majic-ansible-roles Changeset

Changeset - 0b4f215b3b4e

Parent rev.

Child rev.

[Not reviewed]

0 2 5

Branko Majic (branko) - 7 years ago 2017-06-11 21:49:32
branko@majic.rs

MAR-108: Implemented tests for the backup_client role:

- Updated test playbook to deploy a simple script for testing pre-backup
handles.
- Added sample known_hosts to test data for comparison purposes.
- Implemented a number of tests covering common set-up, set-up using only
mandatory parameters, and set-up using optional parameters.

7 files changed with 476 insertions and 5 deletions:

roles/backup_client/playbook.yml

roles/backup_client/tests/data/10-test-pre-backup.sh

roles/backup_client/tests/data/ssh/parameters-mandatory-known_hosts

roles/backup_client/tests/data/ssh/parameters-optional-known_hosts

roles/backup_client/tests/test_default.py

206

roles/backup_client/tests/test_parameters_mandatory.py

105

roles/backup_client/tests/test_parameters_optional.py

133

0 comments (0 inline, 0 general)

roles/backup_client/playbook.yml

➞

Show inline comments

@@ @@ -100,3 +100,16 @@ @@
         - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
       backup_server_port: 3333
       backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"
 # Deploy a dummy pre-backup script for testing purposes.
 - hosts: parameters-mandatory,parameters-optional
   tasks:
     - name: Deploy pre-backup script
       copy:
         src: tests/data/10-test-pre-backup.sh
         dest: /etc/duply/main/pre.d/10-test-pre-backup.sh
         owner: root
         group: root
         mode: 0700

