majic-ansible-roles Changeset

Changeset - 1640ad5b4cac

Parent rev.

Child rev.

[Not reviewed]

15 1 18

Branko Majic (branko) - 6 years ago 2017-11-25 19:08:18
branko@majic.rs

MAR-128: Upgraded tests for common role:

- Switch to new Molecule configuration.
- Updated set-up playbook to use become: yes.
- Moved some preparatory steps outside of the main playbook (easies
idempotence tests).
- Updated tests to reference the yml inventory file.
- Updated tests to use new fixture (host instead of individual ones).
- Switched to extracting IP address instead of hard-coding it in a
couple of tests.
- Fixed invalid indentation on task responsible for creating the
pipreqcheck Python virtual environment.

20 files changed with 377 insertions and 221 deletions:

roles/common/molecule.yml

roles/common/molecule/default/create.yml

roles/common/molecule/default/destroy.yml

roles/common/molecule/default/molecule.yml

roles/common/molecule/default/playbook.yml

roles/common/molecule/default/prepare.yml

roles/common/molecule/default/tests/data/gnupg/backup_encryption_key

rename

roles/common/molecule/default/tests/data/ssh/clientkey1

rename

roles/common/molecule/default/tests/data/ssh/clientkey1.pub

rename

roles/common/molecule/default/tests/data/ssh/clientkey2

rename

roles/common/molecule/default/tests/data/ssh/clientkey2.pub

rename

roles/common/molecule/default/tests/data/ssh/clientkey3

rename

roles/common/molecule/default/tests/data/ssh/clientkey3.pub

rename

roles/common/molecule/default/tests/data/ssh/ssh_config

rename

roles/common/molecule/default/tests/data/x509/ca1.cert.pem

rename

roles/common/molecule/default/tests/data/x509/ca2.cert.pem

rename

roles/common/molecule/default/tests/test_default.py

roles/common/molecule/default/tests/test_parameters_mandatory.py

roles/common/molecule/default/tests/test_parameters_optional.py

roles/common/tasks/main.yml

0 comments (0 inline, 0 general)

roles/common/molecule.yml

➞

Show inline comments

deleted file

roles/common/molecule/default/create.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - name: Create
   hosts: localhost
   connection: local
   gather_facts: False
   no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
   vars:
     molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
     molecule_instance_config: "{{ lookup('env', 'MOLECULE_INSTANCE_CONFIG') }}"
     molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
   tasks:
     - name: Create molecule instance(s)
       molecule_vagrant:
         instance_name: "{{ item.name }}"
         instance_interfaces: "{{ item.interfaces | default(omit) }}"
         instance_raw_config_args: "{{ item.instance_raw_config_args | default(omit) }}"
         platform_box: "{{ item.box }}"
         platform_box_version: "{{ item.box_version | default(omit) }}"
         platform_box_url: "{{ item.box_url | default(omit) }}"
         provider_name: "{{ molecule_yml.driver.provider.name }}"
         provider_memory: "{{ item.memory | default(omit) }}"
         provider_cpus: "{{ item.cpus | default(omit) }}"
         provider_raw_config_args: "{{ item.raw_config_args | default(omit) }}"
         state: up
       register: server
       with_items: "{{ molecule_yml.platforms }}"
     # Mandatory configuration for Molecule to function.
     - name: Populate instance config dict
       set_fact:
         instance_conf_dict: {
           'instance': "{{ item.Host }}",
           'address': "{{ item.HostName }}",
           'user': "{{ item.User }}",
           'port': "{{ item.Port }}",
           'identity_file': "{{ item.IdentityFile }}", }
       with_items: "{{ server.results }}"
       register: instance_config_dict
       when: server.changed | bool
     - name: Convert instance config dict to a list
       set_fact:
         instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
       when: server.changed | bool
     - name: Dump instance config
       copy:
         # NOTE(retr0h): Workaround for Ansible 2.2.
         #               https://github.com/ansible/ansible/issues/20885
         content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}"
         dest: "{{ molecule_instance_config }}"
       when: server.changed | bool

roles/common/molecule/default/destroy.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - name: Destroy
   hosts: localhost
   connection: local
   gather_facts: False
   no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
   vars:
     molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
     molecule_instance_config: "{{ lookup('env',' MOLECULE_INSTANCE_CONFIG') }}"
     molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
   tasks:
     - name: Destroy molecule instance(s)
       molecule_vagrant:
         instance_name: "{{ item.name }}"
         platform_box: "{{ item.box }}"
         provider_name: "{{ molecule_yml.driver.provider.name }}"
         force_stop: "{{ item.force_stop | default(True) }}"
         state: destroy
       register: server
       with_items: "{{ molecule_yml.platforms }}"
     # Mandatory configuration for Molecule to function.
     - name: Populate instance config
       set_fact:
         instance_conf: {}
     - name: Dump instance config
       copy:
         # NOTE(retr0h): Workaround for Ansible 2.2.
         #               https://github.com/ansible/ansible/issues/20885
         content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}"
         dest: "{{ molecule_instance_config }}"
       when: server.changed | bool

roles/common/molecule/default/molecule.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 dependency: {}
 driver:
   name: vagrant
   provider:
     name: virtualbox
 lint:
   name: yamllint
 platforms:
   - name: helper
     box: debian/contrib-jessie64
     memory: 512
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.2
         network_name: private_network
         type: static
   - name: parameters-mandatory-jessie64
     groups:
       - parameters-mandatory
     box: debian/contrib-jessie64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.3
         network_name: private_network
         type: static
   - name: parameters-optional-jessie64
     groups:
       - parameters-optional
     box: debian/contrib-jessie64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.4
         network_name: private_network
         type: static
   - name: parameters-mandatory-stretch64
     groups:
       - parameters-mandatory
     box: debian/contrib-stretch64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.5
         network_name: private_network
         type: static
   - name: parameters-optional-stretch64
     groups:
       - parameters-optional
     box: debian/contrib-stretch64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.6
         network_name: private_network
         type: static
 provisioner:
   name: ansible
   config_options:
     ssh_connection:
       pipelining: "True"
   lint:
     name: ansible-lint
 scenario:
   name: default
 verifier:
   name: testinfra
   lint:
     name: flake8

