majic-ansible-roles Changeset

Changeset - d7f5980cc68a

Parent rev.

Child rev.

[Not reviewed]

! ! !

Branko Majic (branko) - 6 years ago 2017-11-26 18:01:29
branko@majic.rs

MAR-128: Upgraded tests for mail_server role:

- Switch to new Molecule configuration.
- Updated set-up playbook to use become: yes.
- Moved some preparatory steps outside of the main playbook (eases
idempotence tests).
- Updated tests to reference the yml inventory file.
- Updated tests to use new fixture (host instead of individual ones).
- Switched to extracting hostname instead of hard-coding it in a
couple of tests.
- Fixed some linting issues.
- Renamed the hosts to make it easier to extend in future.
- Renamed some data files to ensure they correspond correctly to new
hostnames.
- Rewrote logic behind setting-up the /etc/hosts a bit, and expanded
the names to include the new hostnames.
- Updated a couple of tests to correspond to correct filenames (that
have been renamed).
- Updated a couple of tests to address the new server naming.
- Set explicitly the backup client username to avoid 32-charactr
limitation on Linux usernames.

41 files changed with 544 insertions and 412 deletions:

roles/mail_server/defaults/main.yml

roles/mail_server/molecule.yml

roles/mail_server/molecule/default/create.yml

roles/mail_server/molecule/default/destroy.yml

roles/mail_server/molecule/default/molecule.yml

roles/mail_server/molecule/default/playbook.yml

roles/mail_server/molecule/default/prepare.yml

roles/mail_server/molecule/default/tests/data/gnupg/parameters-optional.asc

rename

roles/mail_server/molecule/default/tests/data/imapcli-parameters-mandatory-jane_doe.conf

rename

roles/mail_server/molecule/default/tests/data/imapcli-parameters-mandatory-john_doe.conf

rename

roles/mail_server/molecule/default/tests/data/imapcli-parameters-optional-jane_doe.conf

rename

roles/mail_server/molecule/default/tests/data/imapcli-parameters-optional-john_doe.conf

rename

roles/mail_server/molecule/default/tests/data/ssh/parameters-optional

rename

roles/mail_server/molecule/default/tests/data/ssh/parameters-optional.pub

rename

roles/mail_server/molecule/default/tests/data/ssh/server_dsa

rename

roles/mail_server/molecule/default/tests/data/ssh/server_dsa.pub

rename

roles/mail_server/molecule/default/tests/data/ssh/server_ecdsa

rename

roles/mail_server/molecule/default/tests/data/ssh/server_ecdsa.pub

rename

roles/mail_server/molecule/default/tests/data/ssh/server_ed25519

rename

roles/mail_server/molecule/default/tests/data/ssh/server_ed25519.pub

rename

roles/mail_server/molecule/default/tests/data/ssh/server_rsa

rename

roles/mail_server/molecule/default/tests/data/ssh/server_rsa.pub

rename

roles/mail_server/molecule/default/tests/data/x509/ca.cert.pem

rename

roles/mail_server/molecule/default/tests/data/x509/ca.key.pem

rename

roles/mail_server/molecule/default/tests/data/x509/ldap-server_ldap.cert.pem

rename

roles/mail_server/molecule/default/tests/data/x509/ldap-server_ldap.key.pem

rename

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_imap.key

rename

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_imap.pem

rename

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_smtp.key

rename

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_smtp.pem

rename

roles/mail_server/molecule/default/tests/data/x509/parameters-optional_imap.cert.pem

rename

roles/mail_server/molecule/default/tests/data/x509/parameters-optional_imap.key.pem

rename

roles/mail_server/molecule/default/tests/data/x509/parameters-optional_smtp.cert.pem

rename

roles/mail_server/molecule/default/tests/data/x509/parameters-optional_smtp.key.pem

rename

roles/mail_server/molecule/default/tests/data/x509/truststore.pem

rename

roles/mail_server/molecule/default/tests/test_backup.py

roles/mail_server/molecule/default/tests/test_client1.py

roles/mail_server/molecule/default/tests/test_client2.py

roles/mail_server/molecule/default/tests/test_default.py

roles/mail_server/molecule/default/tests/test_mandatory.py

roles/mail_server/molecule/default/tests/test_optional.py

0 comments (0 inline, 0 general)

roles/mail_server/defaults/main.yml

➞

Show inline comments

@@ @@ -15,4 +15,4 @@ local_mail_aliases: {} @@
 imap_max_user_connections_per_ip: 10
 mail_server_tls_protocols:
   - "TLSv1.2"
 mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!MD5:!EXPORT"
@@ \ No newline at end of file @@
 mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!MD5:!EXPORT"

roles/mail_server/molecule.yml

➞

Show inline comments

deleted file

roles/mail_server/molecule/default/create.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - name: Create
   hosts: localhost
   connection: local
   gather_facts: False
   no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
   vars:
     molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
     molecule_instance_config: "{{ lookup('env', 'MOLECULE_INSTANCE_CONFIG') }}"
     molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
   tasks:
     - name: Create molecule instance(s)
       molecule_vagrant:
         instance_name: "{{ item.name }}"
         instance_interfaces: "{{ item.interfaces | default(omit) }}"
         instance_raw_config_args: "{{ item.instance_raw_config_args | default(omit) }}"
         platform_box: "{{ item.box }}"
         platform_box_version: "{{ item.box_version | default(omit) }}"
         platform_box_url: "{{ item.box_url | default(omit) }}"
         provider_name: "{{ molecule_yml.driver.provider.name }}"
         provider_memory: "{{ item.memory | default(omit) }}"
         provider_cpus: "{{ item.cpus | default(omit) }}"
         provider_raw_config_args: "{{ item.raw_config_args | default(omit) }}"
         state: up
       register: server
       with_items: "{{ molecule_yml.platforms }}"
     # Mandatory configuration for Molecule to function.
     - name: Populate instance config dict
       set_fact:
         instance_conf_dict: {
           'instance': "{{ item.Host }}",
           'address': "{{ item.HostName }}",
           'user': "{{ item.User }}",
           'port': "{{ item.Port }}",
           'identity_file': "{{ item.IdentityFile }}", }
       with_items: "{{ server.results }}"
       register: instance_config_dict
       when: server.changed | bool
     - name: Convert instance config dict to a list
       set_fact:
         instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
       when: server.changed | bool
     - name: Dump instance config
       copy:
         # NOTE(retr0h): Workaround for Ansible 2.2.
         #               https://github.com/ansible/ansible/issues/20885
         content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}"
         dest: "{{ molecule_instance_config }}"
       when: server.changed | bool

roles/mail_server/molecule/default/destroy.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - name: Destroy
   hosts: localhost
   connection: local
   gather_facts: False
   no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
   vars:
     molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
     molecule_instance_config: "{{ lookup('env',' MOLECULE_INSTANCE_CONFIG') }}"
     molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
   tasks:
     - name: Destroy molecule instance(s)
       molecule_vagrant:
         instance_name: "{{ item.name }}"
         platform_box: "{{ item.box }}"
         provider_name: "{{ molecule_yml.driver.provider.name }}"
         force_stop: "{{ item.force_stop | default(True) }}"
         state: destroy
       register: server
       with_items: "{{ molecule_yml.platforms }}"
     # Mandatory configuration for Molecule to function.
     - name: Populate instance config
       set_fact:
         instance_conf: {}
     - name: Dump instance config
       copy:
         # NOTE(retr0h): Workaround for Ansible 2.2.
         #               https://github.com/ansible/ansible/issues/20885
         content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}"
         dest: "{{ molecule_instance_config }}"
       when: server.changed | bool

roles/mail_server/molecule/default/molecule.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 dependency: {}
 driver:
   name: vagrant
   provider:
     name: virtualbox
 lint:
   name: yamllint
 platforms:
   - name: ldap-server
     box: debian/contrib-jessie64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.10
         network_name: private_network
         type: static
   - name: client1
     groups:
       - client
     box: debian/contrib-jessie64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.20
         network_name: private_network
         type: static
   - name: client2
     groups:
       - client
     box: debian/contrib-jessie64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.21
         network_name: private_network
         type: static
   - name: parameters-mandatory-jessie64
     groups:
       - parameters-mandatory
     box: debian/contrib-jessie64
     memory: 512
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.30
         network_name: private_network
         type: static
   - name: parameters-optional-jessie64
     groups:
       - parameters-optional
     box: debian/contrib-jessie64
     memory: 512
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.31
         network_name: private_network
         type: static
 provisioner:
   name: ansible
   config_options:
     ssh_connection:
       pipelining: "True"
   lint:
     name: ansible-lint
 scenario:
   name: default
 verifier:
   name: testinfra
   lint:
     name: flake8

roles/mail_server/molecule/default/playbook.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - hosts: parameters-mandatory
   become: yes
   roles:
     - role: mail_server
       mail_ldap_base_dn: dc=local
       mail_ldap_url: ldap://ldap-server/
       mail_ldap_postfix_password: postfixpassword
       mail_ldap_dovecot_password: dovecotpassword
       # Common parameters (general, not role).
       tls_certificate_dir: tests/data/x509/
       tls_private_key_dir: tests/data/x509/
       # common
       ca_certificates:
         testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
 - hosts: parameters-optional
   become: yes
   roles:
     - role: mail_server
       mail_ldap_base_dn: dc=local
       mail_ldap_url: ldap://ldap-server/
       mail_ldap_tls_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
       mail_ldap_postfix_password: postfixpassword
       mail_ldap_dovecot_password: dovecotpassword
       mail_server_tls_protocols:
         - TLSv1.2
         - TLSv1.1
       mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:!aNULL:!MD5:!EXPORT"
       mail_user: virtmail
       mail_user_uid: 5000
       mail_user_gid: 5000
       imap_max_user_connections_per_ip: 2
       imap_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_imap.cert.pem') }}"
       imap_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_imap.key.pem') }}"
       local_mail_aliases:
         root: "john.doe@domain1"
       smtp_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_smtp.cert.pem') }}"
       smtp_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_smtp.key.pem') }}"
       imap_folder_separator: "."
       smtp_rbl:
         - bl.spamcop.net
         - zen.spamhaus.org
       mail_postmaster: "webmaster@parameters-optional"
       smtp_allow_relay_from:
         - 10.31.127.20
       # common
       ca_certificates:
         testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
       # backup_client
       enable_backup: yes
       backup_client_username: bak-parameters-optional-j64
       backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
       backup_server: ldap-server
       backup_server_host_ssh_public_keys:
         - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
         - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
         - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
         - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
       backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"