roles/backup_client/tests/data/10-test-pre-backup.sh

➞

Show inline comments

		new file 100644
		#!/bin/bash

		touch /var/lib/pre-backup-test

roles/backup_client/tests/data/ssh/parameters-mandatory-known_hosts

➞

Show inline comments

@@ new file 100644 @@
 [10.31.127.10]:2222 ssh-dss AAAAB3NzaC1kc3MAAACBALf+gfHQnAMOR4N/IjCZlniejPcAkdB6/E8YwiG26aKeRo3x2Q2budFWqJMtbtfcz0++hVAO2LvYYk2uVMe2WoVwWSZGQA4fcGUrs5B4CHTpOl/lHuu3GixNshCz+8ueQDqs/NYp/BdUcU4yIxvUII6+3hB/bkRz8LpczYJKJqVlAAAAFQD6yuMkAdrYcViFtbTciGEytGtBvwAAAIBFUdmJVFPPQd8NynBAkk+eKMUQFR2CcYgD1w/BfT0UP85hL/mYX1Eaiy+U3ylN6g8+RNalQX0IymIYMisXSRPF1gElVpbuCF9VV49c03q/9LfRogV1tRpZeEz9JK5xbBviEnI+kKP8o1ivmIjAVln72lnKdH+t4njma5CBpG9zJQAAAIAYAG/Udg4i/2q8Iemqs5TuP48ge1CxQcyFw4vVl2zr85MPZ24rBf+ZPGy1CsEBpJqHQ5agftMYR9CRcxlqAP44JpIPcSq1NsL59HnXDsdCe/IJjO4JmL1HL+VIcWkXgj0MxGds8hck+HC5lX7jGAKjZBea8ksBZD/Ma2WvYKXpgg==
 .31.127.10 ssh-dss AAAAB3NzaC1kc3MAAACBALf+gfHQnAMOR4N/IjCZlniejPcAkdB6/E8YwiG26aKeRo3x2Q2budFWqJMtbtfcz0++hVAO2LvYYk2uVMe2WoVwWSZGQA4fcGUrs5B4CHTpOl/lHuu3GixNshCz+8ueQDqs/NYp/BdUcU4yIxvUII6+3hB/bkRz8LpczYJKJqVlAAAAFQD6yuMkAdrYcViFtbTciGEytGtBvwAAAIBFUdmJVFPPQd8NynBAkk+eKMUQFR2CcYgD1w/BfT0UP85hL/mYX1Eaiy+U3ylN6g8+RNalQX0IymIYMisXSRPF1gElVpbuCF9VV49c03q/9LfRogV1tRpZeEz9JK5xbBviEnI+kKP8o1ivmIjAVln72lnKdH+t4njma5CBpG9zJQAAAIAYAG/Udg4i/2q8Iemqs5TuP48ge1CxQcyFw4vVl2zr85MPZ24rBf+ZPGy1CsEBpJqHQ5agftMYR9CRcxlqAP44JpIPcSq1NsL59HnXDsdCe/IJjO4JmL1HL+VIcWkXgj0MxGds8hck+HC5lX7jGAKjZBea8ksBZD/Ma2WvYKXpgg==
 [10.31.127.10]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2SqbwZNanhTMM8wL1iGtNOR7nYbXcCQNbU65crXN43W1tz4GXoyluHEEXs0we7jmZZyow19X89Ve5w8ODL42KRDtNXoN8wjoLwZ1l7iGsrN1oUXJP7i6i9lH/0F+fudFB3Tm53ieBr0MEMdxAQBpk+MCi64G0iuvZeE0sKG5JfSky82ZZ26m5EchORJuiiKObB17EsUGl091S8eiLXIIiQQvg4d9933oAqNCLe0uxbNfJcbMJAdr+m9rYxyVoPXweUm1beb/6/vZQzAf0HL5+Ic/mbLu3z4httCh0dIlCqjRe/8llqF21psIlN8D8hZkzY6WEo7/v9wHAGFTFFFlJ
 .31.127.10 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2SqbwZNanhTMM8wL1iGtNOR7nYbXcCQNbU65crXN43W1tz4GXoyluHEEXs0we7jmZZyow19X89Ve5w8ODL42KRDtNXoN8wjoLwZ1l7iGsrN1oUXJP7i6i9lH/0F+fudFB3Tm53ieBr0MEMdxAQBpk+MCi64G0iuvZeE0sKG5JfSky82ZZ26m5EchORJuiiKObB17EsUGl091S8eiLXIIiQQvg4d9933oAqNCLe0uxbNfJcbMJAdr+m9rYxyVoPXweUm1beb/6/vZQzAf0HL5+Ic/mbLu3z4httCh0dIlCqjRe/8llqF21psIlN8D8hZkzY6WEo7/v9wHAGFTFFFlJ
 [10.31.127.10]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQzNj16lZ3ucIJvwnFYzR/vZT3SuWiIVPNOhK5JGlq6
 .31.127.10 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQzNj16lZ3ucIJvwnFYzR/vZT3SuWiIVPNOhK5JGlq6
 [10.31.127.10]:2222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLaZb8xcw5PbzQ8Jo8xygcUaI6ziGLs+ZqsAqJSOIou9iN0zSKO9a4ujbeMgIbfZZPB5UWcv1CxNekTZ4tkrAaM=
 .31.127.10 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLaZb8xcw5PbzQ8Jo8xygcUaI6ziGLs+ZqsAqJSOIou9iN0zSKO9a4ujbeMgIbfZZPB5UWcv1CxNekTZ4tkrAaM=

