majic-ansible-roles Changeset

Changeset - 998aab91d6b4

Parent rev.

Child rev.

[Not reviewed]

1 6 3

Branko Majic (branko) - 7 years ago 2017-07-17 14:30:25
branko@majic.rs

MAR-33: Implemented tests for the wsgi_website role:

- Updated test playbook to have better coverage of functionality.
- Fixed some additional permission mode issues (leading zero).
- Use expanded syntax for deploying TLS material in order to avoid mangling of
TABs.
- Implemented proper WSGI applications in order to test everything.
- Implemented tests covering mandatory parameters, optional parameters, and the
use of WSGI requirements/Paster.

10 files changed with 1282 insertions and 37 deletions:

roles/wsgi_website/playbook.yml

roles/wsgi_website/tasks/main.yml

roles/wsgi_website/tasks/requirements.yml

roles/wsgi_website/templates/supervisor_site.conf.j2

roles/wsgi_website/tests/data/python/paste/testapp.py

roles/wsgi_website/tests/data/python/wsgi/testapp.py

roles/wsgi_website/tests/test_default.py

roles/wsgi_website/tests/test_parameters_mandatory.py

426

roles/wsgi_website/tests/test_parameters_optional.py

489

roles/wsgi_website/tests/test_parameters_paste_req.py

307

0 comments (0 inline, 0 general)

roles/wsgi_website/playbook.yml

➞

Show inline comments

@@ @@ -97,11 +97,9 @@ @@
     - role: wsgi_website
       fqdn: parameters-paste-req
       use_paste: yes
       wsgi_application: config.ini
       wsgi_requirements:
       virtualenv_packages:
         - click==6.7
         - Flask==0.12.2
         - gunicorn==19.7.1
         - itsdangerous==0.24
         - Jinja2==2.9.6
         - MarkupSafe==1.0
@@ @@ -110,6 +108,10 @@ @@
         - PasteScript==2.0.2
         - six==1.10.0
         - Werkzeug==0.12.2
       wsgi_application: config.ini
       wsgi_requirements:
         - futures==3.1.0
         - gunicorn==19.7.0
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-paste-req_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-paste-req_https.key.pem') }}"

roles/wsgi_website/tasks/main.yml

➞

Show inline comments

@@ @@ -52,7 +52,7 @@ @@
 - name: Create directory for storing the Python virtual environment
   file: path="{{ home }}/virtualenv" state=directory
-        owner="{{ admin }}" group="{{ user }}" mode="2750"
+        owner="{{ admin }}" group="{{ user }}" mode="02750"
 - name: Create Python virtual environment
   become: yes
@@ @@ -115,17 +115,25 @@ @@
 - name: Create directory where static files can be served from
   file: path="{{ home }}/htdocs/" state=directory
-        owner="{{ admin }}" group="{{ user }}" mode="2750"
+        owner="{{ admin }}" group="{{ user }}" mode="02750"
 - name: Deploy nginx TLS private key for website
   copy: dest="/etc/ssl/private/{{ fqdn }}_https.key" content="{{ https_tls_key }}"
         mode=0640 owner=root group=root
   copy:
     dest: "/etc/ssl/private/{{ fqdn }}_https.key"
     content: "{{ https_tls_key }}"
     mode: 0640
     owner: root
     group: root
   notify:
     - Restart nginx
 - name: Deploy nginx TLS certificate for website
   copy: dest="/etc/ssl/certs/{{ fqdn }}_https.pem" content="{{ https_tls_certificate }}"
         mode=0644 owner=root group=root
   copy:
     dest: "/etc/ssl/certs/{{ fqdn }}_https.pem"
     content: "{{ https_tls_certificate }}"
     mode: 0644
     owner: root
     group: root
   notify:
     - Restart nginx

roles/wsgi_website/tasks/requirements.yml

➞

Show inline comments

@@ @@ -2,11 +2,11 @@ @@
 - name: Set-up directory for storing requirements file for upgrade checks
   file: path="/etc/pip_check_requirements_upgrades/{{ fqdn }}" state=directory
-        owner="root" group="pipreqcheck" mode=750
+        owner="root" group="pipreqcheck" mode=0750
 - name: Deploy WSGI requirements files for upgrade checks
   template: src="{{ item }}.j2" dest="/etc/pip_check_requirements_upgrades/{{ fqdn }}/{{ item }}"
-            owner="root" group="pipreqcheck" mode="640"
+            owner="root" group="pipreqcheck" mode="0640"
   with_items:
     - wsgi_requirements.in
     - wsgi_requirements.txt
@@ @@ -15,7 +15,7 @@ @@
   become: yes
   become_user: "{{ admin }}"
   template: src="wsgi_requirements.txt.j2" dest="{{ home }}/.wsgi_requirements.txt"
-            owner="{{ admin }}" group="{{ user }}" mode="640"
+            owner="{{ admin }}" group="{{ user }}" mode="0640"
 - name: Install Gunicorn via requirements file
   become: yes

