majic-ansible-roles Changeset

Changeset - fc2c40c98e0c

Parent rev.

Child rev.

[Not reviewed]

0 7 0

Branko Majic (branko) - 2 years ago 2023-12-01 15:44:45
branko@majic.rs

MAR-189: Refactored web_server tests to be less hostname-dependent:

- Use the inventory name (alongisde distribution version) in places
where it's possible and makes sense to do so.
- Rearrange the IP allocation a bit to make more sense.
- Drop architecture information from the hostnames.
- Make the connectivity test operate over a matrix of input
parameters.
- Replace singular use of wget for testing with curl.

7 files changed with 35 insertions and 37 deletions:

roles/web_server/molecule/default/group_vars/parameters-optional.yml

roles/web_server/molecule/default/molecule.yml

roles/web_server/molecule/default/prepare.yml

roles/web_server/molecule/default/tests/test_client.py

roles/web_server/molecule/default/tests/test_default.py

roles/web_server/molecule/default/tests/test_mandatory.py

roles/web_server/molecule/default/tests/test_optional.py

0 comments (0 inline, 0 general)

roles/web_server/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

 ---
 default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_https.cert.pem') }}"
 default_https_tls_key: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_https.key.pem') }}"
 web_default_title: "Optional Welcome"
-web_default_message: "Welcome to parameters-optional, default virtual host."
 web_default_message: "Welcome to default virtual host."
 web_server_tls_protocols:
   - TLSv1.1
   - TLSv1.2
 web_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:\
 DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:\
 ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:!aNULL:!MD5:!EXPORT"

roles/web_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -11,48 +11,45 @@ lint: @@
   name: yamllint
   options:
     config-file: ../../.yamllint.yml
 platforms:
   - name: client1-buster
     groups:
       - client
       - buster
   - name: client
     box: debian/contrib-buster64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
-        ip: 192.168.56.20
+        ip: 192.168.56.11
         network_name: private_network
         type: static
-  - name: parameters-mandatory-buster64
+  - name: parameters-mandatory-buster
     groups:
       - parameters-mandatory
       - buster
     box: debian/contrib-buster64
     memory: 512
     cpus: 1
     interfaces:
       - auto_config: true
-        ip: 192.168.56.30
+        ip: 192.168.56.21
         network_name: private_network
         type: static
-  - name: parameters-optional-buster64
+  - name: parameters-optional-buster
     groups:
       - parameters-optional
       - buster
     box: debian/contrib-buster64
     memory: 512
     cpus: 1
     interfaces:
       - auto_config: true
-        ip: 192.168.56.31
+        ip: 192.168.56.22
         network_name: private_network
         type: static
 provisioner:
   name: ansible
   playbooks:

roles/web_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -20,16 +20,16 @@ @@
         argv:
           - "gimmecert"
           - "server"
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
       with_items:
         - name: parameters-mandatory-buster64_https
           fqdn: parameters-mandatory
         - name: parameters-optional-buster64_https
           fqdn: parameters-optional
         - name: parameters-mandatory-buster_https
           fqdn: parameters-mandatory-buster
         - name: parameters-optional-buster_https
           fqdn: parameters-optional-buster
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
@@ @@ -56,13 +56,13 @@ @@
       apt:
         name:
           - gnutls-bin
           - nmap
         state: present
-- hosts: buster
+- hosts: all
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
@@ @@ -70,15 +70,15 @@ @@
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .168.56.20: "client1"
 .168.56.30: "parameters-mandatory"
 .168.56.31: "parameters-optional"
 .168.56.11: "client"
 .168.56.21: "parameters-mandatory-buster"
 .168.56.22: "parameters-optional-buster"
     - name: Install curl for testing redirects and webpage content
       apt:
         name: curl
         state: present

roles/web_server/molecule/default/tests/test_client.py

➞

Show inline comments

 import os
 import pytest
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('client')
 def test_connectivity(host):
 @pytest.mark.parametrize('server', testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*')
+)
 @pytest.mark.parametrize('port', [80, 443])
 def test_connectivity(host, server, port):
     """
     Tests connectivity to the web server (ports that should be reachable).
     """
     with host.sudo():
         for server in ["parameters-mandatory",
                        "parameters-optional"]:
             # HTTP, HTTPS.
             for port in [80, 443]:
                 ping = host.run('hping3 -S -p %s -c 1 %s', str(port), server)
                 assert ping.rc == 0
         ping = host.run('hping3 -S -p %s -c 1 %s', str(port), server)
         assert ping.rc == 0

roles/web_server/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -340,31 +340,29 @@ def test_certificate_validity_check_configuration(host): @@
 def test_tls_enabled(host):
     """
     Tests if TLS has been enabled.
     """
     hostname = host.run('hostname').stdout.strip()
     fqdn = hostname[:hostname.rfind('-')]
     hostname = host.ansible.get_variables()['inventory_hostname']
-    tls = host.run('wget -q -O - https://%s/', fqdn)
+    tls = host.run('curl https://%s/', hostname)
     assert tls.rc == 0
 def test_https_enforcement(host):
     """
     Tests if HTTPS is being enforced.
     """
     hostname = host.run('hostname').stdout.strip()
     fqdn = hostname[:hostname.rfind('-')]
     hostname = host.ansible.get_variables()['inventory_hostname']
-    https_enforcement = host.run('curl -I http://%s/', fqdn)
+    https_enforcement = host.run('curl -I http://%s/', hostname)
     assert https_enforcement.rc == 0
     assert 'HTTP/1.1 301 Moved Permanently' in https_enforcement.stdout
-    assert 'Location: https://%s/' % fqdn in https_enforcement.stdout
+    assert 'Location: https://%s/' % hostname in https_enforcement.stdout
-    https_enforcement = host.run('curl -I https://%s/', fqdn)
+    https_enforcement = host.run('curl -I https://%s/', hostname)
     assert https_enforcement.rc == 0
     assert 'Strict-Transport-Security: max-age=31536000; includeSubDomains' in https_enforcement.stdout

roles/web_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

@@ @@ -50,12 +50,13 @@ def test_tls_version_and_ciphers(host): @@
 def test_default_vhost_index_page(host):
     """
     Tests content of default vhost index page.
     """
     page = host.run('curl https://parameters-mandatory/')
     hostname = host.ansible.get_variables()['inventory_hostname']
     page = host.run('curl https://%s/', hostname)
     assert page.rc == 0
     assert "<title>Welcome</title>" in page.stdout
     assert "<h1>Welcome</h1>" in page.stdout
     assert "<p>You are attempting to access the web server using a wrong name or an IP address. Please check your URL.</p>" in page.stdout

roles/web_server/molecule/default/tests/test_optional.py

➞

Show inline comments

@@ @@ -53,12 +53,13 @@ def test_tls_version_and_ciphers(host): @@
 def test_default_vhost_index_page(host):
     """
     Tests content of default vhost index page.
     """
     page = host.run('curl https://parameters-optional/')
     hostname = host.ansible.get_variables()['inventory_hostname']
     page = host.run('curl https://%s/', hostname)
     assert page.rc == 0
     assert "<title>Optional Welcome</title>" in page.stdout
     assert "<h1>Optional Welcome</h1>" in page.stdout
-    assert "<p>Welcome to parameters-optional, default virtual host.</p>" in page.stdout
     assert "<p>Welcome to default virtual host.</p>" in page.stdout

0 comments (0 inline, 0 general)