diff options
author | Tim Rupp <caphrim007@gmail.com> | 2019-06-25 06:27:32 -0700 |
---|---|---|
committer | Martin Krizek <martin.krizek@gmail.com> | 2019-06-25 15:27:32 +0200 |
commit | 48af9bdfec638962fe2a6750a2949dd4c6fe267a (patch) | |
tree | a50f948850d07ee194ae8435f6a289cf5edc976e /test | |
parent | ac101f7f339a236565a528d8e95e9d584b206d58 (diff) | |
download | ansible-48af9bdfec638962fe2a6750a2949dd4c6fe267a.tar.gz |
Adds tls_version argument to mqtt module (#58264)
Fixes: #22034
This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.
This parameter is useful for servers that are unable to support
newer versions of TLS
Diffstat (limited to 'test')
8 files changed, 218 insertions, 0 deletions
diff --git a/test/integration/targets/mqtt/aliases b/test/integration/targets/mqtt/aliases new file mode 100644 index 0000000000..6d6f14e59d --- /dev/null +++ b/test/integration/targets/mqtt/aliases @@ -0,0 +1,5 @@ +notification/mqtt +shippable/posix/group1 +skip/osx +skip/freebsd +skip/rhel diff --git a/test/integration/targets/mqtt/meta/main.yml b/test/integration/targets/mqtt/meta/main.yml new file mode 100644 index 0000000000..86f3d04363 --- /dev/null +++ b/test/integration/targets/mqtt/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - setup_mosquitto diff --git a/test/integration/targets/mqtt/tasks/main.yml b/test/integration/targets/mqtt/tasks/main.yml new file mode 100644 index 0000000000..37442abfec --- /dev/null +++ b/test/integration/targets/mqtt/tasks/main.yml @@ -0,0 +1,4 @@ +- include: ubuntu.yml + when: + - ansible_distribution == 'Ubuntu' + - ansible_distribution_release != 'trusty' diff --git a/test/integration/targets/mqtt/tasks/ubuntu.yml b/test/integration/targets/mqtt/tasks/ubuntu.yml new file mode 100644 index 0000000000..71ff3e90bc --- /dev/null +++ b/test/integration/targets/mqtt/tasks/ubuntu.yml @@ -0,0 +1,142 @@ +- name: Install pip packages + pip: + name: paho-mqtt>=1.4.0 + state: present + +- name: MQTT non-TLS endpoint + mqtt: + topic: /node/s/bar/blurb + payload: foo + qos: 1 + client_id: me001 + register: result + +- assert: + that: + - result is success + +- name: Send a test message to TLS1.1 endpoint, no client version specified + mqtt: + topic: /node/s/bar/blurb + payload: foo-tls + qos: 1 + client_id: me001 + ca_certs: /tls/ca_certificate.pem + certfile: /tls/client_certificate.pem + keyfile: /tls/client_key.pem + port: 8883 + register: result + +- assert: + that: + - result is success + +- name: Send a test message to TLS1.2 endpoint, no client version specified + mqtt: + topic: /node/s/bar/blurb + payload: foo-tls + qos: 1 + client_id: me001 + ca_certs: /tls/ca_certificate.pem + certfile: /tls/client_certificate.pem + keyfile: /tls/client_key.pem + port: 8884 + register: result + +- assert: + that: + - result is success + +# TODO(Uncomment when TLS1.3 is supported in moquitto and ubuntu version) +# +# - name: Send a test message to TLS1.3 endpoint +# mqtt: +# topic: /node/s/bar/blurb +# payload: foo-tls +# qos: 1 +# client_id: me001 +# ca_certs: /tls/ca_certificate.pem +# certfile: /tls/client_certificate.pem +# keyfile: /tls/client_key.pem +# port: 8885 +# register: result + +#- assert: +# that: +# - result is success + +- name: Send a message, client TLS1.1, server (required) TLS1.2 - Expected failure + mqtt: + topic: /node/s/bar/blurb + payload: foo-tls + qos: 1 + client_id: me001 + ca_certs: /tls/ca_certificate.pem + certfile: /tls/client_certificate.pem + keyfile: /tls/client_key.pem + tls_version: tlsv1.1 + port: 8884 + register: result + failed_when: result is success + +- assert: + that: + - result is success + +# TODO(Uncomment when TLS1.3 is supported in moquitto and ubuntu version) +# +# - name: Send a