ansible ALL=(ALL:ALL) NOPASSWD:ALL

---

dependency: {}

driver:

  name: vagrant

vagrant:

  platforms:

    - name: debian-jessie64

      box: debian/contrib-jessie64

    - name: debian-stretch64

      box: debian/stretch64

  providers:

    - name: virtualbox

      type: virtualbox

      options:

        memory: 512

        cpus: 1

  instances:

    - name: parameters-mandatory

    - name: parameters-optional

verifier:

  name: testinfra

---

# Put Ansible key into root's authorized_keys to test its removal, but don't

# touch the file if it does not exist in order to properly test for idempotence.

- hosts: parameters-mandatory

  tasks:

    - name: Check if authorized_keys exists already

      stat:

        path: "/root/.ssh/authorized_keys"

      register: "authorized_keys"

    - name: Deploy authorized_keys to mimic set-up via preseed file

      authorized_key:

        user: root

        key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

      when: "not authorized_keys.stat.exists"

# Put Ansible key into root's authorized_keys to test its removal, but don't

# touch the file if it does not exist in order to properly test for idempotence.

- hosts: parameters-optional

  tasks:

    - name: Check if authorized_keys exists already

      stat:

        path: "/root/.ssh/authorized_keys"

      register: "authorized_keys"

    - name: Deploy authorized_keys to mimic set-up via preseed file

      authorized_key:

        user: root

        key: "{{ lookup('file', 'tests/data/ansible_key.pub') }}"

      when: "not authorized_keys.stat.exists"

- hosts: parameters-mandatory

  roles:

    - role: bootstrap

- hosts: parameters-optional

  roles:

    - role: bootstrap

      ansible_key: "{{ lookup('file', 'tests/data/ansible_key.pub') }}"

  copy: src=ansible_sudo dest=/etc/sudoers.d/ansible mode=0640 owner=root group=root