roles/mail_server/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Prepare
   hosts: all
   gather_facts: False
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
       become: True
       changed_when: False
 - hosts: all
   become: yes
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
@@ @@ -9,20 +19,27 @@ @@
       changed_when: False
 - hosts: all
   become: yes
   tasks:
-    - name: Set-up /etc/hosts entries
+    - name: Set-up the hosts file
       lineinfile:
         dest: /etc/hosts
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .31.127.10: "ldap-server backup-server"
 .31.127.20: "client1"
 .31.127.21: "client2"
 .31.127.30: "parameters-mandatory"
 .31.127.31: "parameters-optional"
 .31.127.30: "parameters-mandatory parameters-mandatory-jessie64"
 .31.127.31: "parameters-optional parameters-optional-jessie64"
 - hosts: client1,client2
 - hosts: client
   become: yes
   tasks:
     - name: Install SWAKS for testing SMTP capability
@@ @@ -79,6 +96,7 @@ @@
       command: /usr/sbin/update-ca-certificates --fresh
 - hosts: ldap-server
   become: yes
   roles:
     - role: ldap_server
       ldap_admin_password: admin
@@ @@ -189,68 +207,6 @@ @@
         ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
         ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
       backup_clients:
         - server: parameters-optional
+        - server: parameters-optional-j64
           ip: 10.31.127.31
           public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
 - hosts: parameters-mandatory
   roles:
     - role: mail_server
       mail_ldap_base_dn: dc=local
       mail_ldap_url: ldap://ldap-server/
       mail_ldap_postfix_password: postfixpassword
       mail_ldap_dovecot_password: dovecotpassword
       # Common parameters (general, not role).
       tls_certificate_dir: tests/data/x509/
       tls_private_key_dir: tests/data/x509/
       # common
       ca_certificates:
         testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
 - hosts: parameters-optional
   roles:
     - role: mail_server
       mail_ldap_base_dn: dc=local
       mail_ldap_url: ldap://ldap-server/
       mail_ldap_tls_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
       mail_ldap_postfix_password: postfixpassword
       mail_ldap_dovecot_password: dovecotpassword
       mail_server_tls_protocols:
         - TLSv1.2
         - TLSv1.1
       mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:!aNULL:!MD5:!EXPORT"
       mail_user: virtmail
       mail_user_uid: 5000
       mail_user_gid: 5000
       imap_max_user_connections_per_ip: 2
       imap_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_imap.cert.pem') }}"
       imap_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_imap.key.pem') }}"
       local_mail_aliases:
         root: "john.doe@domain1"
       smtp_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_smtp.cert.pem') }}"
       smtp_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_smtp.key.pem') }}"
       imap_folder_separator: "."
       smtp_rbl:
         - bl.spamcop.net
         - zen.spamhaus.org
       mail_postmaster: "webmaster@parameters-optional"
       smtp_allow_relay_from:
         - 10.31.127.20
       # common
       ca_certificates:
         testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
       # backup_client
       enable_backup: yes
       backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
       backup_server: ldap-server
       backup_server_host_ssh_public_keys:
         - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
         - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
         - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
         - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
       backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"

roles/mail_server/molecule/default/tests/data/gnupg/parameters-optional.asc

➞

Show inline comments

file renamed from roles/mail_server/tests/data/gnupg/parameters-optional.asc to roles/mail_server/molecule/default/tests/data/gnupg/parameters-optional.asc

roles/mail_server/molecule/default/tests/data/imapcli-parameters-mandatory-jane_doe.conf

➞

Show inline comments

file renamed from roles/mail_server/tests/data/imapcli-parameters-mandatory-jane_doe.conf to roles/mail_server/molecule/default/tests/data/imapcli-parameters-mandatory-jane_doe.conf

roles/mail_server/molecule/default/tests/data/imapcli-parameters-mandatory-john_doe.conf

➞

Show inline comments

file renamed from roles/mail_server/tests/data/imapcli-parameters-mandatory-john_doe.conf to roles/mail_server/molecule/default/tests/data/imapcli-parameters-mandatory-john_doe.conf

roles/mail_server/molecule/default/tests/data/imapcli-parameters-optional-jane_doe.conf

➞

Show inline comments

file renamed from roles/mail_server/tests/data/imapcli-parameters-optional-jane_doe.conf to roles/mail_server/molecule/default/tests/data/imapcli-parameters-optional-jane_doe.conf

roles/mail_server/molecule/default/tests/data/imapcli-parameters-optional-john_doe.conf

➞

Show inline comments

file renamed from roles/mail_server/tests/data/imapcli-parameters-optional-john_doe.conf to roles/mail_server/molecule/default/tests/data/imapcli-parameters-optional-john_doe.conf

roles/mail_server/molecule/default/tests/data/ssh/parameters-optional

➞

Show inline comments

file renamed from roles/mail_server/tests/data/ssh/parameters-optional to roles/mail_server/molecule/default/tests/data/ssh/parameters-optional

roles/mail_server/molecule/default/tests/data/ssh/parameters-optional.pub

➞

Show inline comments

file renamed from roles/mail_server/tests/data/ssh/parameters-optional.pub to roles/mail_server/molecule/default/tests/data/ssh/parameters-optional.pub

roles/mail_server/molecule/default/tests/data/ssh/server_dsa

➞

Show inline comments

file renamed from roles/mail_server/tests/data/ssh/server_dsa to roles/mail_server/molecule/default/tests/data/ssh/server_dsa

roles/mail_server/molecule/default/tests/data/ssh/server_dsa.pub

➞

Show inline comments

file renamed from roles/mail_server/tests/data/ssh/server_dsa.pub to roles/mail_server/molecule/default/tests/data/ssh/server_dsa.pub

roles/mail_server/molecule/default/tests/data/ssh/server_ecdsa

➞

Show inline comments

file renamed from roles/mail_server/tests/data/ssh/server_ecdsa to roles/mail_server/molecule/default/tests/data/ssh/server_ecdsa

roles/mail_server/molecule/default/tests/data/ssh/server_ecdsa.pub

➞

Show inline comments

file renamed from roles/mail_server/tests/data/ssh/server_ecdsa.pub to roles/mail_server/molecule/default/tests/data/ssh/server_ecdsa.pub

roles/mail_server/molecule/default/tests/data/ssh/server_ed25519

➞

Show inline comments

file renamed from roles/mail_server/tests/data/ssh/server_ed25519 to roles/mail_server/molecule/default/tests/data/ssh/server_ed25519

roles/mail_server/molecule/default/tests/data/ssh/server_ed25519.pub

➞

Show inline comments

file renamed from roles/mail_server/tests/data/ssh/server_ed25519.pub to roles/mail_server/molecule/default/tests/data/ssh/server_ed25519.pub

roles/mail_server/molecule/default/tests/data/ssh/server_rsa

➞

Show inline comments

file renamed from roles/mail_server/tests/data/ssh/server_rsa to roles/mail_server/molecule/default/tests/data/ssh/server_rsa

roles/mail_server/molecule/default/tests/data/ssh/server_rsa.pub

➞

Show inline comments

file renamed from roles/mail_server/tests/data/ssh/server_rsa.pub to roles/mail_server/molecule/default/tests/data/ssh/server_rsa.pub

roles/mail_server/molecule/default/tests/data/x509/ca.cert.pem

➞

Show inline comments

file renamed from roles/mail_server/tests/data/x509/ca.cert.pem to roles/mail_server/molecule/default/tests/data/x509/ca.cert.pem

roles/mail_server/molecule/default/tests/data/x509/ca.key.pem

➞

Show inline comments

file renamed from roles/mail_server/tests/data/x509/ca.key.pem to roles/mail_server/molecule/default/tests/data/x509/ca.key.pem

roles/mail_server/molecule/default/tests/data/x509/ldap-server_ldap.cert.pem

➞

Show inline comments

file renamed from roles/mail_server/tests/data/x509/ldap-server_ldap.cert.pem to roles/mail_server/molecule/default/tests/data/x509/ldap-server_ldap.cert.pem

roles/mail_server/molecule/default/tests/data/x509/ldap-server_ldap.key.pem

➞

Show inline comments

file renamed from roles/mail_server/tests/data/x509/ldap-server_ldap.key.pem to roles/mail_server/molecule/default/tests/data/x509/ldap-server_ldap.key.pem

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_imap.key

➞

Show inline comments

file renamed from roles/mail_server/tests/data/x509/parameters-mandatory_imap.key to roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_imap.key

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_imap.pem

➞

Show inline comments

file renamed from roles/mail_server/tests/data/x509/parameters-mandatory_imap.pem to roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_imap.pem

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_smtp.key

➞

Show inline comments

file renamed from roles/mail_server/tests/data/x509/parameters-mandatory_smtp.key to roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_smtp.key

roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_smtp.pem

➞

Show inline comments

file renamed from roles/mail_server/tests/data/x509/parameters-mandatory_smtp.pem to roles/mail_server/molecule/default/tests/data/x509/parameters-mandatory-jessie64_smtp.pem

roles/mail_server/molecule/default/tests/data/x509/parameters-optional_imap.cert.pem

➞

Show inline comments

file renamed from roles/mail_server/tests/data/x509/parameters-optional_imap.cert.pem to roles/mail_server/molecule/default/tests/data/x509/parameters-optional_imap.cert.pem

roles/mail_server/molecule/default/tests/data/x509/parameters-optional_imap.key.pem

➞

Show inline comments

file renamed from roles/mail_server/tests/data/x509/parameters-optional_imap.key.pem to roles/mail_server/molecule/default/tests/data/x509/parameters-optional_imap.key.pem

roles/mail_server/molecule/default/tests/data/x509/parameters-optional_smtp.cert.pem

