Files
@ 2d7abfa9286a
Branch filter:
Location: majic-ansible-roles/roles/common/molecule/default/tests/test_parameters_mandatory.py - annotation
2d7abfa9286a
4.1 KiB
text/x-python
MAR-181: Deploy Prosody modules (in order to use the LDAP authentcation):
- Replaces the rolled-out-by-hand authentication module, making it
less dependent on upstream repository.
- Replaces the rolled-out-by-hand authentication module, making it
less dependent on upstream repository.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 | 40b5747adcb3 ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e d62b3adec462 ea69b2719d8e ea69b2719d8e 1640ad5b4cac ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e 1640ad5b4cac ea69b2719d8e ea69b2719d8e 1640ad5b4cac ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e 1640ad5b4cac ea69b2719d8e d752715bb533 d752715bb533 ea69b2719d8e ea69b2719d8e 1640ad5b4cac ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e 1640ad5b4cac 1640ad5b4cac 1640ad5b4cac ea69b2719d8e 1640ad5b4cac ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e 33f4baab1260 ea69b2719d8e ea69b2719d8e ea69b2719d8e 1640ad5b4cac ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e 1640ad5b4cac ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e 1640ad5b4cac ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e 1640ad5b4cac 1640ad5b4cac ea69b2719d8e d752715bb533 ea69b2719d8e 1640ad5b4cac ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e 1640ad5b4cac ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e 1640ad5b4cac ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e 1640ad5b4cac ea69b2719d8e ea69b2719d8e ea69b2719d8e 1640ad5b4cac ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e 3d3f7f804487 3d3f7f804487 1640ad5b4cac 3d3f7f804487 3d3f7f804487 3d3f7f804487 3d3f7f804487 3d3f7f804487 1640ad5b4cac 1640ad5b4cac d6a8b9523eb6 d6a8b9523eb6 1640ad5b4cac d6a8b9523eb6 d6a8b9523eb6 d6a8b9523eb6 d6a8b9523eb6 3a02e5b774b2 3a02e5b774b2 d6a8b9523eb6 d6a8b9523eb6 1640ad5b4cac d6a8b9523eb6 d6a8b9523eb6 d6a8b9523eb6 d6a8b9523eb6 1640ad5b4cac | import os
import socket
import paramiko
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-mandatory')
def test_apt_proxy(host):
"""
Tests if proxy configuration for apt is missing.
"""
assert not host.file('/etc/apt/apt.conf.d/00proxy').exists
def test_bash_prompt_content(host):
"""
Tests if bash prompt configuration file has not colouring and ID information
contained within.
"""
bash_prompt = host.file('/etc/profile.d/bash_prompt.sh')
assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\[\\033[0m\\]\\u@\\h:\\w\\$ \\[\\033[0m\\]'" in bash_prompt.content_string
assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\u@\\h:\\w\\$ '" in bash_prompt.content_string
def test_ssh_login_mechanisms(host):
"""
Tests available SSH login mechanisms (should be just public key).
"""
# Extract first non-IPv6 IP. Crude test, but it should work.
remote_ip = next(a for a in host.interface("eth1").addresses if ":" not in a)
sock = socket.socket()
sock.connect((remote_ip, 22))
transport = paramiko.transport.Transport(sock)
transport.connect()
try:
transport.auth_none('')
except paramiko.transport.BadAuthenticationType as err:
assert err.allowed_types == ['publickey']
def test_emacs_electric_indent_mode(host):
"""
Tests if Emacs electric indent mode has been disabled via custom
configuration file. With just mandatory options set, the file should not be
present.
"""
emacs_config = host.file('/etc/emacs/site-start.d/01disable-electric-indent-mode')
assert not emacs_config.exists
def test_ferm_base_rules(host):
"""
Test if base ferm configuration has been deployed correctly (content-wise).
"""
with host.sudo():
ferm_base = host.file('/etc/ferm/conf.d/00-base.conf')
assert "mod hashlimit hashlimit 3/second hashlimit-burst 9" in ferm_base.content_string
iptables = host.command('iptables-save')
assert iptables.rc == 0
assert "-A flood -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
"--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
assert "-A flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
"--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
ip6tables = host.command('ip6tables-save')
assert ip6tables.rc == 0
assert "-A flood -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
"--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
assert "-A flood -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
"--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in ip6tables.stdout
def test_pipreqcheck_virtualenv_user(host):
"""
Tests if user/group for running the pip requirements upgrade checks have
been created correctly.
"""
group = host.group('pipreqcheck')
assert group.exists
assert group.gid == 1001
user = host.user('pipreqcheck')
assert user.exists
assert user.home == '/var/lib/pipreqcheck'
assert user.uid == 1001
assert user.group == 'pipreqcheck'
assert user.groups == ['pipreqcheck']
def test_backup_configuration_absent(host):
"""
Tests if backup configuration is absent. This should be the case when only
mandatory parameters are provided.
"""
with host.sudo():
assert not host.file('/etc/duply/main/patterns/common').exists
def test_ntp_software_not_installed(host):
"""
Tests if NTP packages are absent.
"""
assert not host.package('ntp').is_installed
assert not host.package('ntpdate').is_installed
def test_ntp_listening_interfaces(host):
"""
Tests if NTP server is not listening.
"""
assert not host.socket('udp://:::123').is_listening
|