roles/wsgi_website/templates/supervisor_site.conf.j2

➞

Show inline comments

deleted file

roles/wsgi_website/tests/data/python/paste/testapp.py

➞

Show inline comments

 import os
 import flask
 from flask import Flask
 app = Flask(__name__)
+app = Flask(__name__, static_url_path='/keep-default-static-out-of-way')
 @app.route('/')
 def index():
 @app.route('/', defaults={'path': ''})
 @app.route('/<path:path>')
 def index(path):
     template = """<!DOCTYPE html>
 <html lang="en">
   <head>
     <meta charset="utf-8">
-    <title>{title}</title>
+    <title>{host}</title>
   </head>
   <body>
     <h1>Hello, world!</h1>
     <p>I am website {title}</p>
     <p>Accept-Encoding header was set to {acceptencoding}</p>
     <p>This is the WSGI application at {host}.</p>
     <p>Requested URL was: {scheme}://{host}{script}{path}
     <p>MY_ENV_VAR: {my_env_var}</p>
     <p>Accept-Encoding: {accept_encoding}</p>
   </body>
 </html>
 """
     output = template.format(title=os.environ.get("WEBSITE_NAME", "that nobody set a name for :("),
                              acceptencoding=os.environ.get("HTTP_ACCEPT_ENCODING", "HTTP accept encoding not set"))
     environ = flask.request.environ
     parameters = {}
     parameters['host'] = environ['HTTP_HOST']
     parameters['scheme'] = environ['wsgi.url_scheme']
     parameters['script'] = environ['SCRIPT_NAME']
     parameters['path'] = environ['PATH_INFO']
     parameters['my_env_var'] = os.environ.get('MY_ENV_VAR', None)
     parameters['accept_encoding'] = environ.get('HTTP_ACCEPT_ENCODING')
     output = template.format(**parameters)
     return output

roles/wsgi_website/tests/data/python/wsgi/testapp.py

➞

Show inline comments

@@ @@ -9,17 +9,26 @@ def application(environ, start_response): @@
 <html lang="en">
   <head>
     <meta charset="utf-8">
-    <title>{title}</title>
+    <title>{host}</title>
   </head>
   <body>
     <h1>Hello, world!</h1>
     <p>I am website {title}</p>
     <p>Accept-Encoding header was set to {acceptencoding}</p>
     <p>This is the WSGI application at {host}.</p>
     <p>Requested URL was: {scheme}://{host}{script}{path}
     <p>MY_ENV_VAR: {my_env_var}</p>
     <p>Accept-Encoding: {accept_encoding}</p>
   </body>
 </html>
 """
     output = template.format(title=os.environ.get("WEBSITE_NAME", "that nobody set a name for :("),
                              acceptencoding=os.environ.get("HTTP_ACCEPT_ENCODING", "HTTP accept encoding not set"))
     parameters = {}
     parameters['host'] = environ['HTTP_HOST']
     parameters['scheme'] = environ['wsgi.url_scheme']
     parameters['script'] = environ['SCRIPT_NAME']
     parameters['path'] = environ['PATH_INFO']
     parameters['my_env_var'] = os.environ.get('MY_ENV_VAR', None)
     parameters['accept_encoding'] = environ.get('HTTP_ACCEPT_ENCODING')
     output = template.format(**parameters)
     response_headers = [('Content-type', 'text/html'),
                         ('Content-Length', str(len(output)))]

roles/wsgi_website/tests/test_default.py

➞

Show inline comments

 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('all')