➞

Show inline comments

file renamed from roles/mail_server/tests/data/x509/parameters-optional_smtp.cert.pem to roles/mail_server/molecule/default/tests/data/x509/parameters-optional_smtp.cert.pem

roles/mail_server/molecule/default/tests/data/x509/parameters-optional_smtp.key.pem

➞

Show inline comments

file renamed from roles/mail_server/tests/data/x509/parameters-optional_smtp.key.pem to roles/mail_server/molecule/default/tests/data/x509/parameters-optional_smtp.key.pem

roles/mail_server/molecule/default/tests/data/x509/truststore.pem

➞

Show inline comments

file renamed from roles/mail_server/tests/data/x509/truststore.pem to roles/mail_server/molecule/default/tests/data/x509/truststore.pem

roles/mail_server/molecule/default/tests/test_backup.py

➞

Show inline comments

 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('parameters-optional')
+    '.molecule/ansible_inventory.yml').get_hosts('parameters-optional')
-def test_backup(Command, File, Sudo):
+def test_backup(host):
     """
     Tests if mail directory is correctly backed-up.
     """
     # Deliver two mails in order to make sure the directory structure is
     # created.
-    send = Command('swaks --suppress-data --to john.doe@domain1 --server localhost')
+    send = host.run('swaks --suppress-data --to john.doe@domain1 --server localhost')
     assert send.rc == 0
-    send = Command('swaks --suppress-data --to jane.doe@domain2 --server localhost')
+    send = host.run('swaks --suppress-data --to jane.doe@domain2 --server localhost')
     assert send.rc == 0
-    with Sudo():
+    with host.sudo():
         # Remove restore directory in order to make sure restore has worked
         # correctly.
-        Command("rm -rf /root/restore")
+        host.run("rm -rf /root/restore")
-        backup_run = Command('duply main backup')
+        backup_run = host.run('duply main backup')
         assert backup_run.rc == 0
-        restore_run = Command('duply main restore /root/restore')
+        restore_run = host.run('duply main restore /root/restore')
         assert restore_run.rc == 0
         for directory_path in ["/root/restore/var/virtmail/domain1",
@@ @@ -35,7 +35,7 @@ def test_backup(Command, File, Sudo): @@
                                "/root/restore/var/virtmail/domain2/jane.doe",
                                "/root/restore/var/virtmail/domain2/jane.doe/Maildir"]:
-            directory = File(directory_path)
+            directory = host.file(directory_path)
             assert directory.is_directory
             assert directory.user == "virtmail"

roles/mail_server/molecule/default/tests/test_client1.py

➞

Show inline comments

 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('client1')
+    '.molecule/ansible_inventory.yml').get_hosts('client1')
-def test_open_relay(Command):
+def test_open_relay(host):
     """
     Tests if mail server behaves as open relay.
     """
     no_recipients_accepted = 24
-    send = Command('swaks --suppress-data --to root@client1 --server parameters-mandatory')
+    send = host.run('swaks --suppress-data --to root@client1 --server parameters-mandatory')
     assert send.rc == no_recipients_accepted
     assert "Relay access denied" in send.stdout
-def test_allowed_relay(Command):
+def test_allowed_relay(host):
     """
     Tests if mail server allows relaying from configured IPs/networks.
     """
-    send = Command('swaks --suppress-data --to root@client1 --server parameters-optional')
+    send = host.run('swaks --suppress-data --to root@client1 --server parameters-optional')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout

