Files
@ ceb51ff23ae3
Branch filter:
Location: majic-ansible-roles/roles/mail_forwarder/molecule/default/tests/test_optional.py
ceb51ff23ae3
4.3 KiB
text/x-python
MAR-132: Added support to xmpp_server role for Debian 9 (Stretch):
- Updated tests to include Debian 9 in testing. Existing private keys
are reused where possible (since most of the naming is identical
between the machines with jessie/stretch).
- Updated invocation of sendxmpp in tests as workaround for
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854210.
- Updated testing of imported keys to accomodate differences between
gpg/gpg2 (used by apt-key in Jessie/Stretch).
- Updated tests to include Debian 9 in testing. Existing private keys
are reused where possible (since most of the naming is identical
between the machines with jessie/stretch).
- Updated invocation of sendxmpp in tests as workaround for
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854210.
- Updated testing of imported keys to accomodate differences between
gpg/gpg2 (used by apt-key in Jessie/Stretch).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 | import os
import re
import time
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-optional'])
def test_smtp_relay_truststore_file(host):
"""
Tests if SMTP relay truststore has correct content.
"""
truststore = host.file('/etc/ssl/certs/smtp_relay_truststore.pem')
assert truststore.content == open("tests/data/x509/ca.cert.pem", "r").read().rstrip()
def test_smtp_mailname(host):
"""
Tests if SMTP mailname has been configured correctly.
"""
hostname = host.run('hostname').stdout
mailname = host.file('/etc/mailname')
assert mailname.content == "%s" % hostname
def test_postfix_main_cf_file_content(host):
"""
Tests if the Postfix main configuration file content is correct.
"""
hostname = host.run('hostname').stdout
config = host.file('/etc/postfix/main.cf')
config_lines = config.content.split("\n")
assert "myhostname = %s" % hostname in config_lines
assert "mydestination = %s, %s, localhost.localdomain, localhost" % (hostname, hostname) in config_lines
assert "relayhost = mail-server:27" in config_lines
assert "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128" in config_lines
assert "smtp_tls_security_level=verify" in config_lines
assert "smtp_tls_CAfile=/etc/ssl/certs/smtp_relay_truststore.pem" in config_lines
assert "smtp_host_lookup = dns, native" in config_lines
def test_local_aliases(host):
"""
Tests if local aliases are configured correctly.
"""
hostname = host.run('hostname').stdout
send = host.run('swaks --suppress-data --to root@localhost')
assert send.rc == 0
message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
# Wait for a little while for message to be processed.
time.sleep(5)
with host.sudo():
mail_log = host.file('/var/log/mail.log')
pattern1 = "%s: to=<root@%s>, orig_to=<root@localhost>.*status=sent" % (message_id, hostname)
pattern2 = "%s: to=<testuser@%s>, orig_to=<root@localhost>.*status=sent" % (message_id, hostname)
assert re.search(pattern1, mail_log.content) is not None
assert re.search(pattern2, mail_log.content) is not None
def test_relay_mail_sending(host):
"""
Tests if mails are sent correctly via relay if relay has been configured.
"""
send = host.run('swaks --suppress-data --to root@domain1 --server localhost')
assert send.rc == 0
message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
# Wait for a little while for message to be processed.
time.sleep(5)
with host.sudo():
mail_log = host.file('/var/log/mail.log')
# Pattern used to verify the mail was sent over relay on designated
# port.
pattern = r"%s: to=<root@domain1>, relay=mail-server\[[^]]*\]:27.*status=sent" % message_id
assert re.search(pattern, mail_log.content) is not None
def test_tls_enforced_towards_relay_mail_server(host):
"""
Tests if TLS verification is enfoced towards the relay mail server.
"""
with host.sudo():
# Replace the relayhost with name that is not present in relay's
# certificate.
command = host.run("sed -i -e s#relayhost\\ =\\ mail-server#relayhost\\ =\\ domain1# /etc/postfix/main.cf")
assert command.rc == 0
command = host.run("service postfix restart")
assert command.rc == 0
# Try to send out an e-mail
send = host.run('swaks --suppress-data --to root@domain1 --server localhost')
# Restore correct relay name in the configuration file.
command = host.run("sed -i -e s#relayhost\\ =\\ domain1#relayhost\\ =\\ mail-server# /etc/postfix/main.cf")
assert command.rc == 0
command = host.run("service postfix restart")
assert command.rc == 0
# Finally check the results.
assert send.rc == 0
message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
# Wait for a little while for message to be processed.
time.sleep(5)
with host.sudo():
mail_log = host.file('/var/log/mail.log')
pattern = "%s: to=<root@domain1>, relay=domain1.*status=deferred \(Server certificate not verified\)" % message_id
assert re.search(pattern, mail_log.content) is not None
|