- web_server

---

- name: Create

  hosts: localhost

  connection: local

  gather_facts: False

  no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"

  vars:

    molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"

    molecule_instance_config: "{{ lookup('env', 'MOLECULE_INSTANCE_CONFIG') }}"

    molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"

  tasks:

    - name: Create molecule instance(s)

      molecule_vagrant:

        instance_name: "{{ item.name }}"

        instance_interfaces: "{{ item.interfaces | default(omit) }}"

        instance_raw_config_args: "{{ item.instance_raw_config_args | default(omit) }}"

        platform_box: "{{ item.box }}"

        platform_box_version: "{{ item.box_version | default(omit) }}"

        platform_box_url: "{{ item.box_url | default(omit) }}"

        provider_name: "{{ molecule_yml.driver.provider.name }}"

        provider_memory: "{{ item.memory | default(omit) }}"

        provider_cpus: "{{ item.cpus | default(omit) }}"

        provider_raw_config_args: "{{ item.raw_config_args | default(omit) }}"

        state: up

      register: server

      with_items: "{{ molecule_yml.platforms }}"

    # Mandatory configuration for Molecule to function.

    - name: Populate instance config dict

      set_fact:

        instance_conf_dict: {

          'instance': "{{ item.Host }}",

          'address': "{{ item.HostName }}",

          'user': "{{ item.User }}",

          'port': "{{ item.Port }}",

          'identity_file': "{{ item.IdentityFile }}", }

      with_items: "{{ server.results }}"

      register: instance_config_dict

      when: server.changed | bool

    - name: Convert instance config dict to a list

      set_fact:

        instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"

      when: server.changed | bool

    - name: Dump instance config

      copy:

        # NOTE(retr0h): Workaround for Ansible 2.2.

        #               https://github.com/ansible/ansible/issues/20885

        content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}"

        dest: "{{ molecule_instance_config }}"

      when: server.changed | bool

---

- name: Destroy

  hosts: localhost

  connection: local

  gather_facts: False

  no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"

  vars:

    molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"

    molecule_instance_config: "{{ lookup('env',' MOLECULE_INSTANCE_CONFIG') }}"

    molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"

  tasks:

    - name: Destroy molecule instance(s)

      molecule_vagrant:

        instance_name: "{{ item.name }}"

        platform_box: "{{ item.box }}"

        provider_name: "{{ molecule_yml.driver.provider.name }}"

        force_stop: "{{ item.force_stop | default(True) }}"

        state: destroy

      register: server

      with_items: "{{ molecule_yml.platforms }}"

    # Mandatory configuration for Molecule to function.

    - name: Populate instance config

      set_fact:

        instance_conf: {}

    - name: Dump instance config

      copy:

        # NOTE(retr0h): Workaround for Ansible 2.2.

        #               https://github.com/ansible/ansible/issues/20885

        content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}"

        dest: "{{ molecule_instance_config }}"

      when: server.changed | bool

---

dependency: {}

driver:

  name: vagrant

  provider:

    name: virtualbox

lint:

  name: yamllint

platforms:

  - name: wsgi-website-jessie64

    groups:

      - wsgi-website

    box: debian/contrib-jessie64

    memory: 512

    cpus: 1

provisioner:

  name: ansible

  config_options:

    ssh_connection:

      pipelining: "True"

  lint:

    name: ansible-lint

scenario:

  name: default

verifier:

  name: testinfra

  lint:

    name: flake8

- hosts: wsgi-website

  become: yes

- hosts: wsgi-website

  become: yes

---

- name: Prepare

  hosts: all

  gather_facts: False

  tasks:

    - name: Install python for Ansible

      raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)

      become: True

      changed_when: False

- hosts: wsgi-website

  become: yes

  tasks:

    - name: Update all caches to avoid errors due to missing remote archives

      apt:

        update_cache: yes

      changed_when: False

    - name: Set-up /etc/hosts entries

      lineinfile:

        dest: /etc/hosts

        line: "{{ ansible_eth0.ipv4.address }} parameters-mandatory parameters-optional.local parameters-paste-req wsgi-website"

    - name: Install curl for testing redirects and webpage content

      apt:

        name: curl

        state: installed

    - name: Install swaks for testing mail forwarding

      apt:

        name: swaks

        state: installed

    - name: Install Postfix for testing mail forwarding (Exim4 not covered)

      apt:

        name: postfix

        state: installed

    - name: Set-up group for an additional user

      group:

        name: user

        state: present

    - name: Set-up additional user for testing mail delivery

      user:

        name: user

        group: user

        shell: /bin/bash

    '.molecule/ansible_inventory.yml').get_hosts('all')

def test_hosts_file(host):

    f = host.file('/etc/hosts')

