Changeset - 54b90379d1fa
Parent rev.
Child rev.
[Not reviewed]
0 3 0
Branko Majic (branko) - 4 years ago 2020-07-26 22:49:59
branko@majic.rs
MAR-162: Deduplicate web_server tests for TLS material.
3 files changed with 24 insertions and 48 deletions:
roles/web_server/molecule/default/tests/test_default.py
24
roles/web_server/molecule/default/tests/test_mandatory.py
24
roles/web_server/molecule/default/tests/test_optional.py
24
0 comments (0 inline, 0 general)
roles/web_server/molecule/default/tests/test_default.py
Show inline comments
 
@@ -276,3 +276,27 @@ def test_https_server_uses_correct_dh_parameters(host):
 
    used_dhparam = output[output.find(begin_marker):output.find(end_marker) + len(end_marker)]
 

			




	
	
	
		
 
    assert used_dhparam == expected_dhparam

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_nginx_tls_files(host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if TLS private key and certificate have been deployed correctly.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    hostname = host.run('hostname').stdout.strip()

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/private/%s_https.key' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o640

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/%s_https.key.pem" % hostname, "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/certs/%s_https.pem' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o644

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/%s_https.cert.pem" % hostname, "r").read().rstrip()

			




        

    


    
    

    

        

                

                    roles/web_server/molecule/default/tests/test_mandatory.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -7,30 +7,6 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

			




	
	
	
		
 
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-mandatory')

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_nginx_tls_files(host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if TLS private key and certificate have been deployed correctly.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    hostname = host.run('hostname').stdout.strip()

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/private/%s_https.key' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o640

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/%s_https.key.pem" % hostname, "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/certs/%s_https.pem' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o644

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/%s_https.cert.pem" % hostname, "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_certificate_validity_check_configuration(host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if certificate validity check configuration file has been deployed

			




        

    


    
    

    

        

                

                    roles/web_server/molecule/default/tests/test_optional.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -7,30 +7,6 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

			




	
	
	
		
 
    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-optional')

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_nginx_tls_files(host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if TLS private key and certificate have been deployed correctly.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    hostname = host.run('hostname').stdout.strip()

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/private/%s_https.key' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o640

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/%s_https.key.pem" % hostname, "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/certs/%s_https.pem' % hostname)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o644

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/%s_https.cert.pem" % hostname, "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_certificate_validity_check_configuration(host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if certificate validity check configuration file has been deployed

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.