From 0c2178fd95a5d8a7fe08f605aaa4d70a8243c22a 2017-06-27 11:32:53
From: Branko Majic <branko@majic.rs>
Date: 2017-06-27 11:32:53
Subject: [PATCH] MAR-25: Implemented tests for ldap_client role:

- Added Molecule configuration.
- Added test playbook.
- Fixed issue with mode not including leading zero.
- Implemented a couple of simple tests.

---

diff --git a/roles/ldap_client/molecule.yml b/roles/ldap_client/molecule.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9d6ef7630b46760ba05b39bf474403f37c15b45d
--- /dev/null
+++ b/roles/ldap_client/molecule.yml
@@ -0,0 +1,27 @@
+---
+
+dependency: {}
+
+driver:
+  name: vagrant
+
+vagrant:
+
+  platforms:
+    - name: debian-jessie64
+      box: debian/contrib-jessie64
+
+  providers:
+    - name: virtualbox
+      type: virtualbox
+      options:
+        memory: 512
+        cpus: 1
+
+  instances:
+
+    - name: parameters-mandatory
+    - name: parameters-optional
+
+verifier:
+  name: testinfra
diff --git a/roles/ldap_client/playbook.yml b/roles/ldap_client/playbook.yml
new file mode 100644
index 0000000000000000000000000000000000000000..84c38939a0224d88ee9e54a40ca991919880db32
--- /dev/null
+++ b/roles/ldap_client/playbook.yml
@@ -0,0 +1,29 @@
+---
+
+- hosts: all
+  tasks:
+
+    - name: Update all caches to avoid errors due to missing remote archives
+      apt:
+        update_cache: yes
+
+- hosts: parameters-mandatory
+  roles:
+    - ldap_client
+
+- hosts: parameters-optional
+  roles:
+    - role: ldap_client
+      ldap_client_config:
+        - comment: CA truststore
+          option: TLS_CACERT
+          value: /etc/ssl/certs/testca.cert.pem
+        - comment: Ensure TLS is enforced
+          option: TLS_REQCERT
+          value: demand
+        - comment: Default URI to connect to
+          option: URI
+          value: ldaps://ldap-server/
+        - comment: Base entry
+          option: BASE
+          value: dc=local
diff --git a/roles/ldap_client/tasks/main.yml b/roles/ldap_client/tasks/main.yml
index f4f6f5a1d3468ab0ef92169f64de5dd6933ed495..a98edf2ab6f43a12c68a3f11c6e9881b50584806 100644
--- a/roles/ldap_client/tasks/main.yml
+++ b/roles/ldap_client/tasks/main.yml
@@ -4,7 +4,7 @@
   apt: name=ldap-utils state=installed
 
 - name: Deploy LDAP client configuration file
-  template: src=ldap.conf.j2 dest=/etc/ldap/ldap.conf owner=root group=root mode=644
+  template: src=ldap.conf.j2 dest=/etc/ldap/ldap.conf owner=root group=root mode=0644
 
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
diff --git a/roles/ldap_client/tests/test_default.py b/roles/ldap_client/tests/test_default.py
new file mode 100644
index 0000000000000000000000000000000000000000..6fda904b91e7608bd21a12d52b3f46da59174ac8
--- /dev/null
+++ b/roles/ldap_client/tests/test_default.py
@@ -0,0 +1,26 @@
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    '.molecule/ansible_inventory').get_hosts('all')
+
+
+def test_installed_packages(Package):
+    """
+    Tests if correct packages are installed.
+    """
+
+    assert Package('ldap-utils').is_installed
+
+
+def test_ldap_configuration_file(File):
+    """
+    Tests if LDAP configuration files has been deployed with correct
+    permissions.
+    """
+
+    config = File('/etc/ldap/ldap.conf')
+
+    assert config.is_file
+    assert config.user == 'root'
+    assert config.group == 'root'
+    assert config.mode == 0o644
diff --git a/roles/ldap_client/tests/test_mandatory.py b/roles/ldap_client/tests/test_mandatory.py
new file mode 100644
index 0000000000000000000000000000000000000000..db66c0630512316eb16f0422f0f78a7d74d851ae
--- /dev/null
+++ b/roles/ldap_client/tests/test_mandatory.py
@@ -0,0 +1,14 @@
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    '.molecule/ansible_inventory').get_hosts('parameters-mandatory')
+
+
+def test_ldap_configuration_file_content(File):
+    """
+    Tests if LDAP configuration file has correct content
+    """
+
+    config = File('/etc/ldap/ldap.conf')
+
+    assert config.content == ""
diff --git a/roles/ldap_client/tests/test_optional.py b/roles/ldap_client/tests/test_optional.py
new file mode 100644
index 0000000000000000000000000000000000000000..b883ad8781c30f924623e50e4f32abe73ef81989
--- /dev/null
+++ b/roles/ldap_client/tests/test_optional.py
@@ -0,0 +1,23 @@
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    '.molecule/ansible_inventory').get_hosts('parameters-optional')
+
+
+def test_ldap_configuration_file_content(File):
+    """
+    Tests if LDAP configuration file has correct content
+    """
+
+    expected_content = """# CA truststore
+TLS_CACERT /etc/ssl/certs/testca.cert.pem
+# Ensure TLS is enforced
+TLS_REQCERT demand
+# Default URI to connect to
+URI ldaps://ldap-server/
+# Base entry
+BASE dc=local"""
+
+    config = File('/etc/ldap/ldap.conf')
+
+    assert config.content == expected_content