-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathtest_infrastructure.py
More file actions
102 lines (74 loc) · 2.45 KB
/
Copy pathtest_infrastructure.py
File metadata and controls
102 lines (74 loc) · 2.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
"""
Infrastructure Functionality
============================
"""
import pytest
import time
@pytest.mark.parametrize('ip_version', [4, 6])
def test_outgoing_smtp_block_ip(server, ip_version):
""" All outbound SMTP (Port 25) traffic is blocked by default.
Port 25 outbound is blocked for all IPv4 and IPv6 addresses,
but can be enabled for upon request.
"""
# Get the source IP addresses
ip = server.ip('public', ip_version)
server.run('sudo apt update')
server.run('sudo apt install netcat-openbsd -y')
# Allow up to 1 minute until we expect connections to be blocked
until = time.monotonic() + 60
while time.monotonic() < until:
connect_result = server.run(
f'nc -vz -{ip_version} -w 5 -s {ip} mail.cloudscale.ch 25'
)
if connect_result.rc == 1:
break
time.sleep(1)
assert 'Connection refused' in connect_result.stderr \
or 'timed out' in connect_result.stderr
@pytest.mark.parametrize(
"floating_type, ip_version",
[
("floating_ipv4", "4"),
("floating_ipv6", "6"),
("floating_network", "6"),
],
)
def test_outgoing_smtp_block_floating_ip(
server,
floating_type,
ip_version,
floating_ipv4,
floating_ipv6,
floating_network
):
""" All outbound SMTP (Port 25) traffic is blocked by default.
Port 25 outbound is blocked for all Floating IPv4 and IPv6
addresses and networks, but can be enabled for certain customers
upon request.
"""
# Get the IP
floating_map = {
"floating_ipv4": floating_ipv4,
"floating_ipv6": floating_ipv6,
"floating_network": floating_network.network[1],
}
ip = floating_map[floating_type]
# Assign and configure the Floating IP to the server
if floating_type == "floating_network":
floating_network.assign(server)
else:
ip.assign(server)
server.configure_floating_ip(ip)
server.run('sudo apt update')
server.run('sudo apt install netcat-openbsd -y')
# Allow up to 1 minute until we expect connections to be blocked
until = time.monotonic() + 60
while time.monotonic() < until:
connect_result = server.run(
f'nc -vz -{ip_version} -w 5 -s {ip} mail.cloudscale.ch 25'
)
if connect_result.rc == 1:
break
time.sleep(1)
assert 'Connection refused' in connect_result.stderr \
or 'timed out' in connect_result.stderr