From baaf0db1e0ae20df5e0caaa95363870d046a3c12 2020-08-26 16:55:22 From: Branko Majic Date: 2020-08-26 16:55:22 Subject: [PATCH] MAR-150: Refactor the test for deployed CA certificates in common role: - Use parametrisation to reduce code duplication. --- diff --git a/roles/common/molecule/default/tests/test_parameters_optional.py b/roles/common/molecule/default/tests/test_parameters_optional.py index 968ea44cb6a67713cb512575d08bc038a86f8612..df89cf5db9fd677a1887514475a5d75af953aa5d 100644 --- a/roles/common/molecule/default/tests/test_parameters_optional.py +++ b/roles/common/molecule/default/tests/test_parameters_optional.py @@ -6,6 +6,8 @@ import paramiko import testinfra.utils.ansible_runner +import pytest + testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional') @@ -167,52 +169,34 @@ def test_authorized_keys_login(host): client.connect(remote_ip, username="user3", allow_agent=False, look_for_keys=False, key_filename='tests/data/ssh/clientkey3') -def test_ca_certificates(host): +@pytest.mark.parametrize('ca_certificate_basename', [ + 'cacert1', + 'cacert2', +]) +def test_ca_certificates(host, ca_certificate_basename): """ Tests if CA certificates have been correctly deployed to the system. """ - ca1_cert = host.file('/usr/local/share/ca-certificates/cacert1.crt') - assert ca1_cert.is_file - assert ca1_cert.user == 'root' - assert ca1_cert.group == 'root' - assert ca1_cert.mode == 0o644 - - ca1_cert_symlink = host.file('/etc/ssl/certs/cacert1.pem') - assert ca1_cert_symlink.is_symlink - assert ca1_cert_symlink.linked_to == '/usr/local/share/ca-certificates/cacert1.crt' - - ca1_cert_hash = host.run('openssl x509 -hash -noout -in %s', '/usr/local/share/ca-certificates/cacert1.crt').stdout.strip() - ca1_cert_hash_file = '/etc/ssl/certs/%s.0' % ca1_cert_hash - - ca1_cert_hash_1 = host.file(ca1_cert_hash_file) - assert ca1_cert_hash_1.is_symlink - assert ca1_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert1.crt' - - ca1_cert_hash_1 = host.file(ca1_cert_hash_file) - assert ca1_cert_hash_1.is_symlink - assert ca1_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert1.crt' - - ca2_cert = host.file('/usr/local/share/ca-certificates/cacert2.crt') - assert ca2_cert.is_file - assert ca2_cert.user == 'root' - assert ca2_cert.group == 'root' - assert ca2_cert.mode == 0o644 + ca_certificate_path = '/usr/local/share/ca-certificates/%s.crt' % ca_certificate_basename + ca_certificate_symlink_path = '/etc/ssl/certs/%s.pem' % ca_certificate_basename + ca_certificate_hash = host.run('openssl x509 -hash -noout -in %s', ca_certificate_path).stdout.strip() + ca_certificate_hash_symlink_path = '/etc/ssl/certs/%s.0' % ca_certificate_hash - ca2_cert_symlink = host.file('/etc/ssl/certs/cacert2.pem') - assert ca2_cert_symlink.is_symlink - assert ca2_cert_symlink.linked_to == '/usr/local/share/ca-certificates/cacert2.crt' + ca_certificate = host.file(ca_certificate_path) + ca_certificate_symlink = host.file(ca_certificate_symlink_path) + ca_certificate_hash_symlink = host.file(ca_certificate_hash_symlink_path) - ca2_cert_hash = host.run('openssl x509 -hash -noout -in %s', '/usr/local/share/ca-certificates/cacert2.crt').stdout.strip() - ca2_cert_hash_file = '/etc/ssl/certs/%s.0' % ca2_cert_hash + assert ca_certificate.is_file + assert ca_certificate.user == 'root' + assert ca_certificate.group == 'root' + assert ca_certificate.mode == 0o644 - ca2_cert_hash_1 = host.file(ca2_cert_hash_file) - assert ca2_cert_hash_1.is_symlink - assert ca2_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert2.crt' + assert ca_certificate_symlink.is_symlink + assert ca_certificate_symlink.linked_to == ca_certificate_path - ca2_cert_hash_1 = host.file(ca2_cert_hash_file) - assert ca2_cert_hash_1.is_symlink - assert ca2_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert2.crt' + assert ca_certificate_hash_symlink.is_symlink + assert ca_certificate_hash_symlink.linked_to == ca_certificate_path def test_ferm_base_rules(host):