roles/wsgi_website/tests/test_parameters_mandatory.py

➞

Show inline comments

@@ new file 100644 @@
 import re
 import time
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('all')
 def test_website_group(Group):
     """
     Tests if website group has been created correctly.
     """
     group = Group('web-parameters-mandatory')
     assert group.exists
     assert group.gid == 1003
 def test_website_admin_user(User):
     """
     Tests if website administrator user has been created correctly.
     """
     user = User('admin-parameters-mandatory')
     assert user.exists
     assert user.uid == 1003
     assert user.group == 'web-parameters-mandatory'
     assert user.groups == ['web-parameters-mandatory']
     assert user.shell == '/bin/bash'
     assert user.home == '/var/www/parameters-mandatory'
 def test_website_admin_home(File, Sudo):
     """
     Tests if permissions on website admin home directory are correct.
     """
     home = File('/var/www/parameters-mandatory')
     assert home.is_directory
     assert home.user == 'admin-parameters-mandatory'
     assert home.group == 'web-parameters-mandatory'
     assert home.mode == 0o750
 def test_home_profile_directory(File, Sudo):
     """
     Tests if profile directory has been set-up correctly for the website
     administrator/application user.
     """
     with Sudo():
         directory = File('/var/www/parameters-mandatory/.profile.d')
         assert directory.is_directory
         assert directory.user == 'admin-parameters-mandatory'
         assert directory.group == 'web-parameters-mandatory'
         assert directory.mode == 0o750
 def test_virtualenv_profile_configuration(File, Sudo):
     """
     Tests if profile configuration file for auto-activation of virtual
     environment has been deployed correctly.
     """
     with Sudo():
         config = File('/var/www/parameters-mandatory/.profile.d/virtualenv.sh')
         assert config.is_file
         assert config.user == 'root'
         assert config.group == 'web-parameters-mandatory'
         assert config.mode == 0o640
 def test_environment_profile_configuration(File, Sudo):
     """
     Tests if profile configuration file for setting-up environment variables has
     been deployed correctly.
     """
     with Sudo():
         config = File('/var/www/parameters-mandatory/.profile.d/environment.sh')
         assert config.is_file
         assert config.user == 'root'
         assert config.group == 'web-parameters-mandatory'
         assert config.mode == 0o640
         assert config.content == ""
 def test_profile_configuration(Command):
     """
     Tests if profile configuration is behaving correctly (setting appropriate
     vars via login shell).
     """
     env = Command("sudo -i -u admin-parameters-mandatory printenv VIRTUAL_ENV MY_ENV_VAR")
     assert env.stdout == "/var/www/parameters-mandatory/virtualenv"
 def test_website_application_user(Command, Sudo, User):
     """
     Tests if website application user has been created correctly.
     """
     user = User('web-parameters-mandatory')
     assert user.exists
     assert user.uid == 999
     assert user.group == 'web-parameters-mandatory'
     assert user.groups == ['web-parameters-mandatory']
     assert user.shell == '/bin/sh'
     assert user.home == '/var/www/parameters-mandatory'
     with Sudo():
         umask = Command("su -l web-parameters-mandatory -c 'bash -c umask'")
         assert umask.stdout == '0007'
 def test_nginx_user(User):
     """
     Tests if web server user has been added to website group.
     """
     user = User('www-data')
     assert 'web-parameters-mandatory' in user.groups
 def test_forward_file(File, Sudo):
     """
     Tests if the forward file has correct permissions and content.
     """
     with Sudo():
         config = File('/var/www/parameters-mandatory/.forward')
         assert config.is_file
         assert config.user == 'root'
         assert config.group == 'web-parameters-mandatory'
         assert config.mode == 0o640
         assert config.content == "root"
 def test_mail_forwarding(Command, File, Sudo):
     """
     Tests if mail forwarding works as expected.
     """
     send = Command('swaks --suppress-data --to web-parameters-mandatory@localhost')
     assert send.rc == 0
     message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
     # Sleep for a couple of seconds so the mail can get delivered.
     time.sleep(5)
     with Sudo():
         mail_log = File('/var/log/mail.log')
         # First extract message ID of forwarded mail.
         pattern = "%s: to=<web-parameters-mandatory@localhost>.*status=sent \(forwarded as ([^)]*)\)" % message_id
         message_id = re.search(pattern, mail_log.content).group(1)
         # Now try to determine where the forward ended-up at.
         pattern = "%s: to=<vagrant@wsgi-website>, orig_to=<web-parameters-mandatory@localhost>.*status=sent" % message_id
         assert re.search(pattern, mail_log.content) is not None
 def test_python_virtualenv_created(File, Sudo):
     """
     Tests if Python virtual environment has been created correctly.
     """
     with Sudo():
         virtualenv = File("/var/www/parameters-mandatory/virtualenv")
         assert virtualenv.is_directory
         assert virtualenv.user == 'admin-parameters-mandatory'
         assert virtualenv.group == 'web-parameters-mandatory'
         assert virtualenv.mode == 0o2750
         virtualenv_activate = File("/var/www/parameters-mandatory/virtualenv/bin/activate")
         assert virtualenv_activate.is_file
         assert virtualenv_activate.user == 'admin-parameters-mandatory'
         assert virtualenv_activate.group == 'web-parameters-mandatory'
         assert virtualenv_activate.mode == 0o644
 def test_python_virtualenv_project_directory_config(File, Sudo):
     """
     Tests if project directory configuration within virtualenv is set-up
     correctly.
     """
     with Sudo():
         project = File("/var/www/parameters-mandatory/virtualenv/.project")
         assert project.is_file
         assert project.user == 'admin-parameters-mandatory'
         assert project.group == 'web-parameters-mandatory'
         assert project.mode == 0o640
 def test_python_virtualenv_wrapper_script(Command, File, Sudo):
     """
     Tests if Python virtualenv wrapper script is functioning correctly.
