majic-ansible-roles Changeset

Changeset - 1733003af19f

Parent rev.

Child rev.

[Not reviewed]

5 6 1

Branko Majic (branko) - 4 years ago 2020-08-26 19:52:31
branko@majic.rs

MAR-150: Use fixtures for X.509 artefacts in the mail_forwarder role:

- Removed the statically generated artefacts.
- Generate X.509 artefacts for tests using Gimmecert.
- Updated paths to point to generated artefacts.
- Introduced cleanup playbook for removing generated artefacts.

12 files changed with 58 insertions and 402 deletions:

roles/mail_forwarder/molecule/default/cleanup.yml

roles/mail_forwarder/molecule/default/group_vars/parameters-mandatory.yml

roles/mail_forwarder/molecule/default/group_vars/parameters-no-incoming.yml

roles/mail_forwarder/molecule/default/group_vars/parameters-optional.yml

roles/mail_forwarder/molecule/default/molecule.yml

roles/mail_forwarder/molecule/default/prepare.yml

roles/mail_forwarder/molecule/default/tests/data/x509/ca.cert.pem

roles/mail_forwarder/molecule/default/tests/data/x509/ca.key.pem

182

roles/mail_forwarder/molecule/default/tests/data/x509/mail-server_smtp.cert.pem

roles/mail_forwarder/molecule/default/tests/data/x509/mail-server_smtp.key.pem

134

roles/mail_forwarder/molecule/default/tests/data/x509/truststore.pem

roles/mail_forwarder/molecule/default/tests/test_default.py

0 comments (0 inline, 0 general)

roles/mail_forwarder/molecule/default/cleanup.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - name: Clean-up fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Remove X.509 material
       file:
         path: "{{ item }}"
         state: absent
       with_items:
         - "tests/data/x509"
         - "tests/data/.gimmecert"

roles/mail_forwarder/molecule/default/group_vars/parameters-mandatory.yml

➞

Show inline comments

 ---
 smtp_relay_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
+smtp_relay_truststore: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"

roles/mail_forwarder/molecule/default/group_vars/parameters-no-incoming.yml

➞

Show inline comments

 ---
 smtp_relay_host: mail-server
 smtp_from_relay_allowed: false
 smtp_relay_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
+smtp_relay_truststore: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
+  testca: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"

roles/mail_forwarder/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ @@ -3,11 +3,11 @@ @@
 local_mail_aliases:
   root: "root testuser"
 mail_message_size_limit: 20480001
 smtp_from_relay_allowed: true
 smtp_relay_host: mail-server
 smtp_relay_host_port: 27
 smtp_relay_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
+smtp_relay_truststore: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
+  testca: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"

roles/mail_forwarder/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -75,12 +75,14 @@ platforms: @@
         ip: 10.31.127.32
         network_name: private_network
         type: static
 provisioner:
   name: ansible
   playbooks:
     cleanup: cleanup.yml
   config_options:
     defaults:
       force_valid_group_names: "ignore"
       interpreter_python: "/usr/bin/python3"
     ssh_connection:
       pipelining: "True"

roles/mail_forwarder/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Set-up fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: "tests/data/.gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
       command:
       args:
         chdir: "tests/data/"
         creates: "tests/data/.gimmecert/server/{{ item.name }}.cert.pem"
         argv:
           - "gimmecert"
           - "server"
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
       with_items:
         - name: mail-server_smtp
           fqdn: mail-server
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
@@ @@ -56,13 +88,13 @@ @@
       apt:
         name: hping3
         state: present
     - name: Deploy CA certificate
       copy:
         src: tests/data/x509/ca.cert.pem
+        src: tests/data/x509/ca/level1.cert.pem
         dest: /usr/local/share/ca-certificates/testca.crt
         owner: root
         group: root
         mode: 0644
       notify:
         - Update CA certificate cache
@@ @@ -75,23 +107,23 @@ @@
 - hosts: mail-servers
   become: true
   tasks:
     - name: Deploy CA certificate
       copy:
         src: tests/data/x509/ca.cert.pem
+        src: tests/data/x509/ca/level1.cert.pem
         dest: /usr/local/share/ca-certificates/testca.crt
         owner: root
         group: root
         mode: 0644
       notify:
         - Update CA certificate cache
     - name: Deploy SMTP private key and certificate
       copy:
         src: "tests/data/x509/{{ item }}"
+        src: "tests/data/x509/server/{{ item }}"
         dest: "/etc/ssl/{{ item }}"
         owner: root
         group: root
         mode: 0600
       with_items:
         - mail-server_smtp.cert.pem

roles/mail_forwarder/molecule/default/tests/data/x509/ca.cert.pem

➞

Show inline comments

deleted file

roles/mail_forwarder/molecule/default/tests/data/x509/ca.key.pem

➞

Show inline comments

deleted file

roles/mail_forwarder/molecule/default/tests/data/x509/mail-server_smtp.cert.pem

➞

Show inline comments

deleted file

roles/mail_forwarder/molecule/default/tests/data/x509/mail-server_smtp.key.pem

➞

Show inline comments

deleted file

roles/mail_forwarder/molecule/default/tests/data/x509/truststore.pem

➞

Show inline comments

deleted file

roles/mail_forwarder/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -33,13 +33,13 @@ def test_smtp_relay_truststore_file(host): @@
     truststore = host.file('/etc/ssl/certs/smtp_relay_truststore.pem')
     assert truststore.is_file
     assert truststore.user == 'root'
     assert truststore.group == 'root'
     assert truststore.mode == 0o644
-    assert truststore.content_string == open("tests/data/x509/truststore.pem", "r").read().rstrip()
+    assert truststore.content_string == open("tests/data/x509/ca/level1.cert.pem", "r").read().rstrip()
 def test_smtp_mailname(host):
     """
     Tests if SMTP mailname configuration file has correct permissions.
     """

0 comments (0 inline, 0 general)