majic-ansible-roles Changeset

Changeset - f8f4ff29c136

Parent rev.

Child rev.

[Not reviewed]

0 3 0

Branko Majic (branko) - 3 years ago 2020-11-10 22:42:00
branko@majic.rs

MAR-171: Deduplicate a couple of TLS-related tests in the xmpp_server role.

3 files changed with 65 insertions and 118 deletions:

roles/xmpp_server/molecule/default/tests/test_default.py

roles/xmpp_server/molecule/default/tests/test_mandatory.py

roles/xmpp_server/molecule/default/tests/test_optional.py

0 comments (0 inline, 0 general)

roles/xmpp_server/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -170,6 +170,71 @@ def test_prosody_tls_files(host): @@
         assert tls_file.content_string == open("tests/data/x509/server/%s_xmpp.cert.pem" % hostname, "r").read().rstrip()
 def test_certificate_validity_check_configuration(host):
     """
     Tests if certificate validity check configuration file has been deployed
     correctly.
     """
     hostname = host.run('hostname').stdout.strip()
     config = host.file('/etc/check_certificate/%s_xmpp.conf' % hostname)
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert config.content_string == "/etc/ssl/certs/%s_xmpp.pem" % hostname
 def test_xmpp_server_uses_correct_dh_parameters(host):
     """
     Tests if the HTTP server uses the generated Diffie-Hellman parameter.
     """
     fqdn = host.run('hostname -f').stdout.strip()
     # Use first defined domain for testing.
     domain = host.ansible.get_variables()['xmpp_domains'][0]
     with host.sudo():
         expected_dhparam = host.file('/etc/ssl/private/%s_xmpp.dh.pem' % fqdn).content_string.rstrip()
     connection = host.run("gnutls-cli --no-ca-verification --starttls-proto=xmpp --port 5222 "
                           "--priority 'NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA384:+DHE-RSA:+SHA384:+AEAD:+AES-256-GCM' --verbose %s", domain)
     output = connection.stdout
     begin_marker = "-----BEGIN DH PARAMETERS-----"
     end_marker = "-----END DH PARAMETERS-----"
     used_dhparam = output[output.find(begin_marker):output.find(end_marker) + len(end_marker)]
     assert used_dhparam == expected_dhparam
 def test_tls_connectivity(host):
     """
     Tests if it is possible to connect to the XMPP server using
     STARTTLS/TLS.
     """
     # Use first defined domain for testing.
     domain = host.ansible.get_variables()['xmpp_domains'][0]
     starttls = host.run('echo "test" | openssl s_client -quiet -starttls xmpp -xmpphost %s -connect localhost:5222', domain)
     assert starttls.rc == 0
     assert 'jabber:client' in starttls.stdout
     assert 'not-well-formed' in starttls.stdout
     tls = host.run('echo "test" | openssl s_client -quiet -connect %s:5223', domain)
     assert tls.rc == 0
     assert 'jabber:client' in starttls.stdout
     assert 'not-well-formed' in starttls.stdout
     s2s = host.run('echo "test" | openssl s_client -quiet -starttls xmpp-server -xmpphost %s -connect localhost:5222', domain)
     assert s2s.rc == 0
     assert 'jabber:client' in s2s.stdout
     assert 'not-well-formed' in s2s.stdout
 # @TODO: Tests which were not implemented due to lack of out-of-box tools:
+#
 # - Proxy capability.