     """
     with Sudo():
         wrapper = File("/var/www/parameters-mandatory/virtualenv/bin/exec")
         assert wrapper.is_file
         assert wrapper.user == 'admin-parameters-mandatory'
         assert wrapper.group == 'web-parameters-mandatory'
         assert wrapper.mode == 0o750
         command = Command("sudo -u admin-parameters-mandatory /var/www/parameters-mandatory/virtualenv/bin/exec python -c 'import gunicorn'")
         assert command.rc == 0
 def test_virtualenv_packages(Command):
     """
     Tests if correct packages are installed in virtualenv.
     """
     packages = Command("sudo -u admin-parameters-mandatory /var/www/parameters-mandatory/virtualenv/bin/pip freeze")
     assert sorted(packages.stdout.lower().split("\n")) == sorted("""argparse==1.2.1
 futures==3.1.1
 gunicorn==19.7.1
 wsgiref==0.1.2""".lower().split("\n"))
 def test_wsgi_requirements_upgrade_checks(File, Sudo):
     """
     Tests if Python requirements files for upgrade checks are set-up correctly.
     """
     with Sudo():
         directory = File('/etc/pip_check_requirements_upgrades/parameters-mandatory')
         assert not directory.exists
 def test_systemd_socket_configuration_file(File):
     """
     Tests if systemd socket configuration file has been set-up correctly.
     """
     config = File("/etc/systemd/system/parameters-mandatory.socket")
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert "Socket for website parameters-mandatory" in config.content
     assert "ListenStream=/run/wsgi/parameters-mandatory.sock" in config.content
 def test_systemd_socket(File, Socket, Sudo):
     """
     Tests if systemd socket has correct permissions and is available.
     """
     with Sudo():
         socket_file = File("/run/wsgi/parameters-mandatory.sock")
         assert socket_file.is_socket
         assert socket_file.user == 'www-data'
         assert socket_file.group == 'www-data'
         assert socket_file.mode == 0o660
         socket = Socket("unix:///run/wsgi/parameters-mandatory.sock")
         assert socket.is_listening
 def test_systemd_service_configuration_file(File):
     """
     Tests if systemd service configuration file has been set-up correctly.
     """
     config = File("/etc/systemd/system/parameters-mandatory.service")
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert "parameters-mandatory" in config.content
 def test_systemd_service(Service):
     """
     Tests if the systemd service is enabled at boot and running.
     """
     service = Service('parameters-mandatory')
     assert service.is_enabled
     assert service.is_running
 def test_static_file_directory(File, Sudo):
     """
     Tests if directory for serving static files has been created correctly.
     """
     with Sudo():
         directory = File('/var/www/parameters-mandatory/htdocs')
         assert directory.is_directory
         assert directory.user == 'admin-parameters-mandatory'
         assert directory.group == 'web-parameters-mandatory'
         assert directory.mode == 0o2750
 def test_nginx_tls_files(File, Sudo):
     """
     Tests if TLS private key and certificate have been deployed correctly.
     """
     with Sudo():
         tls_file = File('/etc/ssl/private/parameters-mandatory_https.key')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o640
         assert tls_file.content == open("tests/data/x509/parameters-mandatory_https.key", "r").read().rstrip()
         tls_file = File('/etc/ssl/certs/parameters-mandatory_https.pem')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
         assert tls_file.content == open("tests/data/x509/parameters-mandatory_https.pem", "r").read().rstrip()
 def test_certificate_validity_check_configuration(File):
     """
     Tests if certificate validity check configuration file has been deployed
     correctly.
     """
     config = File('/etc/check_certificate/parameters-mandatory_https.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert config.content == "/etc/ssl/certs/parameters-mandatory_https.pem"
 def test_vhost_file(File):
     """
     Tests permissions of vhost configuration file.
     """
     config = File('/etc/nginx/sites-available/parameters-mandatory')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o640
 def test_website_enabled(File):
     """
     Tests if website has been enabled.
     """
     config = File('/etc/nginx/sites-enabled/parameters-mandatory')
     assert config.is_symlink
     assert config.linked_to == '/etc/nginx/sites-available/parameters-mandatory'
 def test_https_enforcement(Command):
     """
     Tests if HTTPS is being enforced.
     """
     https_enforcement = Command('curl -I http://parameters-mandatory/')
     assert https_enforcement.rc == 0
     assert 'HTTP/1.1 301 Moved Permanently' in https_enforcement.stdout
     assert 'Location: https://parameters-mandatory/' in https_enforcement.stdout
     https_enforcement = Command('curl -I https://parameters-mandatory/')
     assert https_enforcement.rc == 0
     assert 'Strict-Transport-Security: max-age=31536000; includeSubDomains' in https_enforcement.stdout
 def test_index_page(Command):
     """
     Tests if index page is served correctly. This covers:
     - Basic WSGI application operation.
     - Handling of environment variables.
     - Handling of proxy headers.
     """
     page = Command('curl -H "Accept-Encoding: plain" https://parameters-mandatory/')
     assert page.rc == 0
     assert "This is the WSGI application at parameters-mandatory." in page.stdout
     assert "Requested URL was: https://parameters-mandatory/" in page.stdout
     assert "MY_ENV_VAR: None" in page.stdout
     assert "Accept-Encoding: plain" in page.stdout
 def test_static_file_serving(Command):
     """
     Tests serving of static files.
     """
     page = Command('curl https://parameters-mandatory/static/static_file.txt')
     assert page.rc == 0
     assert "This is the WSGI application at parameters-mandatory." in page.stdout
     assert "Requested URL was: https://parameters-mandatory/static/static_file.txt" in page.stdout
     page = Command('curl https://parameters-mandatory/media/media_file.txt')
     assert page.rc == 0
     assert "This is the WSGI application at parameters-mandatory." in page.stdout
     assert "Requested URL was: https://parameters-mandatory/media/media_file.txt" in page.stdout

