Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame] | 1 | --- |
| 2 | # nginx molecule/default/verify.yml |
| 3 | # |
| 4 | # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org> |
| 5 | # SPDX-License-Identifier: Apache-2.0 |
| 6 | |
| 7 | - name: Verify |
| 8 | hosts: all |
| 9 | vars: |
| 10 | nginx_static_dir: "/srv/sites" |
| 11 | tasks: |
| 12 | |
| 13 | # Static site tests |
| 14 | - name: Create a test file to be served for the static site |
| 15 | lineinfile: |
| 16 | path: "{{ nginx_static_dir }}/static.example.com/index.html" |
| 17 | line: "This file is served from static.example.com" |
| 18 | mode: 0644 |
| 19 | create: true |
| 20 | |
| 21 | - name: Test that static site is being served with index.yaml |
| 22 | uri: |
| 23 | url: http://127.0.0.1/ |
| 24 | headers: |
| 25 | Host: "static.example.com" |
| 26 | status_code: 200 |
| 27 | return_content: true |
| 28 | register: webpage |
| 29 | failed_when: "'This file is served from static.example.com' not in webpage.content" |
| 30 | |
Zack Williams | ed7880c | 2020-10-09 10:55:10 -0700 | [diff] [blame] | 31 | - name: Test that bad user agents are blocked with 403 |
| 32 | uri: |
| 33 | url: http://127.0.0.1/ |
| 34 | headers: |
| 35 | Host: "static.example.com" |
| 36 | User-Agent: "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)" |
| 37 | status_code: 403 |
| 38 | |
Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame] | 39 | - name: Test that the static site is the default site |
| 40 | uri: |
| 41 | url: http://127.0.0.1/ |
| 42 | status_code: 200 |
| 43 | return_content: true |
| 44 | register: webpage |
| 45 | failed_when: "'This file is served from static.example.com' not in webpage.content" |
| 46 | |
| 47 | - name: Delete static site test file |
| 48 | file: |
| 49 | path: "{{ nginx_static_dir }}/static.example.com/index.html" |
| 50 | mode: 0644 |
| 51 | state: absent |
| 52 | |
| 53 | - name: Verify that 403 is returned when no index.html file exists and autoindex is off |
| 54 | uri: |
| 55 | url: http://127.0.0.1/ |
| 56 | headers: |
| 57 | Host: "static.example.com" |
| 58 | status_code: 403 |
| 59 | |
| 60 | - name: See if extra_config (teapot with code 418 at /teapot) is working |
| 61 | uri: |
| 62 | url: http://127.0.0.1/teapot |
| 63 | headers: |
| 64 | Host: "static.example.com" |
| 65 | status_code: 418 |
| 66 | |
| 67 | - name: Create a yaml file to check that MIME config is working |
| 68 | copy: |
| 69 | dest: "{{ nginx_static_dir }}/static.example.com/example.yaml" |
| 70 | mode: 0644 |
| 71 | content: | |
| 72 | --- |
| 73 | # example YAML file |
| 74 | |
| 75 | - name: Retrieve YAML file |
| 76 | uri: |
| 77 | url: http://127.0.0.1/example.yaml |
| 78 | headers: |
| 79 | Host: "static.example.com" |
| 80 | status_code: 200 |
| 81 | return_content: true |
| 82 | register: webpagey |
| 83 | |
| 84 | - name: Assert that yaml file uses text/yaml MIME type |
| 85 | assert: |
| 86 | that: |
| 87 | - webpagey['content_type'] == 'text/yaml' |
| 88 | |
| 89 | - name: Delete yaml test file |
| 90 | file: |
| 91 | path: "{{ nginx_static_dir }}/static.example.com/example.yaml" |
| 92 | state: absent |
| 93 | |
| 94 | # Test nginx autoindex |
| 95 | - name: Create a test dir to be served for the autoindex site |
| 96 | file: |
| 97 | path: "{{ nginx_static_dir }}/autoindex.example.com/autoindex_example_dir" |
| 98 | mode: 0755 |
| 99 | state: directory |
| 100 | |
| 101 | - name: Test that autoindex is created and lists directory |
| 102 | uri: |
| 103 | url: http://127.0.0.1/ |
| 104 | headers: |
| 105 | Host: "autoindex.example.com" |
| 106 | status_code: 200 |
| 107 | return_content: true |
| 108 | register: webpageai |
| 109 | failed_when: "'autoindex_example_dir' not in webpageai.content" |
| 110 | |
| 111 | - name: Delete test dir for autoindex site |
| 112 | file: |
| 113 | path: "{{ nginx_static_dir }}/autoindex.example.com/autoindex_example_dir" |
| 114 | state: absent |
| 115 | |
| 116 | # HTTP Basic Authentication tests |
| 117 | - name: Create a test file to be served for the authenticated site |
| 118 | lineinfile: |
| 119 | path: "{{ nginx_static_dir }}/authenticated.example.com/index.html" |
| 120 | line: "This file is served from authenticated.example.com" |
