Files
@ 770551dc8c6f
Branch filter:
Location: majic-ansible-roles/roles/bootstrap/molecule/default/tests/test_default.py - annotation
770551dc8c6f
1.3 KiB
text/x-python
MAR-148: Improve the SSH connectivity tests in backup_server role to be more reliable:
- Introduce a session-level fixture for setting permissions for client
SSH private keys (fixes errors related to SSH requesting tighter
permissions).
- Add assertions for the tests that verify the backup clients cannot
connect to the regular SSH server in case the SSH private keys do
not have correct permissions (just in case).
- Introduce a session-level fixture for setting permissions for client
SSH private keys (fixes errors related to SSH requesting tighter
permissions).
- Add assertions for the tests that verify the backup clients cannot
connect to the regular SSH server in case the SSH private keys do
not have correct permissions (just in case).
48a901602e77 48a901602e77 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca d62b3adec462 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca ea7879d95295 | import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*')
def test_installed_packages(host):
"""
Tests if packages have been installed.
"""
assert host.package('sudo').is_installed
def test_ansible_user(host):
"""
Tests if Ansible user and group have been set-up correctly.
"""
with host.sudo():
group = host.group('ansible')
assert group.exists
assert group.gid < 1000
user = host.user('ansible')
assert user.exists
assert user.group == 'ansible'
assert user.groups == ['ansible']
assert user.uid < 1000
assert user.shell == '/bin/bash'
assert user.password == '!'
def test_sudo_configuration(host):
"""
Tests if sudo has been configured to allow Ansible user to run any command
without password.
"""
with host.sudo():
sudo_config = host.file('/etc/sudoers.d/ansible')
assert sudo_config.is_file
assert sudo_config.user == 'root'
assert sudo_config.group == 'root'
assert sudo_config.mode == 0o640
assert sudo_config.content == 'ansible ALL=(ALL:ALL) NOPASSWD:ALL\n'
|