roles/common/molecule/default/playbook.yml

➞

Show inline comments

 ---
 - hosts: all
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: yes
       changed_when: False
 - hosts: helper
   become: yes
   tasks:
     - name: Install apt-cacher-ng
@@ @@ -17,10 +10,12 @@ @@
         state: installed
 - hosts: parameters-mandatory
   become: yes
   roles:
     - role: common
 - hosts: parameters-optional
   become: yes
   roles:
     - role: common
       enable_backup: yes

roles/common/molecule/default/prepare.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - name: Prepare
   hosts: all
   gather_facts: False
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
       become: True
       changed_when: False
 - hosts: all
   become: yes
   tasks:
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: yes
       changed_when: False
     - name: Install net-tools for running Testinfra host.socket tests
       apt:
         name: net-tools
         state: present

roles/common/molecule/default/tests/data/gnupg/backup_encryption_key

➞

Show inline comments

file renamed from roles/common/tests/data/gnupg/backup_encryption_key to roles/common/molecule/default/tests/data/gnupg/backup_encryption_key

roles/common/molecule/default/tests/data/ssh/clientkey1

➞

Show inline comments

file renamed from roles/common/tests/data/ssh/clientkey1 to roles/common/molecule/default/tests/data/ssh/clientkey1

roles/common/molecule/default/tests/data/ssh/clientkey1.pub

➞

Show inline comments

file renamed from roles/common/tests/data/ssh/clientkey1.pub to roles/common/molecule/default/tests/data/ssh/clientkey1.pub

roles/common/molecule/default/tests/data/ssh/clientkey2

➞

Show inline comments

file renamed from roles/common/tests/data/ssh/clientkey2 to roles/common/molecule/default/tests/data/ssh/clientkey2

roles/common/molecule/default/tests/data/ssh/clientkey2.pub

➞

Show inline comments

file renamed from roles/common/tests/data/ssh/clientkey2.pub to roles/common/molecule/default/tests/data/ssh/clientkey2.pub

roles/common/molecule/default/tests/data/ssh/clientkey3

➞

Show inline comments

file renamed from roles/common/tests/data/ssh/clientkey3 to roles/common/molecule/default/tests/data/ssh/clientkey3

roles/common/molecule/default/tests/data/ssh/clientkey3.pub

➞

Show inline comments

file renamed from roles/common/tests/data/ssh/clientkey3.pub to roles/common/molecule/default/tests/data/ssh/clientkey3.pub

roles/common/molecule/default/tests/data/ssh/ssh_config

➞

Show inline comments

file renamed from roles/common/tests/data/ssh/ssh_config to roles/common/molecule/default/tests/data/ssh/ssh_config

roles/common/molecule/default/tests/data/x509/ca1.cert.pem

➞

Show inline comments

file renamed from roles/common/tests/data/x509/ca1.cert.pem to roles/common/molecule/default/tests/data/x509/ca1.cert.pem

roles/common/molecule/default/tests/data/x509/ca2.cert.pem

➞

Show inline comments

file renamed from roles/common/tests/data/x509/ca2.cert.pem to roles/common/molecule/default/tests/data/x509/ca2.cert.pem

