Files
@ 8d272d91d3d2
Branch filter:
Location: majic-ansible-roles/roles/backup_client/molecule/default/tests/test_parameters_optional.py - annotation
8d272d91d3d2
3.5 KiB
text/x-python
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 | 6e57b636d3a7 6e57b636d3a7 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e d62b3adec462 0b4f215b3b4e 0b4f215b3b4e 88290d45ad87 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 88290d45ad87 88290d45ad87 0b4f215b3b4e d752715bb533 0b4f215b3b4e 0b4f215b3b4e 88290d45ad87 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 88290d45ad87 88290d45ad87 0b4f215b3b4e d752715bb533 d752715bb533 d752715bb533 0b4f215b3b4e 0b4f215b3b4e 88290d45ad87 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 88290d45ad87 0b4f215b3b4e 88290d45ad87 0b4f215b3b4e d752715bb533 0b4f215b3b4e 0b4f215b3b4e 88290d45ad87 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 88290d45ad87 0b4f215b3b4e 88290d45ad87 0b4f215b3b4e d752715bb533 0b4f215b3b4e 0b4f215b3b4e 88290d45ad87 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e eeec809e0f90 eeec809e0f90 88290d45ad87 0b4f215b3b4e 88290d45ad87 0b4f215b3b4e d752715bb533 d752715bb533 eeec809e0f90 364c0adf308e d752715bb533 0b4f215b3b4e 0b4f215b3b4e 88290d45ad87 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 88290d45ad87 0b4f215b3b4e 364c0adf308e 0b4f215b3b4e 0b4f215b3b4e 364c0adf308e 0b4f215b3b4e 0b4f215b3b4e 88290d45ad87 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 88290d45ad87 364c0adf308e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 0b4f215b3b4e 364c0adf308e | import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')
def test_gnupg_private_keys_file_content(host):
"""
Tests if correct GnuPG private key used for encryption and signing has been
deployed.
"""
with host.sudo():
gnupg_private_keys = host.file('/etc/duply/main/private_keys.asc')
assert gnupg_private_keys.content_string == open('tests/data/gnupg/parameters-optional.asc', 'r').read().strip()
def test_gnupg_public_keys_file_content(host):
"""
Tests if correct additional public GnuPG keys have been deployed.
"""
with host.sudo():
gnupg_public_keys = host.file('/etc/duply/main/public_keys.asc')
assert open('tests/data/gnupg/additional_encryption_key_1.asc', 'r').read().strip() in gnupg_public_keys.content_string
assert open('tests/data/gnupg/additional_encryption_key_2.asc', 'r').read().strip() in gnupg_public_keys.content_string
assert open('tests/data/gnupg/additional_encryption_key_3.asc', 'r').read().strip() in gnupg_public_keys.content_string
def test_backup_ssh_key_file_content(host):
"""
Tests if correct key has been deployed for SSH client authentication.
"""
with host.sudo():
ssh_key = host.file('/etc/duply/main/ssh/identity')
assert ssh_key.content_string == open('tests/data/ssh/parameters-optional', 'r').read().strip()
def test_known_hosts_content(host):
"""
Tests if known hosts file has been set-up with correct content.
"""
with host.sudo():
known_hosts = host.file('/etc/duply/main/ssh/known_hosts')
assert known_hosts.content_string == open('tests/data/ssh/parameters-optional-known_hosts', 'r').read()
def test_duply_configuration_content(host):
"""
Tests if duply configuration has been set-up correctly.
"""
hostname = host.run('hostname').stdout.strip()
with host.sudo():
duply_configuration = host.file('/etc/duply/main/conf')
assert "GPG_KEYS_ENC='C4B2AE9F7A4F400A,3093C91BC3A9444B,86816FD928063B3F,8A14CD6C71223B72'" in duply_configuration.content_string
assert "GPG_KEY_SIGN='C4B2AE9F7A4F400A'" in duply_configuration.content_string
assert "TARGET='pexpect+sftp://backupuser@10.31.127.10:3333//duplicity/%s'" % hostname in duply_configuration.content_string
assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \
"-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content_string
def test_duply_gnupg_keyring_private_keys(host):
"""
Tests if private key used for encryption/signing has been correctly
imporeted into Duply GnuPG keyring.
"""
with host.sudo():
private_key_listing = host.run('gpg --homedir /etc/duply/main/gnupg --list-public-keys')
assert private_key_listing.rc == 0
assert 'C4B2AE9F7A4F400A' in private_key_listing.stdout
def test_duply_gnupg_keyring_public_keys(host):
"""
Tests if additional public keys used for encryption have been correctly
imporeted into Duply GnuPG keyring.
"""
with host.sudo():
public_key_listing = host.run('gpg --homedir /etc/duply/main/gnupg --list-public-keys')
keys = ['3093C91BC3A9444B', '86816FD928063B3F', '8A14CD6C71223B72']
assert public_key_listing.rc == 0
for key in keys:
assert key in public_key_listing.stdout
|