message, client TLS1.1, server (required) TLS1.3 - Expected failure +# mqtt: +# topic: /node/s/bar/blurb +# payload: foo-tls +# qos: 1 +# client_id: me001 +# ca_certs: /tls/ca_certificate.pem +# certfile: /tls/client_certificate.pem +# keyfile: /tls/client_key.pem +# tls_version: tlsv1.1 +# port: 8885 +# register: result +# failed_when: result is success + +# - assert: +# that: +# - result is success + +- name: Send a message, client TLS1.2, server (required) TLS1.1 - Expected failure + mqtt: + topic: /node/s/bar/blurb + payload: foo-tls + qos: 1 + client_id: me001 + ca_certs: /tls/ca_certificate.pem + certfile: /tls/client_certificate.pem + keyfile: /tls/client_key.pem + tls_version: tlsv1.2 + port: 8883 + register: result + failed_when: result is success + +- assert: + that: + - result is success + +# TODO(Uncomment when TLS1.3 is supported in moquitto and ubuntu version) +# +# - name: Send a message, client TLS1.2, server (required) TLS1.3 - Expected failure +# mqtt: +# topic: /node/s/bar/blurb +# payload: foo-tls +# qos: 1 +# client_id: me001 +# ca_certs: /tls/ca_certificate.pem +# certfile: /tls/client_certificate.pem +# keyfile: /tls/client_key.pem +# tls_version: tlsv1.2 +# port: 8885 +# register: result +# failed_when: result is success + +# - assert: +# that: +# - result is success diff --git a/test/integration/targets/setup_mosquitto/files/mosquitto.conf b/test/integration/targets/setup_mosquitto/files/mosquitto.conf new file mode 100644 index 0000000000..84a80b71c3 --- /dev/null +++ b/test/integration/targets/setup_mosquitto/files/mosquitto.conf @@ -0,0 +1,35 @@ +# Plain MQTT protocol +listener 1883 + +# MQTT over TLS 1.1 +listener 8883 +tls_version tlsv1.1 +cafile /tls/ca_certificate.pem +certfile /tls/server_certificate.pem +keyfile /tls/server_key.pem + +# MQTT over TLS 1.2 +listener 8884 +tls_version tlsv1.2 +cafile /tls/ca_certificate.pem +certfile /tls/server_certificate.pem +keyfile /tls/server_key.pem + +# TODO(This does not appear to be supported on Ubuntu 18.04. Re-try on 20.04 or next LTS release) +# MQTT over TLS 1.3 +# +# listener 8885 +# tls_version tlsv1.3 +# cafile /tls/ca_certificate.pem +# certfile /tls/server_certificate.pem +# keyfile /tls/server_key.pem + +log_dest syslog + +log_type error +log_type warning +log_type notice +log_type information +log_type debug + +connection_messages true diff --git a/test/integration/targets/setup_mosquitto/meta/main.yml b/test/integration/targets/setup_mosquitto/meta/main.yml new file mode 100644 index 0000000000..af05db79d4 --- /dev/null +++ b/test/integration/targets/setup_mosquitto/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - setup_tls diff --git a/test/integration/targets/setup_mosquitto/tasks/main.yml b/test/integration/targets/setup_mosquitto/tasks/main.yml new file mode 100644 index 0000000000..4f35f16f62 --- /dev/null +++ b/test/integration/targets/setup_mosquitto/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- include: ubuntu.yml + when: ansible_distribution == 'Ubuntu' diff --git a/test/integration/targets/setup_mosquitto/tasks/ubuntu.yml b/test/integration/targets/setup_mosquitto/tasks/ubuntu.yml new file mode 100644 index 0000000000..5675cb8923 --- /dev/null +++ b/test/integration/targets/setup_mosquitto/tasks/ubuntu.yml @@ -0,0 +1,24 @@ +- name: Install https transport for apt + apt: + name: apt-transport-https + state: latest + force: yes + +- name: Install Mosquitto Server + apt: + name: mosquitto + state: latest + register: result + until: result is success + delay: 3 + retries: 10 + +- name: Ensure TLS config + copy: + src: mosquitto.conf + dest: /etc/mosquitto/mosquitto.conf + +- name: Start Mosquitto service + service: + name: mosquitto + state: restarted |