Files
@ ea69b2719d8e
Branch filter:
Location: majic-ansible-roles/roles/common/tests/test_parameters_mandatory.py - annotation
ea69b2719d8e
3.6 KiB
text/x-python
MAR-22: Implemented tests for the common role:
- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid
parameters.
- Use static-hashed passwords for reproducibility during testing in test
playbook.
- Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one
of the testing instances in order to test related tasks.
- Fixed parameter for connection limitting in test playbook.
- Added explicit parameters to test playbook for pipreqcheck_gid and
pipreqcheck_uid.
- Fixed deployment of ferm configuration file ot include setting user/group and
mode.
- Added tests covering common deployment, deployment when only mandatory
parameters are provided, and deployment when optional parameters are set as
well.
- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid
parameters.
- Use static-hashed passwords for reproducibility during testing in test
playbook.
- Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one
of the testing instances in order to test related tasks.
- Fixed parameter for connection limitting in test playbook.
- Added explicit parameters to test playbook for pipreqcheck_gid and
pipreqcheck_uid.
- Fixed deployment of ferm configuration file ot include setting user/group and
mode.
- Added tests covering common deployment, deployment when only mandatory
parameters are provided, and deployment when optional parameters are set as
well.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 | ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e ea69b2719d8e | import socket
import paramiko
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
'.molecule/ansible_inventory').get_hosts('parameters-mandatory')
def test_apt_proxy(File):
"""
Tests if proxy configuration for apt is missing.
"""
assert not File('/etc/apt/apt.conf.d/00proxy').exists
def test_bash_prompt_content(File):
"""
Tests if bash prompt configuration file has not colouring and ID information
contained within.
"""
bash_prompt = File('/etc/profile.d/bash_prompt.sh')
assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\[\\033[0m\\]\\u@\\h:\\w\\$ \\[\\033[0m\\]'" in bash_prompt.content
assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\u@\\h:\\w\\$ '" in bash_prompt.content
def test_ssh_login_mechanisms():
"""
Tests available SSH login mechanisms (should be just public key).
"""
sock = socket.socket()
sock.connect(('10.31.127.3', 22))
transport = paramiko.transport.Transport(sock)
transport.connect()
try:
transport.auth_none('')
except paramiko.transport.BadAuthenticationType, err:
assert err.allowed_types == ['publickey']
def test_mariadb_mysql_config_symlink(File, Sudo):
"""
Tests if symbolic link has been set-up for mariadb_config binary to be
accessible as mysql_config as well. (should not be present with just
mandatory options set).
"""
mysql_config = File('/usr/bin/mysql_config')
assert not mysql_config.exists
def test_emacs_electric_indent_mode(File):
"""
Tests if Emacs electric indent mode has been disabled via custom
configuration file. With just mandatory options set, the file should not be
present.
"""
emacs_config = File('/etc/emacs/site-start.d/01disable-electric-indent-mode')
assert not emacs_config.exists
def test_ferm_base_rules(Command, File, Sudo):
"""
Test if base ferm configuration has been deployed correctly (content-wise).
"""
with Sudo():
ferm_base = File('/etc/ferm/conf.d/00-base.conf')
assert "mod hashlimit hashlimit 3/second hashlimit-burst 9" in ferm_base.content
iptables = Command('iptables-save')
assert iptables.rc == 0
assert "-A flood -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
"--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
assert "-A flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
"--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
ip6tables = Command('ip6tables-save')
assert ip6tables.rc == 0
assert "-A flood -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
"--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
assert "-A flood -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
"--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in ip6tables.stdout
def test_pipreqcheck_virtualenv_user(Group, User):
"""
Tests if user/group for running the pip requirements upgrade checks have
been created correctly.
"""
group = Group('pipreqcheck')
assert group.exists
assert group.gid == 1001
user = User('pipreqcheck')
assert user.exists
assert user.home == '/var/lib/pipreqcheck'
assert user.uid == 1001
assert user.group == 'pipreqcheck'
assert user.groups == ['pipreqcheck']
|