Files
@ 449e6423959c
Branch filter:
Location: majic-ansible-roles/roles/bootstrap/molecule/default/tests/test_default.py - annotation
449e6423959c
1.9 KiB
text/x-python
MAR-151: Added support for Debian 10 Buster to xmpp_server role:
- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Enable lower-level TLS protocols (1.0/1.1) in global OpenSSL
configuration file on Buster in order to be able to test the
xmpp_server_tls_protocol parameter (otherwise Prosody completely
refuses to use them even if listed in its configuration).
- Move stretch-specific tests into its own file (for backported
lua-ldap library), and run them on Debian 9 Stretch machines only.
- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Enable lower-level TLS protocols (1.0/1.1) in global OpenSSL
configuration file on Buster in order to be able to test the
xmpp_server_tls_protocol parameter (otherwise Prosody completely
refuses to use them even if listed in its configuration).
- Move stretch-specific tests into its own file (for backported
lua-ldap library), and run them on Debian 9 Stretch machines only.
48a901602e77 48a901602e77 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca d62b3adec462 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca d752715bb533 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 2c140fba79b9 | import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*')
def test_installed_packages(host):
"""
Tests if packages have been installed.
"""
assert host.package('sudo').is_installed
def test_ansible_user(host):
"""
Tests if Ansible user and group have been set-up correctly.
"""
with host.sudo():
group = host.group('ansible')
assert group.exists
assert group.gid < 1000
user = host.user('ansible')
assert user.exists
assert user.group == 'ansible'
assert user.groups == ['ansible']
assert user.uid < 1000
assert user.shell == '/bin/bash'
assert user.password == '!'
def test_sudo_configuration(host):
"""
Tests if sudo has been configured to allow Ansible user to run any command
without password.
"""
with host.sudo():
sudo_config = host.file('/etc/sudoers.d/ansible')
assert sudo_config.is_file
assert sudo_config.user == 'root'
assert sudo_config.group == 'root'
assert sudo_config.mode == 0o640
assert sudo_config.content_string == 'ansible ALL=(ALL:ALL) NOPASSWD:ALL\n'
def test_authorized_keys(host):
"""
Tests if Ansible user authorized_keys has been set-up correctly.
"""
with host.sudo():
ssh_key = open('tests/data/ansible_key.pub', 'r').read().strip()
authorized_keys = host.file('/home/ansible/.ssh/authorized_keys')
assert authorized_keys.is_file
assert ssh_key in authorized_keys.content_string
def test_root_authorized_keys(host):
"""
Tests if Ansible key been removed from root's authorized keys.
"""
with host.sudo():
ssh_key = open('tests/data/ansible_key.pub', 'r').read().strip()
assert ssh_key not in host.file('/root/.ssh/authorized_keys').content_string
|