majic-ansible-roles Changeset

Changeset - 80299693b896

Parent rev.

Child rev.

[Not reviewed]

10 4 1

Branko Majic (branko) - 4 years ago 2020-09-15 14:22:41
branko@majic.rs

MAR-150: Use fixtures for X.509 artefacts in the wsgi_website role:

- Removed the statically generated artefacts.
- Generate X.509 artefacts for tests using Gimmecert.
- Updated paths to point to generated artefacts.
- Introduced cleanup playbook for removing generated artefacts.

15 files changed with 67 insertions and 857 deletions:

roles/wsgi_website/molecule/default/cleanup.yml

roles/wsgi_website/molecule/default/molecule.yml

roles/wsgi_website/molecule/default/playbook.yml

roles/wsgi_website/molecule/default/prepare.yml

roles/wsgi_website/molecule/default/tests/data/x509/ca.cert.pem

roles/wsgi_website/molecule/default/tests/data/x509/ca.key.pem

182

roles/wsgi_website/molecule/default/tests/data/x509/parameters-mandatory_https.cert.pem

roles/wsgi_website/molecule/default/tests/data/x509/parameters-mandatory_https.key.pem

134

roles/wsgi_website/molecule/default/tests/data/x509/parameters-optional.local_https.cert.pem

roles/wsgi_website/molecule/default/tests/data/x509/parameters-optional.local_https.key.pem

134

roles/wsgi_website/molecule/default/tests/data/x509/parameters-paste-req_https.cert.pem

roles/wsgi_website/molecule/default/tests/data/x509/parameters-paste-req_https.key.pem

134

roles/wsgi_website/molecule/default/tests/data/x509/wsgi-website_https.cert.pem

roles/wsgi_website/molecule/default/tests/data/x509/wsgi-website_https.key.pem

134

roles/wsgi_website/molecule/default/tests/test_default.py

0 comments (0 inline, 0 general)

roles/wsgi_website/molecule/default/cleanup.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - name: Clean-up fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Remove X.509 material
       file:
         path: "{{ item }}"
         state: absent
       with_items:
         - "tests/data/x509"
         - "tests/data/.gimmecert"

roles/wsgi_website/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -23,12 +23,14 @@ platforms: @@
     box: debian/contrib-stretch64
     memory: 512
     cpus: 1
 provisioner:
   name: ansible
   playbooks:
     cleanup: cleanup.yml
   config_options:
     defaults:
       force_valid_group_names: "ignore"
       interpreter_python: "/usr/bin/python3"
     ssh_connection:
       pipelining: "True"

roles/wsgi_website/molecule/default/playbook.yml

➞

Show inline comments

@@ @@ -2,29 +2,29 @@ @@
 - hosts: wsgi-website
   become: true
   vars:
     # common
     ca_certificates:
       testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
+      testca: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"
     # web_server
     default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/wsgi-website_https.cert.pem') }}"
     default_https_tls_key: "{{ lookup('file', 'tests/data/x509/wsgi-website_https.key.pem') }}"
     default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/wsgi-website_https.cert.pem') }}"
     default_https_tls_key: "{{ lookup('file', 'tests/data/x509/server/wsgi-website_https.key.pem') }}"
   roles:
     - role: wsgi_website
       fqdn: parameters-mandatory
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-mandatory_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-mandatory_https.key.pem') }}"
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/parameters-mandatory_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/server/parameters-mandatory_https.key.pem') }}"
       wsgi_application: testapp:application
     - role: wsgi_website
       fqdn: parameters-optional.local
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional.local_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional.local_https.key.pem') }}"
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/parameters-optional.local_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/server/parameters-optional.local_https.key.pem') }}"
       additional_nginx_config:
         - comment: Custom missing page.
           value: error_page 404 /my/own/error/page;
       admin_uid: 5000
       enforce_https: false
       environment_indicator:
@@ @@ -80,14 +80,14 @@ @@
         - six==1.10.0
         - Werkzeug==0.12.2
       wsgi_application: config.ini
       wsgi_requirements:
         - futures==3.1.0
         - gunicorn==19.7.0
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-paste-req_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-paste-req_https.key.pem') }}"
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/parameters-paste-req_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/server/parameters-paste-req_https.key.pem') }}"
 - hosts: wsgi-website
   become: true
   tasks:
     # parameters-mandatory application
     - name: Set-up directories where application files are hosted at

