majic-ansible-roles Changeset

Changeset - be01ee86b9dd

Parent rev.

Child rev.

[Not reviewed]

0 7 0

Branko Majic (branko) - 4 years ago 2020-08-25 17:55:08
branko@majic.rs

MAR-162: Make the smtp_relay_truststore parameter mandatory in mail_forwarder role:

- Dropped the defaults from mail_forwarder role.
- Updated group variables in role tests.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameter.
- Deduplicated tests for the TLS files.

7 files changed with 9 insertions and 26 deletions:

docs/rolereference.rst

docs/usage.rst

roles/mail_forwarder/defaults/main.yml

roles/mail_forwarder/molecule/default/group_vars/parameters-mandatory.yml

roles/mail_forwarder/molecule/default/tests/test_default.py

roles/mail_forwarder/molecule/default/tests/test_mandatory.py

roles/mail_forwarder/molecule/default/tests/test_optional.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1306,13 +1306,13 @@ Parameters @@
 **smtp_relay_host** (string, optional, ``None``)
   SMTP server via which the mails are sent out for non-local recipients.
 **smtp_relay_host_port** (integer, optional, ``None``)
   Port to use when connecting to the SMTP relay host.
-**smtp_relay_truststore** (string, optional, ``{{ lookup('file', tls_certificate_dir + '/truststore.pem') }}``)
+**smtp_relay_truststore** (string, mandatory)
   X.509 certificate chain used for issuing certificate for the SMTP relay
   service. The file will be stored in location
   ``/etc/ssl/certs/smtp_relay_truststore.pem``
 Distribution compatibility

docs/usage.rst

➞

Show inline comments

 . The next thing is to set-up the configuration for the new role. We can define
    this globally for all servers
    :file:`~/mysite/group_vars/all.yml`
    ::
       # First, let's make sure any mails directed to localhost root account get
       # Define what X.509 certificates should be used for validating
       # the certificate of server we are relaying the mails through.
       smtp_relay_truststore: "{{ lookup('file', '~/mysite/tls/truststore.pem') }}"
       # Make sure any mails directed to localhost root account get
       # forwarded to one of our mail users as well.
       local_mail_aliases:
         root: root john.doe@example.com
       # Now signal the local SMTP to relay any non-local mails via our
       # communications server. Don't forget to specify your own IP address (or

roles/mail_forwarder/defaults/main.yml

➞

Show inline comments

 ---
 local_mail_aliases: {}
 smtp_from_relay_allowed: true
 smtp_relay_host: ""
 smtp_relay_truststore: "{{ lookup('file', tls_certificate_dir + '/truststore.pem') }}"
 smtp_relay_host_port: null
 mail_message_size_limit: 10240000

roles/mail_forwarder/molecule/default/group_vars/parameters-mandatory.yml

➞

Show inline comments

 ---
 # Global common parameters.
 tls_certificate_dir: tests/data/x509/
 smtp_relay_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

roles/mail_forwarder/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -24,21 +24,22 @@ def test_removed_packages(host): @@
     assert not host.package('exim4').is_installed
 def test_smtp_relay_truststore_file(host):
     """
     Tests if SMTP relay truststore has correct permissions
+    Tests if SMTP relay truststore has correct permissions and content.
     """
     truststore = host.file('/etc/ssl/certs/smtp_relay_truststore.pem')
     assert truststore.is_file
     assert truststore.user == 'root'
     assert truststore.group == 'root'
     assert truststore.mode == 0o644
     assert truststore.content_string == open("tests/data/x509/truststore.pem", "r").read().rstrip()
 def test_smtp_mailname(host):
     """
     Tests if SMTP mailname configuration file has correct permissions.
     """

roles/mail_forwarder/molecule/default/tests/test_mandatory.py

➞

Show inline comments

@@ @@ -6,22 +6,12 @@ import testinfra.utils.ansible_runner @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-mandatory')
 def test_smtp_relay_truststore_file(host):
     """
     Tests if SMTP relay truststore has correct content.
     """
     truststore = host.file('/etc/ssl/certs/smtp_relay_truststore.pem')
     assert truststore.content_string == open("tests/data/x509/truststore.pem", "r").read().rstrip()
 def test_smtp_mailname(host):
     """
     Tests if SMTP mailname configuration file has correct content.
     """
     hostname = host.run('hostname').stdout.strip()

roles/mail_forwarder/molecule/default/tests/test_optional.py

➞

Show inline comments

@@ @@ -6,22 +6,12 @@ import testinfra.utils.ansible_runner @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')
 def test_smtp_relay_truststore_file(host):
     """
     Tests if SMTP relay truststore has correct content.
     """
     truststore = host.file('/etc/ssl/certs/smtp_relay_truststore.pem')
     assert truststore.content_string == open("tests/data/x509/ca.cert.pem", "r").read().rstrip()
 def test_smtp_mailname(host):
     """
     Tests if SMTP mailname has been configured correctly.
     """
     hostname = host.run('hostname').stdout.strip()

0 comments (0 inline, 0 general)