Files @ 5ea45eee5187
Branch filter:

Location: majic-ansible-roles/roles/web_server/tests/test_default.py - annotation

branko
MAR-124: Updated mail_forwarder test_tls_enforced_towards_relay_mail_server to be a bit robust against race condition.
502fdc081d35
502fdc081d35
502fdc081d35
502fdc081d35
351cd42e5f56
502fdc081d35
502fdc081d35
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
502fdc081d35
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
351cd42e5f56
import testinfra.utils.ansible_runner


testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    '.molecule/ansible_inventory').get_hosts(['parameters-mandatory', 'parameters-optional'])


def test_installed_packages(Package):
    """
    Tests if the required packages have been installed.
    """

    assert Package('nginx').is_installed
    assert Package('virtualenv').is_installed
    assert Package('virtualenvwrapper').is_installed
    assert Package('php5-fpm').is_installed


def test_nginx_user(User):
    """
    Tests if Nginx user has been set-up correctly to traverse TLS directories.
    """

    assert 'ssl-cert' in User('www-data').groups


def test_default_tls_configuration_removed(File):
    """
    Tests if TLS configuration has been removed from the main (default)
    configuration file.
    """

    assert 'ssl_protocols' not in File('/etc/nginx/nginx.conf').content


def test_nginx_configuration_verification_script(File):
    """
    Tests if script used for verifying Nginx configuration is deployed
    correctly.
    """

    script = File('/usr/local/bin/nginx_verify_site.sh')

    assert script.is_file
    assert script.user == 'root'
    assert script.group == 'root'
    assert script.mode == 0o755


def test_tls_configuration_file(File):
    """
    Tests permissions of TLS configuration file.
    """

    config = File('/etc/nginx/conf.d/tls.conf')

    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o644


def test_default_vhost_file(File):
    """
    Tests permissions of default vhost configuration file.
    """

    config = File('/etc/nginx/sites-available/default')

    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o640


def test_default_website_enabled(File):
    """
    Tests if default website has been enabled.
    """

    config = File('/etc/nginx/sites-enabled/default')

    assert config.is_symlink
    assert config.linked_to == '/etc/nginx/sites-available/default'


def test_firewall_configuration_file(File, Sudo):
    """
    Tests if firewall configuration file has been deployed correctly.
    """

    with Sudo():

        config = File('/etc/ferm/conf.d/30-web.conf')

        assert config.is_file
        assert config.user == 'root'
        assert config.group == 'root'
        assert config.mode == 0o640


def test_default_debian_index_removed(File, Sudo):
    """
    Tests if default HTML pages provided by debian are removed.
    """

    with Sudo():
        assert not File('/var/www/html').exists


def test_default_vhost_root_directory(File, Sudo):
    """
    Tests if the default vhost root directory exists.
    """

    directory = File('/var/www/default')

    assert directory.is_directory
    assert directory.user == 'root'
    assert directory.group == 'www-data'
    assert directory.mode == 0o750


def test_default_vhost_index_page_file(File, Sudo):
    """
    Tests permissions of default vhost index page.
    """

    with Sudo():

        page = File('/var/www/default/index.html')

        assert page.is_file
        assert page.user == 'root'
        assert page.group == 'www-data'
        assert page.mode == 0o640


def test_services(Service):
    """
    Tests if services are enabled at boot and running.
    """

    service = Service('nginx')
    assert service.is_enabled
    assert service.is_running

    service = Service('php5-fpm')
    assert service.is_enabled
    assert service.is_running


def test_sockets(Socket):
    """
    Tests if web server is listening on correct ports.
    """

    assert Socket("tcp://80").is_listening
    assert Socket("tcp://443").is_listening


def test_socket_directories(File, Sudo):
    """
    Tests if directories containing sockets for WSGI and PHP apps are created
    correctly.
    """

    directory = File('/run/wsgi')
    assert directory.is_directory
    assert directory.user == 'root'
    assert directory.group == 'www-data'
    assert directory.mode == 0o750

    directory = File('/run/php5-fpm')
    assert directory.is_directory
    assert directory.user == 'root'
    assert directory.group == 'www-data'
    assert directory.mode == 0o750

    config = File('/etc/tmpfiles.d/wsgi.conf')
    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o644
    assert 'd /run/wsgi/ 0750 root www-data - -' in config.content

    config = File('/etc/tmpfiles.d/php5-fpm.conf')
    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o644
    assert 'd /run/php5-fpm/ 0750 root www-data - -' in config.content


def test_php5_fpm_service_overrides(File):
    """
    Tests if overrides for php5-fpm service are deployed correctly.
    """

    directory = File('/etc/systemd/system/php5-fpm.service.d')
    assert directory.is_directory
    assert directory.user == 'root'
    assert directory.group == 'root'
    assert directory.mode == 0o755

    config = File('/etc/systemd/system/php5-fpm.service.d/umask.conf')
    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o644


def test_php_timezone_configuration(Command, File):
    """
    Tests if PHP timezone configuration has been set correctly.
    """

    config = File('/etc/php5/cli/conf.d/30-timezone.ini')
    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o644

    config = File('/etc/php5/fpm/conf.d/30-timezone.ini')
    assert config.is_file
    assert config.user == 'root'
    assert config.group == 'root'
    assert config.mode == 0o644

    timezone = Command("php --php-ini /etc/php5/cli/php.ini -r 'echo ini_get(\"date.timezone\");'")
    assert timezone.rc == 0
    assert timezone.stdout == "GMT+0"

    timezone = Command("php --php-ini /etc/php5/fpm/php.ini -r 'echo ini_get(\"date.timezone\");'")
    assert timezone.rc == 0
    assert timezone.stdout == "GMT+0"