def check_if_services_obey_tls(servers, port_map=CbServer.ssl_port_map):
"""
Parameters:
servers - list of servers on which to check
port_map (optional) - a dict with key as non-ssl port
and its value as tls-port. If not given, it will take the port map from
CbServer.ssl_port_map
Returns False if
a. the non-ssl port is open on any other address other than localhost
b. the tls port is not open on all (*) addresses
else True
"""
log = logger.Logger.get_logger()
for server in servers:
shell = RemoteMachineShellConnection(server)
# service should listen on non-ssl port only on localhost/no-address
for port in port_map.keys():
addresses = shell.get_port_recvq(port)
for address in addresses:
expected_address = "127.0.0.1:" + port
if address != expected_address:
log.error(
"On Server {0} Expected {1} Actual {2} !!!!!!!!!!!!!!!!"
.format(server.ip, expected_address, address))
shell.disconnect()
return False
# service should listen on tls_port(if there is one) for all outside addresses
for port in port_map.keys():
ssl_port = CbServer.ssl_port_map.get(port)
if ssl_port is None:
continue
addresses = shell.get_port_recvq(ssl_port)
for address in addresses:
expected_address = ["*:" + ssl_port, "0.0.0.0:" + ssl_port]
if address not in expected_address:
log.error(
"On Server {0} Expected {1} Actual {2} !!!!!!!!!!!!!!!!"
.format(server.ip, expected_address, address))
shell.disconnect()
return False
shell.disconnect()
return True