roles/common/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -2,47 +2,47 @@ import testinfra.utils.ansible_runner @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('all')
+    '.molecule/ansible_inventory.yml').get_hosts('all')
 testinfra_hosts.remove("helper")
-def test_pam_umask(File):
+def test_pam_umask(host):
     """
     Tests configuration of PAM umask module.
     """
-    pam_auth_update_config = File('/usr/share/pam-configs/umask')
+    pam_auth_update_config = host.file('/usr/share/pam-configs/umask')
     assert pam_auth_update_config.exists
     assert pam_auth_update_config.user == 'root'
     assert pam_auth_update_config.group == 'root'
     assert pam_auth_update_config.mode == 0o644
     assert File('/etc/pam.d/common-session').contains('session[[:blank:]]\+required[[:blank:]]\+pam_umask.so')
     assert File('/etc/pam.d/common-session-noninteractive').contains('session[[:blank:]]\+required[[:blank:]]\+pam_umask.so')
     assert host.file('/etc/pam.d/common-session').contains('session[[:blank:]]\+required[[:blank:]]\+pam_umask.so')
     assert host.file('/etc/pam.d/common-session-noninteractive').contains('session[[:blank:]]\+required[[:blank:]]\+pam_umask.so')
-def test_login_umask(File):
+def test_login_umask(host):
     """
     Tests set-up of default UMASK via /etc/login.defs.
     """
-    assert File('/etc/login.defs').contains('UMASK[[:blank:]]\+027')
+    assert host.file('/etc/login.defs').contains('UMASK[[:blank:]]\+027')
-def test_adduser_umask(File):
+def test_adduser_umask(host):
     """
     Tests UMASK configuration used for creating user home directory.
     """
-    assert File('/etc/adduser.conf').contains('DIR_MODE=0750')
+    assert host.file('/etc/adduser.conf').contains('DIR_MODE=0750')
-def test_bash_prompt(File):
+def test_bash_prompt(host):
     """
     Tests file permissions on custom bash prompt configuration.
     """
-    bash_prompt = File('/etc/profile.d/bash_prompt.sh')
+    bash_prompt = host.file('/etc/profile.d/bash_prompt.sh')
     assert bash_prompt.exists
     assert bash_prompt.user == 'root'
@@ @@ -50,13 +50,13 @@ def test_bash_prompt(File): @@
     assert bash_prompt.mode == 0o644
-def test_home_profile_d(File):
+def test_home_profile_d(host):
     """
     Tests deployment of special profile file used for enabling profile.d-like
     capability in user's home directory.
     """
-    home_profile_d = File('/etc/profile.d/z99-user_profile_d.sh')
+    home_profile_d = host.file('/etc/profile.d/z99-user_profile_d.sh')
     assert home_profile_d.is_file
     assert home_profile_d.user == 'root'
@@ @@ -64,12 +64,12 @@ def test_home_profile_d(File): @@
     assert home_profile_d.mode == 0o644
-def test_home_skeleton_bashrc(File):
+def test_home_skeleton_bashrc(host):
     """
     Tests deployment of home directory skeleton bashrc.
     """
-    bashrc = File('/etc/skel/.bashrc')
+    bashrc = host.file('/etc/skel/.bashrc')
     assert bashrc.is_file
     assert bashrc.user == 'root'
@@ @@ -78,12 +78,12 @@ def test_home_skeleton_bashrc(File): @@
     assert bashrc.sha256sum == '4f946fb387a413c8d7633787d8e8a7785c256d77f7c6a692822ffdb439c78277'
-def test_default_bashrc(File):
+def test_default_bashrc(host):
     """
     Tests deployment of default bashrc file.
     """
-    bashrc = File('/etc/bash.bashrc')
+    bashrc = host.file('/etc/bash.bashrc')
     assert bashrc.is_file
     assert bashrc.user == 'root'
@@ @@ -91,13 +91,13 @@ def test_default_bashrc(File): @@
     assert bashrc.mode == 0o644
-def test_root_bashrc(File, Sudo):
+def test_root_bashrc(host):
     """
     Tests overwriting of root's bashrc configuration with default one.
     """
     with Sudo():
         bashrc = File('/root/.bashrc')
     with host.sudo():
         bashrc = host.file('/root/.bashrc')
         assert bashrc.is_file
         assert bashrc.user == 'root'
@@ @@ -106,39 +106,39 @@ def test_root_bashrc(File, Sudo): @@
         assert bashrc.sha256sum == '4f946fb387a413c8d7633787d8e8a7785c256d77f7c6a692822ffdb439c78277'
-def test_installed_packages(Package):
+def test_installed_packages(host):
     """
     Tests installation of required packages.
     """
     assert Package('sudo').is_installed
     assert Package('ssl-cert').is_installed
     assert Package('rcconf').is_installed
     assert Package('ferm').is_installed
     assert Package('apticron').is_installed
     assert Package('virtualenv').is_installed
     assert host.package('sudo').is_installed
     assert host.package('ssl-cert').is_installed
     assert host.package('rcconf').is_installed
     assert host.package('ferm').is_installed
     assert host.package('apticron').is_installed
     assert host.package('virtualenv').is_installed
-def test_root_remote_login_disabled(File):
+def test_root_remote_login_disabled(host):
     """
     Tests if SSH server has been configured to prevent remote root logins.
     """
-    assert 'PermitRootLogin no' in File('/etc/ssh/sshd_config').content
+    assert 'PermitRootLogin no' in host.file('/etc/ssh/sshd_config').content
-def test_remote_login_via_password_disabled(File):
+def test_remote_login_via_password_disabled(host):
     """
     Tests if SSH server has been configured to disable password-based
     authentication.
     """
-    assert 'PasswordAuthentication no' in File('/etc/ssh/sshd_config').content
+    assert 'PasswordAuthentication no' in host.file('/etc/ssh/sshd_config').content
-def test_ferm_service_configuration(File):
+def test_ferm_service_configuration(host):
-    ferm_service_config = File('/etc/default/ferm')
+    ferm_service_config = host.file('/etc/default/ferm')
     assert ferm_service_config.is_file
     assert ferm_service_config.user == 'root'
@@ @@ -149,13 +149,13 @@ def test_ferm_service_configuration(File): @@
     assert 'ENABLED="yes"' in ferm_service_config.content
-def test_ferm_configuration_directory(File, Sudo):
+def test_ferm_configuration_directory(host):
     """
     Tests creation of ferm configuration directory.
     """
     with Sudo():
         ferm_dir = File('/etc/ferm/conf.d')
     with host.sudo():
         ferm_dir = host.file('/etc/ferm/conf.d')
         assert ferm_dir.is_directory
         assert ferm_dir.user == 'root'
@@ @@ -163,41 +163,41 @@ def test_ferm_configuration_directory(File, Sudo): @@
         assert ferm_dir.mode == 0o750
-def test_ferm_configuration(File, Sudo):
+def test_ferm_configuration(host):
     """
     Tests deployment of basic ferm configuration files.
     """
-    with Sudo():
+    with host.sudo():
-        ferm_configuration = File('/etc/ferm/ferm.conf')
+        ferm_configuration = host.file('/etc/ferm/ferm.conf')
