Files @ 776dde4d751e
Branch filter:

Location: majic-ansible-roles/roles/mail_forwarder/molecule/default/tests/test_default.py

776dde4d751e 4.0 KiB text/x-python Show Annotation Show as Raw Download as Raw
branko
MAR-192: Update compatibility-related entries for Postfix main configuration file:

- Default value for append_dot_mydomain has been "no" for a while now,
no need to set it explicitly.
- Prefer the whitelist/blacklist instead of allowlist/denylist
keywords in logs.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
import os
import re

import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*')


def test_installed_packages(host):
    """
    Tests if the necessary packages have been installed.
    """

    assert host.package('postfix').is_installed
    assert host.package('procmail').is_installed
    assert host.package('swaks').is_installed


def test_removed_packages(host):
    """
    Tests if certain packages have been removed from the system.
    """

    assert not host.package('exim4').is_installed


def test_smtp_relay_truststore_file(host):
    """
    Tests if SMTP relay truststore has correct permissions and content.
    """

    truststore = host.file('/etc/ssl/certs/smtp_relay_truststore.pem')

    assert truststore.is_file
    assert truststore.user == 'root'
    assert truststore.group == 'root'
    assert truststore.mode == 0o644
    assert truststore.content_string == open("tests/data/x509/ca/level1.cert.pem", "r").read().rstrip()


def test_smtp_mailname(host):
    """
    Tests if SMTP mailname configuration file has correct permissions.
    """

    mailname = host.file('/etc/mailname')

    assert mailname.is_file
    assert mailname.user == 'root'
    assert mailname.group == 'root'
    assert mailname.mode == 0o644


def test_postfix_main_cf_file(host):
    """
    Tests Postfix main configuration file permissions.
    """

    config = host.file('/etc/postfix/main.cf')
    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o644


def test_postfix_main_configuration_is_valid(host):
    """
    Tests if Postfix main configuration is valid and not producing any
    warnings.
    """

    postconf = host.run('/usr/sbin/postconf')

    # Clean-up the SSH warning from the beginning of stderr if
    # present.
    stderr = re.sub("^Warning: Permanently added.*?\r\n", "", postconf.stderr)

    assert postconf.rc == 0
    assert stderr == ""


def test_services(host):
    """
    Tests if all the necessary services are enabled and running.
    """

    service = host.service('postfix')
    assert service.is_running
    assert service.is_enabled


def test_firewall_configuration_file(host):
    """
    Tests if firewall configuration file has correct permissions.
    """

    with host.sudo():
        config = host.file('/etc/ferm/conf.d/20-mail.conf')
        assert config.is_file
        assert config.user == 'root'
        assert config.group == 'root'
        assert config.mode == 0o640


def test_smtp_server_dh_parameter_file(host):
    """
    Tests if the Diffie-Hellman parameter file has been generated
    correctly.
    """

    hostname = host.run('hostname').stdout.strip()
    dhparam_file_path = '/etc/ssl/private/%s_smtp.dh.pem' % hostname

    with host.sudo():
        dhparam_file = host.file(dhparam_file_path)
        assert dhparam_file.is_file
        assert dhparam_file.user == 'root'
        assert dhparam_file.group == 'root'
        assert dhparam_file.mode == 0o640

        dhparam_info = host.run("openssl dhparam -noout -text -in %s", dhparam_file_path)

        assert "DH Parameters: (2048 bit)" in dhparam_info.stdout


def test_smtp_server_uses_correct_dh_parameters(host):
    """
    Tests if the SMTP server uses the generated Diffie-Hellman parameter.
    """

    hostname = host.run('hostname').stdout.strip()

    with host.sudo():
        expected_dhparam = host.file('/etc/ssl/private/%s_smtp.dh.pem' % hostname).content_string.rstrip()

    connection = host.run("gnutls-cli --no-ca-verification --starttls-proto=smtp --port 25 "
                          "--priority 'NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA384:+DHE-RSA:+SHA384:+AEAD:+AES-256-GCM' --verbose localhost")

    output = connection.stdout
    begin_marker = "-----BEGIN DH PARAMETERS-----"
    end_marker = "-----END DH PARAMETERS-----"
    used_dhparam = output[output.find(begin_marker):output.find(end_marker) + len(end_marker)]

    assert used_dhparam == expected_dhparam
This site is powered by Kallithea 0.7.0, which is © 2010–2023 by various authors & licensed under GPLv3.