roles/backup_client/tests/data/ssh/parameters-optional-known_hosts

➞

Show inline comments

@@ new file 100644 @@
 [10.31.127.10]:3333 ssh-dss AAAAB3NzaC1kc3MAAACBALf+gfHQnAMOR4N/IjCZlniejPcAkdB6/E8YwiG26aKeRo3x2Q2budFWqJMtbtfcz0++hVAO2LvYYk2uVMe2WoVwWSZGQA4fcGUrs5B4CHTpOl/lHuu3GixNshCz+8ueQDqs/NYp/BdUcU4yIxvUII6+3hB/bkRz8LpczYJKJqVlAAAAFQD6yuMkAdrYcViFtbTciGEytGtBvwAAAIBFUdmJVFPPQd8NynBAkk+eKMUQFR2CcYgD1w/BfT0UP85hL/mYX1Eaiy+U3ylN6g8+RNalQX0IymIYMisXSRPF1gElVpbuCF9VV49c03q/9LfRogV1tRpZeEz9JK5xbBviEnI+kKP8o1ivmIjAVln72lnKdH+t4njma5CBpG9zJQAAAIAYAG/Udg4i/2q8Iemqs5TuP48ge1CxQcyFw4vVl2zr85MPZ24rBf+ZPGy1CsEBpJqHQ5agftMYR9CRcxlqAP44JpIPcSq1NsL59HnXDsdCe/IJjO4JmL1HL+VIcWkXgj0MxGds8hck+HC5lX7jGAKjZBea8ksBZD/Ma2WvYKXpgg==
 .31.127.10 ssh-dss AAAAB3NzaC1kc3MAAACBALf+gfHQnAMOR4N/IjCZlniejPcAkdB6/E8YwiG26aKeRo3x2Q2budFWqJMtbtfcz0++hVAO2LvYYk2uVMe2WoVwWSZGQA4fcGUrs5B4CHTpOl/lHuu3GixNshCz+8ueQDqs/NYp/BdUcU4yIxvUII6+3hB/bkRz8LpczYJKJqVlAAAAFQD6yuMkAdrYcViFtbTciGEytGtBvwAAAIBFUdmJVFPPQd8NynBAkk+eKMUQFR2CcYgD1w/BfT0UP85hL/mYX1Eaiy+U3ylN6g8+RNalQX0IymIYMisXSRPF1gElVpbuCF9VV49c03q/9LfRogV1tRpZeEz9JK5xbBviEnI+kKP8o1ivmIjAVln72lnKdH+t4njma5CBpG9zJQAAAIAYAG/Udg4i/2q8Iemqs5TuP48ge1CxQcyFw4vVl2zr85MPZ24rBf+ZPGy1CsEBpJqHQ5agftMYR9CRcxlqAP44JpIPcSq1NsL59HnXDsdCe/IJjO4JmL1HL+VIcWkXgj0MxGds8hck+HC5lX7jGAKjZBea8ksBZD/Ma2WvYKXpgg==
 [10.31.127.10]:3333 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2SqbwZNanhTMM8wL1iGtNOR7nYbXcCQNbU65crXN43W1tz4GXoyluHEEXs0we7jmZZyow19X89Ve5w8ODL42KRDtNXoN8wjoLwZ1l7iGsrN1oUXJP7i6i9lH/0F+fudFB3Tm53ieBr0MEMdxAQBpk+MCi64G0iuvZeE0sKG5JfSky82ZZ26m5EchORJuiiKObB17EsUGl091S8eiLXIIiQQvg4d9933oAqNCLe0uxbNfJcbMJAdr+m9rYxyVoPXweUm1beb/6/vZQzAf0HL5+Ic/mbLu3z4httCh0dIlCqjRe/8llqF21psIlN8D8hZkzY6WEo7/v9wHAGFTFFFlJ
 .31.127.10 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2SqbwZNanhTMM8wL1iGtNOR7nYbXcCQNbU65crXN43W1tz4GXoyluHEEXs0we7jmZZyow19X89Ve5w8ODL42KRDtNXoN8wjoLwZ1l7iGsrN1oUXJP7i6i9lH/0F+fudFB3Tm53ieBr0MEMdxAQBpk+MCi64G0iuvZeE0sKG5JfSky82ZZ26m5EchORJuiiKObB17EsUGl091S8eiLXIIiQQvg4d9933oAqNCLe0uxbNfJcbMJAdr+m9rYxyVoPXweUm1beb/6/vZQzAf0HL5+Ic/mbLu3z4httCh0dIlCqjRe/8llqF21psIlN8D8hZkzY6WEo7/v9wHAGFTFFFlJ
 [10.31.127.10]:3333 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQzNj16lZ3ucIJvwnFYzR/vZT3SuWiIVPNOhK5JGlq6
 .31.127.10 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQzNj16lZ3ucIJvwnFYzR/vZT3SuWiIVPNOhK5JGlq6
 [10.31.127.10]:3333 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLaZb8xcw5PbzQ8Jo8xygcUaI6ziGLs+ZqsAqJSOIou9iN0zSKO9a4ujbeMgIbfZZPB5UWcv1CxNekTZ4tkrAaM=
 .31.127.10 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLaZb8xcw5PbzQ8Jo8xygcUaI6ziGLs+ZqsAqJSOIou9iN0zSKO9a4ujbeMgIbfZZPB5UWcv1CxNekTZ4tkrAaM=