         assert ferm_configuration.is_file
         assert ferm_configuration.user == 'root'
         assert ferm_configuration.group == 'root'
         assert ferm_configuration.mode == 0o640
         assert "@include '/etc/ferm/conf.d/';" in ferm_configuration.content
-        ferm_base = File('/etc/ferm/conf.d/00-base.conf')
+        ferm_base = host.file('/etc/ferm/conf.d/00-base.conf')
         assert ferm_base.is_file
         assert ferm_base.user == 'root'
         assert ferm_base.group == 'root'
         assert ferm_base.mode == 0o640
-def test_ferm_service(Service):
+def test_ferm_service(host):
     """
     Tests if ferm is started and enabled to start automatically on boot.
     """
-    ferm = Service('ferm')
+    ferm = host.service('ferm')
     assert ferm.is_running
     assert ferm.is_enabled
-def test_check_certificate_script(File):
+def test_check_certificate_script(host):
-    check_certificate = File('/usr/local/bin/check_certificate.sh')
+    check_certificate = host.file('/usr/local/bin/check_certificate.sh')
     assert check_certificate.is_file
     assert check_certificate.user == 'root'
@@ @@ -205,9 +205,9 @@ def test_check_certificate_script(File): @@
     assert check_certificate.mode == 0o755
-def test_check_certificate_directory(File):
+def test_check_certificate_directory(host):
-    check_certificate_dir = File('/etc/check_certificate')
+    check_certificate_dir = host.file('/etc/check_certificate')
     assert check_certificate_dir.is_directory
     assert check_certificate_dir.user == 'root'
@@ @@ -215,12 +215,12 @@ def test_check_certificate_directory(File): @@
     assert check_certificate_dir.mode == 0o755
-def test_check_certificate_crontab(File):
+def test_check_certificate_crontab(host):
     """
     Tests deployment of cron job for checking certificates.
     """
-    check_certificate_crontab = File('/etc/cron.d/check_certificate')
+    check_certificate_crontab = host.file('/etc/cron.d/check_certificate')
     assert check_certificate_crontab.is_file
     assert check_certificate_crontab.user == 'root'
@@ @@ -229,14 +229,14 @@ def test_check_certificate_crontab(File): @@
     assert "0 0 * * * nobody /usr/local/bin/check_certificate.sh expiration" in check_certificate_crontab.content
-def test_pipreqcheck_virtualenv(File, Sudo):
+def test_pipreqcheck_virtualenv(host):
     """
     Tests creation of Python virtual environment used for performing pip
     requirements upgrade checks.
     """
     with Sudo():
         virtualenv_activate = File('/var/lib/pipreqcheck/virtualenv/bin/activate')
     with host.sudo():
         virtualenv_activate = host.file('/var/lib/pipreqcheck/virtualenv/bin/activate')
         assert virtualenv_activate.is_file
         assert virtualenv_activate.user == 'pipreqcheck'
@@ @@ -244,65 +244,65 @@ def test_pipreqcheck_virtualenv(File, Sudo): @@
         assert virtualenv_activate.mode == 0o644
-def test_pipreqcheck_directories(File, Sudo):
+def test_pipreqcheck_directories(host):
     """
     Tests creation of directories used for storing configuration used by script
     that performs pip requirements upgrade checks.
     """
     with Sudo():
         pipreqcheck_config_directory = File('/etc/pip_check_requirements_upgrades')
     with host.sudo():
         pipreqcheck_config_directory = host.file('/etc/pip_check_requirements_upgrades')
         assert pipreqcheck_config_directory.is_directory
         assert pipreqcheck_config_directory.user == 'root'
         assert pipreqcheck_config_directory.group == 'pipreqcheck'
         assert pipreqcheck_config_directory.mode == 0o750
-        pipreqcheck_config_directory_pipreqcheck = File('/etc/pip_check_requirements_upgrades/pipreqcheck')
+        pipreqcheck_config_directory_pipreqcheck = host.file('/etc/pip_check_requirements_upgrades/pipreqcheck')
         assert pipreqcheck_config_directory_pipreqcheck.is_directory
         assert pipreqcheck_config_directory_pipreqcheck.user == 'root'
         assert pipreqcheck_config_directory_pipreqcheck.group == 'pipreqcheck'
         assert pipreqcheck_config_directory_pipreqcheck.mode == 0o750
-def test_pipreqcheck_requirements(File, Sudo):
+def test_pipreqcheck_requirements(host):
     """
     Tests deployment of requirements input and text file used for virtual
     environment utilised by script that perform pip requirements upgrade checks.
     """
     with Sudo():
         requirements_in = File('/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.in')
     with host.sudo():
         requirements_in = host.file('/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.in')
         assert requirements_in.is_file
         assert requirements_in.user == 'root'
         assert requirements_in.group == 'pipreqcheck'
         assert requirements_in.mode == 0o640
-        requirements_txt = File('/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.txt')
+        requirements_txt = host.file('/etc/pip_check_requirements_upgrades/pipreqcheck/requirements.txt')
         requirements_txt.is_file
         assert requirements_txt.user == 'root'
         assert requirements_txt.group == 'pipreqcheck'
         assert requirements_txt.mode == 0o640
-def test_pipreqcheck_packages(PipPackage, Sudo):
+def test_pipreqcheck_packages(host):
     """
     Tests if Python virtual environment used for running the pip requirements
     upgrade checks has correct version of pip installed.
     """
     with Sudo():
         packages = PipPackage.get_packages(pip_path='/var/lib/pipreqcheck/virtualenv/bin/pip')
     with host.sudo():
         packages = host.pip_package.get_packages(pip_path='/var/lib/pipreqcheck/virtualenv/bin/pip')
         assert packages['pip']['version'].rsplit('.', 1)[0] == '9.0'
         assert 'pip-tools' in packages
-def test_pipreqcheck_script(File):
+def test_pipreqcheck_script(host):
     """
     Tests script used for performing pip requirements upgrade checks.
     """
-    pipreqcheck_script = File('/usr/local/bin/pip_check_requirements_upgrades.sh')
+    pipreqcheck_script = host.file('/usr/local/bin/pip_check_requirements_upgrades.sh')
     assert pipreqcheck_script.is_file
     assert pipreqcheck_script.user == 'root'
@@ @@ -310,13 +310,13 @@ def test_pipreqcheck_script(File): @@
     assert pipreqcheck_script.mode == 0o755
-def test_pipreqcheck_crontab(File):
+def test_pipreqcheck_crontab(host):
     """
     Tests if crontab entry is set-up correctly for running the pip requirements
     upgrade checks.
     """
-    crontab = File('/etc/cron.d/check_pip_requirements')
+    crontab = host.file('/etc/cron.d/check_pip_requirements')
     assert crontab.is_file
     assert crontab.user == 'root'

