Files
@ c2f446ec7e2a
Branch filter:
Location: majic-ansible-roles/roles/bootstrap/molecule/default/tests/test_default.py - annotation
c2f446ec7e2a
1.3 KiB
text/x-python
MAR-158: Update default TLS ciphers configuration in the mail_server role:
- Updated the default value for parameter mail_server_tls_ciphers.
- Updated tests, making them explicitly test for enabled and disabled
ciphers.
- Refactored tests for TLS to use nmap ssl-enum-ciphers script for
listing available TLS versions and ciphers.
- Install nmap as part of preparation step.
- Updated role reference documentation.
- Updated the default value for parameter mail_server_tls_ciphers.
- Updated tests, making them explicitly test for enabled and disabled
ciphers.
- Refactored tests for TLS to use nmap ssl-enum-ciphers script for
listing available TLS versions and ciphers.
- Install nmap as part of preparation step.
- Updated role reference documentation.
48a901602e77 48a901602e77 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca d62b3adec462 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 3c03c2ea9d2a 0388df2571ca 3c03c2ea9d2a 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca 0388df2571ca d752715bb533 | import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*')
def test_installed_packages(host):
"""
Tests if packages have been installed.
"""
assert host.package('sudo').is_installed
def test_ansible_user(host):
"""
Tests if Ansible user and group have been set-up correctly.
"""
with host.sudo():
group = host.group('ansible')
assert group.exists
assert group.gid < 1000
user = host.user('ansible')
assert user.exists
assert user.group == 'ansible'
assert user.groups == ['ansible']
assert user.uid < 1000
assert user.shell == '/bin/bash'
assert user.password == '!'
def test_sudo_configuration(host):
"""
Tests if sudo has been configured to allow Ansible user to run any command
without password.
"""
with host.sudo():
sudo_config = host.file('/etc/sudoers.d/ansible')
assert sudo_config.is_file
assert sudo_config.user == 'root'
assert sudo_config.group == 'root'
assert sudo_config.mode == 0o640
assert sudo_config.content_string == 'ansible ALL=(ALL:ALL) NOPASSWD:ALL\n'
|