    '.molecule/ansible_inventory.yml').get_hosts('all')

def test_website_group(host):

    group = host.group('web-parameters-mandatory')

def test_website_admin_user(host):

    user = host.user('admin-parameters-mandatory')

def test_website_admin_home(host):

    home = host.file('/var/www/parameters-mandatory')

def test_home_profile_directory(host):

    with host.sudo():

        directory = host.file('/var/www/parameters-mandatory/.profile.d')

def test_virtualenv_profile_configuration(host):

    with host.sudo():

        config = host.file('/var/www/parameters-mandatory/.profile.d/virtualenv.sh')

def test_environment_profile_configuration(host):

    with host.sudo():

        config = host.file('/var/www/parameters-mandatory/.profile.d/environment.sh')

def test_profile_configuration(host):

    env = host.run("sudo -i -u admin-parameters-mandatory printenv VIRTUAL_ENV MY_ENV_VAR")

def test_website_application_user(host):

    user = host.user('web-parameters-mandatory')

    with host.sudo():

        umask = host.run("su -l web-parameters-mandatory -c 'bash -c umask'")

def test_nginx_user(host):

    user = host.user('www-data')

def test_forward_file(host):

    with host.sudo():

        config = host.file('/var/www/parameters-mandatory/.forward')

def test_mail_forwarding(host):

    hostname = host.run('hostname').stdout

    send = host.run('swaks --suppress-data --to web-parameters-mandatory@localhost')

    with host.sudo():

        mail_log = host.file('/var/log/mail.log')

        pattern = "%s: to=<vagrant@%s>, orig_to=<web-parameters-mandatory@localhost>.*status=sent" % (message_id, hostname)

def test_python_virtualenv_created(host):

    with host.sudo():

        virtualenv = host.file("/var/www/parameters-mandatory/virtualenv")

        virtualenv_activate = host.file("/var/www/parameters-mandatory/virtualenv/bin/activate")

def test_python_virtualenv_project_directory_config(host):

    with host.sudo():

        project = host.file("/var/www/parameters-mandatory/virtualenv/.project")

def test_python_virtualenv_wrapper_script(host):

    with host.sudo():

        wrapper = host.file("/var/www/parameters-mandatory/virtualenv/bin/exec")

        command = host.run("sudo -u admin-parameters-mandatory /var/www/parameters-mandatory/virtualenv/bin/exec python -c 'import gunicorn'")

def test_virtualenv_packages(host):

    packages = host.run("sudo -u admin-parameters-mandatory /var/www/parameters-mandatory/virtualenv/bin/pip freeze")

def test_wsgi_requirements_upgrade_checks(host):

    with host.sudo():

        directory = host.file('/etc/pip_check_requirements_upgrades/parameters-mandatory')

def test_systemd_socket_configuration_file(host):

    config = host.file("/etc/systemd/system/parameters-mandatory.socket")

def test_systemd_socket(host):

    with host.sudo():

        socket_file = host.file("/run/wsgi/parameters-mandatory.sock")

        socket = host.socket("unix:///run/wsgi/parameters-mandatory.sock")

def test_systemd_service_configuration_file(host):

    config = host.file("/etc/systemd/system/parameters-mandatory.service")

def test_systemd_service(host):

    service = host.service('parameters-mandatory')

def test_static_file_directory(host):

    with host.sudo():

        directory = host.file('/var/www/parameters-mandatory/htdocs')

def test_nginx_tls_files(host):

    with host.sudo():

        tls_file = host.file('/etc/ssl/private/parameters-mandatory_https.key')

        tls_file = host.file('/etc/ssl/certs/parameters-mandatory_https.pem')

def test_certificate_validity_check_configuration(host):

    config = host.file('/etc/check_certificate/parameters-mandatory_https.conf')

def test_vhost_file(host):

    config = host.file('/etc/nginx/sites-available/parameters-mandatory')

def test_website_enabled(host):

    config = host.file('/etc/nginx/sites-enabled/parameters-mandatory')

def test_https_enforcement(host):

    https_enforcement = host.run('curl -I http://parameters-mandatory/')

    https_enforcement = host.run('curl -I https://parameters-mandatory/')

def test_index_page(host):

    page = host.run('curl -H "Accept-Encoding: plain" https://parameters-mandatory/')

def test_static_file_serving(host):

    page = host.run('curl https://parameters-mandatory/static/static_file.txt')

    page = host.run('curl https://parameters-mandatory/media/media_file.txt')