roles/common/molecule/default/tests/test_parameters_mandatory.py

➞

Show inline comments

@@ @@ -6,36 +6,39 @@ import testinfra.utils.ansible_runner @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('parameters-mandatory')
+    '.molecule/ansible_inventory.yml').get_hosts('parameters-mandatory')
-def test_apt_proxy(File):
+def test_apt_proxy(host):
     """
     Tests if proxy configuration for apt is missing.
     """
-    assert not File('/etc/apt/apt.conf.d/00proxy').exists
+    assert not host.file('/etc/apt/apt.conf.d/00proxy').exists
-def test_bash_prompt_content(File):
+def test_bash_prompt_content(host):
     """
     Tests if bash prompt configuration file has not colouring and ID information
     contained within.
     """
-    bash_prompt = File('/etc/profile.d/bash_prompt.sh')
+    bash_prompt = host.file('/etc/profile.d/bash_prompt.sh')
     assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\[\\033[0m\\]\\u@\\h:\\w\\$ \\[\\033[0m\\]'" in bash_prompt.content
     assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\u@\\h:\\w\\$ '" in bash_prompt.content
 def test_ssh_login_mechanisms():
+def test_ssh_login_mechanisms(host):
     """
     Tests available SSH login mechanisms (should be just public key).
     """
     # Extract first non-IPv6 IP. Crude test, but it should work.
     remote_ip = next(a for a in host.interface("eth1").addresses if ":" not in a)
     sock = socket.socket()
-    sock.connect(('10.31.127.3', 22))
+    sock.connect((remote_ip, 22))
     transport = paramiko.transport.Transport(sock)
     transport.connect()
@@ @@ -46,41 +49,41 @@ def test_ssh_login_mechanisms(): @@
         assert err.allowed_types == ['publickey']
-def test_mariadb_mysql_config_symlink(File, Sudo):
+def test_mariadb_mysql_config_symlink(host):
     """
     Tests if symbolic link has been set-up for mariadb_config binary to be
     accessible as mysql_config as well. (should not be present with just
     mandatory options set).
     """
-    mysql_config = File('/usr/bin/mysql_config')
+    mysql_config = host.file('/usr/bin/mysql_config')
     assert not mysql_config.exists
-def test_emacs_electric_indent_mode(File):
+def test_emacs_electric_indent_mode(host):
     """
     Tests if Emacs electric indent mode has been disabled via custom
     configuration file. With just mandatory options set, the file should not be
     present.
     """
-    emacs_config = File('/etc/emacs/site-start.d/01disable-electric-indent-mode')
+    emacs_config = host.file('/etc/emacs/site-start.d/01disable-electric-indent-mode')
     assert not emacs_config.exists
-def test_ferm_base_rules(Command, File, Sudo):
+def test_ferm_base_rules(host):
     """
     Test if base ferm configuration has been deployed correctly (content-wise).
     """
     with Sudo():
         ferm_base = File('/etc/ferm/conf.d/00-base.conf')
     with host.sudo():
         ferm_base = host.file('/etc/ferm/conf.d/00-base.conf')
         assert "mod hashlimit hashlimit 3/second hashlimit-burst 9" in ferm_base.content
-        iptables = Command('iptables-save')
+        iptables = host.command('iptables-save')
         assert iptables.rc == 0
         assert "-A flood -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
@@ @@ -88,7 +91,7 @@ def test_ferm_base_rules(Command, File, Sudo): @@
         assert "-A flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
             "--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
-        ip6tables = Command('ip6tables-save')
+        ip6tables = host.command('ip6tables-save')
         assert ip6tables.rc == 0
         assert "-A flood -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 3/sec --hashlimit-burst 9 " \
             "--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
@@ @@ -96,17 +99,17 @@ def test_ferm_base_rules(Command, File, Sudo): @@
             "--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in ip6tables.stdout
-def test_pipreqcheck_virtualenv_user(Group, User):
+def test_pipreqcheck_virtualenv_user(host):
     """
     Tests if user/group for running the pip requirements upgrade checks have
     been created correctly.
     """
-    group = Group('pipreqcheck')
+    group = host.group('pipreqcheck')
     assert group.exists
     assert group.gid == 1001
-    user = User('pipreqcheck')
+    user = host.user('pipreqcheck')
     assert user.exists
     assert user.home == '/var/lib/pipreqcheck'
     assert user.uid == 1001
@@ @@ -114,32 +117,32 @@ def test_pipreqcheck_virtualenv_user(Group, User): @@
     assert user.groups == ['pipreqcheck']
-def test_backup_configuration_absent(File, Sudo):
+def test_backup_configuration_absent(host):
     """
     Tests if backup configuration is absent. This should be the case when only
     mandatory parameters are provided.
     """
     with Sudo():
         assert not File('/etc/duply/main/patterns/common').exists
     with host.sudo():
         assert not host.file('/etc/duply/main/patterns/common').exists
-def test_ntp_software_not_installed(Package):
+def test_ntp_software_not_installed(host):
     """
     Tests if NTP packages are absent.
     """
     # @TODO: This throws an exception. It seems version of Testinfra
     # used cannot properly check for absence of package.
     # assert not Package('ntp').is_installed
     # assert not Package('ntpdate').is_installed
     # assert not host.package('ntp').is_installed
     # assert not host.package('ntpdate').is_installed
     pass
-def test_ntp_listening_interfaces(Socket):
+def test_ntp_listening_interfaces(host):
     """
     Tests if NTP server is not listening.
     """
-    assert not Socket('udp://:::123').is_listening
+    assert not host.socket('udp://:::123').is_listening

