Files @ b55cb83f8342
Branch filter:

Location: majic-ansible-roles/roles/web_server/molecule/default/tests/test_mandatory.py

b55cb83f8342 2.0 KiB text/x-python Show Annotation Show as Raw Download as Raw
branko
Noticket: Added workaround to development process for outdated Molecule version:

- Unfortunately, the Molecule version used for running tests does not
generate valid Ruby 3.x code. For now just work around the way Hash
is unpacked in function calls to optional arguments (until the test
stack gets a revamp).
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
import os

import defusedxml.ElementTree as ElementTree

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-mandatory')


def test_tls_version_and_ciphers(host):
    """
    Tests if the correct TLS version and ciphers have been enabled.
    """

    expected_tls_versions = ["TLSv1.2"]

    expected_tls_ciphers = [
        "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
    ]

    # Run the nmap scanner against the LDAP server, and fetch the
    # results.
    nmap = host.run("nmap -sV --script ssl-enum-ciphers -p 443 localhost -oX /tmp/report.xml")
    assert nmap.rc == 0
    report_content = host.file('/tmp/report.xml').content_string

    report_root = ElementTree.fromstring(report_content)

    tls_versions = []
    tls_ciphers = set()

    for child in report_root.findall("./host/ports/port/script/table"):
        tls_versions.append(child.attrib['key'])

    for child in report_root.findall(".//table[@key='ciphers']/table/elem[@key='name']"):
        tls_ciphers.add(child.text)

    tls_versions.sort()
    tls_ciphers = sorted(list(tls_ciphers))

    assert tls_versions == expected_tls_versions
    assert tls_ciphers == expected_tls_ciphers


def test_default_vhost_index_page(host):
    """
    Tests content of default vhost index page.
    """

    hostname = host.ansible.get_variables()['inventory_hostname']
    page = host.run('curl https://%s/', hostname)

    assert page.rc == 0
    assert "<title>Welcome</title>" in page.stdout
    assert "<h1>Welcome</h1>" in page.stdout
    assert "<p>You are attempting to access the web server using a wrong name or an IP address. Please check your URL.</p>" in page.stdout
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.