roles/mail_server/molecule/default/tests/test_client2.py

➞

Show inline comments

@@ @@ -4,34 +4,34 @@ import testinfra.utils.ansible_runner @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('client2')
+    '.molecule/ansible_inventory.yml').get_hosts('client2')
-def test_open_relay(Command):
+def test_open_relay(host):
     """
     Tests if mail server behaves as open relay.
     """
     no_recipients_accepted = 24
-    send = Command('swaks --suppress-data --to root@client1 --server parameters-mandatory')
+    send = host.run('swaks --suppress-data --to root@client1 --server parameters-mandatory')
     assert send.rc == no_recipients_accepted
     assert "Relay access denied" in send.stdout
-    send = Command('swaks --suppress-data --to root@client1 --server parameters-optional')
+    send = host.run('swaks --suppress-data --to root@client1 --server parameters-optional')
     assert send.rc == no_recipients_accepted
     assert "Relay access denied" in send.stdout
-    send = Command('swaks --port 27 --suppress-data --to root@client1 --server parameters-mandatory')
+    send = host.run('swaks --port 27 --suppress-data --to root@client1 --server parameters-mandatory')
     assert send.rc == no_recipients_accepted
     assert "Relay access denied" in send.stdout
-    send = Command('swaks --port 27 --suppress-data --to root@client1 --server parameters-optional')
+    send = host.run('swaks --port 27 --suppress-data --to root@client1 --server parameters-optional')
     assert send.rc == no_recipients_accepted
     assert "Relay access denied" in send.stdout
-def test_mail_delivery(Command):
+def test_mail_delivery(host):
     """
     Tests if mails can be delivered to valid accounts. Has to be run on client
     with no unauthenticated relay permissions.
@@ @@ -40,139 +40,139 @@ def test_mail_delivery(Command): @@
     no_recipients_accepted = 24
     # Valid accounts.
-    send = Command('swaks --suppress-data --to john.doe@domain1 --server parameters-mandatory')
+    send = host.run('swaks --suppress-data --to john.doe@domain1 --server parameters-mandatory')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
-    send = Command('swaks --suppress-data --to john.doe@domain1 --server parameters-optional')
+    send = host.run('swaks --suppress-data --to john.doe@domain1 --server parameters-optional')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
-    send = Command('swaks --suppress-data --to jane.doe@domain2 --server parameters-mandatory')
+    send = host.run('swaks --suppress-data --to jane.doe@domain2 --server parameters-mandatory')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
-    send = Command('swaks --suppress-data --to jane.doe@domain2 --server parameters-optional')
+    send = host.run('swaks --suppress-data --to jane.doe@domain2 --server parameters-optional')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
     # Invalid accounts.
-    send = Command('swaks --suppress-data --to john.doe@domain2 --server parameters-mandatory')
+    send = host.run('swaks --suppress-data --to john.doe@domain2 --server parameters-mandatory')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
-    send = Command('swaks --suppress-data --to john.doe@domain2 --server parameters-optional')
+    send = host.run('swaks --suppress-data --to john.doe@domain2 --server parameters-optional')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
-    send = Command('swaks --suppress-data --to jane.doe@domain1 --server parameters-mandatory')
+    send = host.run('swaks --suppress-data --to jane.doe@domain1 --server parameters-mandatory')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
-    send = Command('swaks --suppress-data --to jane.doe@domain1 --server parameters-optional')
+    send = host.run('swaks --suppress-data --to jane.doe@domain1 --server parameters-optional')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
     # Test for valid mail address that's not allowed by LDAP group membership.
-    send = Command('swaks --suppress-data --to nomail@domain1 --server parameters-mandatory')
+    send = host.run('swaks --suppress-data --to nomail@domain1 --server parameters-mandatory')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
-    send = Command('swaks --suppress-data --to nomail@domain1 --server parameters-optional')
+    send = host.run('swaks --suppress-data --to nomail@domain1 --server parameters-optional')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
     # Valid aliases.
-    send = Command('swaks --suppress-data --to postmaster@domain1 --server parameters-mandatory')
+    send = host.run('swaks --suppress-data --to postmaster@domain1 --server parameters-mandatory')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
-    send = Command('swaks --suppress-data --to postmaster@domain1 --server parameters-optional')
+    send = host.run('swaks --suppress-data --to postmaster@domain1 --server parameters-optional')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
-    send = Command('swaks --suppress-data --to webmaster@domain2 --server parameters-mandatory')
+    send = host.run('swaks --suppress-data --to webmaster@domain2 --server parameters-mandatory')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
-    send = Command('swaks --suppress-data --to webmaster@domain2 --server parameters-optional')
+    send = host.run('swaks --suppress-data --to webmaster@domain2 --server parameters-optional')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
     # Invalid aliases.
-    send = Command('swaks --suppress-data --to postmaster@domain2 --server parameters-mandatory')
+    send = host.run('swaks --suppress-data --to postmaster@domain2 --server parameters-mandatory')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
-    send = Command('swaks --suppress-data --to postmaster@domain2 --server parameters-optional')
+    send = host.run('swaks --suppress-data --to postmaster@domain2 --server parameters-optional')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
-    send = Command('swaks --suppress-data --to webmaster@domain1 --server parameters-mandatory')
+    send = host.run('swaks --suppress-data --to webmaster@domain1 --server parameters-mandatory')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
-    send = Command('swaks --suppress-data --to webmaster@domain1 --server parameters-optional')
+    send = host.run('swaks --suppress-data --to webmaster@domain1 --server parameters-optional')
     assert send.rc == no_recipients_accepted
     assert "Recipient address rejected: User unknown in virtual mailbox table" in send.stdout
-def test_smtp_authentication(Command):
+def test_smtp_authentication(host):
     """
     Tests if SMTP authentication works via TLS and allows sending mails to
     anywhere.
     """
-    send = Command('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
+    send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
-    send = Command('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
+    send = host.run('swaks -tls --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
-def test_smtp_authentication_requires_tls(Command):
+def test_smtp_authentication_requires_tls(host):
     """
     Tests if SMTP authentication requires TLS.
     """
     auth_error = 28
-    send = Command('swaks --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
+    send = host.run('swaks --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
     assert send.rc == auth_error
     assert "Host did not advertise authentication" in send.stderr
-    send = Command('swaks --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
+    send = host.run('swaks --port 587 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
     assert send.rc == auth_error
     assert "Host did not advertise authentication" in send.stderr
-def test_smtp_authentication_requires_submission_port(Command):
+def test_smtp_authentication_requires_submission_port(host):
     """
     Tests if SMTP authentication cannot be done on regular SMTP port.
     """
     auth_error = 28
-    send = Command('swaks --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
+    send = host.run('swaks --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
     assert send.rc == auth_error
     assert "Host did not advertise authentication" in send.stderr
-    send = Command('swaks -tls --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