roles/common/molecule/default/tests/test_parameters_optional.py

➞

Show inline comments

@@ @@ -8,15 +8,15 @@ import testinfra.utils.ansible_runner @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('parameters-optional')
+    '.molecule/ansible_inventory.yml').get_hosts('parameters-optional')
-def test_apt_proxy(File):
+def test_apt_proxy(host):
     """
     Tests if proxy configuration for apt has been deployed correctly.
     """
-    proxy_config = File('/etc/apt/apt.conf.d/00proxy')
+    proxy_config = host.file('/etc/apt/apt.conf.d/00proxy')
     assert proxy_config.exists
     assert proxy_config.user == 'root'
@@ @@ -24,44 +24,47 @@ def test_apt_proxy(File): @@
     assert proxy_config.mode == 0o644
-def test_bash_prompt_content(File):
+def test_bash_prompt_content(host):
     """
     Tests that custom bash prompt has been configured correctly with specified
     colour and prompt.
     """
-    config = File('/etc/profile.d/bash_prompt.sh')
+    config = host.file('/etc/profile.d/bash_prompt.sh')
     assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\[\\033[0;36m\\]\\u@\\h[test]:\\w\\$ \\[\\033[0m\\]'" in config.content
     assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\u@\\h[test]:\\w\\$ '" in config.content
-def test_common_installed_packages_common(Ansible, Package):
+def test_common_installed_packages_common(host):
     """
     Tests that user-provided common packages have been installed.
     """
-    debian_release = Ansible("setup")["ansible_facts"]["ansible_distribution_release"]
+    debian_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
     assert Package('units').is_installed
     assert Package('gnutls-bin').is_installed
     assert host.package('units').is_installed
     assert host.package('gnutls-bin').is_installed
     # Different name of package in different Debian releases.
     if debian_release == 'jessie':
-        assert Package('libmariadb-client-lgpl-dev-compat').is_installed
+        assert host.package('libmariadb-client-lgpl-dev-compat').is_installed
     elif debian_release == 'stretch':
-        assert Package('libmariadbclient-dev-compat').is_installed
+        assert host.package('libmariadbclient-dev-compat').is_installed
     else:
         raise Exception("Cannot run this test on debian release: %s" % debian_release)
 def test_ssh_login_mechanisms():
+def test_ssh_login_mechanisms(host):
     """
     Tests available SSH login mechanisms (should be just public key).
     """
     # Extract first non-IPv6 IP. Crude test, but it should work.
     remote_ip = next(a for a in host.interface("eth1").addresses if ":" not in a)
     sock = socket.socket()
-    sock.connect(('10.31.127.4', 22))
+    sock.connect((remote_ip, 22))
     transport = paramiko.transport.Transport(sock)
     transport.connect()
@@ @@ -72,7 +75,7 @@ def test_ssh_login_mechanisms(): @@
         assert err.allowed_types == ['publickey']
-def test_mariadb_mysql_config_symlink(Ansible, File):
+def test_mariadb_mysql_config_symlink(host):
     """
     Tests if symbolic link has been set-up for mariadb_config binary to be
     accessible as mysql_config as well.
@@ @@ -80,20 +83,20 @@ def test_mariadb_mysql_config_symlink(Ansible, File): @@
     Only applicable to Debian Jessie.
     """
     if Ansible("setup")["ansible_facts"]["ansible_distribution_release"] == 'jessie':
         mysql_config = File('/usr/bin/mysql_config')
     if host.ansible("setup")["ansible_facts"]["ansible_distribution_release"] == 'jessie':
         mysql_config = host.file('/usr/bin/mysql_config')
         assert mysql_config.is_symlink
         assert mysql_config.linked_to == '/usr/bin/mariadb_config'
-def test_emacs_electric_indent_mode(File):
+def test_emacs_electric_indent_mode(host):
     """
     Tests if Emacs electric indent mode has been disabled via custom
     configuration file.
     """
-    emacs_config = File('/etc/emacs/site-start.d/01disable-electric-indent-mode.el')
+    emacs_config = host.file('/etc/emacs/site-start.d/01disable-electric-indent-mode.el')
     assert emacs_config.is_file
     assert emacs_config.user == 'root'
@@ @@ -102,69 +105,69 @@ def test_emacs_electric_indent_mode(File): @@
     assert "(electric-indent-mode -1)" in emacs_config.content
-def test_os_groups(Group):
+def test_os_groups(host):
     """
     Tests if user-supplied system groups have been created correctly.
     """
-    group1 = Group('group1')
+    group1 = host.group('group1')
     assert group1.gid == 1001
-    group2 = Group('group2')
+    group2 = host.group('group2')
     assert group2.gid == 3001
-    group3 = Group('group3')
+    group3 = host.group('group3')
     assert group3.gid == 3002
-    user1_group = Group('user1')
+    user1_group = host.group('user1')
     assert user1_group.gid == 3003
-    user2_group = Group('user2')
+    user2_group = host.group('user2')
     assert user2_group.gid == 2001
-    user3_group = Group('user3')
+    user3_group = host.group('user3')
     assert user3_group.gid == 2002
-def test_os_users(File, Sudo, User):
+def test_os_users(host):
     """
     Tests if user-supplied system users have been created correctly.
     """
     with Sudo():
         user1 = User('user1')
     with host.sudo():
         user1 = host.user('user1')