roles/wsgi_website/tests/test_parameters_optional.py

➞

Show inline comments

@@ new file 100644 @@
 import re
 import time
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('all')
 def test_website_group(Group):
     """
     Tests if website group has been created correctly.
     """
     group = Group('web-parameters-optional_local')
     assert group.exists
     assert group.gid == 5001
 def test_website_admin_user(User):
     """
     Tests if website administrator user has been created correctly.
     """
     user = User('admin-parameters-optional_local')
     assert user.exists
     assert user.uid == 5000
     assert user.group == 'web-parameters-optional_local'
     assert user.groups == ['web-parameters-optional_local']
     assert user.shell == '/bin/bash'
     assert user.home == '/var/www/parameters-optional.local'
 def test_website_admin_home(File, Sudo):
     """
     Tests if permissions on website admin home directory are correct.
     """
     home = File('/var/www/parameters-optional.local')
     assert home.is_directory
     assert home.user == 'admin-parameters-optional_local'
     assert home.group == 'web-parameters-optional_local'
     assert home.mode == 0o750
 def test_home_profile_directory(File, Sudo):
     """
     Tests if profile directory has been set-up correctly for the website
     administrator/application user.
     """
     with Sudo():
         directory = File('/var/www/parameters-optional.local/.profile.d')
         assert directory.is_directory
         assert directory.user == 'admin-parameters-optional_local'
         assert directory.group == 'web-parameters-optional_local'
         assert directory.mode == 0o750
 def test_virtualenv_profile_configuration(File, Sudo):
     """
     Tests if profile configuration file for auto-activation of virtual
     environment has been deployed correctly.
     """
     with Sudo():
         config = File('/var/www/parameters-optional.local/.profile.d/virtualenv.sh')
         assert config.is_file
         assert config.user == 'root'
         assert config.group == 'web-parameters-optional_local'
         assert config.mode == 0o640
 def test_environment_profile_configuration(File, Sudo):
     """
     Tests if profile configuration file for setting-up environment variables has
     been deployed correctly.
     """
     with Sudo():
         config = File('/var/www/parameters-optional.local/.profile.d/environment.sh')
         assert config.is_file
         assert config.user == 'root'
         assert config.group == 'web-parameters-optional_local'
         assert config.mode == 0o640
         assert config.content == "export MY_ENV_VAR='My environment variable'"
 def test_profile_configuration(Command):
     """
     Tests if profile configuration is behaving correctly (setting appropriate
     vars via login shell).
     """
     env = Command("sudo -i -u admin-parameters-optional_local printenv VIRTUAL_ENV MY_ENV_VAR")
     assert env.stdout == "/var/www/parameters-optional.local/virtualenv\nMy environment variable"
 def test_website_application_user(Command, Sudo, User):
     """
     Tests if website application user has been created correctly.
     """
     user = User('web-parameters-optional_local')
     assert user.exists
     assert user.uid == 5001
     assert user.group == 'web-parameters-optional_local'
     assert user.groups == ['web-parameters-optional_local']
     assert user.shell == '/bin/sh'
     assert user.home == '/var/www/parameters-optional.local'
     with Sudo():
         umask = Command("su -l web-parameters-optional_local -c 'bash -c umask'")
         assert umask.stdout == '0007'
 def test_nginx_user(User):
     """
     Tests if web server user has been added to website group.
     """
     user = User('www-data')
     assert 'web-parameters-optional_local' in user.groups
 def test_forward_file(File, Sudo):
     """
     Tests if the forward file has correct permissions and content.
     """
     with Sudo():
         config = File('/var/www/parameters-optional.local/.forward')
         assert config.is_file
         assert config.user == 'root'
         assert config.group == 'web-parameters-optional_local'
         assert config.mode == 0o640
         assert config.content == "user"
 def test_mail_forwarding(Command, File, Sudo):
     """
     Tests if mail forwarding works as expected.
     """
     send = Command('swaks --suppress-data --to web-parameters-optional_local@localhost')
     assert send.rc == 0
     message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
     # Sleep for a couple of seconds so the mail can get delivered.
     time.sleep(5)
     with Sudo():
         mail_log = File('/var/log/mail.log')
         # First extract message ID of forwarded mail.
         pattern = "%s: to=<web-parameters-optional_local@localhost>.*status=sent \(forwarded as ([^)]*)\)" % message_id
         message_id = re.search(pattern, mail_log.content).group(1)
         # Now try to determine where the forward ended-up at.
         pattern = "%s: to=<user@wsgi-website>, orig_to=<web-parameters-optional_local@localhost>.*status=sent" % message_id
         assert re.search(pattern, mail_log.content) is not None
 def test_installed_packages(Package):
     """
     Tests if additional packages are installed.
     """
     assert Package('libmariadb-client-lgpl-dev-compat').is_installed
     assert Package('global').is_installed
 def test_mariadb_compat_symlink(File):
     """
     Tests if compatibility symlink is set-up for mysql_config binary if
     libmariadb-client-lgpl-dev-compat is installed.
     """
     link = File('/usr/bin/mysql_config')
     assert link.is_symlink
     assert link.linked_to == "/usr/bin/mariadb_config"
 def test_python_virtualenv_created(File, Sudo):
     """
     Tests if Python virtual environment has been created correctly.
     """
     with Sudo():
         virtualenv = File("/var/www/parameters-optional.local/virtualenv")
         assert virtualenv.is_directory
         assert virtualenv.user == 'admin-parameters-optional_local'
         assert virtualenv.group == 'web-parameters-optional_local'
         assert virtualenv.mode == 0o2750
         virtualenv_activate = File("/var/www/parameters-optional.local/virtualenv/bin/activate")
         assert virtualenv_activate.is_file
         assert virtualenv_activate.user == 'admin-parameters-optional_local'
         assert virtualenv_activate.group == 'web-parameters-optional_local'
         assert virtualenv_activate.mode == 0o644
 def test_python_virtualenv_project_directory_config(File, Sudo):
     """
     Tests if project directory configuration within virtualenv is set-up
     correctly.
     """
     with Sudo():
         project = File("/var/www/parameters-optional.local/virtualenv/.project")
         assert project.is_file
         assert project.user == 'admin-parameters-optional_local'
         assert project.group == 'web-parameters-optional_local'
         assert project.mode == 0o640
 def test_python_virtualenv_wrapper_script(Command, File, Sudo):
     """
     Tests if Python virtualenv wrapper script is functioning correctly.
     """
     with Sudo():
         wrapper = File("/var/www/parameters-optional.local/virtualenv/bin/exec")
         assert wrapper.is_file
         assert wrapper.user == 'admin-parameters-optional_local'
         assert wrapper.group == 'web-parameters-optional_local'
         assert wrapper.mode == 0o750
