majic-ansible-roles Changeset

Changeset - 7dd7757be724

Parent rev.

Child rev.

[Not reviewed]

8 5 1

Branko Majic (branko) - 4 years ago 2020-08-27 16:10:53
branko@majic.rs

MAR-150: Use fixtures for X.509 artefacts in the php_website role:

- Removed the statically generated artefacts.
- Generate X.509 artefacts for tests using Gimmecert.
- Updated paths to point to generated artefacts.
- Introduced cleanup playbook for removing generated artefacts.

14 files changed with 65 insertions and 696 deletions:

roles/php_website/molecule/default/cleanup.yml

roles/php_website/molecule/default/molecule.yml

roles/php_website/molecule/default/playbook.yml

roles/php_website/molecule/default/prepare.yml

roles/php_website/molecule/default/tests/data/x509/ca.cert.pem

roles/php_website/molecule/default/tests/data/x509/ca.key.pem

182

roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.cert.pem

roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.key.pem

134

roles/php_website/molecule/default/tests/data/x509/parameters-optional.local_https.cert.pem

roles/php_website/molecule/default/tests/data/x509/parameters-optional.local_https.key.pem

134

roles/php_website/molecule/default/tests/data/x509/php-website_https.cert.pem

roles/php_website/molecule/default/tests/data/x509/php-website_https.key.pem

134

roles/php_website/molecule/default/tests/test_parameters_mandatory.py

roles/php_website/molecule/default/tests/test_parameters_optional.py

0 comments (0 inline, 0 general)

roles/php_website/molecule/default/cleanup.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - name: Clean-up fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Remove X.509 material
       file:
         path: "{{ item }}"
         state: absent
       with_items:
         - "tests/data/x509"
         - "tests/data/.gimmecert"

roles/php_website/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -25,6 +25,8 @@ platforms: @@
 provisioner:
   name: ansible
   playbooks:
     cleanup: cleanup.yml
   config_options:
     defaults:
       force_valid_group_names: "ignore"

roles/php_website/molecule/default/playbook.yml

➞

Show inline comments

@@ @@ -5,17 +5,17 @@ @@
   vars:
     # common
     ca_certificates:
       testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
+      testca: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"
     # web_server
     default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/php-website_https.cert.pem') }}"
     default_https_tls_key: "{{ lookup('file', 'tests/data/x509/php-website_https.key.pem') }}"
     default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/php-website_https.cert.pem') }}"
     default_https_tls_key: "{{ lookup('file', 'tests/data/x509/server/php-website_https.key.pem') }}"
   roles:
     - role: php_website
       fqdn: parameters-mandatory
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-mandatory_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-mandatory_https.key.pem') }}"
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/parameters-mandatory_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/server/parameters-mandatory_https.key.pem') }}"
     - role: php_website
       additional_fpm_config:
@@ @@ -34,8 +34,8 @@ @@
         text: "parameters-optional"
       fqdn: parameters-optional.local
       index: myindex.php
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional.local_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional.local_https.key.pem') }}"
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/parameters-optional_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/server/parameters-optional_https.key.pem') }}"
       php_file_regex: "\\.myphp$"
       php_rewrite_urls:
         - ^/rewrite1/(.*)$ /rewrite.myphp?url=$1 last

roles/php_website/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Set-up fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
       command:
       args:
         chdir: "tests/data/"
         creates: "tests/data/.gimmecert/server/{{ item.name }}.cert.pem"
         argv:
           - "gimmecert"
           - "server"
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
           - "{{ item.fqdn[:item.fqdn.rfind('-')] }}"
       with_items:
         - name: parameters-mandatory_https
           fqdn: parameters-mandatory
         - name: parameters-optional_https
           fqdn: parameters-optional.local
         - name: php-website_https
           fqdn: php-website
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   gather_facts: false

roles/php_website/molecule/default/tests/data/x509/ca.cert.pem

➞

Show inline comments

deleted file

roles/php_website/molecule/default/tests/data/x509/ca.key.pem

➞

Show inline comments

deleted file

roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.cert.pem

➞

Show inline comments

deleted file

roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.key.pem

➞

Show inline comments

deleted file

roles/php_website/molecule/default/tests/data/x509/parameters-optional.local_https.cert.pem

➞

Show inline comments

deleted file

roles/php_website/molecule/default/tests/data/x509/parameters-optional.local_https.key.pem

➞

Show inline comments

deleted file

roles/php_website/molecule/default/tests/data/x509/php-website_https.cert.pem

➞

Show inline comments

deleted file

roles/php_website/molecule/default/tests/data/x509/php-website_https.key.pem

➞

Show inline comments

deleted file

roles/php_website/molecule/default/tests/test_parameters_mandatory.py

➞

Show inline comments

@@ @@ -160,14 +160,14 @@ def test_nginx_tls_files(host): @@
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o640
         assert tls_file.content_string == open("tests/data/x509/parameters-mandatory_https.key.pem", "r").read().rstrip()
+        assert tls_file.content_string == open("tests/data/x509/server/parameters-mandatory_https.key.pem", "r").read().rstrip()
         tls_file = host.file('/etc/ssl/certs/parameters-mandatory_https.pem')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
         assert tls_file.content_string == open("tests/data/x509/parameters-mandatory_https.cert.pem", "r").read().rstrip()
+        assert tls_file.content_string == open("tests/data/x509/server/parameters-mandatory_https.cert.pem", "r").read().rstrip()
 def test_certificate_validity_check_configuration(host):

roles/php_website/molecule/default/tests/test_parameters_optional.py

➞

Show inline comments

@@ @@ -154,14 +154,14 @@ def test_nginx_tls_files(host): @@
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o640
-        assert tls_file.content_string == open("tests/data/x509/parameters-optional.local_https.key.pem", "r").read().rstrip()
+        assert tls_file.content_string == open("tests/data/x509/server/parameters-optional_https.key.pem", "r").read().rstrip()
         tls_file = host.file('/etc/ssl/certs/parameters-optional.local_https.pem')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
-        assert tls_file.content_string == open("tests/data/x509/parameters-optional.local_https.cert.pem", "r").read().rstrip()
+        assert tls_file.content_string == open("tests/data/x509/server/parameters-optional_https.cert.pem", "r").read().rstrip()
 def test_certificate_validity_check_configuration(host):

0 comments (0 inline, 0 general)