roles/wsgi_website/molecule/default/prepare.yml

➞

Show inline comments

 ---
 - name: Set-up fixtures
   hosts: localhost
   connection: local
   gather_facts: false
   tasks:
     - name: Initialise CA hierarchy
       command: "gimmecert init"
       args:
         creates: ".gimmecert/ca/level1.cert.pem"
         chdir: "tests/data/"
     - name: Generate server private keys and certificates
       command:
       args:
         chdir: "tests/data/"
         creates: ".gimmecert/server/{{ item.name }}.cert.pem"
         argv:
           - "gimmecert"
           - "server"
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
       with_items:
         - name: parameters-mandatory_https
           fqdn: parameters-mandatory
         - name: parameters-optional.local_https
           fqdn: parameters-optional.local
         - name: parameters-paste-req_https
           fqdn: parameters-paste-req
         - name: wsgi-website_https
           fqdn: wsgi-website
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
         dest: "tests/data/x509"
         state: link
 - name: Prepare
   hosts: all
   gather_facts: false
   tasks:
     - name: Install python for Ansible
       raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)

roles/wsgi_website/molecule/default/tests/data/x509/ca.cert.pem

➞

Show inline comments

deleted file

roles/wsgi_website/molecule/default/tests/data/x509/ca.key.pem

➞

Show inline comments

deleted file

roles/wsgi_website/molecule/default/tests/data/x509/parameters-mandatory_https.cert.pem

➞

Show inline comments

deleted file

roles/wsgi_website/molecule/default/tests/data/x509/parameters-mandatory_https.key.pem

➞

Show inline comments

deleted file

roles/wsgi_website/molecule/default/tests/data/x509/parameters-optional.local_https.cert.pem

➞

Show inline comments

deleted file

roles/wsgi_website/molecule/default/tests/data/x509/parameters-optional.local_https.key.pem

➞

Show inline comments

deleted file

roles/wsgi_website/molecule/default/tests/data/x509/parameters-paste-req_https.cert.pem

➞

Show inline comments

deleted file

roles/wsgi_website/molecule/default/tests/data/x509/parameters-paste-req_https.key.pem

➞

Show inline comments

deleted file

roles/wsgi_website/molecule/default/tests/data/x509/wsgi-website_https.cert.pem

➞

Show inline comments

deleted file

roles/wsgi_website/molecule/default/tests/data/x509/wsgi-website_https.key.pem

➞

Show inline comments

deleted file

roles/wsgi_website/molecule/default/tests/test_default.py

➞

Show inline comments

         assert directory.group == expected_group
         assert directory.mode == 0o2750
 @pytest.mark.parametrize("private_key_path, certificate_path, expected_private_key, expected_certificate", [
     ('/etc/ssl/private/parameters-mandatory_https.key', '/etc/ssl/certs/parameters-mandatory_https.pem',
      'tests/data/x509/parameters-mandatory_https.key.pem', 'tests/data/x509/parameters-mandatory_https.cert.pem'),
+     'tests/data/x509/server/parameters-mandatory_https.key.pem', 'tests/data/x509/server/parameters-mandatory_https.cert.pem'),
     ('/etc/ssl/private/parameters-optional.local_https.key', '/etc/ssl/certs/parameters-optional.local_https.pem',
      'tests/data/x509/parameters-optional.local_https.key.pem', 'tests/data/x509/parameters-optional.local_https.cert.pem'),
+     'tests/data/x509/server/parameters-optional.local_https.key.pem', 'tests/data/x509/server/parameters-optional.local_https.cert.pem'),
     ('/etc/ssl/private/parameters-paste-req_https.key', '/etc/ssl/certs/parameters-paste-req_https.pem',
      'tests/data/x509/parameters-paste-req_https.key.pem', 'tests/data/x509/parameters-paste-req_https.cert.pem'),
+     'tests/data/x509/server/parameters-paste-req_https.key.pem', 'tests/data/x509/server/parameters-paste-req_https.cert.pem'),
 ])
 def test_nginx_tls_files(host, private_key_path, certificate_path, expected_private_key, expected_certificate):
     """
     Tests if TLS private key and certificate have been deployed correctly.
     """

0 comments (0 inline, 0 general)