diff --git a/roles/mail_server/tests/test_optional.py b/roles/mail_server/tests/test_optional.py new file mode 100644 index 0000000000000000000000000000000000000000..a74b2007b7232263706c974c3a0467f55ccdd5b7 --- /dev/null +++ b/roles/mail_server/tests/test_optional.py @@ -0,0 +1,106 @@ +import re + +import testinfra.utils.ansible_runner + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + '.molecule/ansible_inventory').get_hosts('parameters-optional') + + +def test_smtp_tls_files(File, Sudo): + """ + Tests if SMTP TLS private key has been deployed correctly. + """ + + with Sudo(): + + tls_file = File('/etc/ssl/private/parameters-optional_smtp.key') + assert tls_file.is_file + assert tls_file.user == 'root' + assert tls_file.group == 'root' + assert tls_file.mode == 0o640 + assert tls_file.content == open("tests/data/x509/parameters-optional_smtp.key.pem", "r").read().rstrip() + + tls_file = File('/etc/ssl/certs/parameters-optional_smtp.pem') + assert tls_file.is_file + assert tls_file.user == 'root' + assert tls_file.group == 'root' + assert tls_file.mode == 0o644 + assert tls_file.content == open("tests/data/x509/parameters-optional_smtp.cert.pem", "r").read().rstrip() + + tls_file = File('/etc/ssl/private/parameters-optional_imap.key') + assert tls_file.is_file + assert tls_file.user == 'root' + assert tls_file.group == 'root' + assert tls_file.mode == 0o640 + assert tls_file.content == open("tests/data/x509/parameters-optional_imap.key.pem", "r").read().rstrip() + + tls_file = File('/etc/ssl/certs/parameters-optional_imap.pem') + assert tls_file.is_file + assert tls_file.user == 'root' + assert tls_file.group == 'root' + assert tls_file.mode == 0o644 + assert tls_file.content == open("tests/data/x509/parameters-optional_imap.cert.pem", "r").read().rstrip() + + +def test_certificate_validity_check_configuration(File): + """ + Tests if certificate validity check configuration file has been deployed + correctly. + """ + + config = File('/etc/check_certificate/parameters-optional_smtp.conf') + assert config.is_file + assert config.user == 'root' + assert config.group == 'root' + assert config.mode == 0o644 + assert config.content == "/etc/ssl/certs/parameters-optional_smtp.pem" + + config = File('/etc/check_certificate/parameters-optional_imap.conf') + assert config.is_file + assert config.user == 'root' + assert config.group == 'root' + assert config.mode == 0o644 + assert config.content == "/etc/ssl/certs/parameters-optional_imap.pem" + + +def test_mailname_file_content(File): + """ + Tests the system mail name file content. + """ + + mailname = File('/etc/mailname') + + assert mailname.content == "parameters-optional" + + +def test_postfix_main_cf_file_content(File): + """ + Tests if the Postfix main configuration file content is correct. + """ + + config = File('/etc/postfix/main.cf') + config_lines = config.content.split("\n") + + assert "myhostname = parameters-optional" in config_lines + assert "mydestination = parameters-optional, parameters-optional, localhost.localdomain, localhost" in config_lines + assert "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.31.127.20" in config_lines + assert "smtpd_tls_cert_file = /etc/ssl/certs/parameters-optional_smtp.pem" in config_lines + assert "smtpd_tls_key_file = /etc/ssl/private/parameters-optional_smtp.key" in config_lines + assert " reject_rbl bl.spamcop.net" in config_lines + assert " reject_rbl zen.spamhaus.org" in config_lines + + +def test_local_aliases(Command, File, Sudo): + """ + Tests if local aliases are configured correctly. + """ + + send = Command('swaks --suppress-data --to root@localhost') + assert send.rc == 0 + message_id = re.search('Ok: queued as (.*)', send.stdout).group(1) + + with Sudo(): + mail_log = File('/var/log/mail.log') + pattern = "dovecot: lda\(john.doe@domain1\): msgid=<[^.]*.%s@[^>]*>: saved mail to INBOX" % message_id + assert re.search(pattern, mail_log.content) is not None