roles/xmpp_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-mandatory')
 def test_certificate_validity_check_configuration(host):
     """
     Tests if certificate validity check configuration file has been deployed
     correctly.
     """
     hostname = host.run('hostname').stdout.strip()
     config = host.file('/etc/check_certificate/%s_xmpp.conf' % hostname)
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert config.content_string == "/etc/ssl/certs/%s_xmpp.pem" % hostname
 def test_prosody_configuration_file_content(host):
     """
     Tests if Prosody configuration file has correct content.
@@ @@ -62,49 +46,6 @@ def test_correct_prosody_package_installed(host): @@
     assert host.package('prosody-0.10').is_installed
 def test_xmpp_server_uses_correct_dh_parameters(host):
     """
     Tests if the HTTP server uses the generated Diffie-Hellman parameter.
     """
     fqdn = host.run('hostname -f').stdout.strip()
     with host.sudo():
         expected_dhparam = host.file('/etc/ssl/private/%s_xmpp.dh.pem' % fqdn).content_string.rstrip()
     connection = host.run("gnutls-cli --no-ca-verification --starttls-proto=xmpp --port 5222 "
                           "--priority 'NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA384:+DHE-RSA:+SHA384:+AEAD:+AES-256-GCM' --verbose domain1")
     output = connection.stdout
     begin_marker = "-----BEGIN DH PARAMETERS-----"
     end_marker = "-----END DH PARAMETERS-----"
     used_dhparam = output[output.find(begin_marker):output.find(end_marker) + len(end_marker)]
     assert used_dhparam == expected_dhparam
 def test_tls_connectivity(host):
     """
     Tests if it is possible to connect to the XMPP server using
     STARTTLS/TLS.
     """
     starttls = host.run('echo "test" | openssl s_client -quiet -starttls xmpp -xmpphost domain1 -connect localhost:5222')
     assert starttls.rc == 0
     assert 'jabber:client' in starttls.stdout
     assert 'not-well-formed' in starttls.stdout
     tls = host.run('echo "test" | openssl s_client -quiet -connect domain1:5223')
     assert tls.rc == 0
     assert 'jabber:client' in starttls.stdout
     assert 'not-well-formed' in starttls.stdout
     s2s = host.run('echo "test" | openssl s_client -quiet -starttls xmpp-server -xmpphost domain1 -connect localhost:5222')
     assert s2s.rc == 0
     assert 'jabber:client' in s2s.stdout
     assert 'not-well-formed' in s2s.stdout
 @pytest.mark.parametrize("port", [
 ,

roles/xmpp_server/molecule/default/tests/test_optional.py

➞

Show inline comments

     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')
 def test_certificate_validity_check_configuration(host):
     """
     Tests if certificate validity check configuration file has been deployed
     correctly.
     """
     hostname = host.run('hostname').stdout.strip()
     config = host.file('/etc/check_certificate/%s_xmpp.conf' % hostname)
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert config.content_string == "/etc/ssl/certs/%s_xmpp.pem" % hostname
 def test_prosody_configuration_file_content(host):
     """
     Tests if Prosody configuration file has correct content.
@@ @@ -68,49 +52,6 @@ def test_correct_prosody_package_installed(host): @@
     assert host.package('prosody-0.10').is_installed
 def test_xmpp_server_uses_correct_dh_parameters(host):
     """
     Tests if the HTTP server uses the generated Diffie-Hellman parameter.
     """
     fqdn = host.run('hostname -f').stdout.strip()
     with host.sudo():
         expected_dhparam = host.file('/etc/ssl/private/%s_xmpp.dh.pem' % fqdn).content_string.rstrip()
     connection = host.run("gnutls-cli --no-ca-verification --starttls-proto=xmpp --port 5222 "
                           "--priority 'NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA384:+DHE-RSA:+SHA384:+AEAD:+AES-256-GCM' --verbose domain2")
     output = connection.stdout
     begin_marker = "-----BEGIN DH PARAMETERS-----"
     end_marker = "-----END DH PARAMETERS-----"
     used_dhparam = output[output.find(begin_marker):output.find(end_marker) + len(end_marker)]
     assert used_dhparam == expected_dhparam
 def test_tls_connectivity(host):
     """
     Tests if it is possible to connect to the XMPP server using
     STARTTLS/TLS.
     """
     starttls = host.run('echo "test" | openssl s_client -quiet -starttls xmpp -xmpphost domain2 -connect localhost:5222')
     assert starttls.rc == 0
     assert 'jabber:client' in starttls.stdout
     assert 'not-well-formed' in starttls.stdout
     tls = host.run('echo "test" | openssl s_client -quiet -connect domain2:5223')
     assert tls.rc == 0
     assert 'jabber:client' in starttls.stdout
     assert 'not-well-formed' in starttls.stdout
     s2s = host.run('echo "test" | openssl s_client -quiet -starttls xmpp-server -xmpphost domain2 -connect localhost:5222')
     assert s2s.rc == 0
     assert 'jabber:client' in s2s.stdout
     assert 'not-well-formed' in s2s.stdout
 @pytest.mark.parametrize("port", [
 ,

0 comments (0 inline, 0 general)