Files
@ 8d272d91d3d2
Branch filter:
Location: majic-ansible-roles/roles/database/molecule/default/tests/test_default.py - annotation
8d272d91d3d2
2.2 KiB
text/x-python
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
fdba88395073 fdba88395073 c6e7675e63f9 c6e7675e63f9 fdba88395073 c6e7675e63f9 d62b3adec462 c6e7675e63f9 c6e7675e63f9 8278ff584984 862402d2c45b 862402d2c45b 862402d2c45b c6e7675e63f9 8278ff584984 8278ff584984 862402d2c45b 862402d2c45b 18195f35a1bf 862402d2c45b 862402d2c45b 8278ff584984 862402d2c45b 862402d2c45b 862402d2c45b 862402d2c45b 8278ff584984 862402d2c45b 862402d2c45b 862402d2c45b 862402d2c45b 8278ff584984 862402d2c45b 862402d2c45b 862402d2c45b 862402d2c45b cfe67ad68fc5 cfe67ad68fc5 cfe67ad68fc5 cfe67ad68fc5 cfe67ad68fc5 cfe67ad68fc5 cfe67ad68fc5 cfe67ad68fc5 cfe67ad68fc5 cfe67ad68fc5 cfe67ad68fc5 cfe67ad68fc5 cfe67ad68fc5 cfe67ad68fc5 8278ff584984 862402d2c45b 862402d2c45b 18195f35a1bf 862402d2c45b 8278ff584984 18195f35a1bf 18195f35a1bf 18195f35a1bf cfe67ad68fc5 cfe67ad68fc5 | import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*')
def test_database_created(host):
"""
Tests if database has been created.
"""
with host.sudo():
show_databases = host.run("mysql -BNe \"show databases like 'testdb'\"")
assert show_databases.rc == 0
assert show_databases.stdout == "testdb\n"
def test_database_user_login(host):
"""
Tests database user login.
"""
login = host.run("mysql -utestdb -ptestdbpassword -BNe 'show databases'")
assert login.rc == 0
def test_database_user_permissions(host):
"""
Tests if database user has been granted correct permissions on the database.
"""
ansible_facts = host.ansible("setup")["ansible_facts"]
ansible_distribution_release = ansible_facts['ansible_distribution_release']
# Small difference in usage of backtick (`) instead of single
# quote (') when displaying grants for user.
if ansible_distribution_release == "stretch":
expected_usage = "GRANT USAGE ON *.* TO 'testdb'@'localhost' IDENTIFIED BY PASSWORD '*676852B7FAE972722AD20D6E74781D6B1A100544'"
expected_privileges = "GRANT ALL PRIVILEGES ON `testdb`.* TO 'testdb'@'localhost'"
elif ansible_distribution_release == "buster":
expected_usage = "GRANT USAGE ON *.* TO `testdb`@`localhost` IDENTIFIED BY PASSWORD '*676852B7FAE972722AD20D6E74781D6B1A100544'"
expected_privileges = "GRANT ALL PRIVILEGES ON `testdb`.* TO `testdb`@`localhost`"
else:
raise Exception("Tried running test on unsupported distribution: %s" % ansible_distribution_release)
visible_databases = host.run("mysql -utestdb -ptestdbpassword -BNe 'show databases'")
assert visible_databases.rc == 0
assert visible_databases.stdout == "information_schema\ntestdb\n"
with host.sudo():
permissions_command = host.run("mysql -BNe 'show grants for testdb@localhost'")
permissions = permissions_command.stdout.rstrip().split("\n")
assert len(permissions) == 2
assert expected_usage in permissions
assert expected_privileges in permissions
|