Files @ 605cdbaf9717
Branch filter:

Location: majic-ansible-roles/roles/xmpp_server/molecule/default/tests/test_client.py

605cdbaf9717 3.6 KiB text/x-python Show Annotation Show as Raw Download as Raw
branko
MAR-163: Attach noqa directives to task names (if skipping is applicable on task level) for better uniformity:

- This way the indentation of comment describing the directive can
always be on the same level everywhere (irrespective of how the rest
of task arguments are listed).
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import os

import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('clients')


def test_connectivity(host):
    """
    Tests connectivity to the XMPP server (ports that should be reachable).
    """

    with host.sudo():

        for server in ["parameters-mandatory",
                       "parameters-optional"]:
            # c2s plaintext, c2s TLS, file proxy, s2s.
            for port in [5222, 5223, 5000, 5269]:

                ping = host.run('hping3 -S -p %d -c 1 %s' % (port, server))
                assert ping.rc == 0


def test_tls(host):
    """
    Tests if TLS works as expected.
    """

    send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                    "-t -u john.doe -p johnpassword -j domain1:5222 john.doe@domain1")
    assert send.rc == 0

    send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                    "-e -u john.doe -p johnpassword -j domain1:5223 john.doe@domain1")
    assert send.rc == 0

    send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                    "-t -u jane.doe -p janepassword -j domain2:5222 jane.doe@domain2")
    assert send.rc == 0

    send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                    "-e -u jane.doe -p janepassword -j domain2:5223 jane.doe@domain2")
    assert send.rc == 0


def test_authentication_requires_tls(host):
    """
    Tests if authentication must be done over TLS.
    """

    command = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                       "-u bogus -p bogus -j domain1:5222 john.doe@domain1 -d")
    assert "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>" in command.stderr

    command = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                       "-u bogus -p bogus -j domain2:5222 jane.doe@domain2 -d")
    assert "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>" in command.stderr


def test_authentication(host):
    """
    Tests if authentication works correctly.
    """

    send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                    "-t -u john.doe -p johnpassword -j domain1:5222 john.doe@domain1")
    assert send.rc == 0

    send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                    "-e -u john.doe -p johnpassword -j domain1:5223 john.doe@domain1")
    assert send.rc == 0

    send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                    "-t -u jane.doe -p janepassword -j domain2:5222 jane.doe@domain2")
    assert send.rc == 0

    send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                    "-e -u mick.doe -p mickpassword -j domain3:5223 mick.doe@domain3")
    assert send.rc == 0


def test_unauthorized_users_rejected(host):
    """
    Tests if unauthorized users (present in LDAP, but not member of correct
    group) are rejected from accessing the XMPP server.
    """

    send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt "
                    "-t -u noxmpp -p noxmpppassword -j domain1:5222 john.doe@domain1")
    assert send.rc != 0
    assert "Error 'AuthSend': error: not-authorized[?]" in send.stderr
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.