    - handlers

-----BEGIN RSA PRIVATE KEY-----

MIIEoAIBAAKCAQEA2Ic132ERipLFnARqpH4gCapohYucphUjX1Syt+O/ledtwdqQ

h65RjOip6QXRPewsTIIpFvCNRjc3brkxP/v9ikKA8s7495V9Plv5FeOxDzi0wAkC

UHV2Kz2IxZX79/5h6vnot2ujhqXwHeCFMdtyMvl5F2e9O/gtn0ngehEbHlXPSFa2

C2Sx5RuhdjM/Y0SxCu4++h0SUCOPzEgGsLXON63aRl8Kctu99QSnEU1GIiJBU+Lq

mIRwBjaSlBtY3KcJONbEBq0gHi/OspvtqdFn2pDAz2K8hgt4Z66u4O2TGBnE7CnH

JPCz0+0ZC/E5W4ECfjtncYWTMMyRlC1JLRXznwIDAQABAoIBAB+3rqyKC4fA+DFi

dDykPQ0taSIm0UuCzSupvIQzWF0dCXbcDU/SuR9q9Xis4XmwnsyWRG6Xzhn6/KO7

fPtibkFSfJEUwGOEAlSgJFyQfd887z0yFKS0kBrFaMOItOAe4zkIYo57tfiDVikK

OniTLKdK4/IJwC6IrCYpLDi1SMOoiQ0MBt/w1UqXTByFh++zBZOFU7HtJSJud73p

dAksrkEQ547UNyaWFsbZbKC4JPNREn5kWCcew8gZiUbRi14GbZbjphbnbVtf5Q+k

i2rZuBDAEjhI+oLOaSHIpksd8MqwMMMcVbEKBYOqT5+FoeW2jh4bHPzqDx6ktr5w

v2Vx/AECgYEA/Pw2DtZYxi7KJPKtsfFzehcToHhlw9V8Tc4vwPJhHEoxVZnMtyi3

ZITSwxRR4Vr8t+73cr2NzDD2uRTRlmPced6kSN+qoANKFiNYrPe8iwBlAhYxewxr

JWRpUW9mR8hAbzG4kexGO2J6PhOjy/P+NuqLI7PzWuadHfiqzKSb3/UCgYEA2xvH

YA+4lMtQ4Ygr1WlrGcPGzNHoL1f/TnZiCKj6eGNE0lWk8HEK0dcEJP9qLQFweZ8w

1x946MUbi9Wc5r//KCuoUlZvnQsvGJJrfbmf4Nb3nMs9jfX5mx1AB5VBbhGHiURV

PWXmdKozMb9qZyDisW0K2UlUdX9qnVYwn8gDbMMCgYARL4DsmRsGu37365RpFiHm

FVM7/3HKT+JV1r/ft5dpOJEJY51Ig/eRWISIxASb7nZkeFNO9BmB2YGpKQTj1nzP

upQmbytEG3UY8+W+OkYQm0JBVgied0WAEMYmxg6Iqc3Wv+Xt48MRnar4NJVX8Yc/

a8dv8XWCo0/hDVds93GvUQKBgD/Gwi3P5aZJ1+0NudSQrr/9IGyV3MOLFaE9DCQB

K4bHPk0K6Muj28Zgk7BBOCKJfLeqAolbe9IlLXNyZg00bYy/yGrPBgXsL3UziV47

HbJQYBqfffdIVbM0vGJ4q2bia1UlMrqAYqgqsmQUl2AVTmbemn3MvmzE/b92Swj3

KygJAn9Je143cHWoyOuXe/BnvSiOaqvpgec4oBa73jmfRdmXTRq9WBq5CORENWBN

Anf8HVII11gwu8FQGBhWd2mhQ0kvDlKLVRq0taQxL4pjJ3yru1gbkI43yCYc+O3z

7rvuYpnhOj2h8pk5/hCoW2EEtk4RSuxI41AJrBb2szrkaebR

-----END RSA PRIVATE KEY-----

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYhzXfYRGKksWcBGqkfiAJqmiFi5ymFSNfVLK347+V523B2pCHrlGM6KnpBdE97CxMgikW8I1GNzduuTE/+/2KQoDyzvj3lX0+W/kV47EPOLTACQJQdXYrPYjFlfv3/mHq+ei3a6OGpfAd4IUx23Iy+XkXZ707+C2fSeB6ERseVc9IVrYLZLHlG6F2Mz9jRLEK7j76HRJQI4/MSAawtc43rdpGXwpy2731BKcRTUYiIkFT4uqYhHAGNpKUG1jcpwk41sQGrSAeL86ym+2p0WfakMDPYryGC3hnrq7g7ZMYGcTsKcck8LPT7RkL8TlbgQJ+O2dxhZMwzJGULUktFfOf ansible-key

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

    '.molecule/ansible_inventory').get_hosts('all')

def test_installed_packages(Package):

    """

    Tests if packages have been installed.

    """

    assert Package('sudo').is_installed

def test_ansible_user(Group, Sudo, User):

    """

    Tests if Ansible user and group have been set-up correctly.

    """

    with Sudo():

        group = Group('ansible')

        assert group.exists

        assert group.gid < 1000

        user = User('ansible')

        assert user.exists

        assert user.group == 'ansible'

        assert user.groups == ['ansible']

        assert user.uid < 1000

        assert user.shell == '/bin/bash'

        assert user.password == '!'

def test_sudo_configuration(File, Sudo):

    """

    Tests if sudo has been configured to allow Ansible user to run any command

    without password.

    """

    with Sudo():

        sudo_config = File('/etc/sudoers.d/ansible')

        assert sudo_config.is_file

        assert sudo_config.user == 'root'

        assert sudo_config.group == 'root'

        assert sudo_config.mode == 0o640

        assert sudo_config.content == 'ansible ALL=(ALL:ALL) NOPASSWD:ALL'

import os

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

    '.molecule/ansible_inventory').get_hosts('parameters-mandatory')

def test_authorized_keys(File, Sudo):

    """

    Tests if Ansible user authorized_keys has been set-up correctly.

    """

    with Sudo():

        ssh_key = open(os.path.expanduser('~/.ssh/id_rsa.pub'), 'read').read().strip()

        authorized_keys = File('/home/ansible/.ssh/authorized_keys')

        assert authorized_keys.is_file

        assert ssh_key in authorized_keys.content

def test_root_authorized_keys(File, Sudo):

    """

    Tests if Ansible key been removed from root's authorized keys.

    """

    with Sudo():

        ssh_key = open(os.path.expanduser('~/.ssh/id_rsa.pub'), 'read').read().strip()

        assert ssh_key not in File('/root/.ssh/authorized_keys').content

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

    '.molecule/ansible_inventory').get_hosts('parameters-optional')

def test_authorized_keys(File, Sudo):

    """

    Tests if Ansible user authorized_keys has been set-up correctly.

    """

    with Sudo():

        ssh_key = open('tests/data/ansible_key.pub', 'read').read().strip()

        authorized_keys = File('/home/ansible/.ssh/authorized_keys')

        assert authorized_keys.is_file

        assert ssh_key in authorized_keys.content

def test_root_authorised_keys(File, Sudo):

    """

    Tests if Ansible key been removed from root's authorized keys.

    """

    with Sudo():

        ssh_key = open('tests/data/ansible_key.pub', 'read').read().strip()

        assert ssh_key not in File('/root/.ssh/authorized_keys').content