Blame - molecule/default/verify.yml - ansible/role/nginx

blob: 1724d6960a66ac7cd83595da72f3e9ea138634ff [file] [log] [blame]

Zack Williams	b313bae	2020-04-22 22:00:53 -0700	[diff] [blame]	1	---
				2	# nginx molecule/default/verify.yml
				3	#
				4	# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
				5	# SPDX-License-Identifier: Apache-2.0
				6
				7	- name: Verify
				8	hosts: all
				9	vars:
				10	nginx_static_dir: "/srv/sites"
				11	tasks:
				12
				13	# Static site tests
				14	- name: Create a test file to be served for the static site
				15	lineinfile:
				16	path: "{{ nginx_static_dir }}/static.example.com/index.html"
				17	line: "This file is served from static.example.com"
				18	mode: 0644
				19	create: true
				20
				21	- name: Test that static site is being served with index.yaml
				22	uri:
				23	url: http://127.0.0.1/
				24	headers:
				25	Host: "static.example.com"
				26	status_code: 200
				27	return_content: true
				28	register: webpage
				29	failed_when: "'This file is served from static.example.com' not in webpage.content"
				30
Zack Williams	ed7880c	2020-10-09 10:55:10 -0700	[diff] [blame]	31	- name: Test that bad user agents are blocked with 403
				32	uri:
				33	url: http://127.0.0.1/
				34	headers:
				35	Host: "static.example.com"
				36	User-Agent: "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
				37	status_code: 403
				38
Zack Williams	b313bae	2020-04-22 22:00:53 -0700	[diff] [blame]	39	- name: Test that the static site is the default site
				40	uri:
				41	url: http://127.0.0.1/
				42	status_code: 200
				43	return_content: true
				44	register: webpage
				45	failed_when: "'This file is served from static.example.com' not in webpage.content"
				46
				47	- name: Delete static site test file
				48	file:
				49	path: "{{ nginx_static_dir }}/static.example.com/index.html"
				50	mode: 0644
				51	state: absent
				52
				53	- name: Verify that 403 is returned when no index.html file exists and autoindex is off
				54	uri:
				55	url: http://127.0.0.1/
				56	headers:
				57	Host: "static.example.com"
				58	status_code: 403
				59
				60	- name: See if extra_config (teapot with code 418 at /teapot) is working
				61	uri:
				62	url: http://127.0.0.1/teapot
				63	headers:
				64	Host: "static.example.com"
				65	status_code: 418
				66
				67	- name: Create a yaml file to check that MIME config is working
				68	copy:
				69	dest: "{{ nginx_static_dir }}/static.example.com/example.yaml"
				70	mode: 0644
				71	content: \|
				72	---
				73	# example YAML file
				74
				75	- name: Retrieve YAML file
				76	uri:
				77	url: http://127.0.0.1/example.yaml
				78	headers:
				79	Host: "static.example.com"
				80	status_code: 200
				81	return_content: true
				82	register: webpagey
				83
				84	- name: Assert that yaml file uses text/yaml MIME type
				85	assert:
				86	that:
				87	- webpagey['content_type'] == 'text/yaml'
				88
				89	- name: Delete yaml test file
				90	file:
				91	path: "{{ nginx_static_dir }}/static.example.com/example.yaml"
				92	state: absent
				93
				94	# Test nginx autoindex
				95	- name: Create a test dir to be served for the autoindex site
				96	file:
				97	path: "{{ nginx_static_dir }}/autoindex.example.com/autoindex_example_dir"
				98	mode: 0755
				99	state: directory
				100
				101	- name: Test that autoindex is created and lists directory
				102	uri:
				103	url: http://127.0.0.1/
				104	headers:
				105	Host: "autoindex.example.com"
				106	status_code: 200
				107	return_content: true
				108	register: webpageai
				109	failed_when: "'autoindex_example_dir' not in webpageai.content"
				110
				111	- name: Delete test dir for autoindex site
				112	file:
				113	path: "{{ nginx_static_dir }}/autoindex.example.com/autoindex_example_dir"
				114	state: absent
				115
				116	# HTTP Basic Authentication tests
				117	- name: Create a test file to be served for the authenticated site
				118	lineinfile:
				119	path: "{{ nginx_static_dir }}/authenticated.example.com/index.html"