| 121 | mode: 0644 |
| 122 | create: true |
| 123 | |
| 124 | - name: Test that the authenticated file can't be accessed without authentication |
| 125 | uri: |
| 126 | url: http://127.0.0.1/ |
| 127 | headers: |
| 128 | Host: "authenticated.example.com" |
| 129 | status_code: 401 |
| 130 | |
| 131 | - name: Test that the authenticated file can be accessed by authorized user |
| 132 | uri: |
| 133 | url: http://127.0.0.1/ |
| 134 | url_username: "ghopper" |
| 135 | url_password: "verysecurepassword" |
| 136 | headers: |
| 137 | Host: "authenticated.example.com" |
| 138 | status_code: 200 |
| 139 | return_content: true |
| 140 | register: webpage |
| 141 | failed_when: "'authenticated.example.com' not in webpage.content" |
| 142 | |
| 143 | - name: Test that the authenticated file can't be accessed by unauthorized user |
| 144 | uri: |
| 145 | url: http://127.0.0.1/ |
| 146 | url_username: "aturing" |
| 147 | url_password: "yetanotherpw" |
| 148 | headers: |
| 149 | Host: "authenticated.example.com" |
| 150 | status_code: 401 |
| 151 | |
| 152 | - name: Delete authenticated site test file |
| 153 | file: |
| 154 | path: "{{ nginx_static_dir }}/authenticated.example.com/index.html" |
| 155 | state: absent |
| 156 | |
| 157 | # Proxy tests |
| 158 | - name: Verify that when proxy isn't running, NGINX returns a 502 "Bad Gateway" error |
| 159 | uri: |
| 160 | url: http://127.0.0.1/ |
| 161 | headers: |
| 162 | Host: "proxy.example.com" |
| 163 | status_code: 502 |
| 164 | |
| 165 | - name: Create a test file to be served by the proxy |
| 166 | lineinfile: |
| 167 | path: "/tmp/index.html" |
| 168 | line: "This file is served from proxy.example.com" |
| 169 | mode: 0644 |
| 170 | create: true |
| 171 | |
Zack Williams | d3a69fd | 2022-05-15 11:52:40 -0700 | [diff] [blame^] | 172 | - name: Run a python http.server as proxy target for 30 seconds in the background |
| 173 | become: true |
Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame] | 174 | shell: >- |
Zack Williams | d3a69fd | 2022-05-15 11:52:40 -0700 | [diff] [blame^] | 175 | ( cd /tmp; |
| 176 | python3 -m http.server -b 127.0.0.1 8000 2> /tmp/pyhttp.log & PY_PID=$!; |
Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame] | 177 | echo "server running: $PY_PID"; |
Zack Williams | d3a69fd | 2022-05-15 11:52:40 -0700 | [diff] [blame^] | 178 | sleep 30; |
Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame] | 179 | kill $PY_PID) & |
| 180 | tags: |
| 181 | - skip_ansible_lint |
| 182 | |
Zack Williams | d3a69fd | 2022-05-15 11:52:40 -0700 | [diff] [blame^] | 183 | - name: Wait 10 seconds for Python http.server to start |
Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame] | 184 | pause: |
| 185 | seconds: 10 |
| 186 | |
| 187 | - name: Test that the proxy site is being served |
| 188 | uri: |
Zack Williams | d3a69fd | 2022-05-15 11:52:40 -0700 | [diff] [blame^] | 189 | url: http://127.0.0.1/index.html |
Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame] | 190 | headers: |
| 191 | Host: "proxy.example.com" |
| 192 | status_code: 200 |
| 193 | return_content: true |
| 194 | register: webpage |
| 195 | failed_when: "'proxy.example.com' not in webpage.content" |
| 196 | |
Zack Williams | d3a69fd | 2022-05-15 11:52:40 -0700 | [diff] [blame^] | 197 | - name: Clean up proxy site testing files |
| 198 | become: true |
Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame] | 199 | file: |
Zack Williams | d3a69fd | 2022-05-15 11:52:40 -0700 | [diff] [blame^] | 200 | path: "/tmp/{{ item }}" |
Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame] | 201 | state: absent |
Zack Williams | d3a69fd | 2022-05-15 11:52:40 -0700 | [diff] [blame^] | 202 | with_items: |
| 203 | - "index.html" |
| 204 | - "pyhttp.log" |
Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame] | 205 | |
| 206 | # Redirect tests |
| 207 | - name: Check that 301 redirect is being served |
| 208 | uri: |
| 209 | url: http://127.0.0.1 |
| 210 | headers: |
| 211 | Host: "redirect.example.com" |
| 212 | follow_redirects: "none" |
| 213 | status_code: 301 |
| 214 | return_content: true |
| 215 | register: webpage |
| 216 | failed_when: "webpage.location != 'https://destination.example.com'" |