summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorTim Rupp <caphrim007@gmail.com>2019-06-25 06:27:32 -0700
committerMartin Krizek <martin.krizek@gmail.com>2019-06-25 15:27:32 +0200
commit48af9bdfec638962fe2a6750a2949dd4c6fe267a (patch)
treea50f948850d07ee194ae8435f6a289cf5edc976e /test
parentac101f7f339a236565a528d8e95e9d584b206d58 (diff)
downloadansible-48af9bdfec638962fe2a6750a2949dd4c6fe267a.tar.gz
Adds tls_version argument to mqtt module (#58264)
Fixes: #22034 This patch adds support for a tls_version parameter that allows the TLS version used to be configurable. By default the module will let the underlying system libraries pick the maximum supported version. This parameter is useful for servers that are unable to support newer versions of TLS
Diffstat (limited to 'test')
-rw-r--r--test/integration/targets/mqtt/aliases5
-rw-r--r--test/integration/targets/mqtt/meta/main.yml2
-rw-r--r--test/integration/targets/mqtt/tasks/main.yml4
-rw-r--r--test/integration/targets/mqtt/tasks/ubuntu.yml142
-rw-r--r--test/integration/targets/setup_mosquitto/files/mosquitto.conf35
-rw-r--r--test/integration/targets/setup_mosquitto/meta/main.yml3
-rw-r--r--test/integration/targets/setup_mosquitto/tasks/main.yml3
-rw-r--r--test/integration/targets/setup_mosquitto/tasks/ubuntu.yml24
8 files changed, 218 insertions, 0 deletions
diff --git a/test/integration/targets/mqtt/aliases b/test/integration/targets/mqtt/aliases
new file mode 100644
index 0000000000..6d6f14e59d
--- /dev/null
+++ b/test/integration/targets/mqtt/aliases
@@ -0,0 +1,5 @@
+notification/mqtt
+shippable/posix/group1
+skip/osx
+skip/freebsd
+skip/rhel
diff --git a/test/integration/targets/mqtt/meta/main.yml b/test/integration/targets/mqtt/meta/main.yml
new file mode 100644
index 0000000000..86f3d04363
--- /dev/null
+++ b/test/integration/targets/mqtt/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - setup_mosquitto
diff --git a/test/integration/targets/mqtt/tasks/main.yml b/test/integration/targets/mqtt/tasks/main.yml
new file mode 100644
index 0000000000..37442abfec
--- /dev/null
+++ b/test/integration/targets/mqtt/tasks/main.yml
@@ -0,0 +1,4 @@
+- include: ubuntu.yml
+ when:
+ - ansible_distribution == 'Ubuntu'
+ - ansible_distribution_release != 'trusty'
diff --git a/test/integration/targets/mqtt/tasks/ubuntu.yml b/test/integration/targets/mqtt/tasks/ubuntu.yml
new file mode 100644
index 0000000000..71ff3e90bc
--- /dev/null
+++ b/test/integration/targets/mqtt/tasks/ubuntu.yml
@@ -0,0 +1,142 @@
+- name: Install pip packages
+ pip:
+ name: paho-mqtt>=1.4.0
+ state: present
+
+- name: MQTT non-TLS endpoint
+ mqtt:
+ topic: /node/s/bar/blurb
+ payload: foo
+ qos: 1
+ client_id: me001
+ register: result
+
+- assert:
+ that:
+ - result is success
+
+- name: Send a test message to TLS1.1 endpoint, no client version specified
+ mqtt:
+ topic: /node/s/bar/blurb
+ payload: foo-tls
+ qos: 1
+ client_id: me001
+ ca_certs: /tls/ca_certificate.pem
+ certfile: /tls/client_certificate.pem
+ keyfile: /tls/client_key.pem
+ port: 8883
+ register: result
+
+- assert:
+ that:
+ - result is success
+
+- name: Send a test message to TLS1.2 endpoint, no client version specified
+ mqtt:
+ topic: /node/s/bar/blurb
+ payload: foo-tls
+ qos: 1
+ client_id: me001
+ ca_certs: /tls/ca_certificate.pem
+ certfile: /tls/client_certificate.pem
+ keyfile: /tls/client_key.pem
+ port: 8884
+ register: result
+
+- assert:
+ that:
+ - result is success
+
+# TODO(Uncomment when TLS1.3 is supported in moquitto and ubuntu version)
+#
+# - name: Send a test message to TLS1.3 endpoint
+# mqtt:
+# topic: /node/s/bar/blurb
+# payload: foo-tls
+# qos: 1
+# client_id: me001
+# ca_certs: /tls/ca_certificate.pem
+# certfile: /tls/client_certificate.pem
+# keyfile: /tls/client_key.pem
+# port: 8885
+# register: result
+
+#- assert:
+# that:
+# - result is success
+
+- name: Send a message, client TLS1.1, server (required) TLS1.2 - Expected failure
+ mqtt:
+ topic: /node/s/bar/blurb
+ payload: foo-tls
+ qos: 1
+ client_id: me001
+ ca_certs: /tls/ca_certificate.pem