         command = Command("sudo -u admin-parameters-optional_local /var/www/parameters-optional.local/virtualenv/bin/exec python -c 'import gunicorn'")
         assert command.rc == 0
 def test_virtualenv_packages(Command):
     """
     Tests if correct packages are installed in virtualenv.
     """
     packages = Command("sudo -u admin-parameters-optional_local /var/www/parameters-optional.local/virtualenv/bin/pip freeze")
     assert sorted(packages.stdout.lower().split("\n")) == sorted("""Pygments==2.2.0
 argparse==1.2.1
 dnspython==1.15.0
 docopt==0.6.2
 futures==3.1.0
 gunicorn==19.7.0
 jedi==0.10.2
 prompt-toolkit==1.0.14
 ptpython==0.39
 six==1.10.0
 wcwidth==0.1.7
 wsgiref==0.1.2""".lower().split("\n"))
 def test_wsgi_requirements_upgrade_checks(File, Sudo):
     """
     Tests if Python requirements files for upgrade checks are set-up correctly.
     """
     with Sudo():
         directory = File('/etc/pip_check_requirements_upgrades/parameters-optional.local')
         assert not directory.exists
 def test_systemd_socket_configuration_file(File):
     """
     Tests if systemd socket configuration file has been set-up correctly.
     """
     config = File("/etc/systemd/system/parameters-optional.local.socket")
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert "Socket for website parameters-optional.local" in config.content
     assert "ListenStream=/run/wsgi/parameters-optional.local.sock" in config.content
 def test_systemd_socket(File, Socket, Sudo):
     """
     Tests if systemd socket has correct permissions and is available.
     """
     with Sudo():
         socket_file = File("/run/wsgi/parameters-optional.local.sock")
         assert socket_file.is_socket
         assert socket_file.user == 'www-data'
         assert socket_file.group == 'www-data'
         assert socket_file.mode == 0o660
         socket = Socket("unix:///run/wsgi/parameters-optional.local.sock")
         assert socket.is_listening
 def test_systemd_service_configuration_file(File):
     """
     Tests if systemd service configuration file has been set-up correctly.
     """
     config = File("/etc/systemd/system/parameters-optional.local.service")
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert "parameters-optional.local" in config.content
 def test_systemd_service(Service):
     """
     Tests if the systemd service is enabled at boot and running.
     """
     service = Service('parameters-optional.local')
     assert service.is_enabled
     assert service.is_running
 def test_static_file_directory(File, Sudo):
     """
     Tests if directory for serving static files has been created correctly.
     """
     with Sudo():
         directory = File('/var/www/parameters-optional.local/htdocs')
         assert directory.is_directory
         assert directory.user == 'admin-parameters-optional_local'
         assert directory.group == 'web-parameters-optional_local'
         assert directory.mode == 0o2750
 def test_nginx_tls_files(File, Sudo):
     """
     Tests if TLS private key and certificate have been deployed correctly.
     """
     with Sudo():
         tls_file = File('/etc/ssl/private/parameters-optional.local_https.key')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o640
         assert tls_file.content == open("tests/data/x509/parameters-optional.local_https.key.pem", "r").read().rstrip()
         tls_file = File('/etc/ssl/certs/parameters-optional.local_https.pem')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
         assert tls_file.content == open("tests/data/x509/parameters-optional.local_https.cert.pem", "r").read().rstrip()
 def test_certificate_validity_check_configuration(File):
     """
     Tests if certificate validity check configuration file has been deployed
     correctly.
     """
     config = File('/etc/check_certificate/parameters-optional.local_https.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert config.content == "/etc/ssl/certs/parameters-optional.local_https.pem"
 def test_vhost_file(File):
     """
     Tests permissions of vhost configuration file.
     """
     config = File('/etc/nginx/sites-available/parameters-optional.local')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o640
 def test_website_enabled(File):
     """
     Tests if website has been enabled.
     """
     config = File('/etc/nginx/sites-enabled/parameters-optional.local')
     assert config.is_symlink
     assert config.linked_to == '/etc/nginx/sites-available/parameters-optional.local'
 def test_https_enforcement(Command):
     """
     Tests if HTTPS is (not) being enforced.
     """
     https_enforcement = Command('curl -I http://parameters-optional.local/')
     assert https_enforcement.rc == 0
     assert 'HTTP/1.1 200 OK' in https_enforcement.stdout
     assert 'HTTP/1.1 301 Moved Permanently' not in https_enforcement.stdout
     assert 'Location: https://parameters-optional/' not in https_enforcement.stdout
     https_enforcement = Command('curl -I https://parameters-optional.local/')
     assert https_enforcement.rc == 0
     assert 'Strict-Transport-Security' not in https_enforcement.stdout
 def test_index_page(Command):
     """
     Tests if index page is served correctly. This covers:
     - Basic WSGI application operation.
     - Handling of environment variables.
     - Handling of proxy headers.
     """
     page = Command('curl -H "Accept-Encoding: plain" https://parameters-optional.local/')
     assert page.rc == 0
     assert "This is the WSGI application at parameters-optional.local." in page.stdout
     assert "Requested URL was: https://parameters-optional.local/" in page.stdout
     assert "MY_ENV_VAR: My environment variable" in page.stdout
     assert "Accept-Encoding: None" in page.stdout
 def test_static_file_serving(Command):
     """
     Tests serving of static files.
     """
     page = Command('curl https://parameters-optional.local/static/static_file.txt')
     assert page.rc == 0
     assert page.stdout == open("tests/data/static_file.txt", 'r').read().rstrip()
     page = Command('curl https://parameters-optional.local/media/media_file.txt')
     assert page.rc == 0
     assert page.stdout == open("tests/data/media_file.txt", 'r').read().rstrip()
 def test_additional_nginx_config(Command):
     """
     Tests if additional Nginx configuration directives are properly deployed.
     """
     page = Command('curl https://parameters-optional.local/static/missing_static_file.txt')
     assert page.rc == 0
     assert "Requested URL was: https://parameters-optional.local/my/own/error/page"
 def test_environment_indicator(Command):
     """
     Tests if environment indicator is applied correctly.
     """
     page = Command('curl https://parameters-optional.local/')
     assert page.rc == 0
     assert "<div id='website-environment' style='background-color: #ff0000; width: 100%; text-align: center; position: fixed; bottom: 5px; color: #00ff00; " \
         "font-weight: bold; z-index: 999999;'>parameters-optional</div></body>" in page.stdout
 def test_nginx_rewrite_config(Command):
     """
     Tests if Nginx rewrite configuration is deployed correctly.
     """
     page = Command('curl https://parameters-optional.local/rewrite1/some/path')
     assert page.rc == 0
     assert "Requested URL was: https://parameters-optional.local/rewritten1/" in page.stdout
     page = Command('curl https://parameters-optional.local/rewrite2/some/other/path')
     assert page.rc == 0
     assert "Requested URL was: https://parameters-optional.local/rewritten2/some/other/path" in page.stdout

