|
|
import os
|
|
|
|
|
|
import testinfra.utils.ansible_runner
|
|
|
|
|
|
|
|
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
|
|
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*')
|
|
|
|
|
|
testinfra_hosts += testinfra.utils.ansible_runner.AnsibleRunner(
|
|
|
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('deprecated')
|
|
|
|
|
|
|
|
|
def test_supporting_packages_installed(host):
|
|
|
def test_installed_packages(host):
|
|
|
"""
|
|
|
Tests if all the necessary supporting packages have been
|
|
|
installed.
|
|
|
"""
|
|
|
|
|
|
assert host.package('python-apt').is_installed
|
|
|
assert host.package('lua-ldap').is_installed
|
|
|
assert host.package('prosody-modules').is_installed
|
|
|
assert host.package('prosody').is_installed
|
|
|
|
|
|
|
|
|
def test_prosody_user(host):
|
|
|
"""
|
|
|
Tests if Prosody user has been set-up correctly to access TLS material.
|
|
|
"""
|
|
|
|
|
|
assert 'ssl-cert' in host.user('prosody').groups
|
|
|
|
|
|
|
|
|
def test_prosody_configuration_file(host):
|
|
|
"""
|
|
|
Tests if Prosody configuration file has correct permissions.
|
|
|
"""
|
|
|
|
|
|
with host.sudo():
|
|
|
|
|
|
config = host.file('/etc/prosody/prosody.cfg.lua')
|
|
|
|
|
|
assert config.is_file
|
|
|
assert config.user == 'root'
|
|
|
assert config.group == 'prosody'
|
|
|
assert config.mode == 0o640
|
|
|
|
|
|
|
|
|
def test_services(host):
|
|
|
"""
|
|
|
Tests if services are enabled and running.
|
|
|
"""
|
|
|
|
|
|
service = host.service('prosody')
|
|
|
|
|
|
assert service.is_enabled
|
|
|
assert service.is_running
|
|
|
|
|
|
|
|
|
def test_firewall_configuration_file(host):
|
|
|
"""
|
|
|
Tests if firewall configuration file has been deployed correctly.
|
|
|
"""
|
|
|
|
|
|
with host.sudo():
|
|
|
|
|
|
config = host.file('/etc/ferm/conf.d/30-xmpp.conf')
|
|
|
|
|
|
assert config.is_file
|
|
|
assert config.user == 'root'
|
|
|
assert config.group == 'root'
|
|
|
assert config.mode == 0o640
|
|
|
|
|
|
|
|
|
def test_xmpp_server_dh_parameters_file(host):
|
|
|
"""
|
|
|
Tests if the Diffie-Hellman parameter file has been generated
|
|
|
correctly.
|
|
|
"""
|
|
|
|
|
|
fqdn = host.run('hostname -f').stdout.strip()
|
|
|
dhparam_file_path = '/etc/ssl/private/%s_xmpp.dh.pem' % fqdn
|
|
|
|
|
|
with host.sudo():
|
|
|
dhparam_file = host.file(dhparam_file_path)
|
|
|
assert dhparam_file.is_file
|
|
|
assert dhparam_file.user == 'root'
|
|
|
assert dhparam_file.group == 'prosody'
|
|
|
assert dhparam_file.mode == 0o640
|
|
|
|
|
|
dhparam_info = host.run("openssl dhparam -noout -text -in %s", dhparam_file_path)
|
|
|
|
|
|
assert "DH Parameters: (2048 bit)" in dhparam_info.stdout
|
|
|
|
|
|
|
|
|
def test_prosody_tls_files(host):
|
|
|
"""
|
|
|
Tests if Prosody TLS private key and certificage have been deployed
|
|
|
correctly.
|
|
|
"""
|
|
|
|
|
|
hostname = host.run('hostname -f').stdout.strip()
|
|
|
|
|
|
with host.sudo():
|
|
|
|
|
|
tls_file = host.file('/etc/ssl/private/%s_xmpp.key' % hostname)
|
|
|
assert tls_file.is_file
|
|
|
assert tls_file.user == 'root'
|
|
|
assert tls_file.group == 'prosody'
|
|
|
assert tls_file.mode == 0o640
|
|
|
assert tls_file.content_string == open("tests/data/x509/server/%s_xmpp.key.pem" % hostname, "r").read().rstrip()
|
|
|
|
|
|
tls_file = host.file('/etc/ssl/certs/%s_xmpp.pem' % hostname)
|
|
|
assert tls_file.is_file
|
|
|
assert tls_file.user == 'root'
|
|
|
assert tls_file.group == 'root'
|
|
|
assert tls_file.mode == 0o644
|
|
|
assert tls_file.content_string == open("tests/data/x509/server/%s_xmpp.cert.pem" % hostname, "r").read().rstrip()
|
|
|
|