         assert user1.uid == 1001
         assert user1.group == 'user1'
         assert user1.groups == ['user1']
         assert user1.shell == '/bin/bash'
         assert user1.password == '!'
-        user1_authorized_keys = File(os.path.join(user1.home, '.ssh', 'authorized_keys'))
+        user1_authorized_keys = host.file(os.path.join(user1.home, '.ssh', 'authorized_keys'))
         assert not user1_authorized_keys.exists
-        user2 = User('user2')
+        user2 = host.user('user2')
         assert user2.uid == 2001
         assert user2.group == 'user2'
         assert sorted(user2.groups) == sorted(['group1', 'group2', 'user2'])
         assert user2.shell == '/bin/bash'
         assert user2.password == '$6$wdXOQiMe09ugh0$VRIph2XA2QQyEYlAlH7zT4TPACDUalf/4FKpqG9JRHfKxANTcTug2ANCt450htcs0LikJfHLWofLP54jraFU61'
-        user2_authorized_keys = File(os.path.join(user2.home, '.ssh', 'authorized_keys'))
+        user2_authorized_keys = host.file(os.path.join(user2.home, '.ssh', 'authorized_keys'))
         assert open('tests/data/ssh/clientkey1.pub', 'r').read().strip() in user2_authorized_keys.content
         assert open('tests/data/ssh/clientkey2.pub', 'r').read().strip() in user2_authorized_keys.content
-        user3 = User('user3')
+        user3 = host.user('user3')
         assert user3.uid == 2002
         assert user3.group == 'user3'
         assert sorted(user3.groups) == sorted(['group3', 'user3'])
         assert user3.shell == '/bin/bash'
         assert user3.password == '$6$nmx.21uLqT$9LrUqNUgUwIM.l0KFKgr2.kDEwe2lo7IbBIhnG70AGW7GTFdWBUFnGAxH15YxikTXhDJD/uxd.NNgojEOjRvx1'
-        user3_authorized_keys = File(os.path.join(user3.home, '.ssh', 'authorized_keys'))
+        user3_authorized_keys = host.file(os.path.join(user3.home, '.ssh', 'authorized_keys'))
         assert open('tests/data/ssh/clientkey3.pub', 'r').read().strip() in user3_authorized_keys.content
 def test_authorized_keys_login():
+def test_authorized_keys_login(host):
     """
     Tests if authorized SSH keys for user-provided system users have been set-up
     correctly.
@@ @@ -178,66 +181,69 @@ def test_authorized_keys_login(): @@
     client = paramiko.client.SSHClient()
     client.set_missing_host_key_policy(IgnorePolicy())
     # Extract first non-IPv6 IP. Crude test, but it should work.
     remote_ip = next(a for a in host.interface("eth1").addresses if ":" not in a)
     # No exception will be raised if connection is successful.
     client.connect("10.31.127.4", username="user2", allow_agent=False, look_for_keys=False, key_filename='tests/data/ssh/clientkey1')
     client.connect("10.31.127.4", username="user2", allow_agent=False, look_for_keys=False, key_filename='tests/data/ssh/clientkey2')
     client.connect("10.31.127.4", username="user3", allow_agent=False, look_for_keys=False, key_filename='tests/data/ssh/clientkey3')
     client.connect(remote_ip, username="user2", allow_agent=False, look_for_keys=False, key_filename='tests/data/ssh/clientkey1')
     client.connect(remote_ip, username="user2", allow_agent=False, look_for_keys=False, key_filename='tests/data/ssh/clientkey2')
     client.connect(remote_ip, username="user3", allow_agent=False, look_for_keys=False, key_filename='tests/data/ssh/clientkey3')
-def test_ca_certificates(File):
+def test_ca_certificates(host):
     """
     Tests if CA certificates have been correctly deployed to the system.
     """
-    ca1_cert = File('/usr/local/share/ca-certificates/cacert1.crt')
+    ca1_cert = host.file('/usr/local/share/ca-certificates/cacert1.crt')
     assert ca1_cert.is_file
     assert ca1_cert.user == 'root'
     assert ca1_cert.group == 'root'
     assert ca1_cert.mode == 0o644
-    ca1_cert_symlink = File('/etc/ssl/certs/cacert1.pem')
+    ca1_cert_symlink = host.file('/etc/ssl/certs/cacert1.pem')
     assert ca1_cert_symlink.is_symlink
     assert ca1_cert_symlink.linked_to == '/usr/local/share/ca-certificates/cacert1.crt'
-    ca1_cert_hash_1 = File('/etc/ssl/certs/3ce70b58.0')
+    ca1_cert_hash_1 = host.file('/etc/ssl/certs/3ce70b58.0')
     assert ca1_cert_hash_1.is_symlink
     assert ca1_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert1.crt'
-    ca1_cert_hash_1 = File('/etc/ssl/certs/49f72a44.0')
+    ca1_cert_hash_1 = host.file('/etc/ssl/certs/49f72a44.0')
     assert ca1_cert_hash_1.is_symlink
     assert ca1_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert1.crt'
-    ca2_cert = File('/usr/local/share/ca-certificates/cacert2.crt')
+    ca2_cert = host.file('/usr/local/share/ca-certificates/cacert2.crt')
     assert ca2_cert.is_file
     assert ca2_cert.user == 'root'
     assert ca2_cert.group == 'root'
     assert ca2_cert.mode == 0o644
-    ca2_cert_symlink = File('/etc/ssl/certs/cacert2.pem')
+    ca2_cert_symlink = host.file('/etc/ssl/certs/cacert2.pem')
     assert ca2_cert_symlink.is_symlink
     assert ca2_cert_symlink.linked_to == '/usr/local/share/ca-certificates/cacert2.crt'
-    ca2_cert_hash_1 = File('/etc/ssl/certs/a52eec00.0')
+    ca2_cert_hash_1 = host.file('/etc/ssl/certs/a52eec00.0')
     assert ca2_cert_hash_1.is_symlink
     assert ca2_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert2.crt'
-    ca2_cert_hash_1 = File('/etc/ssl/certs/a0d2e9e4.0')
