Changeset - 611e6c9cffd9
Parent rev.
Child rev.
[Not reviewed]
0 3 0
Branko Majic (branko) - 3 years ago 2021-01-12 23:26:35
branko@majic.rs
MAR-163: Deduplicate TLS file tests in hte php_website role.
3 files changed with 28 insertions and 44 deletions:
roles/php_website/molecule/default/tests/test_default.py
28
roles/php_website/molecule/default/tests/test_parameters_mandatory.py
22
roles/php_website/molecule/default/tests/test_parameters_optional.py
22
0 comments (0 inline, 0 general)
roles/php_website/molecule/default/tests/test_default.py
Show inline comments
 
@@ -28,3 +28,31 @@ def test_https_enforcement(host, fqdn):
 

			




	
	
	
		
 
    assert https_enforcement.rc == 0

			




	
	
	
		
 
    assert 'Strict-Transport-Security: max-age=31536000; includeSubDomains' in https_enforcement.stdout

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
@pytest.mark.parametrize("private_key_path, certificate_path, expected_private_key, expected_certificate", [

			




	
	
	
		
 
    ('/etc/ssl/private/parameters-mandatory_https.key', '/etc/ssl/certs/parameters-mandatory_https.pem',

			




	
	
	
		
 
     'tests/data/x509/server/parameters-mandatory_https.key.pem', 'tests/data/x509/server/parameters-mandatory_https.cert.pem'),

			




	
	
	
		
 
    ('/etc/ssl/private/parameters-optional.local_https.key', '/etc/ssl/certs/parameters-optional.local_https.pem',

			




	
	
	
		
 
     'tests/data/x509/server/parameters-optional_https.key.pem', 'tests/data/x509/server/parameters-optional_https.cert.pem'),

			




	
	
	
		
 
])

			




	
	
	
		
 
def test_nginx_tls_files(host, private_key_path, certificate_path, expected_private_key, expected_certificate):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if TLS private key and certificate have been deployed correctly.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file(private_key_path)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o640

			




	
	
	
		
 
        assert tls_file.content_string == open(expected_private_key, "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file(certificate_path)

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o644

			




	
	
	
		
 
        assert tls_file.content_string == open(expected_certificate, "r").read().rstrip()

			




        

    


    
    

    

        

                

                    roles/php_website/molecule/default/tests/test_parameters_mandatory.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -148,28 +148,6 @@ def test_php_fpm_configuration_file(host):

			




	
	
	
		
 
        assert config.mode == 0o640

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_nginx_tls_files(host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if TLS private key and certificate have been deployed correctly.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/private/parameters-mandatory_https.key')

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o640

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/server/parameters-mandatory_https.key.pem", "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/certs/parameters-mandatory_https.pem')

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o644

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/server/parameters-mandatory_https.cert.pem", "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_certificate_validity_check_configuration(host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if certificate validity check configuration file has been deployed

			




        

    


    
    

    

        

                

                    roles/php_website/molecule/default/tests/test_parameters_optional.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -142,28 +142,6 @@ def test_installed_packages(host):

			




	
	
	
		
 
    assert host.package('libmariadbclient-dev-compat').is_installed

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_nginx_tls_files(host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if TLS private key and certificate have been deployed correctly.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/private/parameters-optional.local_https.key')

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o640

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/server/parameters-optional_https.key.pem", "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 
        tls_file = host.file('/etc/ssl/certs/parameters-optional.local_https.pem')

			




	
	
	
		
 
        assert tls_file.is_file

			




	
	
	
		
 
        assert tls_file.user == 'root'

			




	
	
	
		
 
        assert tls_file.group == 'root'

			




	
	
	
		
 
        assert tls_file.mode == 0o644

			




	
	
	
		
 
        assert tls_file.content_string == open("tests/data/x509/server/parameters-optional_https.cert.pem", "r").read().rstrip()

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_certificate_validity_check_configuration(host):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Tests if certificate validity check configuration file has been deployed

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.