+    send = host.run('swaks -tls --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
     assert send.rc == auth_error
     assert "Host did not advertise authentication" in send.stderr
-    send = Command('swaks --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
+    send = host.run('swaks --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
     assert send.rc == auth_error
     assert "Host did not advertise authentication" in send.stderr
-    send = Command('swaks -tls --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
+    send = host.run('swaks -tls --port 25 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
     assert send.rc == auth_error
     assert "Host did not advertise authentication" in send.stderr
-def test_dovecot_inbox_separator(Command):
+def test_dovecot_inbox_separator(host):
     """
     Tests if inbox separator has been configured correctly.
     """
@@ @@ -180,125 +180,125 @@ def test_dovecot_inbox_separator(Command): @@
     pattern_slash_separator = re.compile('WARNING:imap-cli:Ignoring "LIST" response part : \([^)]*\) "/" INBOX')
     pattern_dot_separator = re.compile('WARNING:imap-cli:Ignoring "LIST" response part : \([^)]*\) "\." INBOX')
-    status = Command("imapcli status -c ~/imapcli-parameters-mandatory-john_doe.conf")
+    status = host.run("imapcli status -c ~/imapcli-parameters-mandatory-john_doe.conf")
     assert pattern_slash_separator.search(status.stdout) is not None
-    status = Command("imapcli status -c ~/imapcli-parameters-optional-john_doe.conf")
+    status = host.run("imapcli status -c ~/imapcli-parameters-optional-john_doe.conf")
     assert pattern_dot_separator.search(status.stdout) is not None
-def test_imap_authentication_requires_tls(Command):
+def test_imap_authentication_requires_tls(host):
     """
     Tests if IMAP authentication requires TLS.
     """
     # No TLS.
-    command = Command("echo -e 'a0001 CAPABILITY\na0002 LOGOUT' | nc parameters-mandatory 143")
+    command = host.run("echo -e 'a0001 CAPABILITY\na0002 LOGOUT' | nc parameters-mandatory 143")
     assert command.rc == 0
     assert "LOGINDISABLED" in command.stdout
-    command = Command("echo -e 'a0001 CAPABILITY\na0002 LOGOUT' | nc parameters-optional 143")
+    command = host.run("echo -e 'a0001 CAPABILITY\na0002 LOGOUT' | nc parameters-optional 143")
     assert command.rc == 0
     assert "LOGINDISABLED" in command.stdout
     # STARTTLS.
-    command = Command("echo -e 'a0001 CAPABILITY\na0002 LOGOUT' | openssl s_client -quiet -connect parameters-mandatory:143 -starttls imap")
+    command = host.run("echo -e 'a0001 CAPABILITY\na0002 LOGOUT' | openssl s_client -quiet -connect parameters-mandatory:143 -starttls imap")
     assert command.rc == 0
     assert "LOGINDISABLED" not in command.stdout
-    command = Command("echo -e 'a0001 CAPABILITY\na0002 LOGOUT' | openssl s_client -quiet -connect parameters-optional:143 -starttls imap")
+    command = host.run("echo -e 'a0001 CAPABILITY\na0002 LOGOUT' | openssl s_client -quiet -connect parameters-optional:143 -starttls imap")
     assert command.rc == 0
     assert "LOGINDISABLED" not in command.stdout
     # TLS.
-    command = Command("echo -e 'a0001 CAPABILITY\na0002 LOGOUT' | openssl s_client -quiet -connect parameters-mandatory:993")
+    command = host.run("echo -e 'a0001 CAPABILITY\na0002 LOGOUT' | openssl s_client -quiet -connect parameters-mandatory:993")
     assert command.rc == 0
     assert "LOGINDISABLED" not in command.stdout
-    command = Command("echo -e 'a0001 CAPABILITY\na0002 LOGOUT' | openssl s_client -quiet -connect parameters-optional:993")
+    command = host.run("echo -e 'a0001 CAPABILITY\na0002 LOGOUT' | openssl s_client -quiet -connect parameters-optional:993")
     assert command.rc == 0
     assert "LOGINDISABLED" not in command.stdout
-def test_sieve_authentication_requires_tls(Command):
+def test_sieve_authentication_requires_tls(host):
     """
     Tests if SIEVE authentication requires TLS.
     """
     # No TLS.
-    command = Command("echo 'LOGOUT' | nc parameters-mandatory 4190")
+    command = host.run("echo 'LOGOUT' | nc parameters-mandatory 4190")
     assert command.rc == 0
     assert "PLAIN LOGIN" not in command.stdout
-    command = Command("echo 'LOGOUT' | nc parameters-optional 4190")
+    command = host.run("echo 'LOGOUT' | nc parameters-optional 4190")
     assert command.rc == 0
     assert "PLAIN LOGIN" not in command.stdout
     # STARTTLS
-    command = Command("echo 'johnpassword' | sieve-connect -u john.doe@domain1 --password 0 --server parameters-mandatory --port 4190 --list")
+    command = host.run("echo 'johnpassword' | sieve-connect -u john.doe@domain1 --password 0 --server parameters-mandatory --port 4190 --list")
     assert command.rc == 0
-    command = Command("echo 'johnpassword' | sieve-connect -u john.doe@domain1 --password 0 --server parameters-optional --port 4190 --list")
+    command = host.run("echo 'johnpassword' | sieve-connect -u john.doe@domain1 --password 0 --server parameters-optional --port 4190 --list")
     assert command.rc == 0
-def test_connectivity(Command, Sudo):
+def test_connectivity(host):
     """
     Tests connectivity to the mail server (ports that should be reachable).
     """
-    with Sudo():
+    with host.sudo():
         for server in ["parameters-mandatory",
                        "parameters-optional"]:
             for port in [25, 26, 27, 587, 143, 993, 4190]:
-                ping = Command('hping3 -S -p %d -c 1 %s' % (port, server))
+                ping = host.run('hping3 -S -p %d -c 1 %s' % (port, server))
                 assert ping.rc == 0
-def test_port_forwarding(Command, Sudo):
+def test_port_forwarding(host):
     """
     Tests if port forwarding is set-up correctly for additional SMTP and
     submission ports.
     """
     # Regular SMTP.
-    send = Command('swaks -tls --port 27 --to john.doe@domain1 --server parameters-mandatory')
+    send = host.run('swaks -tls --port 27 --to john.doe@domain1 --server parameters-mandatory')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
-    send = Command('swaks -tls --port 27 --to john.doe@domain1 --server parameters-optional')
+    send = host.run('swaks -tls --port 27 --to john.doe@domain1 --server parameters-optional')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
     # Submission port.
-    send = Command('swaks -tls --port 26 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
+    send = host.run('swaks -tls --port 26 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-mandatory')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
-    send = Command('swaks -tls --port 26 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
+    send = host.run('swaks -tls --port 26 --auth-user john.doe@domain1 --auth-password johnpassword --to root@client1 --server parameters-optional')
     assert send.rc == 0
     assert "Ok: queued as" in send.stdout
-def test_dovecot_sieve(Command):
+def test_dovecot_sieve(host):
     """
     Tests if Sieve service is available.
     """
     # Test valid users.
-    command = Command('echo johnpassword | sieve-connect --list -s parameters-mandatory -p 4190 -u john.doe@domain1 --password 0')
+    command = host.run('echo johnpassword | sieve-connect --list -s parameters-mandatory -p 4190 -u john.doe@domain1 --password 0')
     assert command.rc == 0
-    command = Command('echo janepassword | sieve-connect --list -s parameters-optional -p 4190 -u jane.doe@domain2 --password 0')
+    command = host.run('echo janepassword | sieve-connect --list -s parameters-optional -p 4190 -u jane.doe@domain2 --password 0')
     assert command.rc == 0
     # Test invalid users.
-    command = Command('echo johnpassword | sieve-connect --list -s parameters-mandatory -p 4190 -u john.doe@domain2 --password 0')
+    command = host.run('echo johnpassword | sieve-connect --list -s parameters-mandatory -p 4190 -u john.doe@domain2 --password 0')
     assert command.rc != 0
     assert "Authentication refused by server" in command.stderr
-    command = Command('echo janepassword | sieve-connect --list -s parameters-optional -p 4190 -u jane.doe@domain1 --password 0')
+    command = host.run('echo janepassword | sieve-connect --list -s parameters-optional -p 4190 -u jane.doe@domain1 --password 0')
     assert command.rc != 0
     assert "Authentication refused by server" in command.stderr

