---

dependency: {}

driver:

  name: vagrant

vagrant:

  platforms:

    - name: debian-jessie64

      box: debian/contrib-jessie64

  providers:

    - name: virtualbox

      type: virtualbox

      options:

        memory: 512

        cpus: 1

  instances:

    - name: parameters-mandatory

    - name: parameters-optional

verifier:

  name: testinfra

---

- hosts: all

  tasks:

    - name: Update all caches to avoid errors due to missing remote archives

      apt:

        update_cache: yes

- hosts: parameters-mandatory

  roles:

    - ldap_client

- hosts: parameters-optional

  roles:

    - role: ldap_client

      ldap_client_config:

        - comment: CA truststore

          option: TLS_CACERT

          value: /etc/ssl/certs/testca.cert.pem

        - comment: Ensure TLS is enforced

          option: TLS_REQCERT

          value: demand

        - comment: Default URI to connect to

          option: URI

          value: ldaps://ldap-server/

        - comment: Base entry

          option: BASE

          value: dc=local

  template: src=ldap.conf.j2 dest=/etc/ldap/ldap.conf owner=root group=root mode=0644

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

    '.molecule/ansible_inventory').get_hosts('all')

def test_installed_packages(Package):

    """

    Tests if correct packages are installed.

    """

    assert Package('ldap-utils').is_installed

def test_ldap_configuration_file(File):

    """

    Tests if LDAP configuration files has been deployed with correct

    permissions.

    """

    config = File('/etc/ldap/ldap.conf')

    assert config.is_file

    assert config.user == 'root'

    assert config.group == 'root'

    assert config.mode == 0o644

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

    '.molecule/ansible_inventory').get_hosts('parameters-mandatory')

def test_ldap_configuration_file_content(File):

    """

    Tests if LDAP configuration file has correct content

    """

    config = File('/etc/ldap/ldap.conf')

    assert config.content == ""

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

    '.molecule/ansible_inventory').get_hosts('parameters-optional')

def test_ldap_configuration_file_content(File):

    """

    Tests if LDAP configuration file has correct content

    """

    expected_content = """# CA truststore

TLS_CACERT /etc/ssl/certs/testca.cert.pem

# Ensure TLS is enforced

TLS_REQCERT demand

# Default URI to connect to

URI ldaps://ldap-server/

# Base entry

BASE dc=local"""

    config = File('/etc/ldap/ldap.conf')

    assert config.content == expected_content