+    ca2_cert_hash_1 = host.file('/etc/ssl/certs/a0d2e9e4.0')
     assert ca2_cert_hash_1.is_symlink
     assert ca2_cert_hash_1.linked_to == '/usr/local/share/ca-certificates/cacert2.crt'
-def test_ferm_base_rules(Command, File, Sudo):
+def test_ferm_base_rules(host):
     """
     Tests if base ferm configuration has been deployed correctly with proper
     user-provided rate-limiting.
     """
     with Sudo():
         ferm_base = File('/etc/ferm/conf.d/00-base.conf')
     with host.sudo():
         ferm_base = host.file('/etc/ferm/conf.d/00-base.conf')
         assert "mod hashlimit hashlimit 5/second hashlimit-burst 5" in ferm_base.content
-        iptables = Command('iptables-save')
+        iptables = host.command('iptables-save')
         assert iptables.rc == 0
         assert "-A flood -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 5/sec --hashlimit-burst 5 " \
@@ @@ -245,7 +251,7 @@ def test_ferm_base_rules(Command, File, Sudo): @@
         assert "-A flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m hashlimit --hashlimit-upto 5/sec --hashlimit-burst 5 " \
             "--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
-        ip6tables = Command('ip6tables-save')
+        ip6tables = host.command('ip6tables-save')
         assert ip6tables.rc == 0
         assert "-A flood -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 5/sec --hashlimit-burst 5 " \
             "--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in iptables.stdout
@@ @@ -253,17 +259,17 @@ def test_ferm_base_rules(Command, File, Sudo): @@
             "--hashlimit-mode srcip --hashlimit-name icmp -j RETURN" in ip6tables.stdout
-def test_pipreqcheck_virtualenv_user(Group, User):
+def test_pipreqcheck_virtualenv_user(host):
     """
     Tests if group and user for running pip requirements upgrade checks have
     been created correctly with user-provided uid/gid.
     """
-    group = Group('pipreqcheck')
+    group = host.group('pipreqcheck')
     assert group.exists
     assert group.gid == 2500
-    user = User('pipreqcheck')
+    user = host.user('pipreqcheck')
     assert user.exists
     assert user.home == '/var/lib/pipreqcheck'
     assert user.uid == 2500
@@ @@ -271,44 +277,44 @@ def test_pipreqcheck_virtualenv_user(Group, User): @@
     assert user.groups == ['pipreqcheck']
-def test_backup_configuration(File, Sudo):
+def test_backup_configuration(host):
     """
     Tests if backup configuration has been deployed correctly.
     """
-    with Sudo():
+    with host.sudo():
-        common = File('/etc/duply/main/patterns/common')
+        common = host.file('/etc/duply/main/patterns/common')
         assert common.is_file
         assert "/var/log" in common.content.split("\n")
         assert "/etc/shadow" in common.content.split("\n")
         assert "/var/mail" in common.content.split("\n")
         assert "/var/spool/cron" in common.content.split("\n")
-        common_extra = File('/etc/duply/main/patterns/common_extra')
+        common_extra = host.file('/etc/duply/main/patterns/common_extra')
         assert common_extra.is_file
         assert "/home/user1" in common_extra.content.split("\n")
         assert "/home/user2" in common_extra.content.split("\n")
-def test_ntp_software_installed(Package):
+def test_ntp_software_installed(host):
     """
     Tests if NTP packages are installed.
     """
     assert Package('ntp').is_installed
     assert Package('ntpdate').is_installed
     assert host.package('ntp').is_installed
     assert host.package('ntpdate').is_installed
-def test_ntp_server_configuration(File, Sudo):
+def test_ntp_server_configuration(host):
     """
     Tests if NTP server has been correctly configured.
     """
-    with Sudo():
+    with host.sudo():
         # Read the configuration file.
-        configuration = File("/etc/ntp.conf").content.split("\n")
+        configuration = host.file("/etc/ntp.conf").content.split("\n")
         # Extract only the relevant sections of files (exculde empty
         # lines and comments).
@@ @@ -333,20 +339,20 @@ def test_ntp_server_configuration(File, Sudo): @@
         assert sorted(restrictions) == sorted(expected_restrictions)
-def test_ntp_query_server_count(Command):
+def test_ntp_query_server_count(host):
     # Two lines for headers, and one line per configured server.
     expected_stdout_line_count = 5
-    ntpq = Command("ntpq -p -n")
+    ntpq = host.command("ntpq -p -n")
     assert ntpq.rc == 0
     assert len(ntpq.stdout.split("\n")) == expected_stdout_line_count
-def test_ntp_listening_interfaces(Socket):
+def test_ntp_listening_interfaces(host):
     """
     Tests if NTP server is listening on correct ports.
     """
-    assert Socket('udp://:::123').is_listening
+    assert host.socket('udp://:::123').is_listening

roles/common/tasks/main.yml

➞

Show inline comments

@@ @@ -307,7 +307,7 @@ @@
 - name: Create Python virtual environment used for installing/running pip-tools
   command: "/usr/bin/virtualenv --prompt '(pipreqcheck)' '/var/lib/pipreqcheck/virtualenv'"
   args:
-     creates: '/var/lib/pipreqcheck/virtualenv/bin/activate'
     creates: '/var/lib/pipreqcheck/virtualenv/bin/activate'
   become: yes
   become_user: "pipreqcheck"
   tags:

0 comments (0 inline, 0 general)