roles/backup_client/tests/test_default.py

➞

Show inline comments

 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('all')
 testinfra_hosts.remove('backup-server')
 def test_installed_packages(Package):
     """
     Tests if the necessary packages are installed.
     """
     assert Package('python-pexpect').is_installed
     assert Package('duply').is_installed
     assert Package('duplicity').is_installed
 def test_duply_directories(File, Sudo):
     """
     Tests if Duply directories have been set-up correctly.
     """
     with Sudo():
         for directory_path in ["/etc/duply",
                                "/etc/duply/main",
                                "/etc/duply/main/patterns",
                                "/etc/duply/main/gnupg",
                                "/etc/duply/main/ssh",
                                "/var/cache/duply",
                                "/var/cache/duply/main"]:
             directory = File(directory_path)
             assert directory.is_directory
             assert directory.user == 'root'
             assert directory.group == 'root'
             assert directory.mode == 0o700
 def test_gnupg_private_keys_file(File, Sudo):
     """
     Tests if file containing GnuPG private keys has been created and has correct
     permissions.
     """
     with Sudo():
         gnupg_private_keys = File('/etc/duply/main/private_keys.asc')
         assert gnupg_private_keys.is_file
         assert gnupg_private_keys.user == 'root'
         assert gnupg_private_keys.group == 'root'
         assert gnupg_private_keys.mode == 0o600
 def test_gnupg_public_keys_file(File, Sudo):
     """
     Tests if file containing additional GnuPG public keys used for encryption
     has been created and has correct permissions.
     """
     with Sudo():
         gnupg_public_keys = File('/etc/duply/main/public_keys.asc')
         assert gnupg_public_keys.is_file
         assert gnupg_public_keys.user == 'root'
         assert gnupg_public_keys.group == 'root'
         assert gnupg_public_keys.mode == 0o600
 def test_private_ssh_key_file(File, Sudo):
     """
     Tests if the file containing client SSH key used for logging-in into the
     backup server has been deployed and has correct permissions.
     """
     with Sudo():
         ssh_key = File('/etc/duply/main/ssh/identity')
         assert ssh_key.is_file
         assert ssh_key.user == 'root'
         assert ssh_key.group == 'root'
         assert ssh_key.mode == 0o600
 def test_known_hosts(File, Sudo):
     """
     Tests if the Duply known_hosts file has been deployed and has correct
     permissions.
     """
     with Sudo():
         known_hosts = File('/etc/duply/main/ssh/known_hosts')
         assert known_hosts.is_file
         assert known_hosts.user == 'root'
         assert known_hosts.group == 'root'
         assert known_hosts.mode == 0o600
 def test_duply_configuration(File, Sudo):
     """
     Tests if Duply configuraiton file has been deployed and has correct file
     permissions.
     """
     with Sudo():
         duply_configuration = File('/etc/duply/main/conf')
         assert duply_configuration.is_file
         assert duply_configuration.user == 'root'
         assert duply_configuration.group == 'root'
         assert duply_configuration.mode == 0o600
 def test_exclude_file(File, Sudo):
     with Sudo():
         exclude = File('/etc/duply/main/exclude')
         assert exclude.is_file
         assert exclude.user == 'root'
         assert exclude.group == 'root'
         assert exclude.mode == 0o600
         assert exclude.content == "- **"
 def test_pre_backup_script_directory(File, Sudo):
     with Sudo():
         pre_backup_dir = File('/etc/duply/main/pre.d')
         assert pre_backup_dir.is_directory
         assert pre_backup_dir.user == 'root'
         assert pre_backup_dir.group == 'root'
         assert pre_backup_dir.mode == 0o700
 def test_pre_backup_script(File, Sudo):
     """
     Tests if the script used for running pre-backup handles has been deployed
     and has correct permissions.x
     """
     with Sudo():
         pre_backup_script = File('/etc/duply/main/pre')
         assert pre_backup_script.is_file
         assert pre_backup_script.user == 'root'
         assert pre_backup_script.group == 'root'
         assert pre_backup_script.mode == 0o700
 def test_cron_entry(File):
     """
     Tests if cron job has been correctly set-up for running backups.
     """
     cron = File('/etc/cron.d/backup')
     assert cron.is_file
     assert cron.user == 'root'
     assert cron.group == 'root'
     assert cron.mode == 0o644
     assert cron.content == "#Ansible: backup\n0 2 * * * root /usr/bin/duply main backup"
 def test_duply_include_file(File, Sudo):
     """
     Tests include file existence and permissions.
     """
     with Sudo():
         include = File('/etc/duply/main/include')
         assert include.is_file
         assert include.user == 'root'
         assert include.group == 'root'
         assert include.mode == 0o600
 def test_backup_and_restore(Ansible, Command, File, Sudo):
     """
     Tests a simple backup and restore to a directory. Includes tests for
     checking if the pre-backup handles are run correctly.
     """
     with Sudo():
         # Remove this file so we can be sure the pre-backup script has been run.
         Ansible("file", "path=/var/lib/pre-backup-test state=absent")
         backup_run = Command('duply main backup')
         assert backup_run.rc == 0
         assert File('/var/lib/pre-backup-test').is_file
 def test_hosts_file(File):
     f = File('/etc/hosts')
         # Remove restore directory in order to make sure restore has worked
         # correctly.
         Ansible("file", "path=/root/restore state=absent")
     assert f.exists
     assert f.user == 'root'
     assert f.group == 'root'
         restore_run = Command('duply main restore /root/restore')
         assert restore_run.rc == 0
         assert File('/root/restore').is_directory

