molecule/default/verify.yml - ansible/role/nginx - Gitiles

 ---
 # nginx molecule/default/verify.yml
 #
 # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
 # SPDX-License-Identifier: Apache-2.0

 - name: Verify
   hosts: all
   vars:
     nginx_static_dir: "/srv/sites"
   tasks:

     # Static site tests
     - name: Create a test file to be served for the static site
       lineinfile:
         path: "{{ nginx_static_dir }}/static.example.com/index.html"
         line: "This file is served from static.example.com"
         mode: 0644
         create: true

     - name: Test that static site is being served with index.yaml
       uri:
         url: http://127.0.0.1/
         headers:
           Host: "static.example.com"
         status_code: 200
         return_content: true
       register: webpage
       failed_when: "'This file is served from static.example.com' not in webpage.content"

     - name: Test that bad user agents are blocked with 403
       uri:
         url: http://127.0.0.1/
         headers:
           Host: "static.example.com"
           User-Agent: "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
         status_code: 403

     - name: Test that the static site is the default site
       uri:
         url: http://127.0.0.1/
         status_code: 200
         return_content: true
       register: webpage
       failed_when: "'This file is served from static.example.com' not in webpage.content"

     - name: Delete static site test file
       file:
         path: "{{ nginx_static_dir }}/static.example.com/index.html"
         mode: 0644
         state: absent

     - name: Verify that 403 is returned when no index.html file exists and autoindex is off
       uri:
         url: http://127.0.0.1/
         headers:
           Host: "static.example.com"
         status_code: 403

     - name: See if extra_config (teapot with code 418 at /teapot) is working
       uri:
         url: http://127.0.0.1/teapot
         headers:
           Host: "static.example.com"
         status_code: 418

     - name: Create a yaml file to check that MIME config is working
       copy:
         dest: "{{ nginx_static_dir }}/static.example.com/example.yaml"
         mode: 0644
         content: |
           ---
           # example YAML file

     - name: Retrieve YAML file
       uri:
         url: http://127.0.0.1/example.yaml
         headers:
           Host: "static.example.com"
         status_code: 200
         return_content: true
       register: webpagey

     - name: Assert that yaml file uses text/yaml MIME type
       assert:
         that:
           - webpagey['content_type'] == 'text/yaml'

     - name: Delete yaml test file
       file:
         path: "{{ nginx_static_dir }}/static.example.com/example.yaml"
         state: absent

     # Test nginx autoindex
     - name: Create a test dir to be served for the autoindex site
       file:
         path: "{{ nginx_static_dir }}/autoindex.example.com/autoindex_example_dir"
         mode: 0755
         state: directory

     - name: Test that autoindex is created and lists directory
       uri:
         url: http://127.0.0.1/
         headers:
           Host: "autoindex.example.com"
         status_code: 200
         return_content: true
       register: webpageai
       failed_when: "'autoindex_example_dir' not in webpageai.content"

     - name: Delete test dir for autoindex site
       file:
         path: "{{ nginx_static_dir }}/autoindex.example.com/autoindex_example_dir"
         state: absent

     # HTTP Basic Authentication tests
     - name: Create a test file to be served for the authenticated site
       lineinfile:
         path: "{{ nginx_static_dir }}/authenticated.example.com/index.html"
         line: "This file is served from authenticated.example.com"
         mode: 0644
         create: true

     - name: Test that the authenticated file can't be accessed without authentication
       uri:
         url: http://127.0.0.1/
         headers:
           Host: "authenticated.example.com"
         status_code: 401

     - name: Test that the authenticated file can be accessed by authorized user
       uri:
         url: http://127.0.0.1/
         url_username: "ghopper"
         url_password: "verysecurepassword"
         headers:
           Host: "authenticated.example.com"
         status_code: 200
         return_content: true
       register: webpage
       failed_when: "'authenticated.example.com' not in webpage.content"