roles/mail_server/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -4,56 +4,56 @@ import testinfra.utils.ansible_runner @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    '.molecule/ansible_inventory').get_hosts(['parameters-mandatory', 'parameters-optiona'])
+    '.molecule/ansible_inventory.yml').get_hosts(['parameters-mandatory', 'parameters-optional'])
-def test_installed_packages(Package):
+def test_installed_packages(host):
     """
     Tests if the necessary packages have been installed.
     """
     assert Package('rsync').is_installed
     assert Package('dovecot-imapd').is_installed
     assert Package('dovecot-ldap').is_installed
     assert Package('dovecot-sieve').is_installed
     assert Package('dovecot-managesieved').is_installed
     assert Package('postfix').is_installed
     assert Package('postfix-ldap').is_installed
     assert Package('swaks').is_installed
     assert Package('clamav-milter').is_installed
     assert host.package('rsync').is_installed
     assert host.package('dovecot-imapd').is_installed
     assert host.package('dovecot-ldap').is_installed
     assert host.package('dovecot-sieve').is_installed
     assert host.package('dovecot-managesieved').is_installed
     assert host.package('postfix').is_installed
     assert host.package('postfix-ldap').is_installed
     assert host.package('swaks').is_installed
     assert host.package('clamav-milter').is_installed
-def test_removed_packages(Package):
+def test_removed_packages(host):
     """
     Tests if certain packages have been removed from the system.
     """
-    assert not Package('exim4').is_installed
+    assert not host.package('exim4').is_installed
-def test_postfix_user(User):
+def test_postfix_user(host):
     """
     Tests if Postfix user has been added to correct group for traversing the TLS
     private key directory.
     """
-    assert "ssl-cert" in User('postfix').groups
+    assert "ssl-cert" in host.user('postfix').groups
-def test_dovecot_user(User):
+def test_dovecot_user(host):
     """
     Tests if Dovecot user has been added to correct group for traversing the TLS
     private key directory.
     """
-    assert "ssl-cert" in User('dovecot').groups
+    assert "ssl-cert" in host.user('dovecot').groups
-def test_clamav_milter_configuration(File):
+def test_clamav_milter_configuration(host):
     """
     Tests if ClamAV Milter configuration has been deployed correctly.
     """
-    config = File('/etc/clamav/clamav-milter.conf')
+    config = host.file('/etc/clamav/clamav-milter.conf')
     assert config.is_file
     assert config.user == 'root'
@@ @@ -61,7 +61,7 @@ def test_clamav_milter_configuration(File): @@
     assert config.mode == 0o644
-def test_clamav_milter(Command):
+def test_clamav_milter(host):
     """
     Tests if ClamAV milter is blocking viruses.
     """
@@ @@ -70,50 +70,50 @@ def test_clamav_milter(Command): @@
     eicar = 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'
-    send_mail = Command("swaks --to john.doe@domain1 --server localhost --attach '%s'" % eicar)
+    send_mail = host.run("swaks --to john.doe@domain1 --server localhost --attach '%s'" % eicar)
     assert send_mail.rc == server_did_not_accept_mail
     assert 'Your message has been rejected due to a possible virus' in send_mail.stdout
-def test_postfix_chroot_directories(File):
+def test_postfix_chroot_directories(host):
     """
     Tests if Postfix chroot directories have been set-up with correct
     permissions.
     """
-    directory = File('/var/spool/postfix/var')
+    directory = host.file('/var/spool/postfix/var')
     assert directory.is_directory
     assert directory.user == 'root'
     assert directory.group == 'root'
     assert directory.mode == 0o755
-    directory = File('/var/spool/postfix/var/run')
+    directory = host.file('/var/spool/postfix/var/run')
     assert directory.is_directory
     assert directory.user == 'root'
     assert directory.group == 'root'
     assert directory.mode == 0o755
-    directory = File('/var/spool/postfix/var/run/clamav')
+    directory = host.file('/var/spool/postfix/var/run/clamav')
     assert directory.is_directory
     assert directory.user == 'clamav'
     assert directory.group == 'clamav'
     assert directory.mode == 0o755
-def test_ldap_tls_truststore_file(File):
+def test_ldap_tls_truststore_file(host):
     """
     Tests if the LDAP TLS truststore file has been deployed correctly.
     """
-    tls_file = File('/etc/ssl/certs/mail_ldap_tls_truststore.pem')
+    tls_file = host.file('/etc/ssl/certs/mail_ldap_tls_truststore.pem')
     assert tls_file.is_file
     assert tls_file.user == 'root'
     assert tls_file.group == 'root'
     assert tls_file.mode == 0o644
     assert tls_file.content == open("tests/data/x509/ca.cert.pem", "r").read().rstrip()
-    tls_file = File('/var/spool/postfix/etc/ssl/certs/mail_ldap_tls_truststore.pem')
+    tls_file = host.file('/var/spool/postfix/etc/ssl/certs/mail_ldap_tls_truststore.pem')
     assert tls_file.is_file
     assert tls_file.user == 'root'
     assert tls_file.group == 'root'
@@ @@ -121,12 +121,12 @@ def test_ldap_tls_truststore_file(File): @@
     assert tls_file.content == open("tests/data/x509/ca.cert.pem", "r").read().rstrip()
-def test_mailname_file(File):
+def test_mailname_file(host):
     """
     Tests the system mail name file permissions.
     """
-    mailname = File('/etc/mailname')
+    mailname = host.file('/etc/mailname')
     assert mailname.is_file
     assert mailname.user == 'root'
@@ @@ -134,7 +134,7 @@ def test_mailname_file(File): @@
     assert mailname.mode == 0o644
-def test_postfix_ldap_configuration_files(File):
+def test_postfix_ldap_configuration_files(host):
     """
     Tests if Postfix LDAP configuration files have been deployed correctly.
     """
@@ @@ -143,121 +143,123 @@ def test_postfix_ldap_configuration_files(File): @@
                              '/etc/postfix/ldap-virtual-mailbox-domains.cf',
                              '/etc/postfix/ldap-virtual-mailbox-maps.cf']:
-        config = File(config_file_path)
+        config = host.file(config_file_path)
         assert config.is_file
         assert config.user == 'root'
         assert config.group == 'postfix'
         assert config.mode == 0o640
-def test_postfix_ldap_configuration(Command, Sudo):
+def test_postfix_ldap_configuration(host):
     """
     Tests if LDAP configuration can be used to fetch correct query results.
     """
-    with Sudo():
+    with host.sudo():
         # Test for valid domains.
-        command = Command("postmap -q domain1 ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf")
+        command = host.run("postmap -q domain1 ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf")
         assert command.rc == 0
         assert command.stdout == "domain1"
-        command = Command("postmap -q domain2 ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf")
+        command = host.run("postmap -q domain2 ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf")
         assert command.rc == 0
         assert command.stdout == "domain2"
         # Test for invalid domains.
-        command = Command("postmap -q domain3 ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf")
+        command = host.run("postmap -q domain3 ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf")
         assert command.rc == 1
         assert command.stdout == ""
         # Test for valid mail addresses.
-        command = Command("postmap -q 'john.doe@domain1' ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf")
+        command = host.run("postmap -q 'john.doe@domain1' ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf")
         assert command.rc == 0
         assert command.stdout == 'john.doe@domain1'
-        command = Command("postmap -q 'jane.doe@domain2' ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf")
+        command = host.run("postmap -q 'jane.doe@domain2' ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf")
         assert command.rc == 0
         assert command.stdout == 'jane.doe@domain2'
         # Test for invalid mail addresses.
-        command = Command("postmap -q 'jane.doe@domain1' ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf")
+        command = host.run("postmap -q 'jane.doe@domain1' ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf")
         assert command.rc == 1
         assert command.stdout == ''
-        command = Command("postmap -q 'john.doe@domain2' ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf")
+        command = host.run("postmap -q 'john.doe@domain2' ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf")
         assert command.rc == 1
         assert command.stdout == ''
         # Test for valid mail address that's not allowed by LDAP group membership.
-        command = Command("postmap -q 'nomail@domain1' ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf")
+        command = host.run("postmap -q 'nomail@domain1' ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf")
         assert command.rc == 1
         assert command.stdout == ''
         # Test for valid mail aliases.
-        command = Command("postmap -q postmaster@domain1 ldap:/etc/postfix/ldap-virtual-alias-maps.cf")
+        command = host.run("postmap -q postmaster@domain1 ldap:/etc/postfix/ldap-virtual-alias-maps.cf")
         assert command.rc == 0
         assert command.stdout == "john.doe@domain1"
-        command = Command("postmap -q webmaster@domain2 ldap:/etc/postfix/ldap-virtual-alias-maps.cf")
+        command = host.run("postmap -q webmaster@domain2 ldap:/etc/postfix/ldap-virtual-alias-maps.cf")
         assert command.rc == 0
         assert command.stdout == "jane.doe@domain2"
         # Test for invalid mail aliases.
-        command = Command("postmap -q postmaster@domain2 ldap:/etc/postfix/ldap-virtual-alias-maps.cf")
+        command = host.run("postmap -q postmaster@domain2 ldap:/etc/postfix/ldap-virtual-alias-maps.cf")
         assert command.rc == 1
         assert command.stdout == ""
-        command = Command("postmap -q webmaster@domain1 ldap:/etc/postfix/ldap-virtual-alias-maps.cf")
+        command = host.run("postmap -q webmaster@domain1 ldap:/etc/postfix/ldap-virtual-alias-maps.cf")
         assert command.rc == 1
         assert command.stdout == ""
-def test_postfix_main_cf_file(File):
+def test_postfix_main_cf_file(host):
     """
     Tests Postfix main configuration file permissions.
     """
-    config = File('/etc/postfix/main.cf')
+    config = host.file('/etc/postfix/main.cf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
-def test_postfix_delivery_to_dovecot(Command, File, Sudo):
+def test_postfix_delivery_to_dovecot(host):
     """
     Tests if mail received by Postfix is properly delivered to Dovecot.
     """
     hostname = host.run('hostname').stdout
     # Virtual account.
-    send = Command('swaks --suppress-data --to john.doe@domain1 --server parameters-mandatory')
+    send = host.run('swaks --suppress-data --to john.doe@domain1 --server %s' % hostname)
     assert send.rc == 0
     message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
     with Sudo():
         mail_log = File('/var/log/mail.log')
     with host.sudo():
         mail_log = host.file('/var/log/mail.log')
         pattern = "dovecot: lda\(john.doe@domain1\): msgid=<[^.]*.%s@[^>]*>: saved mail to INBOX" % message_id
         assert re.search(pattern, mail_log.content) is not None
-def test_dovecot_system_authentication_is_disabled(File):
+def test_dovecot_system_authentication_is_disabled(host):
     """
     Tests if Dovecot system-based authentication has been disabled.
     """
-    config = File("/etc/dovecot/conf.d/10-auth.conf")
+    config = host.file("/etc/dovecot/conf.d/10-auth.conf")
     assert "!include auth-system.conf.ext" not in config.content
-def test_dovecot_overrides_configuration_file(File):
+def test_dovecot_overrides_configuration_file(host):
     """
     Tests if Dovecot configuration file with overrides has been deployed and has
     correct permissions.
     """
-    config = File("/etc/dovecot/conf.d/99-local.conf")
+    config = host.file("/etc/dovecot/conf.d/99-local.conf")
     assert config.is_file
     assert config.user == 'root'
@@ @@ -265,40 +267,40 @@ def test_dovecot_overrides_configuration_file(File): @@
     assert config.mode == 0o644
-def test_dovecot_imap_ldap_configuration(Command, Sudo):
+def test_dovecot_imap_ldap_configuration(host):
     """
     Tests if Dovecot LDAP configuration is correct.
     """
-    with Sudo():
+    with host.sudo():
         user_does_not_exist = 67
         # Test for valid mail addresses.
-        command = Command("doveadm user john.doe@domain1")
+        command = host.run("doveadm user john.doe@domain1")
         assert command.rc == 0
-        command = Command("doveadm user jane.doe@domain2")
+        command = host.run("doveadm user jane.doe@domain2")
         assert command.rc == 0
         # Test for invalid mail addresses.
-        command = Command("doveadm user john.doe@domain2")
+        command = host.run("doveadm user john.doe@domain2")
         assert command.rc == user_does_not_exist
-        command = Command("doveadm user jane.doe@domain1")
+        command = host.run("doveadm user jane.doe@domain1")
         assert command.rc == user_does_not_exist
         # Test for mail addresses present in LDAP, but entry not in mail group.
-        command = Command("doveadm user nomail@domain1")
+        command = host.run("doveadm user nomail@domain1")
         assert command.rc == user_does_not_exist
-def test_postfix_master_file(File):
+def test_postfix_master_file(host):
     """
     Tests permissions for Postfix master.cf configuration file.
     """
-    config = File('/etc/postfix/master.cf')
+    config = host.file('/etc/postfix/master.cf')
     assert config.is_file
     assert config.user == 'root'
@@ @@ -306,7 +308,7 @@ def test_postfix_master_file(File): @@
     assert config.mode == 0o644
-def test_services(Service):
+def test_services(host):
     """
     Tests if all the mail-related servieces are up and running.
     """
@@ @@ -317,12 +319,12 @@ def test_services(Service): @@
                          "postfix",
                          "dovecot"]:
-        service = Service(service_name)
+        service = host.service(service_name)
         assert service.is_running
         assert service.is_enabled
-def test_clamav_database_presence(File):
+def test_clamav_database_presence(host):
     """
     Tests if ClamAV database is present.
     """
@@ @@ -331,20 +333,20 @@ def test_clamav_database_presence(File): @@
                           "/var/lib/clamav/daily",
                           "/var/lib/clamav/main"]:
         database_cvd = File(database_file + '.cvd')
         database_cld = File(database_file + '.cld')
         database_cvd = host.file(database_file + '.cvd')
         database_cld = host.file(database_file + '.cld')
         assert database_cvd.is_file or database_cld.is_file
-def test_firewall_configuration_file(File, Sudo):
+def test_firewall_configuration_file(host):
     """
     Tests if firewall configuration file has been deployed correctly.
     """
-    with Sudo():
+    with host.sudo():
-        config = File('/etc/ferm/conf.d/20-mail.conf')
+        config = host.file('/etc/ferm/conf.d/20-mail.conf')
         assert config.is_file
         assert config.user == 'root'

