import os import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('clients') def test_connectivity(host): """ Tests connectivity to the XMPP server (ports that should be reachable). """ with host.sudo(): for server in ["parameters-mandatory", "parameters-optional"]: # c2s plaintext, c2s TLS, file proxy, s2s. for port in [5222, 5223, 5000, 5269]: ping = host.run('hping3 -S -p %s -c 1 %s', str(port), server) assert ping.rc == 0 def test_tls(host): """ Tests if TLS works as expected. """ send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt " "-t -u john.doe -p johnpassword -j domain1:5222 john.doe@domain1") assert send.rc == 0 send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt " "-e -u john.doe -p johnpassword -j domain1:5223 john.doe@domain1") assert send.rc == 0 send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt " "-t -u jane.doe -p janepassword -j domain2:5222 jane.doe@domain2") assert send.rc == 0 send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt " "-e -u jane.doe -p janepassword -j domain2:5223 jane.doe@domain2") assert send.rc == 0 def test_authentication_requires_tls(host): """ Tests if authentication must be done over TLS. """ command = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt " "-u bogus -p bogus -j domain1:5222 john.doe@domain1 -d") assert "" in command.stderr command = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt " "-u bogus -p bogus -j domain2:5222 jane.doe@domain2 -d") assert "" in command.stderr def test_authentication(host): """ Tests if authentication works correctly. """ send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt " "-t -u john.doe -p johnpassword -j domain1:5222 john.doe@domain1") assert send.rc == 0 send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt " "-e -u john.doe -p johnpassword -j domain1:5223 john.doe@domain1") assert send.rc == 0 send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt " "-t -u jane.doe -p janepassword -j domain2:5222 jane.doe@domain2") assert send.rc == 0 send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt " "-e -u mick.doe -p mickpassword -j domain3:5223 mick.doe@domain3") assert send.rc == 0 def test_unauthorized_users_rejected(host): """ Tests if unauthorized users (present in LDAP, but not member of correct group) are rejected from accessing the XMPP server. """ send = host.run("echo 'Hello' | sendxmpp --tls-ca-path /usr/local/share/ca-certificates/testca.crt " "-t -u noxmpp -p noxmpppassword -j domain1:5222 john.doe@domain1") assert send.rc != 0 assert "Error 'AuthSend': error: not-authorized[?]" in send.stderr