     - name: Test that the authenticated file can't be accessed by unauthorized user
       uri:
         url: http://127.0.0.1/
         url_username: "aturing"
         url_password: "yetanotherpw"
         headers:
           Host: "authenticated.example.com"
         status_code: 401

     - name: Delete authenticated site test file
       file:
         path: "{{ nginx_static_dir }}/authenticated.example.com/index.html"
         state: absent

     # Proxy tests
     - name: Verify that when proxy isn't running, NGINX returns a 502 "Bad Gateway" error
       uri:
         url: http://127.0.0.1/
         headers:
           Host: "proxy.example.com"
         status_code: 502

     - name: Create a test file to be served by the proxy
       lineinfile:
         path: "/tmp/index.html"
         line: "This file is served from proxy.example.com"
         mode: 0644
         create: true

     - name: Run a python http.server as proxy target for 30 seconds in the background
       become: true
       shell: >-
         ( cd /tmp;
         python3 -m http.server -b 127.0.0.1 8000 2> /tmp/pyhttp.log & PY_PID=$!;
         echo "server running: $PY_PID";
         sleep 30;
         kill $PY_PID) &
       tags:
         - skip_ansible_lint

     - name: Wait 10 seconds for Python http.server to start
       pause:
         seconds: 10

     - name: Test that the proxy site is being served
       uri:
         url: http://127.0.0.1/index.html
         headers:
           Host: "proxy.example.com"
         status_code: 200
         return_content: true
       register: webpage
       failed_when: "'proxy.example.com' not in webpage.content"

     - name: Clean up proxy site testing files
       become: true
       file:
         path: "/tmp/{{ item }}"
         state: absent
       with_items:
         - "index.html"
         - "pyhttp.log"

     # Redirect tests
     - name: Check that 301 redirect is being served
       uri:
         url: http://127.0.0.1
         headers:
           Host: "redirect.example.com"
         follow_redirects: "none"
         status_code: 301
         return_content: true
       register: webpage
       failed_when: "webpage.location != 'https://destination.example.com'"
	---
	# nginx molecule/default/verify.yml
	#
	# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
	# SPDX-License-Identifier: Apache-2.0

	- name: Verify
	hosts: all
	vars:
	nginx_static_dir: "/srv/sites"
	tasks:

	# Static site tests
	- name: Create a test file to be served for the static site
	lineinfile:
	path: "{{ nginx_static_dir }}/static.example.com/index.html"
	line: "This file is served from static.example.com"
	mode: 0644
	create: true

	- name: Test that static site is being served with index.yaml
	uri:
	url: http://127.0.0.1/
	headers:
	Host: "static.example.com"
	status_code: 200
	return_content: true
	register: webpage
	failed_when: "'This file is served from static.example.com' not in webpage.content"

	- name: Test that bad user agents are blocked with 403
	uri:
	url: http://127.0.0.1/
	headers:
	Host: "static.example.com"
	User-Agent: "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
	status_code: 403

	- name: Test that the static site is the default site
	uri:
	url: http://127.0.0.1/
	status_code: 200
	return_content: true
	register: webpage
	failed_when: "'This file is served from static.example.com' not in webpage.content"

	- name: Delete static site test file
	file:
	path: "{{ nginx_static_dir }}/static.example.com/index.html"
	mode: 0644
	state: absent

	- name: Verify that 403 is returned when no index.html file exists and autoindex is off
	uri:
	url: http://127.0.0.1/
	headers:
	Host: "static.example.com"
	status_code: 403

	- name: See if extra_config (teapot with code 418 at /teapot) is working
	uri:
	url: http://127.0.0.1/teapot
	headers:
	Host: "static.example.com"
	status_code: 418

	- name: Create a yaml file to check that MIME config is working
	copy:
	dest: "{{ nginx_static_dir }}/static.example.com/example.yaml"
	mode: 0644
	content: \|
	---
	# example YAML file