				120	line: "This file is served from authenticated.example.com"
				121	mode: 0644
				122	create: true
				123
				124	- name: Test that the authenticated file can't be accessed without authentication
				125	uri:
				126	url: http://127.0.0.1/
				127	headers:
				128	Host: "authenticated.example.com"
				129	status_code: 401
				130
				131	- name: Test that the authenticated file can be accessed by authorized user
				132	uri:
				133	url: http://127.0.0.1/
				134	url_username: "ghopper"
				135	url_password: "verysecurepassword"
				136	headers:
				137	Host: "authenticated.example.com"
				138	status_code: 200
				139	return_content: true
				140	register: webpage
				141	failed_when: "'authenticated.example.com' not in webpage.content"
				142
				143	- name: Test that the authenticated file can't be accessed by unauthorized user
				144	uri:
				145	url: http://127.0.0.1/
				146	url_username: "aturing"
				147	url_password: "yetanotherpw"
				148	headers:
				149	Host: "authenticated.example.com"
				150	status_code: 401
				151
				152	- name: Delete authenticated site test file
				153	file:
				154	path: "{{ nginx_static_dir }}/authenticated.example.com/index.html"
				155	state: absent
				156
				157	# Proxy tests
				158	- name: Verify that when proxy isn't running, NGINX returns a 502 "Bad Gateway" error
				159	uri:
				160	url: http://127.0.0.1/
				161	headers:
				162	Host: "proxy.example.com"
				163	status_code: 502
				164
				165	- name: Create a test file to be served by the proxy
				166	lineinfile:
				167	path: "/tmp/index.html"
				168	line: "This file is served from proxy.example.com"
				169	mode: 0644
				170	create: true
				171
Zack Williams	d3a69fd	2022-05-15 11:52:40 -0700	[diff] [blame^]	172	- name: Run a python http.server as proxy target for 30 seconds in the background
				173	become: true
Zack Williams	b313bae	2020-04-22 22:00:53 -0700	[diff] [blame]	174	shell: >-
Zack Williams	d3a69fd	2022-05-15 11:52:40 -0700	[diff] [blame^]	175	( cd /tmp;
				176	python3 -m http.server -b 127.0.0.1 8000 2> /tmp/pyhttp.log & PY_PID=$!;
Zack Williams	b313bae	2020-04-22 22:00:53 -0700	[diff] [blame]	177	echo "server running: $PY_PID";
Zack Williams	d3a69fd	2022-05-15 11:52:40 -0700	[diff] [blame^]	178	sleep 30;
Zack Williams	b313bae	2020-04-22 22:00:53 -0700	[diff] [blame]	179	kill $PY_PID) &
				180	tags:
				181	- skip_ansible_lint
				182
Zack Williams	d3a69fd	2022-05-15 11:52:40 -0700	[diff] [blame^]	183	- name: Wait 10 seconds for Python http.server to start
Zack Williams	b313bae	2020-04-22 22:00:53 -0700	[diff] [blame]	184	pause:
				185	seconds: 10
				186
				187	- name: Test that the proxy site is being served
				188	uri:
Zack Williams	d3a69fd	2022-05-15 11:52:40 -0700	[diff] [blame^]	189	url: http://127.0.0.1/index.html
Zack Williams	b313bae	2020-04-22 22:00:53 -0700	[diff] [blame]	190	headers:
				191	Host: "proxy.example.com"
				192	status_code: 200
				193	return_content: true
				194	register: webpage
				195	failed_when: "'proxy.example.com' not in webpage.content"
				196
Zack Williams	d3a69fd	2022-05-15 11:52:40 -0700	[diff] [blame^]	197	- name: Clean up proxy site testing files
				198	become: true
Zack Williams	b313bae	2020-04-22 22:00:53 -0700	[diff] [blame]	199	file:
Zack Williams	d3a69fd	2022-05-15 11:52:40 -0700	[diff] [blame^]	200	path: "/tmp/{{ item }}"
Zack Williams	b313bae	2020-04-22 22:00:53 -0700	[diff] [blame]	201	state: absent
Zack Williams	d3a69fd	2022-05-15 11:52:40 -0700	[diff] [blame^]	202	with_items:
				203	- "index.html"
				204	- "pyhttp.log"
Zack Williams	b313bae	2020-04-22 22:00:53 -0700	[diff] [blame]	205
				206	# Redirect tests
				207	- name: Check that 301 redirect is being served
				208	uri:
				209	url: http://127.0.0.1
				210	headers:
				211	Host: "redirect.example.com"
				212	follow_redirects: "none"
				213	status_code: 301
				214	return_content: true
				215	register: webpage
				216	failed_when: "webpage.location != 'https://destination.example.com'"