roles/wsgi_website/tests/test_parameters_paste_req.py

➞

Show inline comments

@@ new file 100644 @@
 import re
 import time
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     '.molecule/ansible_inventory').get_hosts('all')
 def test_website_group(Group):
     """
     Tests if website group has been created correctly.
     """
     group = Group('web-parameters-paste-req')
     assert group.exists
     assert group.gid == 5002
 def test_website_admin_user(User):
     """
     Tests if website administrator user has been created correctly.
     """
     user = User('admin-parameters-paste-req')
     assert user.exists
     assert user.uid == 5002
     assert user.group == 'web-parameters-paste-req'
     assert user.groups == ['web-parameters-paste-req']
     assert user.shell == '/bin/bash'
     assert user.home == '/var/www/parameters-paste-req'
 def test_website_admin_home(File, Sudo):
     """
     Tests if permissions on website admin home directory are correct.
     """
     home = File('/var/www/parameters-paste-req')
     assert home.is_directory
     assert home.user == 'admin-parameters-paste-req'
     assert home.group == 'web-parameters-paste-req'
     assert home.mode == 0o750
 def test_home_profile_directory(File, Sudo):
     """
     Tests if profile directory has been set-up correctly for the website
     administrator/application user.
     """
     with Sudo():
         directory = File('/var/www/parameters-paste-req/.profile.d')
         assert directory.is_directory
         assert directory.user == 'admin-parameters-paste-req'
         assert directory.group == 'web-parameters-paste-req'
         assert directory.mode == 0o750
 def test_virtualenv_profile_configuration(File, Sudo):
     """
     Tests if profile configuration file for auto-activation of virtual
     environment has been deployed correctly.
     """
     with Sudo():
         config = File('/var/www/parameters-paste-req/.profile.d/virtualenv.sh')
         assert config.is_file
         assert config.user == 'root'
         assert config.group == 'web-parameters-paste-req'
         assert config.mode == 0o640
 def test_profile_configuration(Command):
     """
     Tests if profile configuration is behaving correctly (setting appropriate
     vars via login shell).
     """
     env = Command("sudo -i -u admin-parameters-paste-req printenv VIRTUAL_ENV MY_ENV_VAR")
     assert env.stdout == "/var/www/parameters-paste-req/virtualenv"
 def test_website_application_user(Command, Sudo, User):
     """
     Tests if website application user has been created correctly.
     """
     user = User('web-parameters-paste-req')
     assert user.exists
     assert user.uid == 998
     assert user.group == 'web-parameters-paste-req'
     assert user.groups == ['web-parameters-paste-req']
     assert user.shell == '/bin/sh'
     assert user.home == '/var/www/parameters-paste-req'
     with Sudo():
         umask = Command("su -l web-parameters-paste-req -c 'bash -c umask'")
         assert umask.stdout == '0007'
 def test_nginx_user(User):
     """
     Tests if web server user has been added to website group.
     """
     user = User('www-data')
     assert 'web-parameters-paste-req' in user.groups
 def test_forward_file(File, Sudo):
     """
     Tests if the forward file has correct permissions and content.
     """
     with Sudo():
         config = File('/var/www/parameters-paste-req/.forward')
         assert config.is_file
         assert config.user == 'root'
         assert config.group == 'web-parameters-paste-req'
         assert config.mode == 0o640
         assert config.content == "root"
 def test_mail_forwarding(Command, File, Sudo):
     """
     Tests if mail forwarding works as expected.
     """
     send = Command('swaks --suppress-data --to web-parameters-paste-req@localhost')
     assert send.rc == 0
     message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
     # Sleep for a couple of seconds so the mail can get delivered.
     time.sleep(5)
     with Sudo():
         mail_log = File('/var/log/mail.log')
         # First extract message ID of forwarded mail.
         pattern = "%s: to=<web-parameters-paste-req@localhost>.*status=sent \(forwarded as ([^)]*)\)" % message_id
         message_id = re.search(pattern, mail_log.content).group(1)
         # Now try to determine where the forward ended-up at.
         pattern = "%s: to=<vagrant@wsgi-website>, orig_to=<web-parameters-paste-req@localhost>.*status=sent" % message_id
         assert re.search(pattern, mail_log.content) is not None
 def test_python_virtualenv_created(File, Sudo):
     """
     Tests if Python virtual environment has been created correctly.
     """
     with Sudo():
         virtualenv = File("/var/www/parameters-paste-req/virtualenv")
         assert virtualenv.is_directory
         assert virtualenv.user == 'admin-parameters-paste-req'
         assert virtualenv.group == 'web-parameters-paste-req'