roles/mail_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('parameters-mandatory')
+    '.molecule/ansible_inventory.yml').get_hosts('parameters-mandatory')
-def test_smtp_tls_files(File, Sudo):
+def test_smtp_tls_files(host):
     """
     Tests if SMTP TLS private key has been deployed correctly.
     """
-    with Sudo():
+    with host.sudo():
-        tls_file = File('/etc/ssl/private/parameters-mandatory_smtp.key')
+        tls_file = host.file('/etc/ssl/private/parameters-mandatory-jessie64_smtp.key')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o640
-        assert tls_file.content == open("tests/data/x509/parameters-mandatory_smtp.key", "r").read().rstrip()
+        assert tls_file.content == open("tests/data/x509/parameters-mandatory-jessie64_smtp.key", "r").read().rstrip()
-        tls_file = File('/etc/ssl/certs/parameters-mandatory_smtp.pem')
+        tls_file = host.file('/etc/ssl/certs/parameters-mandatory-jessie64_smtp.pem')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
-        assert tls_file.content == open("tests/data/x509/parameters-mandatory_smtp.pem", "r").read().rstrip()
+        assert tls_file.content == open("tests/data/x509/parameters-mandatory-jessie64_smtp.pem", "r").read().rstrip()
-        tls_file = File('/etc/ssl/private/parameters-mandatory_imap.key')
+        tls_file = host.file('/etc/ssl/private/parameters-mandatory-jessie64_imap.key')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o640
-        assert tls_file.content == open("tests/data/x509/parameters-mandatory_imap.key", "r").read().rstrip()
+        assert tls_file.content == open("tests/data/x509/parameters-mandatory-jessie64_imap.key", "r").read().rstrip()
-        tls_file = File('/etc/ssl/certs/parameters-mandatory_imap.pem')
+        tls_file = host.file('/etc/ssl/certs/parameters-mandatory-jessie64_imap.pem')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
-        assert tls_file.content == open("tests/data/x509/parameters-mandatory_imap.pem", "r").read().rstrip()
+        assert tls_file.content == open("tests/data/x509/parameters-mandatory-jessie64_imap.pem", "r").read().rstrip()
-def test_certificate_validity_check_configuration(File):
+def test_certificate_validity_check_configuration(host):
     """
     Tests if certificate validity check configuration file has been deployed
     correctly.
     """
-    config = File('/etc/check_certificate/parameters-mandatory_smtp.conf')
+    config = host.file('/etc/check_certificate/parameters-mandatory-jessie64_smtp.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
-    assert config.content == "/etc/ssl/certs/parameters-mandatory_smtp.pem"
+    assert config.content == "/etc/ssl/certs/parameters-mandatory-jessie64_smtp.pem"
-    config = File('/etc/check_certificate/parameters-mandatory_imap.conf')
+    config = host.file('/etc/check_certificate/parameters-mandatory-jessie64_imap.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
-    assert config.content == "/etc/ssl/certs/parameters-mandatory_imap.pem"
+    assert config.content == "/etc/ssl/certs/parameters-mandatory-jessie64_imap.pem"
-def test_mailname_file_content(File):
+def test_mailname_file_content(host):
     """
     Tests the system mail name file content.
     """
-    mailname = File('/etc/mailname')
+    mailname = host.file('/etc/mailname')
     assert mailname.content == "parameters-mandatory"
+    assert mailname.content == "parameters-mandatory-jessie64"
-def test_postfix_main_cf_file_content(File):
+def test_postfix_main_cf_file_content(host):
     """
     Tests if the Postfix main configuration file content is correct.
     """
-    config = File('/etc/postfix/main.cf')
+    config = host.file('/etc/postfix/main.cf')
     config_lines = config.content.split("\n")
     assert "myhostname = parameters-mandatory" in config_lines
     assert "mydestination = parameters-mandatory, parameters-mandatory, localhost.localdomain, localhost" in config_lines
     assert "myhostname = parameters-mandatory-jessie64" in config_lines
     assert "mydestination = parameters-mandatory-jessie64, parameters-mandatory-jessie64, localhost.localdomain, localhost" in config_lines
     assert "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128" in config_lines
     assert "smtpd_tls_cert_file = /etc/ssl/certs/parameters-mandatory_smtp.pem" in config_lines
     assert "smtpd_tls_key_file = /etc/ssl/private/parameters-mandatory_smtp.key" in config_lines
     assert "smtpd_tls_cert_file = /etc/ssl/certs/parameters-mandatory-jessie64_smtp.pem" in config_lines
     assert "smtpd_tls_key_file = /etc/ssl/private/parameters-mandatory-jessie64_smtp.key" in config_lines
     assert "reject_rbl" not in config_lines
     assert "smtp_host_lookup = dns, native" in config_lines
-def test_dovecot_mailbox_directories(Command, File, Sudo):
+def test_dovecot_mailbox_directories(host):
     """
     Tests if mailbox directories are created correctly.
     """
     # Deliver two mails in order to make sure the directory structure is
     # created.
-    send = Command('swaks --suppress-data --to john.doe@domain1 --server localhost')
+    send = host.run('swaks --suppress-data --to john.doe@domain1 --server localhost')
     assert send.rc == 0
-    send = Command('swaks --suppress-data --to jane.doe@domain2 --server localhost')
+    send = host.run('swaks --suppress-data --to jane.doe@domain2 --server localhost')
     assert send.rc == 0
-    with Sudo():
+    with host.sudo():
         for directory_path in ["/var/vmail/domain1",
                                "/var/vmail/domain1/john.doe",
@@ @@ -109,7 +109,7 @@ def test_dovecot_mailbox_directories(Command, File, Sudo): @@
                                "/var/vmail/domain2/jane.doe",
                                "/var/vmail/domain2/jane.doe/Maildir"]:
-            directory = File(directory_path)
+            directory = host.file(directory_path)
             assert directory.is_directory
             assert directory.user == "vmail"
             assert directory.mode == 0o700
-def test_mail_owner(Group, User):
+def test_mail_owner(host):
     """
     Tests creation of mail owner group and user.
     """
-    group = Group("vmail")
+    group = host.group("vmail")
     assert group.exists
     assert group.gid == 1002
-    user = User("vmail")
+    user = host.user("vmail")
     assert user.exists
     assert user.uid == 1002
     assert user.home == "/var/vmail"
@@ @@ -134,123 +134,123 @@ def test_mail_owner(Group, User): @@
     assert user.groups == ["vmail"]
-def test_imap_tls_configuration(Command):
+def test_imap_tls_configuration(host):
     """
     Tests TLS configuration for IMAP in Dovecot.
     """
     # Test plain connectivity first.
-    starttls = Command('echo "a0001 LOGOUT" | openssl s_client -quiet -starttls imap -connect parameters-mandatory:143')
+    starttls = host.run('echo "a0001 LOGOUT" | openssl s_client -quiet -starttls imap -connect parameters-mandatory:143')
     assert starttls.rc == 0
     assert '* BYE Logging out' in starttls.stdout
-    tls = Command('echo "a0001 LOGOUT" | openssl s_client -quiet -connect parameters-mandatory:993')
+    tls = host.run('echo "a0001 LOGOUT" | openssl s_client -quiet -connect parameters-mandatory:993')
     assert tls.rc == 0
     assert '* BYE Logging out' in starttls.stdout
     # Test TLS protocol versions.
-    starttls_old_tls_versions_disabled = Command("echo 'a0001 LOGOUT' | openssl s_client -quiet -starttls imap -no_tls1_2 -connect parameters-mandatory:143")
+    starttls_old_tls_versions_disabled = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -starttls imap -no_tls1_2 -connect parameters-mandatory:143")
     assert starttls_old_tls_versions_disabled.rc != 0
     assert "write:errno=104" in starttls_old_tls_versions_disabled.stderr
-    tls_old_tls_versions_disabled = Command("echo 'a0001 LOGOUT' | openssl s_client -quiet -no_tls1_2 -connect parameters-mandatory:993")
+    tls_old_tls_versions_disabled = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -no_tls1_2 -connect parameters-mandatory:993")
     assert tls_old_tls_versions_disabled.rc != 0
     assert "write:errno=104" in tls_old_tls_versions_disabled.stderr
     # Test at least one strong TLS cipher.
-    starttls_cipher = Command("echo 'a0001 LOGOUT' | openssl s_client -starttls imap -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-mandatory:143")
+    starttls_cipher = host.run("echo 'a0001 LOGOUT' | openssl s_client -starttls imap -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-mandatory:143")
     assert starttls_cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA256" in starttls_cipher.stdout
-    tls_cipher = Command("echo 'a0001 LOGOUT' | openssl s_client -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-mandatory:993")
+    tls_cipher = host.run("echo 'a0001 LOGOUT' | openssl s_client -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-mandatory:993")
     assert tls_cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA256" in tls_cipher.stdout
     # Test weaker TLS cipher are disabled.
-    starttls_cipher = Command("echo 'a0001 LOGOUT' | openssl s_client -starttls imap -cipher ECDHE-RSA-AES128-SHA -connect parameters-mandatory:143")
+    starttls_cipher = host.run("echo 'a0001 LOGOUT' | openssl s_client -starttls imap -cipher ECDHE-RSA-AES128-SHA -connect parameters-mandatory:143")
     assert starttls_cipher.rc != 0
     assert "CONNECTED" in starttls_cipher.stdout
     assert "ECDHE-RSA-AES128-SHA" not in starttls_cipher.stdout
-    tls_cipher = Command("echo 'a0001 LOGOUT' | openssl s_client -cipher ECDHE-RSA-AES128-SHA -connect parameters-mandatory:993")
+    tls_cipher = host.run("echo 'a0001 LOGOUT' | openssl s_client -cipher ECDHE-RSA-AES128-SHA -connect parameters-mandatory:993")
     assert tls_cipher.rc != 0
     assert "CONNECTED" in tls_cipher.stdout
     assert "ECDHE-RSA-AES128-SHA" not in tls_cipher.stdout
-def test_dovecot_postmaster(Command, Sudo):
+def test_dovecot_postmaster(host):
     """
     Tests if Dovecot postmaster has been correctly configured.
     """
-    with Sudo():
+    with host.sudo():
-        config = Command("doveadm config")
+        config = host.run("doveadm config")
         assert config.rc == 0
         assert "  postmaster_address = postmaster@" in config.stdout
-def test_imap_max_user_connections_per_ip(Command, Sudo):
+def test_imap_max_user_connections_per_ip(host):
     """
     Tests if Dovecot per-user connection limit has been set-up correctly.
     """
-    with Sudo():
+    with host.sudo():
-        config = Command("doveadm config")
+        config = host.run("doveadm config")
         assert config.rc == 0
         assert "  mail_max_userip_connections = 10" in config.stdout
-def test_postfix_tls_configuration(Command):
+def test_postfix_tls_configuration(host):
     """
     Tests TLS configuration for SMTP in Postfix.
     """
     # Test TLS protocol versions for default port (all should be enabled).
-    starttls = Command("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1 -no_tls1_1 -connect parameters-mandatory:25")
+    starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1 -no_tls1_1 -connect parameters-mandatory:25")
     assert starttls.rc == 0
     assert '221 2.0.0 Bye' in starttls.stdout
-    starttls = Command("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_2 -connect parameters-mandatory:25")
+    starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_2 -connect parameters-mandatory:25")
     assert starttls.rc == 0
     assert '221 2.0.0 Bye' in starttls.stdout
-    starttls = Command("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_2 -no_tls1_1 -connect parameters-mandatory:25")
+    starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_2 -no_tls1_1 -connect parameters-mandatory:25")
     assert starttls.rc == 0
     assert '221 2.0.0 Bye' in starttls.stdout
     # Test TLS protocol versions for submission port (only TLS 1.2 should be enabled).
-    starttls = Command("echo 'QUIT' | openssl s_client -quiet -starttls smtp -connect parameters-mandatory:587")
+    starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -connect parameters-mandatory:587")
     assert starttls.rc == 0
     assert '221 2.0.0 Bye' in starttls.stdout
-    starttls = Command("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_2 -connect parameters-mandatory:587")
+    starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_2 -connect parameters-mandatory:587")
     assert starttls.rc != 0
     assert 'write:errno=104' in starttls.stderr
     # Test ciphers for default port (less restrictive).
-    starttls_cipher = Command("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-mandatory:25")
+    starttls_cipher = host.run("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-mandatory:25")
     assert starttls_cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA256" in starttls_cipher.stdout
-    starttls_cipher = Command("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA -connect parameters-mandatory:25")
+    starttls_cipher = host.run("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA -connect parameters-mandatory:25")
     assert starttls_cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA" in starttls_cipher.stdout
     # Test ciphers for submission port (weak ciphers not available).
-    starttls_cipher = Command("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-mandatory:587")
+    starttls_cipher = host.run("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-mandatory:587")
     assert starttls_cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA256" in starttls_cipher.stdout
-    starttls_cipher = Command("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA -connect parameters-mandatory:587")
+    starttls_cipher = host.run("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA -connect parameters-mandatory:587")
     assert starttls_cipher.rc != 0
     assert "CONNECTED" in starttls_cipher.stdout
     assert "ECDHE-RSA-AES128-SHA" not in starttls_cipher.stdout
-def test_sieve_tls_configuration(Command):
+def test_sieve_tls_configuration(host):
     """
     Tests TLS configuration for SIEVE in Dovecot
     """

