From eb03c3b4f36717d77eff16975829120907ae354f 2020-07-26 17:12:37
From: Branko Majic <branko@majic.rs>
Date: 2020-07-26 17:12:37
Subject: [PATCH] MAR-162: Deduplicate TLS private key/certificate tests for LDAP server role:

- Rename the key/certificate files to match the Ansible inventory
  name.
- Move the tests into test_default.py.
- Change the key/certificate extensions to be more descriptie.

---

diff --git a/roles/ldap_server/molecule/default/group_vars/parameters-mandatory.yml b/roles/ldap_server/molecule/default/group_vars/parameters-mandatory.yml
index 2bfc875bdb26f3d7a7afe9cbdf943793f01bed22..71f2cb014fbd5dbf0a92b1125ab5223ad26f7d82 100644
--- a/roles/ldap_server/molecule/default/group_vars/parameters-mandatory.yml
+++ b/roles/ldap_server/molecule/default/group_vars/parameters-mandatory.yml
@@ -2,8 +2,8 @@
 
 ldap_admin_password: adminpassword
 
-ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-mandatory-stretch64.local_ldap.pem') }}"
-ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-mandatory-stretch64.local_ldap.key') }}"
+ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_ldap.cert.pem') }}"
+ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_ldap.key.pem') }}"
 
 # ldap_client
 ldap_client_config:
diff --git a/roles/ldap_server/molecule/default/group_vars/parameters-optional.yml b/roles/ldap_server/molecule/default/group_vars/parameters-optional.yml
index 0d171399ed812c9cacd6fc76795488af0623925e..4a16aba15076bdf8032397f6590e06552bfe833d 100644
--- a/roles/ldap_server/molecule/default/group_vars/parameters-optional.yml
+++ b/roles/ldap_server/molecule/default/group_vars/parameters-optional.yml
@@ -1,6 +1,10 @@
 ---
 
 ldap_admin_password: adminpassword
+
+ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_ldap.cert.pem') }}"
+ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/{{ inventory_hostname }}_ldap.key.pem') }}"
+
 ldap_entries:
   - dn: uid=john,dc=local
     attributes:
@@ -50,8 +54,6 @@ ldap_server_groups:
 ldap_server_domain: "local"
 ldap_server_organization: "Example"
 ldap_server_log_level: 0
-ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional.cert.pem') }}"
-ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional.key.pem') }}"
 ldap_server_ssf: 0
 ldap_tls_ciphers: "NONE:+VERS-TLS1.1:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:\
 +SIGN-RSA-SHA512:+DHE-RSA:+ECDHE-RSA:+SHA1:+SHA256:+SHA384:+AEAD:+AES-128-GCM:+AES-128-CBC:+AES-256-GCM:+AES-256-CBC:+CURVE-ALL"
diff --git a/roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.pem b/roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.cert.pem
similarity index 100%
rename from roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.pem
rename to roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.cert.pem
diff --git a/roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.key b/roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.key.pem
similarity index 100%
rename from roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.key
rename to roles/ldap_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64.local_ldap.key.pem
diff --git a/roles/ldap_server/molecule/default/tests/data/x509/parameters-optional.cert.pem b/roles/ldap_server/molecule/default/tests/data/x509/parameters-optional-stretch64_ldap.cert.pem
similarity index 100%
rename from roles/ldap_server/molecule/default/tests/data/x509/parameters-optional.cert.pem
rename to roles/ldap_server/molecule/default/tests/data/x509/parameters-optional-stretch64_ldap.cert.pem
diff --git a/roles/ldap_server/molecule/default/tests/data/x509/parameters-optional.key.pem b/roles/ldap_server/molecule/default/tests/data/x509/parameters-optional-stretch64_ldap.key.pem
similarity index 100%
rename from roles/ldap_server/molecule/default/tests/data/x509/parameters-optional.key.pem
rename to roles/ldap_server/molecule/default/tests/data/x509/parameters-optional-stretch64_ldap.key.pem
diff --git a/roles/ldap_server/molecule/default/tests/test_default.py b/roles/ldap_server/molecule/default/tests/test_default.py
index 4b95c6dc7ba4af12d35cc8e9e9b7fb4022d3a6f7..68a00c9031a9b0a3ff15b8d0997ca44a3b3fd78c 100644
--- a/roles/ldap_server/molecule/default/tests/test_default.py
+++ b/roles/ldap_server/molecule/default/tests/test_default.py
@@ -194,3 +194,39 @@ def test_temporary_admin_password_file_not_present(host):
 
