- name: Prepare, helpers

  hosts: clients

  become: true

  tasks:

    - name: Install SWAKS for testing SMTP capability

      ansible.builtin.apt:

        name: swaks

        state: present

    - name: Install tool for testing TCP connectivity

      ansible.builtin.apt:

        state: present

    - name: Deploy CA certificate

      ansible.builtin.copy:

        src: tests/data/x509/ca/level1.cert.pem

        dest: /usr/local/share/ca-certificates/testca.crt

        owner: root

        group: root

        mode: "0644"

      notify:

        - Update CA certificate cache

    - name: Deploy Postfix configuration

      ansible.builtin.copy:

        src: tests/data/main.cf

        dest: /etc/postfix/main.cf

        owner: root

        group: root

        mode: "0644"

      notify:

        - Restart Postfix

    - name: Install tool for testing TCP connectivity

      ansible.builtin.apt:

        state: present

    - name: Install SWAKS for testing SMTP capability

      ansible.builtin.apt:

        name: swaks

        state: present

    - name: Set-up port forwarding

      ansible.builtin.command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport 27 -j REDIRECT --to-ports 25"

      changed_when: false

  handlers:

@pytest.mark.parametrize("server",

                         sorted(

                             set(ansible_runner.get_hosts('all')) -

                             set(ansible_runner.get_hosts('helper'))))

def test_connectivity_from_client(host, server):

    """

    Tests connectivity towards mail forwarder servers from client

    (non-relay). Connectivity should fail for both.

    """

    with host.sudo():

@pytest.mark.parametrize("server",

                         ansible_runner.get_hosts('parameters-optional'))

def test_connectivity_from_authorised_relay(host, server):

    """

    Tests connectivity towards mail forwarder servers from authorised

    relay.

    """

    with host.sudo():

@pytest.mark.parametrize("server",

                         sorted(

                             set(ansible_runner.get_hosts('parameters-mandatory')) |

                             set(ansible_runner.get_hosts('parameters-no-incoming'))))

def test_connectivity_from_unauthorised_relay(host, server):

    """

    Tests connectivity towards mail forwarder servers from unauthorised

    relay.

    """

    with host.sudo():

@pytest.mark.parametrize("server",

                         ansible_runner.get_hosts('parameters-optional'))

def test_mail_reception_from_authorised_relay(host, server):

    """

    Tests if mails can be sent from relay to servers configured to use the

    relay.

    """

    send = host.run('swaks --suppress-data --to root@{server} --server {server}'.format(server=server))

    assert send.rc == 0