roles/backup_client/tests/test_parameters_mandatory.py

➞

Show inline comments

@@ new file 100644 @@
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('parameters-mandatory')
 def test_gnupg_private_keys_file_content(File, Sudo):
     """
     Tests if correct GnuPG private key used for encryption and signing has been
     deployed.
     """
     with Sudo():
         gnupg_private_keys = File('/etc/duply/main/private_keys.asc')
         assert gnupg_private_keys.content == open('tests/data/gnupg/parameters-mandatory.asc', 'r').read().strip()
 def test_gnupg_public_keys_file_content(File, Sudo):
     """
     Tests if no additional public GnuPG keys have been deployed (should be
     default without optional parameters).
     """
     with Sudo():
         gnupg_public_keys = File('/etc/duply/main/public_keys.asc')
         assert gnupg_public_keys.content == ""
 def test_backup_ssh_key_file_content(File, Sudo):
     """
     Tests if correct key has been deployed for SSH client authentication.
     """
     with Sudo():
         ssh_key = File('/etc/duply/main/ssh/identity')
         assert ssh_key.content == open('tests/data/ssh/parameters-mandatory', 'r').read().strip()
 def test_known_hosts_content(File, Sudo):
     """
     Tests if known hosts file has been set-up with correct content.
     """
     with Sudo():
         known_hosts = File('/etc/duply/main/ssh/known_hosts')
         assert known_hosts.content == open('tests/data/ssh/parameters-mandatory-known_hosts', 'r').read().rstrip()
 def test_duply_configuration_content(Ansible, File, Sudo):
     """
     Tests if duply configuration has been set-up correctly.
     """
     with Sudo():
         ansible_facts = Ansible("setup")["ansible_facts"]
         duply_configuration = File('/etc/duply/main/conf')
         if ansible_facts['ansible_distribution_release'] == 'jessie':
             assert "GPG_KEYS_ENC='1A129C54'" in duply_configuration.content
             assert "GPG_KEY_SIGN='1A129C54'" in duply_configuration.content
             assert "TARGET='sftp://bak-parameters-mandatory@10.31.127.10:2222//duplicity'" in duply_configuration.content
             assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-backend pexpect --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \
                 "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content
         elif ansible_facts['ansible_distribution_release'] == 'stretch':
             assert "GPG_KEYS_ENC='59C26F031A129C54'" in duply_configuration.content
             assert "GPG_KEY_SIGN='59C26F031A129C54'" in duply_configuration.content
             assert "TARGET='pexpect+sftp://bak-parameters-mandatory@10.31.127.10:2222//duplicity'" in duply_configuration.content
             assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \
                 "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content
         else:
             raise Exception("Failed to execute content check for: %s" % ansible_facts['ansible_distribution_release'])
 def test_duply_gnupg_keyring_private_keys(Ansible, Command, Sudo):
     """
     Tests if private key used for encryption/signing has been correctly
     imporeted into Duply GnuPG keyring.
     """
     with Sudo():
         ansible_facts = Ansible("setup")["ansible_facts"]
         if ansible_facts['ansible_distribution_release'] == 'jessie':
             gpg_binary = 'gpg2'
             key_offset = 8
         elif ansible_facts['ansible_distribution_release'] == 'stretch':
             gpg_binary = 'gpg'
             key_offset = 8
         else:
             raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release'])
         private_key_listing = Command('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary)
         assert private_key_listing.rc == 0
         assert '59C26F031A129C54'[key_offset:] in private_key_listing.stdout