         assert virtualenv.mode == 0o2750
         virtualenv_activate = File("/var/www/parameters-paste-req/virtualenv/bin/activate")
         assert virtualenv_activate.is_file
         assert virtualenv_activate.user == 'admin-parameters-paste-req'
         assert virtualenv_activate.group == 'web-parameters-paste-req'
         assert virtualenv_activate.mode == 0o644
 def test_python_virtualenv_project_directory_config(File, Sudo):
     """
     Tests if project directory configuration within virtualenv is set-up
     correctly.
     """
     with Sudo():
         project = File("/var/www/parameters-paste-req/virtualenv/.project")
         assert project.is_file
         assert project.user == 'admin-parameters-paste-req'
         assert project.group == 'web-parameters-paste-req'
         assert project.mode == 0o640
 def test_python_virtualenv_wrapper_script(Command, File, Sudo):
     """
     Tests if Python virtualenv wrapper script is functioning correctly.
     """
     with Sudo():
         wrapper = File("/var/www/parameters-paste-req/virtualenv/bin/exec")
         assert wrapper.is_file
         assert wrapper.user == 'admin-parameters-paste-req'
         assert wrapper.group == 'web-parameters-paste-req'
         assert wrapper.mode == 0o750
         command = Command("sudo -u admin-parameters-paste-req /var/www/parameters-paste-req/virtualenv/bin/exec python -c 'import gunicorn'")
         assert command.rc == 0
 def test_virtualenv_packages(Command):
     """
     Tests if correct packages are installed in virtualenv.
     """
     packages = Command("sudo -u admin-parameters-paste-req /var/www/parameters-paste-req/virtualenv/bin/pip freeze")
     assert sorted(packages.stdout.lower().split("\n")) == sorted("""Flask==0.12.2
 Jinja2==2.9.6
 MarkupSafe==1.0
 Paste==2.0.3
 PasteDeploy==1.5.2
 PasteScript==2.0.2
 Werkzeug==0.12.2
 argparse==1.2.1
 click==6.7
 futures==3.1.0
 gunicorn==19.7.0
 itsdangerous==0.24
 six==1.10.0
 wsgiref==0.1.2""".lower().split("\n"))
 def test_wsgi_requirements_upgrade_checks(File, Sudo):
     """
     Tests if Python requirements files for upgrade checks are set-up correctly.
     """
     with Sudo():
         directory = File('/etc/pip_check_requirements_upgrades/parameters-paste-req')
         assert directory.is_directory
         assert directory.user == 'root'
         assert directory.group == 'pipreqcheck'
         assert directory.mode == 0o750
         config = File('/etc/pip_check_requirements_upgrades/parameters-paste-req/wsgi_requirements.in')
         assert config.is_file
         assert config.user == 'root'
         assert config.group == 'pipreqcheck'
         assert config.mode == 0o640
         assert config.content == "gunicorn\nfutures"
         config = File('/etc/pip_check_requirements_upgrades/parameters-paste-req/wsgi_requirements.txt')
         assert config.is_file
         assert config.user == 'root'
         assert config.group == 'pipreqcheck'
         assert config.mode == 0o640
         assert config.content == "futures==3.1.0\ngunicorn==19.7.0"
 def test_gunicorn_requirements_installation_file(File, Sudo):
     """
     Tests if requirements file for installing Gunicorn has been deployed
     correctly.
     """
     with Sudo():
         requirements = File('/var/www/parameters-paste-req/.wsgi_requirements.txt')
         assert requirements.is_file
         assert requirements.user == 'admin-parameters-paste-req'
         assert requirements.group == 'web-parameters-paste-req'
         assert requirements.mode == 0o640
         assert requirements.content == "futures==3.1.0\ngunicorn==19.7.0"
 def test_index_page(Command):
     """
     Tests if index page is served correctly. This covers:
     - Basic WSGI application operation.
     - Handling of environment variables.
     - Handling of proxy headers.
     """
     page = Command('curl -H "Accept-Encoding: plain" https://parameters-paste-req/')
     assert page.rc == 0
     assert "This is the WSGI application at parameters-paste-req." in page.stdout
     assert "Requested URL was: https://parameters-paste-req/" in page.stdout
     assert "MY_ENV_VAR: None" in page.stdout
     assert "Accept-Encoding: plain" in page.stdout
 def test_static_file_serving(Command):
     """
     Tests serving of static files.
     """
     page = Command('curl https://parameters-paste-req/static/static_file.txt')
     assert page.rc == 0
     assert "This is the WSGI application at parameters-paste-req." in page.stdout
     assert "Requested URL was: https://parameters-paste-req/static/static_file.txt" in page.stdout
     page = Command('curl https://parameters-paste-req/media/media_file.txt')
     assert page.rc == 0
     assert "This is the WSGI application at parameters-paste-req." in page.stdout
     assert "Requested URL was: https://parameters-paste-req/media/media_file.txt" in page.stdout

0 comments (0 inline, 0 general)