	- name: Retrieve YAML file
	uri:
	url: http://127.0.0.1/example.yaml
	headers:
	Host: "static.example.com"
	status_code: 200
	return_content: true
	register: webpagey

	- name: Assert that yaml file uses text/yaml MIME type
	assert:
	that:
	- webpagey['content_type'] == 'text/yaml'

	- name: Delete yaml test file
	file:
	path: "{{ nginx_static_dir }}/static.example.com/example.yaml"
	state: absent

	# Test nginx autoindex
	- name: Create a test dir to be served for the autoindex site
	file:
	path: "{{ nginx_static_dir }}/autoindex.example.com/autoindex_example_dir"
	mode: 0755
	state: directory

	- name: Test that autoindex is created and lists directory
	uri:
	url: http://127.0.0.1/
	headers:
	Host: "autoindex.example.com"
	status_code: 200
	return_content: true
	register: webpageai
	failed_when: "'autoindex_example_dir' not in webpageai.content"

	- name: Delete test dir for autoindex site
	file:
	path: "{{ nginx_static_dir }}/autoindex.example.com/autoindex_example_dir"
	state: absent

	# HTTP Basic Authentication tests
	- name: Create a test file to be served for the authenticated site
	lineinfile:
	path: "{{ nginx_static_dir }}/authenticated.example.com/index.html"
	line: "This file is served from authenticated.example.com"
	mode: 0644
	create: true

	- name: Test that the authenticated file can't be accessed without authentication
	uri:
	url: http://127.0.0.1/
	headers:
	Host: "authenticated.example.com"
	status_code: 401

	- name: Test that the authenticated file can be accessed by authorized user
	uri:
	url: http://127.0.0.1/
	url_username: "ghopper"
	url_password: "verysecurepassword"
	headers:
	Host: "authenticated.example.com"
	status_code: 200
	return_content: true
	register: webpage
	failed_when: "'authenticated.example.com' not in webpage.content"

	- name: Test that the authenticated file can't be accessed by unauthorized user
	uri:
	url: http://127.0.0.1/
	url_username: "aturing"
	url_password: "yetanotherpw"
	headers:
	Host: "authenticated.example.com"
	status_code: 401

	- name: Delete authenticated site test file
	file:
	path: "{{ nginx_static_dir }}/authenticated.example.com/index.html"
	state: absent

	# Proxy tests
	- name: Verify that when proxy isn't running, NGINX returns a 502 "Bad Gateway" error
	uri:
	url: http://127.0.0.1/
	headers:
	Host: "proxy.example.com"
	status_code: 502

	- name: Create a test file to be served by the proxy
	lineinfile:
	path: "/tmp/index.html"
	line: "This file is served from proxy.example.com"
	mode: 0644
	create: true

	- name: Run a python http.server as proxy target for 30 seconds in the background
	become: true
	shell: >-
	( cd /tmp;
	python3 -m http.server -b 127.0.0.1 8000 2> /tmp/pyhttp.log & PY_PID=$!;
	echo "server running: $PY_PID";
	sleep 30;
	kill $PY_PID) &
	tags:
	- skip_ansible_lint

	- name: Wait 10 seconds for Python http.server to start
	pause:
	seconds: 10

	- name: Test that the proxy site is being served
	uri:
	url: http://127.0.0.1/index.html
	headers:
	Host: "proxy.example.com"
	status_code: 200
	return_content: true
	register: webpage
	failed_when: "'proxy.example.com' not in webpage.content"

	- name: Clean up proxy site testing files
	become: true
	file:
	path: "/tmp/{{ item }}"
	state: absent
	with_items:
	- "index.html"
	- "pyhttp.log"

	# Redirect tests
	- name: Check that 301 redirect is being served
	uri:
	url: http://127.0.0.1
	headers:
	Host: "redirect.example.com"
	follow_redirects: "none"
	status_code: 301
	return_content: true
	register: webpage
	failed_when: "webpage.location != 'https://destination.example.com'"