Éxecution de quelques tests ops (#3698)

* Work on ops tests * Add tests for email records * CI job: add name * Add more DKIM records
etalab · Jan 2, 2024 · 7b644bc · 7b644bc
1 parent 5e5b00a
commit 7b644bc
Show file tree

Hide file tree

Showing 2 changed files with 95 additions and 17 deletions.
diff --git a/.github/workflows/ops_tests.yml b/.github/workflows/ops_tests.yml
@@ -0,0 +1,14 @@
+name: CI ops tests
+on: push
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: Run ops tests
+    steps:
+      - uses: actions/checkout@v4
+      - uses: erlef/setup-beam@v1
+        with:
+          version-file: .tool-versions
+          version-type: strict
+      - run: elixir ops_tests/ops_tests.exs
diff --git a/ops_tests/ops_tests.exs b/ops_tests/ops_tests.exs
@@ -3,27 +3,21 @@
 ExUnit.start()
 
 Mix.install([
-  {:req, "~> 0.2.1"}
+  {:req, "~> 0.4.8"},
+  {:dns, "~> 2.4.0"}
 ])
 
 defmodule Transport.OpsTests do
-  use ExUnit.Case
+  use ExUnit.Case, async: true
 
-  def get_header!(headers, header) do
-    {_header, value} =
-      headers
-      |> Enum.find(fn {k, _} -> k == header end)
-
-    value
-  end
-
-  def assert_redirect(from: url, to: target_url) do
-    %{status: 301, headers: headers} =
-      Req.build(:get, url)
-      |> Req.run!()
-
-    assert get_header!(headers, "location") == target_url
-  end
+  # See https://developers.clever-cloud.com/doc/administrate/domain-names/#your-application-runs-in-the-europeparis-par-zone
+  @domain_name "transport.data.gouv.fr"
+  @clever_cloud_ip_addresses [
+    {46, 252, 181, 103},
+    {46, 252, 181, 104},
+    {185, 42, 117, 108},
+    {185, 42, 117, 109}
+  ]
 
   test "correct DOMAIN_NAME for prod-worker" do
     assert_redirect(
@@ -38,4 +32,74 @@ defmodule Transport.OpsTests do
       to: "https://workers.prochainement.transport.data.gouv.fr/"
     )
   end
+
+  test "redirects from www to non-www" do
+    assert_redirect(from: "https://www.#{@domain_name}", to: "https://#{@domain_name}/")
+  end
+
+  describe "Check DNS records" do
+    test "main A/CNAME records" do
+      {:ok, ips} = DNS.resolve(@domain_name, :a)
+      assert MapSet.new(ips) == MapSet.new(@clever_cloud_ip_addresses)
+
+      # CNAMEs to Clever Cloud
+      [
+        "prochainement",
+        "proxy",
+        "proxy.prochainement",
+        "validation",
+        "workers",
+        "workers.prochainement",
+        "www"
+      ]
+      |> Enum.each(fn subdomain ->
+        record = "#{subdomain}.#{@domain_name}"
+        assert {:ok, [~c"domain.par.clever-cloud.com"]} == DNS.resolve(record, :cname), "Wrong DNS record for #{record}"
+      end)
+
+      # Satellite websites
+      assert {:ok, [~c"transport-blog.netlify.app"]} == DNS.resolve("blog.#{@domain_name}", :cname)
+      assert {:ok, [~c"transport-contribuer.netlify.app"]} == DNS.resolve("contribuer.#{@domain_name}", :cname)
+      assert {:ok, [~c"hosting.gitbook.com"]} == DNS.resolve("doc.#{@domain_name}", :cname)
+      assert {:ok, [~c"stats.uptimerobot.com"]} == DNS.resolve("status.#{@domain_name}", :cname)
+    end
+
+    test "MX records" do
+      {:ok, records} = DNS.resolve(@domain_name, :mx)
+      assert MapSet.new([{10, ~c"mx1.alwaysdata.com"}, {20, ~c"mx2.alwaysdata.com"}]) == MapSet.new(records)
+      assert {:ok, [{100, ~c"mx.sendgrid.net"}]} = DNS.resolve("front-mail.#{@domain_name}", :mx)
+    end
+
+    test "SPF, DKIM and DMARC" do
+      # SPF
+      {:ok, records} = DNS.resolve(@domain_name, :txt)
+
+      assert Enum.member?(records, [
+               ~c"v=spf1 include:spf.mailjet.com include:_spf.alwaysdata.com include:_spf.scw-tem.cloud include:servers.mcsv.net -all"
+             ])
+
+      assert {:ok, [[~c"v=spf1 include:sendgrid.net ~all"]]} = DNS.resolve("front-mail.#{@domain_name}", :txt)
+
+      # DKIM
+      assert {:ok, _} = DNS.resolve("37d278a7-e548-4029-a58d-111bdcf23d46._domainkey.#{@domain_name}", :txt)
+      assert {:ok, _} = DNS.resolve("default._domainkey.#{@domain_name}", :txt)
+      assert {:ok, _} = DNS.resolve("fnt._domainkey.#{@domain_name}", :txt)
+      assert {:ok, _} = DNS.resolve("mailjet._domainkey.#{@domain_name}", :txt)
+      assert {:ok, [~c"dkim2.mcsv.net"]} == DNS.resolve("k2._domainkey.#{@domain_name}", :cname)
+      assert {:ok, [~c"dkim3.mcsv.net"]} == DNS.resolve("k3._domainkey.#{@domain_name}", :cname)
+
+      # DMARC
+      assert {:ok, [[~c"v=DMARC1;p=quarantine;"]]} == DNS.resolve("_dmarc.#{@domain_name}", :txt)
+    end
+  end
+
+  def get_header!(headers, header) do
+    {_header, [value]} = Enum.find(headers, fn {k, _} -> k == header end)
+    value
+  end
+
+  def assert_redirect(from: url, to: target_url) do
+    %Req.Response{status: 301, headers: headers} = Req.get!(url, redirect: false)
+    assert get_header!(headers, "location") == target_url
+  end
 end