+ certfile: /tls/client_certificate.pem
+ keyfile: /tls/client_key.pem
+ tls_version: tlsv1.1
+ port: 8884
+ register: result
+ failed_when: result is success
+
+- assert:
+ that:
+ - result is success
+
+# TODO(Uncomment when TLS1.3 is supported in moquitto and ubuntu version)
+#
+# - name: Send a message, client TLS1.1, server (required) TLS1.3 - Expected failure
+# mqtt:
+# topic: /node/s/bar/blurb
+# payload: foo-tls
+# qos: 1
+# client_id: me001
+# ca_certs: /tls/ca_certificate.pem
+# certfile: /tls/client_certificate.pem
+# keyfile: /tls/client_key.pem
+# tls_version: tlsv1.1
+# port: 8885
+# register: result
+# failed_when: result is success
+
+# - assert:
+# that:
+# - result is success
+
+- name: Send a message, client TLS1.2, server (required) TLS1.1 - Expected failure
+ mqtt:
+ topic: /node/s/bar/blurb
+ payload: foo-tls
+ qos: 1
+ client_id: me001
+ ca_certs: /tls/ca_certificate.pem
+ certfile: /tls/client_certificate.pem
+ keyfile: /tls/client_key.pem
+ tls_version: tlsv1.2
+ port: 8883
+ register: result
+ failed_when: result is success
+
+- assert:
+ that:
+ - result is success
+
+# TODO(Uncomment when TLS1.3 is supported in moquitto and ubuntu version)
+#
+# - name: Send a message, client TLS1.2, server (required) TLS1.3 - Expected failure
+# mqtt:
+# topic: /node/s/bar/blurb
+# payload: foo-tls
+# qos: 1
+# client_id: me001
+# ca_certs: /tls/ca_certificate.pem
+# certfile: /tls/client_certificate.pem
+# keyfile: /tls/client_key.pem
+# tls_version: tlsv1.2
+# port: 8885
+# register: result
+# failed_when: result is success
+
+# - assert:
+# that:
+# - result is success
diff --git a/test/integration/targets/setup_mosquitto/files/mosquitto.conf b/test/integration/targets/setup_mosquitto/files/mosquitto.conf
new file mode 100644
index 0000000000..84a80b71c3
--- /dev/null
+++ b/test/integration/targets/setup_mosquitto/files/mosquitto.conf
@@ -0,0 +1,35 @@
+# Plain MQTT protocol
+listener 1883
+
+# MQTT over TLS 1.1
+listener 8883
+tls_version tlsv1.1
+cafile /tls/ca_certificate.pem
+certfile /tls/server_certificate.pem
+keyfile /tls/server_key.pem
+
+# MQTT over TLS 1.2
+listener 8884
+tls_version tlsv1.2
+cafile /tls/ca_certificate.pem
+certfile /tls/server_certificate.pem
+keyfile /tls/server_key.pem
+
+# TODO(This does not appear to be supported on Ubuntu 18.04. Re-try on 20.04 or next LTS release)
+# MQTT over TLS 1.3
+#
+# listener 8885
+# tls_version tlsv1.3
+# cafile /tls/ca_certificate.pem
+# certfile /tls/server_certificate.pem
+# keyfile /tls/server_key.pem
+
+log_dest syslog
+
+log_type error
+log_type warning
+log_type notice
+log_type information
+log_type debug
+
+connection_messages true
diff --git a/test/integration/targets/setup_mosquitto/meta/main.yml b/test/integration/targets/setup_mosquitto/meta/main.yml
new file mode 100644
index 0000000000..af05db79d4
--- /dev/null
+++ b/test/integration/targets/setup_mosquitto/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - setup_tls
diff --git a/test/integration/targets/setup_mosquitto/tasks/main.yml b/test/integration/targets/setup_mosquitto/tasks/main.yml
new file mode 100644
index 0000000000..4f35f16f62
--- /dev/null
+++ b/test/integration/targets/setup_mosquitto/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- include: ubuntu.yml
+ when: ansible_distribution == 'Ubuntu'
diff --git a/test/integration/targets/setup_mosquitto/tasks/ubuntu.yml b/test/integration/targets/setup_mosquitto/tasks/ubuntu.yml
new file mode 100644
index 0000000000..5675cb8923
--- /dev/null
+++ b/test/integration/targets/setup_mosquitto/tasks/ubuntu.yml
@@ -0,0 +1,24 @@
+- name: Install https transport for apt
+ apt:
+ name: apt-transport-https
+ state: latest
+ force: yes
+
+- name: Install Mosquitto Server
+ apt:
+ name: mosquitto
+ state: latest
+ register: result
+ until: result is success
+ delay: 3
+ retries: 10
+
+- name: Ensure TLS config
+ copy:
+ src: mosquitto.conf
+ dest: /etc/mosquitto/mosquitto.conf
+
+- name: Start Mosquitto service
+ service:
+ name: mosquitto
+ state: restarted
View Lorry Controller Status