molecule/default/tests/data/x509/parameters-optional_smtp.key.pem to roles/mail_server/molecule/default/tests/data/x509/parameters-optional-stretch64_smtp.key.pem
roles/mail_server/molecule/default/tests/test_default.py
Show inline comments
 
@@ -408,3 +408,42 @@ def test_imap_server_uses_correct_dh_parameters(host):
 
                          "--priority 'NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA384:+DHE-RSA:+SHA384:+AEAD:+AES-256-GCM' localhost")
 

			




	
	
	
		
 
    assert " - Using prime: 2048 bits" in connection.stdout

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_imap_and_smtp_tls_files(host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if IMAP and SMTP TLS private keys and certificates have been

			




	
	
	
		
 
    deployed correctly.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    hostname = host.run('hostname').stdout.strip()

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/private/%s_smtp.key' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o640

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/%s_smtp.key.pem" % hostname, "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/certs/%s_smtp.pem' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o644

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/%s_smtp.cert.pem" % hostname, "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/private/%s_imap.key' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o640

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/%s_imap.key.pem" % hostname, "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/certs/%s_imap.pem' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o644

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/%s_imap.cert.pem" % hostname, "r").read().rstrip()

			




        

    


    
    

    

        

                

                    roles/mail_server/molecule/default/tests/test_mandatory.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -7,44 +7,6 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

			




	
	
	
		
 
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-mandatory')

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_smtp_tls_files(host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if SMTP TLS private key has been deployed correctly.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    hostname = host.run('hostname').stdout.strip()

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/private/%s_smtp.key' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o640

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/%s_smtp.key.pem" % hostname, "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/certs/%s_smtp.pem' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o644

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/%s_smtp.cert.pem" % hostname, "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/private/%s_imap.key' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o640

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/%s_imap.key.pem" % hostname, "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/certs/%s_imap.pem' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o644

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/%s_imap.cert.pem" % hostname, "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_certificate_validity_check_configuration(host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if certificate validity check configuration file has been deployed

			




        

    


    
    

    

        

                

                    roles/mail_server/molecule/default/tests/test_optional.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -10,44 +10,6 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

			




	
	
	
		
 
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_smtp_tls_files(host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if SMTP TLS private key has been deployed correctly.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    hostname = host.run('hostname').stdout.strip()

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/private/%s_smtp.key' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o640

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/parameters-optional_smtp.key.pem", "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/certs/%s_smtp.pem' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o644

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/parameters-optional_smtp.cert.pem", "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/private/%s_imap.key' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o640

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/parameters-optional_imap.key.pem", "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/certs/%s_imap.pem' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o644

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/parameters-optional_imap.cert.pem", "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_certificate_validity_check_configuration(host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if certificate validity check configuration file has been deployed

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.