roles/backup_client/tests/test_parameters_optional.py

➞

Show inline comments

@@ new file 100644 @@
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('parameters-optional')
 def test_gnupg_private_keys_file_content(File, Sudo):
     """
     Tests if correct GnuPG private key used for encryption and signing has been
     deployed.
     """
     with Sudo():
         gnupg_private_keys = File('/etc/duply/main/private_keys.asc')
         assert gnupg_private_keys.content == open('tests/data/gnupg/parameters-optional.asc', 'r').read().strip()
 def test_gnupg_public_keys_file_content(File, Sudo):
     """
     Tests if correct additional public GnuPG keys have been deployed.
     """
     with Sudo():
         gnupg_public_keys = File('/etc/duply/main/public_keys.asc')
         assert open('tests/data/gnupg/additional_encryption_key_1.asc', 'r').read().strip() in gnupg_public_keys.content
         assert open('tests/data/gnupg/additional_encryption_key_2.asc', 'r').read().strip() in gnupg_public_keys.content
         assert open('tests/data/gnupg/additional_encryption_key_3.asc', 'r').read().strip() in gnupg_public_keys.content
 def test_backup_ssh_key_file_content(File, Sudo):
     """
     Tests if correct key has been deployed for SSH client authentication.
     """
     with Sudo():
         ssh_key = File('/etc/duply/main/ssh/identity')
         assert ssh_key.content == open('tests/data/ssh/parameters-optional', 'r').read().strip()
 def test_known_hosts_content(File, Sudo):
     """
     Tests if known hosts file has been set-up with correct content.
     """
     with Sudo():
         known_hosts = File('/etc/duply/main/ssh/known_hosts')
         assert known_hosts.content == open('tests/data/ssh/parameters-optional-known_hosts', 'r').read().rstrip()
 def test_duply_configuration_content(Ansible, File, Sudo):
     """
     Tests if duply configuration has been set-up correctly.
     """
     with Sudo():
         ansible_facts = Ansible("setup")["ansible_facts"]
         duply_configuration = File('/etc/duply/main/conf')
         if ansible_facts['ansible_distribution_release'] == 'jessie':
             assert "TARGET='sftp://backupuser@10.31.127.10:3333//home/backupuser'" in duply_configuration.content
             assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-backend pexpect --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \
                 "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content
             assert "GPG_KEYS_ENC='7A4F400A,C3A9444B,28063B3F,71223B72'" in duply_configuration.content
             assert "GPG_KEY_SIGN='7A4F400A'" in duply_configuration.content
         elif ansible_facts['ansible_distribution_release'] == 'stretch':
             assert "GPG_KEYS_ENC='C4B2AE9F7A4F400A,3093C91BC3A9444B,86816FD928063B3F,8A14CD6C71223B72'" in duply_configuration.content
             assert "GPG_KEY_SIGN='C4B2AE9F7A4F400A'" in duply_configuration.content
             assert "TARGET='pexpect+sftp://backupuser@10.31.127.10:3333//home/backupuser'" in duply_configuration.content
             assert "DUPL_PARAMS=\"$DUPL_PARAMS --ssh-options='-oLogLevel=ERROR -oUserKnownHostsFile=/dev/null " \
                 "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content
         else:
             raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release'])
 def test_duply_gnupg_keyring_private_keys(Ansible, Command, Sudo):
     """
     Tests if private key used for encryption/signing has been correctly
     imporeted into Duply GnuPG keyring.
     """
     with Sudo():
         ansible_facts = Ansible("setup")["ansible_facts"]
         if ansible_facts['ansible_distribution_release'] == 'jessie':
             gpg_binary = 'gpg2'
             key_offset = 8
         elif ansible_facts['ansible_distribution_release'] == 'stretch':
             gpg_binary = 'gpg'
             key_offset = 8
         else:
             raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release'])
         private_key_listing = Command('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary)
         assert private_key_listing.rc == 0
         assert 'C4B2AE9F7A4F400A'[key_offset:] in private_key_listing.stdout
 def test_duply_gnupg_keyring_public_keys(Ansible, Command, Sudo):
     """
     Tests if additional public keys used for encryption have been correctly
     imporeted into Duply GnuPG keyring.
     """
     with Sudo():
         ansible_facts = Ansible("setup")["ansible_facts"]
         if ansible_facts['ansible_distribution_release'] == 'jessie':
             gpg_binary = 'gpg2'
             key_offset = 8
         elif ansible_facts['ansible_distribution_release'] == 'stretch':
             gpg_binary = 'gpg'
             key_offset = 8
         else:
             raise Exception("Failed to execute check for distribution release: %s" % ansible_facts['ansible_distribution_release'])
         public_key_listing = Command('%s --homedir /etc/duply/main/gnupg --list-public-keys' % gpg_binary)
         keys = ['3093C91BC3A9444B', '86816FD928063B3F', '8A14CD6C71223B72']
         assert public_key_listing.rc == 0
         for key in keys:
             assert key[key_offset:] in public_key_listing.stdout

0 comments (0 inline, 0 general)