     with host.sudo():
         assert not host.file('/root/.ldap_admin_password').exists
+
+
+def test_ldap_tls_private_key_file(host):
+    """
+    Tests if the TLS private key has been deployed correctly.
+    """
+
+    with host.sudo():
+
+        inventory_hostname = host.ansible.get_variables()['inventory_hostname']
+
+        key = host.file('/etc/ssl/private/%s_ldap.key' % inventory_hostname)
+
+        assert key.is_file
+        assert key.user == 'root'
+        assert key.group == 'openldap'
+        assert key.mode == 0o640
+        assert key.content_string == open('tests/data/x509/%s_ldap.key.pem' % inventory_hostname).read()
+
+
+def test_ldap_tls_certificate_file(host):
+    """
+    Tests if the TLS certificate has been deployed correctly.
+    """
+
+    with host.sudo():
+
+        inventory_hostname = host.ansible.get_variables()['inventory_hostname']
+
+        cert = host.file('/etc/ssl/certs/%s_ldap.pem' % inventory_hostname)
+
+        assert cert.is_file
+        assert cert.user == 'root'
+        assert cert.group == 'root'
+        assert cert.mode == 0o644
+        assert cert.content_string == open('tests/data/x509/%s_ldap.cert.pem' % inventory_hostname).read()
diff --git a/roles/ldap_server/molecule/default/tests/test_mandatory.py b/roles/ldap_server/molecule/default/tests/test_mandatory.py
index 8bfdc2abeb1277b5313c3486372905d9b934ea5d..26d6d7b0b7d9c1c68557ab1b3a2236b34793242d 100644
--- a/roles/ldap_server/molecule/default/tests/test_mandatory.py
+++ b/roles/ldap_server/molecule/default/tests/test_mandatory.py
@@ -34,42 +34,6 @@ def test_log_level(host):
         assert 'olcLogLevel: 256' in log_level.stdout
 
 
-def test_ldap_tls_private_key_file(host):
-    """
-    Tests if the TLS private key has been deployed correctly.
-    """
-
-    with host.sudo():
-
-        inventory_hostname = host.ansible.get_variables()['inventory_hostname']
-
-        key = host.file('/etc/ssl/private/%s_ldap.key' % inventory_hostname)
-
-        assert key.is_file
-        assert key.user == 'root'
-        assert key.group == 'openldap'
-        assert key.mode == 0o640
-        assert key.content_string == open('tests/data/x509/%s_ldap.key' % inventory_hostname).read()
-
-
-def test_ldap_tls_certificate_file(host):
-    """
-    Tests if the TLS certificate has been deployed correctly.
-    """
-
-    with host.sudo():
-
-        inventory_hostname = host.ansible.get_variables()['inventory_hostname']
-
-        cert = host.file('/etc/ssl/certs/%s_ldap.pem' % inventory_hostname)
-
-        assert cert.is_file
-        assert cert.user == 'root'
-        assert cert.group == 'root'
-        assert cert.mode == 0o644
-        assert cert.content_string == open('tests/data/x509/%s_ldap.pem' % inventory_hostname).read()
-
-
 def test_certificate_validity_check_configuration(host):
     """
     Tests if certificate validity check configuration file has been deployed
diff --git a/roles/ldap_server/molecule/default/tests/test_optional.py b/roles/ldap_server/molecule/default/tests/test_optional.py
index 4133ff49f715c1e765ed07f35cbe72e5429fc0bd..a5fe69286b8a9f4cc1452c69061c4463bce34a2a 100644
--- a/roles/ldap_server/molecule/default/tests/test_optional.py
+++ b/roles/ldap_server/molecule/default/tests/test_optional.py
@@ -36,42 +36,6 @@ def test_log_level(host):
         assert 'olcLogLevel: 0' in log_level.stdout
 
 
-def test_ldap_tls_private_key_file(host):
-    """
-    Tests if the TLS private key has been deployed correctly.
-    """
-
-    with host.sudo():
-
-        inventory_hostname = host.ansible.get_variables()['inventory_hostname']
-
-        key = host.file('/etc/ssl/private/%s_ldap.key' % inventory_hostname)
-
-        assert key.is_file
-        assert key.user == 'root'
-        assert key.group == 'openldap'
-        assert key.mode == 0o640
-        assert key.content_string == open('tests/data/x509/parameters-optional.key.pem').read()
-
-
-def test_ldap_tls_certificate_file(host):
-    """
-    Tests if the TLS certificate has been deployed correctly.
-    """
-
-    with host.sudo():
-
-        inventory_hostname = host.ansible.get_variables()['inventory_hostname']
-
-        cert = host.file('/etc/ssl/certs/%s_ldap.pem' % inventory_hostname)
-
-        assert cert.is_file
-        assert cert.user == 'root'
-        assert cert.group == 'root'
-        assert cert.mode == 0o644
-        assert cert.content_string == open('tests/data/x509/parameters-optional.cert.pem').read()
-
-
 def test_certificate_validity_check_configuration(host):
     """
     Tests if certificate validity check configuration file has been deployed