roles/mail_server/molecule/default/tests/test_optional.py

➞

Show inline comments

@@ @@ -4,38 +4,38 @@ import testinfra.utils.ansible_runner @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('parameters-optional')
+    '.molecule/ansible_inventory.yml').get_hosts('parameters-optional')
-def test_smtp_tls_files(File, Sudo):
+def test_smtp_tls_files(host):
     """
     Tests if SMTP TLS private key has been deployed correctly.
     """
-    with Sudo():
+    with host.sudo():
-        tls_file = File('/etc/ssl/private/parameters-optional_smtp.key')
+        tls_file = host.file('/etc/ssl/private/parameters-optional-jessie64_smtp.key')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o640
         assert tls_file.content == open("tests/data/x509/parameters-optional_smtp.key.pem", "r").read().rstrip()
-        tls_file = File('/etc/ssl/certs/parameters-optional_smtp.pem')
+        tls_file = host.file('/etc/ssl/certs/parameters-optional-jessie64_smtp.pem')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
         assert tls_file.content == open("tests/data/x509/parameters-optional_smtp.cert.pem", "r").read().rstrip()
-        tls_file = File('/etc/ssl/private/parameters-optional_imap.key')
+        tls_file = host.file('/etc/ssl/private/parameters-optional-jessie64_imap.key')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o640
         assert tls_file.content == open("tests/data/x509/parameters-optional_imap.key.pem", "r").read().rstrip()
-        tls_file = File('/etc/ssl/certs/parameters-optional_imap.pem')
+        tls_file = host.file('/etc/ssl/certs/parameters-optional-jessie64_imap.pem')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
@@ @@ -43,83 +43,83 @@ def test_smtp_tls_files(File, Sudo): @@
         assert tls_file.content == open("tests/data/x509/parameters-optional_imap.cert.pem", "r").read().rstrip()
-def test_certificate_validity_check_configuration(File):
+def test_certificate_validity_check_configuration(host):
     """
     Tests if certificate validity check configuration file has been deployed
     correctly.
     """
-    config = File('/etc/check_certificate/parameters-optional_smtp.conf')
+    config = host.file('/etc/check_certificate/parameters-optional-jessie64_smtp.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
-    assert config.content == "/etc/ssl/certs/parameters-optional_smtp.pem"
+    assert config.content == "/etc/ssl/certs/parameters-optional-jessie64_smtp.pem"
-    config = File('/etc/check_certificate/parameters-optional_imap.conf')
+    config = host.file('/etc/check_certificate/parameters-optional-jessie64_imap.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
-    assert config.content == "/etc/ssl/certs/parameters-optional_imap.pem"
+    assert config.content == "/etc/ssl/certs/parameters-optional-jessie64_imap.pem"
-def test_mailname_file_content(File):
+def test_mailname_file_content(host):
     """
     Tests the system mail name file content.
     """
-    mailname = File('/etc/mailname')
+    mailname = host.file('/etc/mailname')
     assert mailname.content == "parameters-optional"
+    assert mailname.content == "parameters-optional-jessie64"
-def test_postfix_main_cf_file_content(File):
+def test_postfix_main_cf_file_content(host):
     """
     Tests if the Postfix main configuration file content is correct.
     """
-    config = File('/etc/postfix/main.cf')
+    config = host.file('/etc/postfix/main.cf')
     config_lines = config.content.split("\n")
     assert "myhostname = parameters-optional" in config_lines
     assert "mydestination = parameters-optional, parameters-optional, localhost.localdomain, localhost" in config_lines
     assert "myhostname = parameters-optional-jessie64" in config_lines
     assert "mydestination = parameters-optional-jessie64, parameters-optional-jessie64, localhost.localdomain, localhost" in config_lines
     assert "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.31.127.20" in config_lines
     assert "smtpd_tls_cert_file = /etc/ssl/certs/parameters-optional_smtp.pem" in config_lines
     assert "smtpd_tls_key_file = /etc/ssl/private/parameters-optional_smtp.key" in config_lines
     assert "smtpd_tls_cert_file = /etc/ssl/certs/parameters-optional-jessie64_smtp.pem" in config_lines
     assert "smtpd_tls_key_file = /etc/ssl/private/parameters-optional-jessie64_smtp.key" in config_lines
     assert "  reject_rbl bl.spamcop.net" in config_lines
     assert "  reject_rbl zen.spamhaus.org" in config_lines
     assert "smtp_host_lookup = dns, native" in config_lines
-def test_local_aliases(Command, File, Sudo):
+def test_local_aliases(host):
     """
     Tests if local aliases are configured correctly.
     """
-    send = Command('swaks --suppress-data --to root@localhost')
+    send = host.run('swaks --suppress-data --to root@localhost')
     assert send.rc == 0
     message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
     with Sudo():
         mail_log = File('/var/log/mail.log')
     with host.sudo():
         mail_log = host.file('/var/log/mail.log')
         pattern = "dovecot: lda\(john.doe@domain1\): msgid=<[^.]*.%s@[^>]*>: saved mail to INBOX" % message_id
         assert re.search(pattern, mail_log.content) is not None
-def test_dovecot_mailbox_directories(File, Command, Sudo):
+def test_dovecot_mailbox_directories(host):
     """
     Tests if mailbox directories are created correctly.
     """
     # Deliver two mails in order to make sure the directory structure is
     # created.
-    send = Command('swaks --suppress-data --to john.doe@domain1 --server localhost')
+    send = host.run('swaks --suppress-data --to john.doe@domain1 --server localhost')
     assert send.rc == 0
-    send = Command('swaks --suppress-data --to jane.doe@domain2 --server localhost')
+    send = host.run('swaks --suppress-data --to jane.doe@domain2 --server localhost')
     assert send.rc == 0
-    with Sudo():
+    with host.sudo():
         for directory_path in ["/var/virtmail/domain1",
                                "/var/virtmail/domain1/john.doe",
@@ @@ -128,7 +128,7 @@ def test_dovecot_mailbox_directories(File, Command, Sudo): @@
                                "/var/virtmail/domain2/jane.doe",
                                "/var/virtmail/domain2/jane.doe/Maildir"]:
-            directory = File(directory_path)
+            directory = host.file(directory_path)
             assert directory.is_directory
             assert directory.user == "virtmail"
             assert directory.mode == 0o700
-def test_mail_owner(Group, User):
+def test_mail_owner(host):
     """
     Tests creation of mail owner group and user.
     """
-    group = Group("virtmail")
+    group = host.group("virtmail")
     assert group.exists
     assert group.gid == 5000
-    user = User("virtmail")
+    user = host.user("virtmail")
     assert user.exists
     assert user.uid == 5000
     assert user.home == "/var/virtmail"
@@ @@ -153,133 +153,133 @@ def test_mail_owner(Group, User): @@
     assert user.groups == ["virtmail"]
-def test_imap_tls_configuration(Command):
+def test_imap_tls_configuration(host):
     """
     Tests TLS configuration for IMAP in Dovecot.
     """
     # Test plain connectivity first.
-    starttls = Command('echo "a0001 LOGOUT" | openssl s_client -quiet -starttls imap -connect parameters-optional:143')
+    starttls = host.run('echo "a0001 LOGOUT" | openssl s_client -quiet -starttls imap -connect parameters-optional:143')
     assert starttls.rc == 0
     assert '* BYE Logging out' in starttls.stdout
-    tls = Command('echo "a0001 LOGOUT" | openssl s_client -quiet -connect parameters-optional:993')
+    tls = host.run('echo "a0001 LOGOUT" | openssl s_client -quiet -connect parameters-optional:993')
     assert tls.rc == 0
     assert '* BYE Logging out' in starttls.stdout
     # Test TLS protocol versions.
-    starttls = Command('echo "a0001 LOGOUT" | openssl s_client -quiet -starttls imap -no_tls1_2 -connect parameters-optional:143')
+    starttls = host.run('echo "a0001 LOGOUT" | openssl s_client -quiet -starttls imap -no_tls1_2 -connect parameters-optional:143')
     assert starttls.rc == 0
     assert '* BYE Logging out' in starttls.stdout
-    tls = Command('echo "a0001 LOGOUT" | openssl s_client -quiet -no_tls1_2 -connect parameters-optional:993')
+    tls = host.run('echo "a0001 LOGOUT" | openssl s_client -quiet -no_tls1_2 -connect parameters-optional:993')
     assert tls.rc == 0
     assert '* BYE Logging out' in starttls.stdout
-    starttls = Command("echo 'a0001 LOGOUT' | openssl s_client -quiet -starttls imap -no_tls1_1 -no_tls1_2 -connect parameters-optional:143")
+    starttls = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -starttls imap -no_tls1_1 -no_tls1_2 -connect parameters-optional:143")
     assert starttls.rc != 0
     assert "write:errno=104" in starttls.stderr
-    tls = Command("echo 'a0001 LOGOUT' | openssl s_client -quiet -no_tls1_1 -no_tls1_2 -connect parameters-optional:993")
+    tls = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -no_tls1_1 -no_tls1_2 -connect parameters-optional:993")
     assert tls.rc != 0
     assert "write:errno=104" in tls.stderr
     # Test at least one strong TLS cipher.
-    starttls_cipher = Command("echo 'a0001 LOGOUT' | openssl s_client -starttls imap -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:143")
+    starttls_cipher = host.run("echo 'a0001 LOGOUT' | openssl s_client -starttls imap -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:143")
     assert starttls_cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA256" in starttls_cipher.stdout
-    tls_cipher = Command("echo 'a0001 LOGOUT' | openssl s_client -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:993")
+    tls_cipher = host.run("echo 'a0001 LOGOUT' | openssl s_client -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:993")
     assert tls_cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA256" in tls_cipher.stdout
     # Test weaker TLS cipher that was explicitly configured
-    starttls_cipher = Command("echo 'a0001 LOGOUT' | openssl s_client -starttls imap -cipher ECDHE-RSA-AES128-SHA -connect parameters-optional:143")
+    starttls_cipher = host.run("echo 'a0001 LOGOUT' | openssl s_client -starttls imap -cipher ECDHE-RSA-AES128-SHA -connect parameters-optional:143")
     assert starttls_cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA" in starttls_cipher.stdout
-    tls_cipher = Command("echo 'a0001 LOGOUT' | openssl s_client -cipher ECDHE-RSA-AES128-SHA -connect parameters-optional:993")
+    tls_cipher = host.run("echo 'a0001 LOGOUT' | openssl s_client -cipher ECDHE-RSA-AES128-SHA -connect parameters-optional:993")
     assert tls_cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA" in tls_cipher.stdout
-def test_dovecot_postmaster(Command, Sudo):
+def test_dovecot_postmaster(host):
     """
     Tests if Dovecot postmaster has been correctly configured.
     """
-    with Sudo():
+    with host.sudo():
-        config = Command("doveadm config")
+        config = host.run("doveadm config")
         assert config.rc == 0
         assert "  postmaster_address = webmaster@parameters-optional" in config.stdout
-def test_imap_max_user_connections_per_ip(Command, Sudo):
+def test_imap_max_user_connections_per_ip(host):
     """
     Tests if Dovecot per-user connection limit has been set-up correctly.
     """
-    with Sudo():
+    with host.sudo():
-        config = Command("doveadm config")
+        config = host.run("doveadm config")
         assert config.rc == 0
         assert "  mail_max_userip_connections = 2" in config.stdout
-def test_postfix_tls_configuration(Command):
+def test_postfix_tls_configuration(host):
     """
     Tests TLS configuration for SMTP in Postfix.
     """
     # Test TLS protocol versions for default port (all should be enabled).
-    starttls = Command("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1 -no_tls1_1 -connect parameters-optional:25")
+    starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1 -no_tls1_1 -connect parameters-optional:25")
     assert starttls.rc == 0
     assert '221 2.0.0 Bye' in starttls.stdout
-    starttls = Command("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_2 -connect parameters-optional:25")
+    starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_2 -connect parameters-optional:25")
     assert starttls.rc == 0
     assert '221 2.0.0 Bye' in starttls.stdout
-    starttls = Command("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_2 -no_tls1_1 -connect parameters-optional:25")
+    starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_2 -no_tls1_1 -connect parameters-optional:25")
     assert starttls.rc == 0
     assert '221 2.0.0 Bye' in starttls.stdout
     # Test TLS protocol versions for submission port (only TLS 1.1 and TLS 1.2 should be enabled).
-    starttls = Command("echo 'QUIT' | openssl s_client -quiet -starttls smtp -connect parameters-optional:587")
+    starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -connect parameters-optional:587")
     assert starttls.rc == 0
     assert '221 2.0.0 Bye' in starttls.stdout
-    starttls = Command("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_2 -connect parameters-optional:587")
+    starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_2 -connect parameters-optional:587")
     assert starttls.rc == 0
     assert '221 2.0.0 Bye' in starttls.stdout
-    starttls = Command("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_1 -no_tls1_2 -connect parameters-optional:587")
+    starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_1 -no_tls1_2 -connect parameters-optional:587")
     assert starttls.rc != 0
     assert 'write:errno=104' in starttls.stderr
     # Test ciphers for default port (less restrictive).
-    starttls_cipher = Command("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:25")
+    starttls_cipher = host.run("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:25")
     assert starttls_cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA256" in starttls_cipher.stdout
-    starttls_cipher = Command("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA -connect parameters-optional:25")
+    starttls_cipher = host.run("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA -connect parameters-optional:25")
     assert starttls_cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA" in starttls_cipher.stdout
     # Test ciphers for submission port (at least one weak cipher was configured).
-    starttls_cipher = Command("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:587")
+    starttls_cipher = host.run("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:587")
     assert starttls_cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA256" in starttls_cipher.stdout
-    starttls_cipher = Command("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA -connect parameters-optional:587")
+    starttls_cipher = host.run("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA -connect parameters-optional:587")
     assert starttls_cipher.rc == 0
     assert "ECDHE-RSA-AES128-SHA" in starttls_cipher.stdout
-def test_sieve_tls_configuration(Command):
+def test_sieve_tls_configuration(host):
     """
     Tests TLS configuration for SIEVE in Dovecot
     """

0 comments (0 inline, 0 general)